Closed via-guy closed 1 month ago
@nzagorchev tagging you because you're the only active dev on this project. This is critical to deal with ASAP. It puts any users of this SDK in legal risk. Can you please investigate?
Hi @via-guy, I am currently working on the Apple Privacy Manifest. I have removed the code in question since this is not a required functionality. We are working on releasing a new version with the Privacy Manifest and Xcode 15.3 compatibility as soon as possible. I will link the branch and PR once ready.
@nzagorchev amazing, thank you for this! Could you please publish a new version now, so that we can include it in our project before May, which is Apple's surprisingly strict deadline? We actually include the Leanplum SDK through mParticle, so we'll need them to update too, which may also take some time...
Apple have started sending warnings that by May 1, 2024 apps must provide information as to why they are accessing privacy APIs. https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api#4278393
We can see in the following line usage of
NSFileCreationDate
andNSFileModificationDate
. https://github.com/Leanplum/Leanplum-iOS-SDK/blob/master/LeanplumSDK/LeanplumSDK/Classes/Internal/Leanplum.m#L1144Apple clearly states that this information cannot be sent offline, which is being performed in
[Leanplum startWithUserId:userAttributes:responseHandler:]
.Expected Behavior
Leanplum conforms to Apple's requirements to not send private file information offline.
Actual Behavior
Leanplum takes the modification date of the app's
Info.plist
file and tracks it.Steps to Reproduce the Problem
Run an app with Leanplum installed...
Specifications