You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Apple is set to require additional documentation around usage of APIs that can be used to fingerprint and track users without their consent or knowledge. This translates to disclosing from a list of approved reasons why your app (or SDK) accesses some sensitive APIs.
Apple will start looking for required reasons in the privacy manifest this fall, and enforcing (preventing uploads) to apps next spring if using APIs without an appropriate approved reason.
One example that I think might require change to this sdk is the print out of user defaults. Namely, the user defaults reporter grabs the entire user defaults dictionary and creates a report to be transmitted off device.
CA92.1
Declare this reason to access user defaults to read and write information that is only accessible to the app itself.
This reason does not permit reading information that was written by other apps or the system, or writing information that can be accessed by other apps.
85F4.1
Declare this reason to display disk space information to the person using the device. Disk space may be displayed in units of information (such as bytes) or units of time combined with a media type (such as minutes of HD video).
Information accessed for this reason, or any derived information, may not be sent off-device.
E174.1
Declare this reason to check whether there is sufficient disk space to write files, or to check whether the disk space is low so that the app can delete files when the disk space is low. The app must behave differently based on disk space in a way that is observable to users.
Information accessed for this reason, or any derived information, may not be sent off-device. There is an exception that allows the app to avoid downloading files from a server when disk space is insufficient.
The text was updated successfully, but these errors were encountered:
Apple added a list of new reasons why an app can use User Defaults. The out of the box diagnostic grabs the entire user defaults payload and transmits it off device. This should be reopened and addressed.
Apple is set to require additional documentation around usage of APIs that can be used to fingerprint and track users without their consent or knowledge. This translates to disclosing from a list of approved reasons why your app (or SDK) accesses some sensitive APIs.
https://developer.apple.com/documentation/bundleresources/privacy_manifest_files
https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api
Apple will start looking for required reasons in the privacy manifest this fall, and enforcing (preventing uploads) to apps next spring if using APIs without an appropriate approved reason.
One example that I think might require change to this sdk is the print out of user defaults. Namely, the user defaults reporter grabs the entire user defaults dictionary and creates a report to be transmitted off device.
Diagnostics/Sources/Reporters/UserDefaultsReporter.swift
Line 20 in 8800be6
In the future of iOS, reading into the currently "approved" reasons to read/write from UserDefaults, this would explicitly be prohibited.
https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api#4278401
This might also come into play with the Disk space APIs for the smart insights, though it would be approved as-is, as long as 'the app behave differently based on space' via E174.1 or maybe even 85F4.1. But you can't guarantee how developers will use your library.
https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api#4278397
The text was updated successfully, but these errors were encountered: