Real-World Cases

Multiple rejections over 10+ attempts

Fix: Persisted through 10+ rejections. Added comprehensive health disclaimers, improved privacy policy, implemented content moderation for AI responses, added proper data handling.

Guideline 5.1.1 - Legal - Privacy. Your app does not include the required FinanceKit usage description for accessing financial data.

Fix: Added NSFinanceKitUsageDescription: View your Apple Card transactions to help track spending and create budgets. Built the app to request FinanceKit authorization only when the user explicitly chooses...

Guideline 5.1.1 - Legal - Privacy. Your app does not include a Privacy Manifest file declaring the required API usage reasons.

Fix: Added a PrivacyInfo.xcprivacy manifest file declaring all required reason APIs: NSPrivacyAccessedAPICategoryUserDefaults, NSPrivacyAccessedAPICategoryFileTimestamp, etc. Also ensured all third-party S...

Guideline 5.1.1 - Legal - Privacy. Your apps privacy policy URL returns a 404 error page.

Fix: Set up privacy policy on our main domain with proper SSL. Updated the URL in both the app and App Store Connect. Added monitoring alert if the privacy policy page ever goes down. Test all URLs before...

Guideline 5.1.1 - Your privacy policy does not adequately describe the data collected by third-party SDKs integrated in your app, including Firebase and Amplitude.

Fix: Audited every SDK and documented exact data collection. Rewrote privacy policy with a detailed SDK-by-SDK breakdown. Added an in-app privacy dashboard showing users what each service collects. Made pr...

ITMS-91053: Missing API declaration for NSPrivacyAccessedAPICategoryDiskSpace in your apps privacy manifest.

Fix: Added NSPrivacyAccessedAPICategoryDiskSpace to PrivacyInfo.xcprivacy with reason E174.1 (checking for available disk space for writing). Each API category needs a valid reason code from Apples documen...

Guideline 5.1.1 - Legal - Privacy. Your app does not include signature validation for third-party SDK frameworks as required by the updated privacy requirements.

Fix: Updated all CocoaPods and SPM dependencies to versions with proper code signatures. For manually included frameworks, verified they have valid developer signatures. Used codesign --verify to check eac...

ITMS-91053: Missing API declaration. Your app binary includes API symbols for required reason APIs without a corresponding declaration in the privacy manifest.

Fix: Updated Unity to the latest version that includes proper Privacy Manifest declarations. Added our own PrivacyInfo.xcprivacy for any additional APIs we use. Verified using Xcodes Generate Privacy Repor...

ITMS-91053: Missing API declaration for NSPrivacyAccessedAPICategorySystemBootTime in third-party framework.

Fix: Updated the analytics SDK to latest version that includes proper privacy manifest. Verified using Xcode privacy report that all required API declarations are present across all frameworks.

ITMS-91053: Missing API declaration. Your apps third-party SDK FlutterEngine uses required reason API without a privacy manifest declaration.

Fix: Updated Flutter SDK to 3.19+ which includes the required PrivacyInfo.xcprivacy manifest. Also updated all Flutter plugins to versions that include their own privacy manifests. Run flutter doctor --ver...

Guideline 5.1.1 - Legal - Privacy. Your app and third-party SDKs do not include required Privacy Manifest files declaring API usage reasons.

Fix: Updated all SDKs to versions that include PrivacyInfo.xcprivacy manifests. Created our apps privacy manifest declaring UserDefaults, systemUptime, and disk space API usage with valid reasons. Used Xco...

Guideline 5.1.1(i) - Your app does not include a valid privacy policy URL in App Store Connect, and there is no privacy policy accessible within the app.

Fix: Created a simple privacy policy stating the app collects no personal data. Hosted it on our GitHub Pages site. Added the URL to App Store Connect and also added an in-app link in the settings screen....