Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Privacy Manifest #1332

Closed
nokiaowner opened this issue Dec 1, 2023 · 16 comments · Fixed by #1342
Closed

Privacy Manifest #1332

nokiaowner opened this issue Dec 1, 2023 · 16 comments · Fixed by #1342

Comments

@nokiaowner
Copy link

Hello,

At WWDC23 Apple announced that apps and SDKs that make use of certain "required reason" APIs etc will need to provide a privacy manifest.
Does PromiseKit need to include this manifest?
Is this update on the roadmap for the team? I appreciate that enforcement won't happen until Spring 2024 but I wanted to make contact so that we can plan our own app releases to take this into account.

Here’s some useful references:

https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_data_use_in_privacy_manifests

https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api

https://developer.apple.com/videos/play/wwdc2023/10060/

Thanks
@LionWY
Copy link

LionWY commented Dec 11, 2023

+1

1 similar comment
@FONickReichard
Copy link

+1

@mxcl
Copy link
Owner

mxcl commented Dec 20, 2023
edited
Loading

PromIseKit (the core framework) doesn’t, but its extensions probably do, eg. PMKCoreLocation.

It seems to me this isn't a framework requirement, but apps will need to specify the reasons. Happy to proven wrong, but in that case I don’t see how we can provide the reason.

We may need to split extensions up into more pieces so app developers can import on a per functionality basis. Not sure I can see another way to do it.

If so we may need to drop support for Carthage and possibly CocoaPods.

@FONickReichard
Copy link

FONickReichard commented Dec 20, 2023
edited
Loading

Hey @mxcl ,

I believe this sums it up nicely:
"Starting in spring 2024, you must include the privacy manifest for any SDK listed below when you submit new apps in App Store Connect that include those SDKs, or when you submit an app update that adds one of the listed SDKs as part of the update."
https://developer.apple.com/support/third-party-SDK-requirements/

Screenshot from the docs that @nokiaowner provided.
Screenshot 2023-12-20 at 10 39 36 AM

The WWDC video above at timestamp 10:30 also mentions this. SDK owners are required to provide the details to the .xcprivacy file.

The Airbnb lottie-ios SDK has a nice implementation of this new requirement: airbnb/lottie-ios#2252

As far as the implementation goes, adding the PrivacyInfo.xcprivacy file with the requires & linking it to the Package.swift PromiseKit target would be a great starting point for SPM support.

12/21/23 Edit:
PromiseKit is not listed in the required SDKs in the requirements link I shared above.
The docs & wwdc lead me to believe that all 3rd party SDKs should have the below snippet at a minimum. We'll see how this unfolds as we get closer to Spring of 2024.

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>NSPrivacyTracking</key>
	<false/>
</dict>
</plist>

@mxcl
Copy link
Owner

mxcl commented Dec 27, 2023

Thanks everyone, we have the info we need and can add the privacy manifests to all PromiseKit frameworks. Not sure how CocoaPods intends to handle this yet tho. Will sniff about.

@nokiaowner
Copy link
Author

Hello,

@mxcl Thanks for taking care of this. Is there a tentative date and associated target release version for privacy manifest to be included in the SDK?

Thanks

@mxcl
Copy link
Owner

mxcl commented Jan 9, 2024

The community should feel free to implement this in PromiseKit core (here) then we can easily copy it to the extensions.

I work full time. More than full time. I cannot promise any time on this project at this point.

@nokiaowner
Copy link
Author

Hello,

Fair enough, just wanted to suggest to treat this as high priority. We don't know exactly the day when Apple will enforce the privacy manifest requirement. All we know so far is that's for spring of this year.

Thanks

@nokiaowner
Copy link
Author

Hello,

Bumping as I believe this is important for many.

Thanks

@catalinaIonela
Copy link

catalinaIonela commented Apr 4, 2024
edited
Loading

Hi,

Bumping this as the deadline from Apple is approaching. Alternatively can you please provide us with a temporary solution and give us the .plist?

Thanks

This was referenced Apr 6, 2024
Closed
Merged
@RomanPodymov
Copy link
Collaborator

Actually you can add the privacy manifest directly to your app, so you don't have to add it to each open source library you are using. But anyway, we can add it to PromiseKit #1342.

@Marvel2002
Copy link

Actually you can add the privacy manifest directly to your app, so you don't have to add it to each open source library you are using. But anyway, we can add it to PromiseKit #1342.

I think this is incorrect. We need to first add it to our own app, and make sure that all the 3rd parties apps that we are using implements it as well.

@nokiaowner
Copy link
Author

Actually you can add the privacy manifest directly to your app, so you don't have to add it to each open source library you are using. But anyway, we can add it to PromiseKit #1342.

I think this is incorrect. We need to first add it to our own app, and make sure that all the 3rd parties apps that we are using implements it as well.

That is indeed the case.

@marcoboerner
Copy link

Actually you can add the privacy manifest directly to your app, so you don't have to add it to each open source library you are using. But anyway, we can add it to PromiseKit #1342.

I think this is incorrect. We need to first add it to our own app, and make sure that all the 3rd parties apps that we are using implements it as well.

That is indeed the case.

We had the same issue with a few dependencies. Even though each 3rd party SDK should have their privacy manifest, we did add the missing reasons to our manifest, and as of today, Apple did accept our submission without sending us another warning. It's only a workaround, and not sure how long this will be accepted. But at least for now, it's not a blocker if the 3rd party SDK's have missing infos in the manifest.

@jayeshkawli
Copy link

Actually you can add the privacy manifest directly to your app, so you don't have to add it to each open source library you are using. But anyway, we can add it to PromiseKit #1342.

I think this is incorrect. We need to first add it to our own app, and make sure that all the 3rd parties apps that we are using implements it as well.

That is indeed the case.

We had the same issue with a few dependencies. Even though each 3rd party SDK should have their privacy manifest, we did add the missing reasons to our manifest, and as of today, Apple did accept our submission without sending us another warning. It's only a workaround, and not sure how long this will be accepted. But at least for now, it's not a blocker if the 3rd party SDK's have missing infos in the manifest.

We had the same experience. But the question remains whether PromiseKit indeed needs its own Privacy manifest file.

@marcoboerner
Copy link

Actually you can add the privacy manifest directly to your app, so you don't have to add it to each open source library you are using. But anyway, we can add it to PromiseKit #1342.

I think this is incorrect. We need to first add it to our own app, and make sure that all the 3rd parties apps that we are using implements it as well.

That is indeed the case.

We had the same issue with a few dependencies. Even though each 3rd party SDK should have their privacy manifest, we did add the missing reasons to our manifest, and as of today, Apple did accept our submission without sending us another warning. It's only a workaround, and not sure how long this will be accepted. But at least for now, it's not a blocker if the 3rd party SDK's have missing infos in the manifest.

We had the same experience. But the question remains whether PromiseKit indeed needs its own Privacy manifest file.

It does, and not only the empty file, it should have all the required entries as well. I assume it's only a matter of time before Apple won't accept the workaround mentioned above anymore.

RomanPodymov added a commit that referenced this issue May 11, 2024
@RomanPodymov
Fix #1332 (#1342)
4c31ef1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix #1332
9 participants
@mxcl @LionWY @RomanPodymov @Marvel2002 @nokiaowner @catalinaIonela @marcoboerner @FONickReichard @jayeshkawli