Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Privacy Manifests #198

Open
wlxo0401 opened this issue Dec 12, 2023 · 21 comments
Open

Privacy Manifests #198

wlxo0401 opened this issue Dec 12, 2023 · 21 comments

Comments

@wlxo0401
Copy link
Contributor

wlxo0401 commented Dec 12, 2023

i have a question

I think we need Privacy Manifests due to Apple policy.

Read Apple docs, which say:


From Fall 2023 you’ll receive an email from Apple if you upload an app to App Store Connect that uses required reason API without describing the reason in its privacy manifest file. From Spring 2024, apps that don’t describe their use of required reason API in their privacy manifest file won’t be accepted by App Store Connect.

@wlxo0401
Copy link
Contributor Author

@evgenyneu

hello. I am an iOS developer from South Korea.

I am grateful for the ‘Cosmos’ you created.

However, due to this change in Apple policy, if you use a third-party library, you must add a Privacy Manifest.

I love this library and think it's great. Please make sure to continue using it.

@evgenyneu
Copy link
Owner

Thanks @wlxo0401, is it responsibility of the app developer to provide the manifest, or does it need to be included in the third party libraries?

@wlxo0401
Copy link
Contributor Author

@evgenyneu
Thank you for your reply.


https://developer.apple.com/videos/play/wwdc2023/10060/
https://developer.apple.com/documentation/bundleresources/privacy_manifest_files

I understood that the developers who created the library should distribute including Privacy Manifest.

Apple seems to be aiming to let developers who use third-party libraries know what they're doing inside the library.

So library developers need to add Privacy Manifest to their library, and make sure Xcode recognizes it.

스크린샷 2023-12-19 오후 12 20 33 Exemplary photo

Libraries with the Privacy Manifest applied properly are

  1. Perform Archive
  2. Go to the Organizer screen
  3. Check Privacy Report for Archived Builds
  4. Privacy Manifest is properly reflected.

You can check the above procedure.

@evgenyneu
Copy link
Owner

That's good to know @wlxo0401. Feel free to submit a PR with the manifest.

@wlxo0401
Copy link
Contributor Author

@evgenyneu

But I don't know clearly yet how to apply it.

And I don't know exactly what part of Cosmos should be specified.

@evgenyneu
Copy link
Owner

It's ok, maybe someone else can help here.

@wlxo0401
Copy link
Contributor Author

@evgenyneu

https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api

The above document contains a list of APIs that should be displayed in the Privacy Manifest claimed by Apple.

Did you use the API that belongs to the list above while making the library? If there is, please list it.

@evgenyneu
Copy link
Owner

This library does not use these APIs.

@wlxo0401
Copy link
Contributor Author

wlxo0401 commented Dec 25, 2023

@evgenyneu

Hi I added PrivacyInfo.

As you told me, Cosmos added PrivacyInfo based on not using APIs.
but I couldn't add it to the package.
PR

I brought an example of how I did other libraries. But when I did it, the error occurred..
Example

When we complete this, we need to make sure that it is finally reflected in the Privacy Report. That way, we can finish it..

Can you help me??

@evgenyneu
Copy link
Owner

No sure how to fix it, feel free to submit a PR people. Thanks for the manifest PR @wlxo0401 and Happy New Year!

@wlxo0401
Copy link
Contributor Author

@evgenyneu
Thank you for your kind response in your busy life.

Happy New Year to you, too.

I think there are steps left to add to the package and podspec.

First of all, it would be difficult to release a new release as it is, right?

I think it would be good to let people know that the library is alive..

@evgenyneu
Copy link
Owner

evgenyneu commented Dec 27, 2023

I think there are steps left to add to the package and podspec.

Sure, feel free to submit another PR. I personally not sure what needs to be done with these manifests.

First of all, it would be difficult to release a new release as it is, right?

By release you mean add a git tag? I can do it if that's what you need, let me know.

@wlxo0401
Copy link
Contributor Author

wlxo0401 commented Dec 27, 2023

@evgenyneu
Thank you for your quick response.

I also actually still have a lot of questions. However, Apple is doing a lot of research because WWDC mentioned this work.

Some libraries have even been mentioned by Apple. _ Apple Doc
(There are already libraries with PrivacyManifest without Apple mention.)

Looking at the data I found, I understand that all libraries should do this.

Since it will be implemented from next spring, I'm going to prepare it in advance, but I don't think there is any information as I thought.

That's enough for today and I'll look into it more..

@wlxo0401
Copy link
Contributor Author

wlxo0401 commented Jan 2, 2024

@evgenyneu
RxSwift issue
Looking at the above issue, it seems correct that all three-party libraries should add PrivyManifest.

I think we need to apply this to meet the conditions that Apple wants.
It seems that information on whether or not PrivacyInfo corresponds to it should be provided.

(Shouldn't you check 'Keychain-Swift' as well?)

@evgenyneu
Copy link
Owner

Cool ty!

@wlxo0401
Copy link
Contributor Author

wlxo0401 commented Jan 2, 2024

@evgenyneu

I think it's about time, are you planning to release a new 24 version??

@evgenyneu
Copy link
Owner

are you planning to release a new 24 version?

Sure, which one do you personally need? Cocoapods or swift package manager?

@wlxo0401
Copy link
Contributor Author

wlxo0401 commented Jan 2, 2024

are you planning to release a new 24 version?

Sure, which one do you personally need? Cocoapods or swift package manager?

I am using the swift package manager.
Is it difficult to apply both? (I don't know the library distribution procedure.)

PrivacyManifest has been applied, but Apple's alleged policy implementation date must come to know if it works properly.
I want a lot of users to use the version with 'PrivacyInfo' applied. And I want them to find additional issues.

@evgenyneu
Copy link
Owner

I am using the swift package manager.

Ok I pushed the 24.0.0 tag, you can test it with SPM.

I want a lot of users to use the version with 'PrivacyInfo' applied. And I want them to find additional issues.

We don't spend our time to make it work for others here :D This is open source project, so people will submit a PR if they need to fix stuff.

@wlxo0401
Copy link
Contributor Author

@evgenyneu

Hello.

Could you please issue a new version based on the last PR???

@evgenyneu
Copy link
Owner

@wlxo0401 I pushed version 25.0.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants