-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for SDK Privacy Manifest - Required reason API declarations #157
Comments
This issue is stale because it has been open for 30 days with no activity. Remove the Stale label or comment or this will be closed in 10 days. |
Apple added a list of new reasons why an app can use User Defaults. The out of the box diagnostic grabs the entire user defaults payload and transmits it off device. This should be reopened and addressed. |
This one might surface today for builds since Apple is going to start giving ITMS warnings for apps using UserDefaults among other APIs. |
Seems like User Defaults isn't only problem, privacy deceleration is needed even for checking how much free space is on the device. |
Apple is set to require additional documentation around usage of APIs that can be used to fingerprint and track users without their consent or knowledge. This translates to disclosing from a list of approved reasons why your app (or SDK) accesses some sensitive APIs.
https://developer.apple.com/documentation/bundleresources/privacy_manifest_files
https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api
Apple will start looking for required reasons in the privacy manifest this fall, and enforcing (preventing uploads) to apps next spring if using APIs without an appropriate approved reason.
One example that I think might require change to this sdk is the print out of user defaults. Namely, the user defaults reporter grabs the entire user defaults dictionary and creates a report to be transmitted off device.
Diagnostics/Sources/Reporters/UserDefaultsReporter.swift
Line 20 in 8800be6
In the future of iOS, reading into the currently "approved" reasons to read/write from UserDefaults, this would explicitly be prohibited.
https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api#4278401
This might also come into play with the Disk space APIs for the smart insights, though it would be approved as-is, as long as 'the app behave differently based on space' via E174.1 or maybe even 85F4.1. But you can't guarantee how developers will use your library.
https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api#4278397
The text was updated successfully, but these errors were encountered: