Closed jaredegan closed 5 years ago
@jaredegan Thanks for the detailed feedback. We're going to discuss with the PayPal Risk team and look into a solution regarding the usage of CNCopyCurrentNetworkInfo
.
@jaredegan The PayPal Risk team is looking into alternatives so we can drop the CNCopyCurrentNetworkInfo
. Thanks again for raising the issue and your patience as we work on the solution.
Any update? We're hoping to ship our Braintree integration within the next 2 weeks. We just got over a 27 day wait for app approval after another one of our partner SDKs was using CNCopyCurrentNetworkInfo
. I have a feeling our next app review will not go well if it's all of a sudden back, whether or not we add the entitlement.
For now, we recommend enabling the entitlement and we will update our documentation where appropriate with these directions. Let us know if you still have questions and if there are still issues submitting your app.
We should be submitting this version within 7 days, so we should be able to give you some feedback within 2 weeks.
@jaredegan I've been following this post, did your app get approved?
Yes, I'm sorry I meant to follow up on this. The app was approved without issue. I will close the issue.
General information
Full version information from
Podfile.lock
:Issue description
libPPRiskComponent
uses theCNCopyCurrentNetworkInfo
API, which now requires the "Access WiFi Information" entitlement in iOS 12. If your app does not have that entitlement, your app will be rejected.This can be verified by using
grep
in your project directory.Apple documentation here: https://developer.apple.com/documentation/systemconfiguration/1614126-cncopycurrentnetworkinfo
I can't find any official Apple documentation on what are appropriate use cases for this capability. That is frustrating, but with their ever-increasing focus on user privacy, and the potential privacy implications of this API, I would assume it leans towards avoiding the use (and inclusion) of this API. I understand this information is used as input into some risk calculation algorithm, but in my opinion PayPal would not win an argument against Apple to say that it is necessary for the Braintree SDK to function.
The options to move forward are either:
1) Remove the use of this API from the PPRiskComponent and publish a new version of the Braintree SDK that doesn't use it. For what it's worth, this is my recommendation. It keeps integration simple, prevents users of this SDK from getting a surprise rejection, and generally follows the direction that Apple is heading.
2) Add notes to the README about needing to add the entitlement necessary to use this API. With the current situation, I believe submitting our app with this SDK and without the entitlement will lead to a confusing app rejection. It's not clear how to determine which 3rd party SDK is using what Apple APIs.