Privacy Manifests

[wlxo0401]

i have a question

I think we need Privacy Manifests due to Apple policy.

Read Apple docs, which say:

---

From Fall 2023 you’ll receive an email from Apple if you upload an app to App Store Connect that uses required reason API without describing the reason in its privacy manifest file. From Spring 2024, apps that don’t describe their use of required reason API in their privacy manifest file won’t be accepted by App Store Connect.

[wlxo0401]

@evgenyneu

hello. I am an iOS developer from South Korea.

I am grateful for the ‘Cosmos’ you created.

However, due to this change in Apple policy, if you use a third-party library, you must add a Privacy Manifest.

I love this library and think it's great. Please make sure to continue using it.

[evgenyneu]

Thanks @wlxo0401, is it responsibility of the app developer to provide the manifest, or does it need to be included in the third party libraries?

[wlxo0401]

@evgenyneu Thank you for your reply.

---

https://developer.apple.com/videos/play/wwdc2023/10060/ https://developer.apple.com/documentation/bundleresources/privacy_manifest_files

I understood that the developers who created the library should distribute including Privacy Manifest.

Apple seems to be aiming to let developers who use third-party libraries know what they're doing inside the library.

So library developers need to add Privacy Manifest to their library, and make sure Xcode recognizes it.

Exemplary photo

Libraries with the Privacy Manifest applied properly are

1. Perform Archive
2. Go to the Organizer screen
3. Check Privacy Report for Archived Builds
4. Privacy Manifest is properly reflected.

You can check the above procedure.

[evgenyneu]

That's good to know @wlxo0401. Feel free to submit a PR with the manifest.

[wlxo0401]

@evgenyneu

But I don't know clearly yet how to apply it.

And I don't know exactly what part of Cosmos should be specified.

[evgenyneu]

It's ok, maybe someone else can help here.

[wlxo0401]

@evgenyneu

https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api

The above document contains a list of APIs that should be displayed in the Privacy Manifest claimed by Apple.

Did you use the API that belongs to the list above while making the library? If there is, please list it.

[evgenyneu]

This library does not use these APIs.

[wlxo0401]

@evgenyneu

Hi I added PrivacyInfo.

As you told me, Cosmos added PrivacyInfo based on not using APIs. but I couldn't add it to the package. PR

I brought an example of how I did other libraries. But when I did it, the error occurred.. Example

When we complete this, we need to make sure that it is finally reflected in the Privacy Report. That way, we can finish it..

Can you help me??

[evgenyneu]

No sure how to fix it, feel free to submit a PR people. Thanks for the manifest PR @wlxo0401 and Happy New Year!

[wlxo0401]

@evgenyneu Thank you for your kind response in your busy life.

Happy New Year to you, too.

I think there are steps left to add to the package and podspec.

First of all, it would be difficult to release a new release as it is, right?

I think it would be good to let people know that the library is alive..

[evgenyneu]

I think there are steps left to add to the package and podspec.

Sure, feel free to submit another PR. I personally not sure what needs to be done with these manifests.

First of all, it would be difficult to release a new release as it is, right?

By release you mean add a git tag? I can do it if that's what you need, let me know.

[wlxo0401]

@evgenyneu Thank you for your quick response.

I also actually still have a lot of questions. However, Apple is doing a lot of research because WWDC mentioned this work.

Some libraries have even been mentioned by Apple. _ Apple Doc (There are already libraries with PrivacyManifest without Apple mention.)

Looking at the data I found, I understand that all libraries should do this.

Since it will be implemented from next spring, I'm going to prepare it in advance, but I don't think there is any information as I thought.

That's enough for today and I'll look into it more..

[wlxo0401]

@evgenyneu RxSwift issue Looking at the above issue, it seems correct that all three-party libraries should add PrivyManifest.

I think we need to apply this to meet the conditions that Apple wants. It seems that information on whether or not PrivacyInfo corresponds to it should be provided.

(Shouldn't you check 'Keychain-Swift' as well?)

[evgenyneu]

Cool ty!

[wlxo0401]

@evgenyneu

I think it's about time, are you planning to release a new 24 version??

[evgenyneu]

are you planning to release a new 24 version?

Sure, which one do you personally need? Cocoapods or swift package manager?

[wlxo0401]

are you planning to release a new 24 version?

Sure, which one do you personally need? Cocoapods or swift package manager?

I am using the swift package manager. Is it difficult to apply both? (I don't know the library distribution procedure.)

PrivacyManifest has been applied, but Apple's alleged policy implementation date must come to know if it works properly. I want a lot of users to use the version with 'PrivacyInfo' applied. And I want them to find additional issues.

[evgenyneu]

I am using the swift package manager.

Ok I pushed the 24.0.0 tag, you can test it with SPM.

I want a lot of users to use the version with 'PrivacyInfo' applied. And I want them to find additional issues.

We don't spend our time to make it work for others here :D This is open source project, so people will submit a PR if they need to fix stuff.

[wlxo0401]

@evgenyneu

Hello.

Could you please issue a new version based on the last PR???

[evgenyneu]

@wlxo0401 I pushed version 25.0.1