Closed RamblinWreck77 closed 2 years ago
@RamblinWreck77 I just released 4.0.1 with PR https://github.com/mixpanel/mixpanel-swift/pull/559 to address your concerns please let me know if that takes care of it.
@jaredmixpanel That looks much better! Thanks for the quick turnaround on this one.
A routine code audit of our 3rd party libraries found some alarming things in the Mixpanel SDK today:
1) AutomaticEvents() appears to always be active even if
trackAutomaticEvents: false
is set2) AutomaticEvents is a SKPaymentTransactionObserver, so you guys are watching all of our IAP activity even if we explicitly turn automatic tracking off
3) You make .sync {} calls to awaitingTransactionsWriteLock inside the delegate callbacks, which in our testing blocks the caller thread and hangs our own app's SKPaymentTransactionObserver until your process returns
4) awaitingTransactionsWriteLock is a .utility QoS thread, so all IAP purchase requests are synchronously throttled to .utility QoS which is bad for obvious reasons
I'll be forking the mixpanel SDK to remove the offending code entirely, and to put it kindly we were less than thrilled to find this when we went looking.
I would greatly appreciate a release that totally removes these features and any/all interaction with StoreKit unless we explicitly opt in to it