CLAUDE LABJP
FORK — Claude Code 2.1.212 changes what /fork does: it copies your conversation into a new background session with its own row in claude agents, so you can keep working. The old in-session subagent is now /subtaskLIMITS — WebSearch calls are now capped at 200 per session by default, and subagent spawns get the same 200 ceiling, so a runaway search or delegation loop stops on its ownMCPBG — MCP tool calls running past two minutes now move to the background automatically, keeping the session usable. Tune the threshold with CLAUDE_CODE_MCP_AUTO_BACKGROUND_MSPLANFIX — Fixed plan mode auto-running file-modifying Bash commands such as touch and rm without a permission prompt or an SDK canUseTool callbackSONNET5 — Claude Sonnet 5 is running on introductory pricing of $2 per million input tokens and $10 per million output. After August 31 it moves to $3 and $15IPO — Bankers are reportedly lining up investor meetings for Anthropic ahead of a possible public listing as soon as OctoberFORK — Claude Code 2.1.212 changes what /fork does: it copies your conversation into a new background session with its own row in claude agents, so you can keep working. The old in-session subagent is now /subtaskLIMITS — WebSearch calls are now capped at 200 per session by default, and subagent spawns get the same 200 ceiling, so a runaway search or delegation loop stops on its ownMCPBG — MCP tool calls running past two minutes now move to the background automatically, keeping the session usable. Tune the threshold with CLAUDE_CODE_MCP_AUTO_BACKGROUND_MSPLANFIX — Fixed plan mode auto-running file-modifying Bash commands such as touch and rm without a permission prompt or an SDK canUseTool callbackSONNET5 — Claude Sonnet 5 is running on introductory pricing of $2 per million input tokens and $10 per million output. After August 31 it moves to $3 and $15IPO — Bankers are reportedly lining up investor meetings for Anthropic ahead of a possible public listing as soon as October
Articles/Claude Code
Claude Code/2026-05-18Advanced

Running Apple Privacy Manifest as an Indie Developer — Catching Dependency Drift with Claude Code

Apple Privacy Manifest (PrivacyInfo.xcprivacy) is a quietly painful area for indie iOS developers. Drawing on twelve years of running iOS apps with over 50 million combined downloads, this article walks through how I use Claude Code to detect drift, respond to rejections, and bake the whole flow into CI.

Claude Code197Apple Privacy ManifestPrivacyInfo.xcprivacyiOS24indie developer19App Store7dependencies2

Premium Article

I have been shipping iOS apps as an indie developer since 2014, and somewhere past fifty million combined downloads I started spending roughly as much time keeping up with Apple's policy changes as I did building features. Privacy Manifest (PrivacyInfo.xcprivacy), which Apple began requiring in stages from 2024, has been one of the heavier ones. The reason is structural: it is not enough that your own code is compliant. Every SDK you depend on also has to ship its own manifest, and you have to keep them all in sync as Apple's list of "commonly used APIs" expands.

A few months ago I bumped the AdMob SDK in Beautiful HD Wallpapers and was met with a rejection telling me that NSPrivacyAccessedAPITypes was missing entries. The same SDK update had gone through cleanly on one of my relaxing-music apps six months earlier. The difference was not obvious from a quick diff, and I lost a full day chasing it. This article distills what I have built since then so that days like that do not happen again. I use Claude Code for most of the heavy lifting, and I will show the prompts and scripts exactly as they sit in my repositories today.

Why Privacy Manifest Hits Indie Developers Hardest

Privacy Manifest is a declaration file Apple began rolling out as mandatory across spring 2024. Beyond your own app target, any SDK that touches Apple's list of "commonly used APIs" is also expected to ship its own manifest inside its framework bundle. There are three structural reasons this is harder for indie developers than for teams.

First, the rate at which SDKs adopt new requirements is inconsistent. A typical iOS app pulls in twenty or more dependencies — AdMob, Firebase, Sign in with Apple, lint helpers, reachability utilities — and indie developers rarely have a single dashboard that tracks the compliance status of all of them.

Second, dependencies that were fine when you added them can suddenly require a manifest later. Apple periodically expands the list of Required Reasons API categories. UserDefaults, fileTimestamp, systemBootTime, and diskSpace were all added after the initial release, and older indie apps tend to use them unconsciously.

Third, rejection messages are sparse. App Review usually says only "declarations for NSPrivacyAccessedAPITypes are missing or incomplete," leaving you to figure out which SDK is responsible and which API category needs a new entry.

Folding all of that into a monthly routine without an assistant is what burns time. The realistic move is to put the monitoring and patch generation on Claude Code.

The Minimum Vocabulary You Need

Just enough scaffolding so the rest of the article reads cleanly.

PrivacyInfo.xcprivacy declares four major keys. NSPrivacyTracking is a boolean for tracking activity. NSPrivacyTrackingDomains lists endpoints that contribute to tracking. NSPrivacyCollectedDataTypes describes the categories of data the app collects. And NSPrivacyAccessedAPITypes — the protagonist of this article — is an array of reasons for every Required Reasons API category your app uses.

The currently designated categories include File timestamp APIs, System boot time APIs, Disk space APIs, Active keyboard APIs, and User defaults APIs. Each category has a fixed set of reason codes — for instance, User Defaults APIs recognizes CA92.1, 1C8F.1, C56D.1, and AC6B.1. You pick the ones that match your actual usage and list them under each category.

A minimal real-world file looks like this.

<!-- A minimum PrivacyInfo.xcprivacy -->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>NSPrivacyTracking</key>
  <true/>
  <key>NSPrivacyTrackingDomains</key>
  <array>
    <string>googleads.g.doubleclick.net</string>
  </array>
  <key>NSPrivacyCollectedDataTypes</key>
  <array/>
  <key>NSPrivacyAccessedAPITypes</key>
  <array>
    <dict>
      <key>NSPrivacyAccessedAPIType</key>
      <string>NSPrivacyAccessedAPICategoryUserDefaults</string>
      <key>NSPrivacyAccessedAPITypeReasons</key>
      <array>
        <string>CA92.1</string>
      </array>
    </dict>
    <dict>
      <key>NSPrivacyAccessedAPIType</key>
      <string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
      <key>NSPrivacyAccessedAPITypeReasons</key>
      <array>
        <string>C617.1</string>
      </array>
    </dict>
  </array>
</dict>
</plist>

The important point is that the values inside NSPrivacyAccessedAPITypeReasons are reason codes, not free text. When you have Claude Code generate manifest snippets, include the Apple reference list in your prompt so it does not invent codes.

Thank you for reading this far.

Continue Reading

What follows includes implementation code, benchmarks, and practical content we hope you'll find useful. This site runs without ads — server and development costs are supported entirely by members like you. If it's been helpful, we'd be truly grateful for your support.

WHAT YOU'LL LEARN
A pragmatic mental model of how Privacy Manifest and Required Reasons APIs interact, sized for indie iOS work rather than enterprise compliance teams
A Claude Code workflow with real commands for spotting drift when adding or updating dependencies, before App Store rejection
An end-to-end pattern that turns an App Store Connect rejection log into a unified-diff patch and re-submission
Secure payment via Stripe · Cancel anytime

Unlock This Article

Get full access to the rest of this article. Buy once, read anytime. This site is ad-free — your support goes directly toward keeping it running.

or
Unlock all articles with Membership →
Share

Thank You for Reading

Claude Lab is ad-free, supported entirely by members like you. We publish practical guides daily with implementation code, benchmarks, and production-ready patterns. If you've found it useful, we'd love to have you on board.

  • Copy-paste ready implementation code
  • New advanced guides published daily
  • $5/mo or $10 for lifetime access
View Membership →

Related Articles

Claude Code2026-07-08
Auditing Your Own Code for Required Reason API Declarations with Claude Code
Required reason codes in PrivacyInfo.xcprivacy apply to your own code, not just third-party SDKs. After a wallpaper app of mine was rejected, here is the Claude Code workflow I use to scan Swift sources and match APIs to reason codes before submission.
Claude Code2026-06-30
Fixing Blurry Wallpapers on New iPhones with Claude Code: Safely Growing a Per-Device Resolution Map
Why wallpapers go blurry or letterboxed on brand-new iPhones, and how to collapse scattered device branches into a single source of truth you can extend in one line — walked through as a real Claude Code refactor with before/after code.
Claude Code2026-06-04
Clearing Crashlytics 'Missing dSYM' Warnings with Claude Code: A Field Memo
Right after moving Firebase to SPM, my Crashlytics reports stopped symbolicating and showed raw addresses. Here is how I narrowed down the Missing dSYM cause with Claude Code and rebuilt an upload path that does not break again.
📚RECOMMENDED BOOKS
Build a Large Language Model (From Scratch)
Sebastian Raschka
LLM Dev
Prompt Engineering for LLMs
Berryman & Ziegler
Prompting
AI Engineering
Chip Huyen
AI Eng
* Contains affiliate links
See all →