-
-
Notifications
You must be signed in to change notification settings - Fork 7.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add privacy manifest #3792
Add privacy manifest #3792
Conversation
Thanks a lot for this! Apple actually reached out to Alamofire (as they did with many other popular dependencies) and I asked what the proper handling was for SPM (and CocoaPods, though I don't expect anything there) and I haven't heard back. This is what I expected, but for Alamofire to truly ship this we need to support it through CocoaPods and Carthage as well (Carthage is probably just integrating it into our Xcode project). Any chance you can look at those as well? |
Personally, I'm also skeptical that Apple will actually make this a full requirement, so I'd probably wait to merge it for a while anyway. |
@jshier I totally understand. We never know for sure, but it could help us to be prepared. I'm fine with put it on hold for now. |
Hello As you know, Apple listed Alamofire on the list of SDKs that require a privacy manifest Do you plan to the privacy manifest for older major version, or just for Alamofire 5.X ? I am asking the question because I am still using Alamofire 4.9.1 on one of my projects |
In the event that manifests are required we won't be updating Alamofire 4. Thinking about it I don't think Alamofire 4 uses any of the APIs that need a manifest anyway. |
I don't think there's anything about podspec. |
Do you know when we can expect the app privacy policy to be added? |
I discovered a new while testing. Until now, most of the libraries that have added PrivacyInfo have not been marked in PrivacyReport. However, when an item is added to the 'Privacy Nutrition Label Types', the library name is displayed in the PrivacyReport. Many libraries have updated PrivacyInfo without adding anything from 'Privacy Nutrition Label Types'. Does anyone know about this? Is 'Privacy Nutrition Label Types' a must-have item? Or is it not necessary to display it in the privacy report? Please feel free to leave opinion. The 'PrivacyReport' I'm talking about can be downloaded as a PDF if you archive the app. https://developer.apple.com/videos/play/wwdc2023/10060/
(I used a translator.) |
Hello, is there a reason thats preventing this PR from getting merged? |
@jshier - Seeing that Spring 2024 is soon upon us and Apple listed Alamofire specifically as needing a privacy manifest, is there an issue preventing the PR from being merged?
|
### Goals β½ The privacy manifest implementation from #3792 was incorrect (thought I had checked it) and breaks the package. This fixes the packages and adds the manifest to the raw framework targets as well.
Hi, I have a legacy that use Alamofire 4.5 and when I want to update to the last version that support Manifest Privacy file I have a code broken and It will take a lot of time to updated, is it possible to add this Manifest Privacy file to 4.5 version ? |
It's unclear whether Apple will require existing apps with old dependencies to add privacy manifests for those dependencies. The plain language of their documentation seems to imply so, but my discussions with Apple seem to imply that only the addition of the dependency requires a manifest. In either case, there will be no updates to Alamofire 4, both because it's been four years since 5 was released, and because it doesn't use the restricted API that 5 does. If anyone does update an existing app and get the warnings, let me know so I can reach out to Apple again for clarification. |
Okay thank you @jshier for the explanation. |
Issue Link π
Apple's update to their API policy - Required Reason
Goals β½
To comply with Apple's new privacy policies every app and third-party SDK should include a Privacy manifest in case if they access APIs which potentially can be used for fingerprinting. All use cases of such API require explicit reasons declaration.
Alamofire accesses
systemUptime
property which is included in a required reasons API.Implementation Details π§
systemUptime
, Reason: 35F9.1: Measure time on-device, per documentationTesting Details π
Not applicable