Deprecated UIWebView API usage

[udvari83]

• SDK/Library version: 4.28
• Environment: Sandbox/Production
• iOS Version and Device: above iOS 12
• Integration type and version: CocoaPods 1.7.4

App Store Connect sends warning after uploading the app, that it contains a deprecated API usage of UIWebView. (ITMS-90809: Deprecated API Usage)

"grep -r "UIWebView" ." found only one match: Binary file ./Pods/Braintree/Frameworks/CardinalMobile.framework/CardinalMobile matches

I don't know it's a false positive warning from the App Store side or what, but I keep getting this warning 2 weeks ago.

[sestevens]

Thanks for letting us know, @udvari83! We'll take a look at this.

[GLJeffery]

+1

[pcjbird]

@scannillo @sestevens the same problem, look forward to your follow-up.

[hollabaq86]

👋 I wanted to post an update that we've escalated this issue to our MPI provider Cardinal Commerce, who is looking into this. We'll follow up when we have more news.

[udvari83]

Any news on this? Its kind of high priority since can't submit apps to the store because of this issue.

[sestevens]

@udvari83 Cardinal Commerce has responded that they are actively working on this, but we will follow up with them again. Just to make sure I understand the situation - was your App Store submission rejected by Apple? I know developers are receiving warning emails from Apple for apps containing UIWebView, but I wasn't under the impression that Apple was currently rejecting apps for this issue.

Could you post a screenshot of the email you received from Apple? If you aren't able to post it here, you can send it confidentially to Braintree Support.

[udvari83]

I didn't got rejection yet, but I'm going to upload a totally new app. During a simple update the review is "less strict", but with the first version they review it thoroughly. I'd like to avoid this situation and keep waiting with the submit/review/fix/submit/review round times.

Its true, that there is no exact date when the builds will be rejected, but they sent this(I cut out only the relevant part):

ITMS-90809: Deprecated API Usage - Apple will stop accepting submissions of apps that use UIWebView APIs . See https://developer.apple.com/documentation/uikit/uiwebview for more information. After you’ve corrected the issues, you can use Xcode or Application Loader to upload a new binary to App Store Connect.

Maybe I'll try to submit the app with the current version and will see what happens. Anyway, thanks for the info!

[sestevens]

@udvari83 OK, good to know! I would definitely try submitting anyway. Apple usually gives some lead-time with issues like this so that there's time to update apps and third-party dependencies.

We will continue to post updates here.

[muthu-smove]

@sestevens Since Braintree has a direct dependency on Cardinal and other frameworks, would it help to have a demo app using the Braintree framework and other dependencies on TestFlight. You could upload builds using Beta versions of Xcode before major releases, so that you can identify and flag issues at an earlier stage and also have a look at deprecated APIs being used. Thanks

Really hoping this gets fixed in time.

[sestevens]

@muthu-smove Thanks for the suggestion. We are working to fix this as quickly as possible.

[muthu-smove]

@sestevens Is there an ETA ?, we are still waiting on the fix. Thanks

[hollabaq86]

@muthu-smove 👋 we're working on a fix with our MPI provider Cardinal Commerce and will post updates in this issue.

[ejensen]

@sestevens @hollabaq86 Any update on this issue? UIWebView has been deprecated for over a year, and its replacement WKWebview had been available for over 5 years. An App Store manager warned that newly submitted apps will be rejected during the App Store review process if the new app includes references to UIWebView. We're hoping we aren't required to rollback to a version of the BrainTree SDK before the Cardinal Mobile SDK was added (v4.23.2)

[sestevens]

@ejensen We completely understand the concern. Unfortunately, I don't have any updates at this point, but we've been following up regularly with Cardinal Commerce. Once we have an updated version of their framework, we'll release a new version of the Braintree SDK as quickly as we can.

[tobynguyen]

Please fix it as soon as possible! My application has been rejected by Apple twice in the last 10 days because of this warning. I found libraries using UIWebView in the following places:

• braintree_ios/Braintree3DSecure/BTThreeDSecureAuthenticationViewController.m
• braintree_ios/Braintree3DSecure/BTWebViewController.h
• braintree_ios/Braintree3DSecure/BTWebViewController.m
• braintree_ios/Specs/Braintree-Acceptance-Specs/KIFUITestActor+BTWebView.m

Thank you!

[ejensen]

@sestevens @hollabaq86 Cardinal Mobile's SDK site has v2.2.1-1 listed as available as of Oct 23rd. The changelog includes Bug fixes: • Deprecated webview.

It appears the Braintree SDK in embedding CardinalMobile v2.1.4-2. Any chance the Braintree can update to v2.2.1-1 of CardinalMobile in order to fix the deprecated usage issue?

[scannillo]

Hi @ejensen. We are working on getting a release out of our SDK with this new Cardinal version. Should be early this week. Will keep you posted here upon release!

[billwerges]

Braintree v4.30.1 has been released which should resolve this issue. Let us know if you're still having problems with this deprecated API usage.

[ejensen]

@scannillo @billwerges Unfortunately CardinalMobile.framework is still using the deprecated UIWebView, and still being rejected in AppStore review. You can check for the references to UIWebView by running this grep script within the Briantree repository directory:

for framework in Frameworks/*.framework; do 
  fname=$(basename $framework .framework)
  echo $fname
  nm $framework/$fname | grep UIWebView
done

It outputs

CardinalMobile U _OBJC_CLASS_$_UIWebView

[tobynguyen]

Braintree v4.30.1 has been released which should resolve this issue. Let us know if you're still having problems with this deprecated API usage.

It's not resolve this issue. App Store Connect is still sent warning after uploading the app

[udvari83]

@scannillo @sestevens : Did you tried to update the Braintree SDK on the demo app and upload it to Testflight? Did it sent back any warning? How did you check that UIWebView references are removed from the CardinalMobile framework? I just want to understand what's happening here...and what to say to my clients.

[mccarron]

I can confirm that others say that the latest update still contains the UIWebView references and Apple flags them at processing time. It's not being rejected at this time, so hopefully Cardinal Commerce is actively working on further improvements.

Thanks for your effort @sestevens @hollabaq86 @scannillo in handling this so quickly.

[yanivshaked]

An easy way to identify the origin of the UIWebView would be to use the following grep command on your xcode project:

Here you can see my project is referencing the deprecated API from:

• Crashlytics (Which I am about to remove)
• Unity itself (Unity 2018.4.4f1; I need to upgrade)
• CardinalMobile (Still did not install the latest version)

Hope this helps

[mccarron]

I see a few people blaming Braintree, but the issue is not with Braintree. The version of CardinalMobile.framework which said Bug fixes: • Deprecated webview is 2.2.1 which is the version Braintree shipped with 4.30.1. You can check the framework's Info.plist to confirm for yourself.

So it appears Cardinal did not actually address the problem fully and we must wait on them to fix it.

[udvari83]

@mccarron I hope we can agree, that to spend 10 sec to check the updated framework is not a big thing to make sure it's correct or not. On the other hand, you are right: in the release notes there is not a word about fixing the deprecated UIWebView problem, just updated the Cardinal framework.

Personally I'm blaming Cardinal for all this thing, but at least Braintree should leave a note: " hey guys, this release won't solve the issue, we know about it and thanks for your patience."

For now it seems like they are just updated the Cardinal framework and released it without checking the actual issues(almost the biggest one, why it must be updated).

[hollabaq86]

Hi everyone,

To say the least, we are disappointed and truly apologize that the latest release does not resolve this issue. We did attempt to use TestFlight as a way to discover if the UIWebView had been removed but encountered build errors that could not be timely resolved. That part of this failure is entirely on us, and we’ll use this as an opportunity to improve our release process for the iOS SDK.

We do understand the impact this has on the ability for your apps to be approved by Apple, and want to get this resolved as soon as possible. To that end, we consider this to be a partial outage and are in communication with CardinalCommerce to resolve this issue with that same urgency. We’ll post updates here as soon as we get them.

[dijipiji]

I'm using the BrainTree DropIn UI for iOS and when a 3DS payment is requested it now outputs:

- CardinalSession - Cardinal Session Lasso Complete 
---Cardinal Logging End---
CoreAnimation: [EAGLContext renderbufferStorage:fromDrawable:] was called from a non-main thread in an implicit transaction! Note that this may be unsafe without an explicit CATransaction or a call to [CATransaction flush].

Could not signal service com.apple.WebKit.WebContent: 113: Could not find specified service
Could not signal service com.apple.WebKit.Networking: 113: Could not find specified service

This was previously working and opened a web view as expected in my app - so it seems like it perhaps needs to be invoked on the main thread to show. Obviously I'm not 100% sure what's going on behind the scenes but it sure needs fixed! Looking forward to an update.

[scannillo]

Hi @dijipiji. Would you mind opening a new issue for your concern in our drop-in repo? It should be handled separately from this thread.

Also please provide replication steps for when you're seeing this warning and details on how this is affecting your integration. Thanks!

[dijipiji]

@scannillo thanks for your speedy reply - I have since discovered this is an issue with my app expecting a 3DS2 type of payment but I am receiving 3DS1 from BT - so, my bad, I need update my app code to accommodate 3DS1 with my BTViewControllerPresentingDelegate. Sorry, for my mis-understanding :)

[hollabaq86]

Hi everyone,

Cardinal has released version 2.2.1-2 of their SDK which should not be using UIWebView. We're working on updating our SDK, and will be using TestFlight to confirm UIWebView is no longer in use.

As soon as we've verified this, we'll release a new version of our SDK for you to use. In the meantime, please continue to follow this issue, as we'll continue to post updates here.

[scannillo]

We released braintree_ios 4.30.2 which contains an updated version of the CardinalMobile framework.

We submitted a test app with the new framework to TestFlight, and did not receive UIWebView deprecation warnings/errors. Please let us know if this fixes your issue!

[pcjbird]

Nice

[dijipiji]

It works 👍

[GLJeffery]

will the latest Braintree Drop In automatically pull in 4.32 without issue? I see that it pulls ~> 4.30 but wasn't sure if this was tested as well, thanks!

[demerino]

It should not have an issue. pod update Braintree should grab 4.30.2.

[scannillo]

@GLJeffery For reference, this syntax is the CocoaPods optimistic operator described here.

[tjolsen-vn]

So I'm still having an issue. In my Cartfile.resolved I have:

github "braintree/braintree-ios-drop-in" "8.1.0"
github "braintree/braintree_ios" "4.33.0"

I'm getting this rejection message from Apple:

ITMS-90809: Deprecated API Usage - New apps that use UIWebView are no longer accepted. Instead, use WKWebView for improved security and reliability. Learn more (https://developer.apple.com/documentation/uikit/uiwebview)

I can't seem to find any other dependencies using UIWebView other than Braintree.

Could this be the potential issue? (Also in the Cartfile.resolved:

binary "https://assets.braintreegateway.com/mobile/ios/carthage-frameworks/cardinal-mobile/CardinalMobile.json" "2.2.2-1"

[scannillo]

Hi @tjolsen-vn. The module Braintree3DSecure is deprecated and shouldn't be included in your project. Instead, you should include BraintreeCore and BraintreePaymentFlow to enable 3DS.

[tjolsen-vn]

@scannillo Wasn't expecting such a speedy reply, thank you. I'll take a look at that.