search

TobiasBuchholz / Plugin.Firebase

Wrapper around the native Android and iOS Firebase Xamarin SDKs
MIT License
211 stars 49 forks source link

Privacy manifest declaration/ Privacy-impacting SDK #242

Closed Bugweiser closed 3 months ago

Bugweiser commented 9 months ago

According to the Apple's documentation, the reason has to be clarified in case of using a required reason API: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api

In addition, FirebaseMessaging is marked as a privacy-impacting SDK by Apple. It must have a privacy manifest + must be signed with a signature. https://developer.apple.com/support/third-party-SDK-requirements/

Is there any plan when an update is available which supports this new requirement?

TobiasBuchholz commented 9 months ago

Hmm, that's a good question, it's the first time I'm hearing of this. In the best case scenario the plugins underlying native sdks will get updated to support this new requirement but since the iOS nuget package got updated the last time over a year ago I'm not sure whether this will happen...did you receive an email from apple or how did you encounter this new requirement?

Bugweiser commented 9 months ago

I haven't received any email from Apple. I was aware that we need to provide this manifest due to the Required Reason API (announced at WWDC23), just accidently bumped into the page where Firebase was marked as a Privacy-impacting SDK.

cotrasys commented 6 months ago

From 3/13, when we send new review request, we received mail from Apple like this.

ITMS-91053: Missing API declaration - Your app’s code in the “(Application Name)” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

Here is the latest news from Apple: Privacy updates for App Store submissions - Latest News - Apple Developer

firebase-ios-sdk had resolved the issue by Version 10.22.0 - March 4, 2024. https://firebase.google.com/support/release-notes/ios#version_10220_-_march_4_2024

@TobiasBuchholz Do you have any thoughts?

AdamEssenmacher commented 3 months ago

This should be resolved with version 3.0.0