search

apptentive / apptentive-ios

Apptentive Legacy SDK for iOS. See https://github.com/apptentive/apptentive-kit-ios for Version 6.
http://www.apptentive.com/
BSD 3-Clause "New" or "Revised" License
147 stars 103 forks source link

iOS 14 Beta - Privacy alert for copying content from other apps appearing with Apptentive #284

Closed DanMorganiOS closed 4 years ago

DanMorganiOS commented 4 years ago

I understand this software is in beta currently. If this is not the appropriate forum to report please let me know.

In iOS 14 beta (both 1 & 2 at this time), if you do a deep link back to your own app with apptentive configured in your app, you will receive a privacy alert that your app pasted from the app you deep linked from on a cold launch (app launch not in memory).

This is because during the configuration of apptentive, apptentive uses the UIPasteboard API to read/write from the clipboard on the device. During a deep link on a cold app launch, it happens early enough that Apple is informing the user that your app is potentially copying content from another app.

Perfect way to reproduce is to use the iOS 14 simulator (Beta 2):

  1. Remove your app from home screen (yes that's possible now) and make sure your app is currently not in memory.
  2. Navigate over to the app library and tap on your app in the "Other" field.
  3. Watch the app launch.

You will see a similar alert appear to the screenshot below (Removed my app name, CoreSimulatorBridge just happens to be the name of this type of "deep link" in the simulator in Beta 2): example

Again I understand this is early on in the Betas, but definitely a concern for me that:

  1. We get this prompt - my users are already tweeting about this wondering why we are accessing their data in this way.
  2. I see here where this library is using the clipboard to pass an access token around that is most likely the candidate for this alert, and I feel like that is an unsecure way to handle access tokens. Curious why this method is being used here 🧐
CaseyApptentive commented 4 years ago

Hi @DanMorganiOS. Great question. This is a known issue with devices on iOS 14, and we put out a release to fix this. Can you update to the latest SDK version, 5.2.14?

The pasteboard notification that you're talking about was actually fixed in 5.2.12, but we noticed and fixed several other small issues which brought us to 5.2.14.

Let me know if that fixes is.

DanMorganiOS commented 4 years ago

Hi @CaseyApptentive thanks for the quick reply! Updating to 5.2.14 made the privacy notification go away.

CaseyApptentive commented 4 years ago

Perfect. Thanks for confirming, @DanMorganiOS .