Closed via-guy closed 1 month ago
via-guy
commented
1 month ago @nzagorchev tagging you because you're the only active dev on this project. This is critical to deal with ASAP. It puts any users of this SDK in legal risk. Can you please investigate?
nzagorchev
commented
1 month ago Hi @via-guy, I am currently working on the Apple Privacy Manifest. I have removed the code in question since this is not a required functionality. We are working on releasing a new version with the Privacy Manifest and Xcode 15.3 compatibility as soon as possible. I will link the branch and PR once ready.
via-guy
commented
1 month ago @nzagorchev amazing, thank you for this! Could you please publish a new version now, so that we can include it in our project before May, which is Apple's surprisingly strict deadline? We actually include the Leanplum SDK through mParticle, so we'll need them to update too, which may also take some time...
Apple have started sending warnings that by May 1, 2024 apps must provide information as to why they are accessing privacy APIs. https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api#4278393
We can see in the following line usage of
NSFileCreationDateandNSFileModificationDate. https://github.com/Leanplum/Leanplum-iOS-SDK/blob/master/LeanplumSDK/LeanplumSDK/Classes/Internal/Leanplum.m#L1144Apple clearly states that this information cannot be sent offline, which is being performed in
[Leanplum startWithUserId:userAttributes:responseHandler:].Expected Behavior
Leanplum conforms to Apple's requirements to not send private file information offline.
Actual Behavior
Leanplum takes the modification date of the app's
Info.plistfile and tracks it.Steps to Reproduce the Problem
Run an app with Leanplum installed...
Specifications