facebook / facebook-ios-sdk

Used to integrate the Facebook Platform with your iOS & tvOS apps.
https://developers.facebook.com/docs/ios
Other
7.8k stars 3.56k forks source link

Privacy manifests only included in release 17.0.0 with breaking changes #2384

Open elitree opened 7 months ago

elitree commented 7 months ago

Checklist before submitting a bug report

Xcode version

15.2

Facebook iOS SDK version

17.0.0

Dependency Manager

CocoaPods

SDK Framework

Core

Goals

I want to use the Facebook iOS SDK to include the required privacy manifest changes without breaking my app (due to the new requirements for limited login added in 17.0.0. Currently developers can only get the privacy manifests by updating to 17.0.0.

Please release a 16.x minor update of the SDK which includes the privacy manifests for the imminent Apple App Store restriction, so that devs have time to update their app code and more successfully test v17.

Expected results

I would expect that the privacy manifest changes would be made available in a minor release, without breaking changes associated.

Actual results

Currently developers can only get the privacy manifests by updating to 17.0.0, and implementing the required breaking changes if they haven't been made.

Steps to reproduce

Using an app which hasn't implemented Limited Login:

  1. Download v17.0.0 of the Facebook iOS SDK
  2. Note that it includes privacy manifest information
  3. Compile and build the app
  4. Attempt a login
  5. Note that the "Invalid OAuth access token - Cannot parse access token" error is received

Code samples & details

Other issues where this is being encountered include:

https://github.com/facebook/facebook-ios-sdk/issues/2365
https://github.com/facebook/facebook-ios-sdk/issues/2375

This isn't a duplicate of those issues, but rather pointing out that this required privacy manifest change should be made available in a non-major release.
short-dsb commented 7 months ago

Thanks for reporting this @elitree.

For more context, the Apple requirement for privacy manifests goes in to effect on May 1st, so the window for this is rapidly closing.

harshil-vyas08 commented 7 months ago

This isn't a duplicate of those issues; instead, it's pointing out that this required privacy manifest change should be made available in a non-major release.

stivmac commented 7 months ago

+1

lurenzhangdeshuai commented 7 months ago

+1 17.0.0 is instability

yosukapro commented 7 months ago

+1 The moment is gradually approaching

jonathanNitiparsong commented 7 months ago

+1 but coming here from the Facebook SDK for Unity. Building for iOS for us has these same issues and we are also in need of any solution found here.

Louisload commented 7 months ago

+1 Yes please. This is too big of a change just to cope with the Privacy Manifest.

AleksandrZhmurkovMD commented 7 months ago

+1

fabiomsouto commented 7 months ago

Please consider this possibility!

lkuczborski commented 7 months ago

+1 Any update on this? Is there a chance for Privacy Manifest to be added in v16.x.x without breaking changes?

pahnev commented 7 months ago

The privacy manifest deadline is approaching fast, please make an intermediate release with only those added since 16.3.1 release.

As the many threads here show, the 17.0.0 was completely botched and there simply are no clear solutions to resolve the login issues many of us are having.

floriangbh commented 7 months ago

The least they could do would be to get feedback from the team that manages the SDK. Even if it's a definite "no". Facebook probably needs to collect data through the SDK as much as we need it for our users' uses. Many developers are already removing the SDK now. Wake up!

zhong-meta commented 7 months ago

Hello,

We made changes both to the iOS SDK and our core login systems to support the privacy manifest requirements based on the upcoming App Transparency Tracking enforcement so that iOS users who have opted out of ATT are able to use FBLogin. As a result, we do not plan to release the privacy manifest as part of a minor update. Our recommendation is that users integrate Limited Login following the official documentation: https://developers.facebook.com/docs/facebook-login/limited-login/ios https://developers.facebook.com/docs/facebook-login/limited-login/unity/

See more details here.

NuckChorris commented 2 months ago

This issue and the fact that it has not been resolved in the past 6 months (as well as the fact that Limited Login was released in March and then mandatory two months later, with a massive reduction in capabilities vs both web and Android) raises a LOT of red flags for the Facebook SDK and makes me think I ought to remove Facebook login entirely, on all platforms. Like, hear me out:

  1. What possible reason could the Login SDK have for apparently using device fingerprinting so heavily that complying with these restrictions entailed building out an entirely separate, fully incompatible login implementation? Should we be concerned that Android is still using the old system which has (presumably, given Apple won't let you publish an app with it) an enormous privacy violation?
  2. How was two months notice acceptable? Why was this not mentioned in the CHANGELOG? Why is this still not mentioned in the README while a small change to Apple's privacy disclosures from 4 years ago is?