LionWY
commented
10 months ago +1
Closed nokiaowner closed 5 months ago
LionWY
commented
10 months ago +1
FONickReichard
commented
10 months ago +1
mxcl
commented
10 months ago PromIseKit (the core framework) doesn’t, but its extensions probably do, eg. PMKCoreLocation.
It seems to me this isn't a framework requirement, but apps will need to specify the reasons. Happy to proven wrong, but in that case I don’t see how we can provide the reason.
We may need to split extensions up into more pieces so app developers can import on a per functionality basis. Not sure I can see another way to do it.
If so we may need to drop support for Carthage and possibly CocoaPods.
FONickReichard
commented
10 months ago Hey @mxcl ,
~~I believe this sums it up nicely:
"Starting in spring 2024, you must include the privacy manifest for any SDK listed below when you submit new apps in App Store Connect that include those SDKs, or when you submit an app update that adds one of the listed SDKs as part of the update."~~
https://developer.apple.com/support/third-party-SDK-requirements/
Screenshot from the docs that @nokiaowner provided.
The WWDC video above at timestamp 10:30 also mentions this. SDK owners are required to provide the details to the .xcprivacy file.
The Airbnb lottie-ios SDK has a nice implementation of this new requirement: https://github.com/airbnb/lottie-ios/pull/2252
As far as the implementation goes, adding the PrivacyInfo.xcprivacy file with the requires & linking it to the Package.swift PromiseKit target would be a great starting point for SPM support.
12/21/23 Edit: PromiseKit is not listed in the required SDKs in the requirements link I shared above. The docs & wwdc lead me to believe that all 3rd party SDKs should have the below snippet at a minimum. We'll see how this unfolds as we get closer to Spring of 2024.
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>NSPrivacyTracking</key>
<false/>
</dict>
</plist>Thanks everyone, we have the info we need and can add the privacy manifests to all PromiseKit frameworks. Not sure how CocoaPods intends to handle this yet tho. Will sniff about.
nokiaowner
commented
9 months ago Hello,
@mxcl Thanks for taking care of this. Is there a tentative date and associated target release version for privacy manifest to be included in the SDK?
Thanks
mxcl
commented
9 months ago The community should feel free to implement this in PromiseKit core (here) then we can easily copy it to the extensions.
I work full time. More than full time. I cannot promise any time on this project at this point.
nokiaowner
commented
9 months ago Hello,
Fair enough, just wanted to suggest to treat this as high priority. We don't know exactly the day when Apple will enforce the privacy manifest requirement. All we know so far is that's for spring of this year.
Thanks
nokiaowner
commented
7 months ago Hello,
Bumping as I believe this is important for many.
Thanks
catalinaIonela
commented
6 months ago Hi,
Bumping this as the deadline from Apple is approaching. Alternatively can you please provide us with a temporary solution and give us the .plist?
Thanks
RomanPodymov
commented
6 months ago Actually you can add the privacy manifest directly to your app, so you don't have to add it to each open source library you are using. But anyway, we can add it to PromiseKit #1342.
Marvel2002
commented
6 months ago Actually you can add the privacy manifest directly to your app, so you don't have to add it to each open source library you are using. But anyway, we can add it to PromiseKit #1342.
I think this is incorrect. We need to first add it to our own app, and make sure that all the 3rd parties apps that we are using implements it as well.
nokiaowner
commented
6 months ago Actually you can add the privacy manifest directly to your app, so you don't have to add it to each open source library you are using. But anyway, we can add it to PromiseKit #1342.
I think this is incorrect. We need to first add it to our own app, and make sure that all the 3rd parties apps that we are using implements it as well.
That is indeed the case.
marcoboerner
commented
5 months ago Actually you can add the privacy manifest directly to your app, so you don't have to add it to each open source library you are using. But anyway, we can add it to PromiseKit #1342.
I think this is incorrect. We need to first add it to our own app, and make sure that all the 3rd parties apps that we are using implements it as well.
That is indeed the case.
We had the same issue with a few dependencies. Even though each 3rd party SDK should have their privacy manifest, we did add the missing reasons to our manifest, and as of today, Apple did accept our submission without sending us another warning. It's only a workaround, and not sure how long this will be accepted. But at least for now, it's not a blocker if the 3rd party SDK's have missing infos in the manifest.
jayeshkawli
commented
5 months ago Actually you can add the privacy manifest directly to your app, so you don't have to add it to each open source library you are using. But anyway, we can add it to PromiseKit #1342.
I think this is incorrect. We need to first add it to our own app, and make sure that all the 3rd parties apps that we are using implements it as well.
That is indeed the case.
We had the same issue with a few dependencies. Even though each 3rd party SDK should have their privacy manifest, we did add the missing reasons to our manifest, and as of today, Apple did accept our submission without sending us another warning. It's only a workaround, and not sure how long this will be accepted. But at least for now, it's not a blocker if the 3rd party SDK's have missing infos in the manifest.
We had the same experience. But the question remains whether PromiseKit indeed needs its own Privacy manifest file.
marcoboerner
commented
5 months ago Actually you can add the privacy manifest directly to your app, so you don't have to add it to each open source library you are using. But anyway, we can add it to PromiseKit #1342.
I think this is incorrect. We need to first add it to our own app, and make sure that all the 3rd parties apps that we are using implements it as well.
That is indeed the case.
We had the same issue with a few dependencies. Even though each 3rd party SDK should have their privacy manifest, we did add the missing reasons to our manifest, and as of today, Apple did accept our submission without sending us another warning. It's only a workaround, and not sure how long this will be accepted. But at least for now, it's not a blocker if the 3rd party SDK's have missing infos in the manifest.
We had the same experience. But the question remains whether PromiseKit indeed needs its own Privacy manifest file.
It does, and not only the empty file, it should have all the required entries as well. I assume it's only a matter of time before Apple won't accept the workaround mentioned above anymore.
Hello,
At WWDC23 Apple announced that apps and SDKs that make use of certain "required reason" APIs etc will need to provide a privacy manifest. Does PromiseKit need to include this manifest? Is this update on the roadmap for the team? I appreciate that enforcement won't happen until Spring 2024 but I wanted to make contact so that we can plan our own app releases to take this into account.
Here’s some useful references:
https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_data_use_in_privacy_manifests
https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api
https://developer.apple.com/videos/play/wwdc2023/10060/
Thanks