search

novastone-media / MQTT-Client-Framework

iOS, macOS, tvOS native ObjectiveC MQTT Client Framework
Other
1.84k stars 459 forks source link

Privacy Manifest changes will be needed or remove use of NSFileSystemFreeSize in MQTTCoreDataPersistence.m #619

Open atomhax opened 3 months ago

atomhax commented 3 months ago

I searched for systemFreeSize and NSFileSystemFreeSize and didn't find results.

Short description

We need to make changes to the MQTTCoreDataPersistence.m file in a way to accommodates both OSX clients and iOS/tvOS clients. There is a new Apple privacy change https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api#4278397

Some advertisers were getting sneaky and were using free system size for finger printing devices in the short term. Apple will eventually (May 1st is when they start cracking down) no longer accept App Store submissions that use systemFreeSize or NSFileSystemFreeSize without privacy declarations.

There ARE exceptions that will allow these API usages. The only exception that I think applies is:

E174.1
Declare this reason to check whether there is sufficient disk space to write files, or to check whether the disk space is low so that the app can delete files when the disk space is low. The app must behave differently based on disk space in a way that is observable to users.
Information accessed for this reason, or any derived information, may not be sent off-device. There is an exception that allows the app to avoid downloading files from a server when disk space is insufficient.

We could include the API usage reason at an SDK level or we could just remove this API since I'm seeing all we do is log out the remaining space during verbose logs.

I pulled the project and I see we do include this file for all 3 platforms so we can't just outright remove the functionality.

Screenshot 2024-04-10 at 1 26 36 PM

Environment

Link to logs

N/A

Steps to reproduce

N/A

Expected behaviour

N/A

Actual behaviour

N/A

Other information

N/A

atomhax commented 3 months ago

I'm willing to remove the logging altogether or remove the logging from just iOS/TV clients. Or if no changes are wanted then I guess I won't do anything :D

nsljivic93 commented 3 months ago

@atomhax You are not alone 😅 Seems project was not maintained for some time, and these new Apple Privacy Manifest requirements are due. If you can update the project, you got mine +1

ManueGE commented 2 months ago

@atomhax any chance you can add the manifest or remove the log soon?

thanks!