DaveWoodCom / XCGLogger

A debug log framework for use in Swift projects. Allows you to log details to the console (and optionally a file), just like you would have with NSLog() or print(), but with additional information, such as the date, function name, filename and line number.
MIT License
3.95k stars 476 forks source link

Privacy Manifest for a module as per Apple guideline #331

Open mithleshgomotive opened 7 months ago

mithleshgomotive commented 7 months ago

Hi Team, Apple has announced to have privacy manifest file (PrivacyInfo.xcprivacy) for third party SDKs. For more details, please visit: https://developer.apple.com/support/third-party-SDK-requirements/

Do XCGLogger team have plan to add this support ?

I have few more links explaining this requirement:

  1. https://www.msclb.store/news/?id=3d8a9yyh
  2. Upcoming third-party SDK requirements
  3. Get started with privacy manifests
  4. Describing use of required reason API
  5. Describing data use in privacy manifests
  6. Placing content in a bundle
mithleshgomotive commented 7 months ago

Found, XCGLogger is using File timestamp APIs at: AutoRotatingFileDestination.swift#L141

XCGLogger/Destinations/AutoRotatingFileDestination.swift: >
currentLogStartTimeInterval = (fileAttributes[.creationDate] as? Date ?? Date()).timeIntervalSince1970
pietermuller commented 7 months ago

Since writeToFile can be specified arbitrarily by a client of XCGLogger, I think the reason for NSPrivacyAccessedAPICategoryFileTimestamp should be 0A2A.1 as defined at:

Describing use of required reason API | Apple Developer Documentation https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api

0A2A.1 Declare this reason if your third-party SDK is providing a wrapper function around file timestamp API(s) for the app to use, and you only access the file timestamp APIs when the app calls your wrapper function. This reason may only be declared by third-party SDKs. This reason may not be declared if your third-party SDK was created primarily to wrap required reason API(s). Information accessed for this reason, or any derived information, may not be used for your third-party SDK’s own purposes or sent off-device by your third-party SDK.

mithleshgomotive commented 7 months ago

@pietermuller As per Apple. Courtesy Apple doc.

Third-party SDKs need to provide their own privacy manifest files that record the types of data they collect. Your app’s privacy manifest file doesn’t need to cover data collected by third-party SDKs that your app links to.

mithleshgomotive commented 7 months ago

@DaveWoodCom @dpassage - Apologies for tagging explicitly. can you please help here, as we are reaching to May 1st deadline by Apple ?

dpassage commented 7 months ago

I'm no longer using this framework or making open source contributions in general.

My recommendation would be to make a fork and make the needed changes yourself.

DaveWoodCom commented 7 months ago

Hey all, thanks for bringing this up. I do plan to push an update with a privacy manifest shortly, aiming for next week.

maurovz commented 7 months ago

Hey all, thanks for bringing this up. I do plan to push an update with a privacy manifest shortly, aiming for next week.

@DaveWoodCom let us know if you want us to create a PR with it also. (If you don't have time currently :)

mithleshgomotive commented 6 months ago

@maurovz can you please take this effort, we can raise the PR and get it reviewed by @DaveWoodCom and merge ?

mithleshgomotive commented 6 months ago

I just found a report for XCGLogger using this tool:

Analyzing XCGLogger ...
⚠️  Missing privacy manifest file!
API usage analysis result(s): 1
[0] NSPrivacyAccessedAPICategoryFileTimestamp:.creationDate:../../workspace/mobile_driver_app_ios-5//Pods/XCGLogger/Sources/XCGLogger/Destinations/AutoRotatingFileDestination.swift
🛠️  Descriptions for the following required API reason(s) may be missing: 1
[0] NSPrivacyAccessedAPICategoryFileTimestamp
JCNrick commented 6 months ago

So @DaveWoodCom any news ? 👀

DaveWoodCom commented 6 months ago

I've pushed an update (7.1.1) that includes the Privacy Manifests for XCGLogger, and also the mini framework it uses (ObjcExceptionBridging).

I've set XCGLogger to indicate it uses NSPrivacyAccessedAPICategoryFileTimestamp for the reason C617.1 (access in an app container). There was a mention above to use 0A2A.1 (providing a wrapper function). I went back and forth on this, and noticed that @rinkietheridge-ban also initially had 0A2A.1 in a pull request, and changed it to C617.1, and that felt like it was the most correct to me.

Note that this is currently untested (aka, has no yet been included in an app approved by Apple, so it may need to be tweaked). Please let me know if you submit an update with this version and whether it's approved or not. I'll leave this ticket open until an approval goes through in case changes are needed. With a bit of luck, I'll release an update to one of my apps in the next week or so as a test if no one else beats me.

mithleshgomotive commented 6 months ago

Adding - https://github.com/DaveWoodCom/XCGLogger/issues/334

XCGLogger with v7.1.1 has now Privacy Manifest included in it. But it has also set minimum iOS Deployment target to iOS 15. We want to update XCGLogger version to 7.1.1 but getting restricted by minimum iOS Deployment target. What is the reason for updating the iOS deployment target ? @DaveWoodCom Can you provide us a version of XCGLogger that has both privacy manifest and iOS 14 support ? Otherwise it will require us to upgrade our iOS app's minimum iOS deployment target.