App Store Connect Warning: ITMS-91053: Missing API declaration

[blattr]

Some weeks ago, App Store Connect starts complaining about missing privacy info when I uploaded a new build. This occurs when an app is using plugins/frameworks that access sensitive APIs. They also published a list with plugins/frameworks, that have to include such a privacy info (see: https://developer.apple.com/support/third-party-SDK-requirements/).

Even if that is not the case for the amplify plugins themselves, (i.e.) amplify_analytics_pinpoint 1.7.1 is relying on two of the listed plugins above (device_info_plus 9.1.2 and package_info_plus 4.2.0). Both plugins recently released a newer version (device_info_plus 10.0.1 and package_info_plus 6.0.0) which, among other things, is addressing the issue mentioned above.

Due to the dependency constraints of amplify_analytics_pinpoint, the usage of those new versions is prevented. This is not a problem (only a warning) until May 1st, 2024. From then, new builds will be rejected from App Store Connect, if plugins/frameworks are missing the privacy info.

I hope, there is no serious reason, why amplify cannot rely on the newest version of the two plugins mentioned above. As far as I can tell, those are the only two plugins who are causing the issue but I guess it is never wrong to double check.

PS: I am using Flutter 3.19.3 and the latest version of the amplify plugins (1.7.x) and aws_signature_v4 (0.5.1)

[Jordan-Nelson]

Hello @blattr - Thanks for bringing this to our attention. We will look into updating the version constraint. It does look like some of the breaking changes will require code change in Amplify.

[zhoulijun12315]

The deadline is May 1st, 2024. Please update as soon as possible.

[blattr]

First of all, you are welcome. I always try to give my 2ct back to the community.

I release my app to App Store Connect at least 2 times a week so I can surely confirm, that this may have been announced by Apple several months ago at WWDC23 but the error itself started to pop up just a few days before I wrote my post. I checked all my dependencies and Amplify is the only one left, not meeting the newly required standard, by relying on "older" dependencies.

I really hope, that you can bump the versions some days before May 1st, to let us some room to test our app.

@NikaHsn could you please give us some update?

Best regards
Roman

[NikaHsn]

We are actively working on upgrading to the latest major versions of connectivity_plus, device_info_plus, and package_info_plus. Since these versions contain breaking changes and higher minimum java version, there are a number of changes we need to make across all amplify packages before we can support the latest version. We will post here as we have further updates.

[NikaHsn]

Thank you for your patience. The issue has been fixed in version 1.8.0. and I'm closing it. However, if you encounter any issues after updating to version 1.8.0, please don't hesitate to reopen it.