Introduced in Xcode 15, Apple is now flagging specific APIs as needing a “Required Reason” to use. All usages of “Required Reason” APIs MUST be outlined in a Privacy manifest. A Privacy manifest is a document outlining how your app/SDK collects and uses a user’s data.

This is also time sensitive (https://developer.apple.com/news/?id=z6fu1dcu).

Starting in fall 2023, when you upload a new app or app update to App Store Connect that uses an API (including from third-party SDKs) that requires a reason, you’ll receive a notice if you haven’t provided an approved reason in your app’s privacy manifest. And starting in spring 2024, in order to upload your new app or app update to App Store Connect, you’ll be required to include an approved reason in the app’s privacy manifest which accurately reflects how your app uses the API.

https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api?language=objc
https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_data_use_in_privacy_manifests?language=objc
https://developer.apple.com/videos/play/wwdc2023/10060/

We'll probably want to also add testing to scan for Required Reason APIs, so they get caught when added.

We could also build tooling around this to try and warn plugin authors.