Open markt-bigfish opened 1 month ago
@ncooke3 @paulb777 Any thoughts?
Also, if anyone can "explain like I'm 5 years old" to me what all this is about, i.e. what is Apple's goal with this and why does it affect nanopb in the first place, I would appreciate it.
We don't use nanopb directly, but I have noticed that Firebase Analytics does use as a dependency. Just curious if this is being addressed or what action we all may have to take.
This repo's Package.swift
distro distributes nanopb from source for Apple platforms. Firebase manages a source distro of nanopb for CocoaPods and a binary distribution of nanopb for the Zip option. @markt-bigfish, Firebase will be signing the binary distributions to meet the requirements (follow https://github.com/firebase/firebase-ios-sdk/issues/12238).
Also, if anyone can "explain like I'm 5 years old" to me what all this is about, i.e. what is Apple's goal with this...
In June 2023, Apple introduced privacy manifests to standardize privacy practices for the Apple Developer ecosystem in an enforceable, extendable format.
Privacy manifests are property list files that record (a) the type of data collected by a given app or SDK, and (b) the required reasons APIs the given app or SDK uses, and (c) two other fields related to tracking.
...why does it affect nanopb in the first place...
In December 2023, Apple published a list of "commonly used SDKs in apps on the App Store" that require a privacy manifest. Nanopb is on the list.
This bug can be closed because this repo does not release a binary distro of nanopb for Apple platforms.
Thank you for clarification @ncooke3. Overall, this Privacy Manifest stuff has been a bit confusing for most. Apple's messaging, and documentation to extent, has been subpar in my opinion.
I saw this pull request addresses Apple's Privacy Manifest requirement. However, there is an requirement discussed here Upcoming third-party SDK requirements, nanopb is on "the list", about the requirement of developer signatures: "Signatures are also required in these cases where the listed SDKs are used as binary dependencies". We don't use nanopb directly, but I have noticed that Firebase Analytics does use as a dependency. Just curious if this is being addressed or what action we all may have to take.