Does ITMS-91053 always mean the main app is wrong?

No. The signal can come from the main app or an embedded SDK. StoreShield inventories both where the compiled archive exposes evidence.

Should I add NSPrivacyAccessedAPICategoryLocation?

No. Apple does not define that Required Reason API category. Location usage should be handled through permission strings, privacy review, and app privacy disclosures.

ITMS-91053: Missing API Declaration

ITMS-91053 appears when Apple detects Required Reason API usage without the privacy manifest declaration it expects. StoreShield helps you catch the five official Required Reason categories locally before you submit.

7-day trial applies to the Direct DMG only. Mac App Store subscriptions are managed by Apple.

What ITMS-91053 usually means

The archive or an embedded SDK appears to use a Required Reason API category, but the matching PrivacyInfo.xcprivacy declaration is missing or incomplete.

✓ Apple's official Required Reason categories are File Timestamp, System Boot Time, Disk Space, Active Keyboards, and User Defaults.
✓ Location APIs are privacy-sensitive, but Apple does not define a Location Required Reason category.
✓ The fix belongs in PrivacyInfo.xcprivacy for Required Reason APIs, not in a generic reviewer note.

How StoreShield checks it

StoreShield scans the compiled archive locally and separates evidence-backed findings from heuristic signals.

✓ Required Reason API evidence in the app and embedded frameworks.
✓ Manifest category and reason mapping for the Submission Pack.
✓ Confidence labels so developers know what needs manual verification.

What to export before resubmitting

When the issue is present, the Submission Pack turns the fix into files the release owner can act on.

✓ FIX_PLAN.md with declaration and verification steps.
✓ REVIEW_ROOM.md with Privacy and Binary Upload gate evidence.
✓ SARIF, PDF, and machine JSON for CI or handoff workflows.