search

KhronosGroup / MoltenVK

MoltenVK is a Vulkan Portability implementation. It layers a subset of the high-performance, industry-standard Vulkan graphics and compute API over Apple's Metal graphics framework, enabling Vulkan applications to run on macOS, iOS and tvOS.
Apache License 2.0
4.86k stars 430 forks source link

Support Privacy Manifest files #2187

Open julianrex opened 8 months ago

julianrex commented 8 months ago

Privacy Manifests will soon be a requirement for SDKs used in apps launched on the App Store. From https://developer.apple.com/news/?id=3d8a9yyh

At WWDC23, we introduced new privacy manifests and signatures for commonly used third-party SDKs and announced that developers will need to declare approved reasons for using a set of APIs in their app’s privacy manifest. These changes help developers better understand how third-party SDKs use data, secure software dependencies, and provide additional privacy protection for users.

Starting March 13: If you upload a new or updated app to App Store Connect that uses an API requiring approved reasons, we’ll send you an email letting you know if you’re missing reasons in your app’s privacy manifest. This is in addition to the existing notification in App Store Connect.

Starting May 1: You’ll need to include approved reasons for the listed APIs used by your app’s code to upload a new or updated app to App Store Connect. If you’re not using an API for an allowed reason, please find an alternative. And if you add a new third-party SDK that’s on the list of commonly used third-party SDKs, these API, privacy manifest, and signature requirements will apply to that SDK. Make sure to use a version of the SDK that includes its privacy manifest and note that signatures are also required when the SDK is added as a binary dependency.

This functionality is a step forward for all apps and we encourage all SDKs to adopt it to better support the apps that depend on them.

Although MoltenVK isn't included in the initial list of commonly used SDKs, I would expect all SDKs to require privacy manifests in the not too distant future.

See:

spnda commented 8 months ago

There is a list of all APIs which require a reason in the privacy manifest, which you can find here. This, as far as I can tell, doesn't apply to MoltenVK in any way, as Metal or CoreGraphics APIs are not listed. There is also a list of collected data types that need to be listed here, where again, this is only confidential data, files, location, ..., nothing which would apply to MoltenVK.

billhollings commented 8 months ago

There is a list of all APIs which require a reason in the privacy manifest, which you can find here.

Thanks for that research.

This looks to be something to be aware of, but since MoltenVK doesn't deal in any of the private user data content that Apple is working to protect, it's unlikely this will become an issue in the near future.