Support for Apple's Privacy Manifest for third party SDK

[mithleshgomotive]

Hi Team, Apple has announced to have privacy manifest file (PrivacyInfo.xcprivacy) for third party SDKs. For more details, please visit: https://developer.apple.com/support/third-party-SDK-requirements/

Do Pendo team have plan to add this support ?

I have few more links explaining this requirement:

1. https://www.msclb.store/news/?id=3d8a9yyh
2. Upcoming third-party SDK requirements
3. Get started with privacy manifests
4. Describing use of required reason API
5. Describing data use in privacy manifests
6. Placing content in a bundle

[shlomipendo]

Hey @mithleshgomotive Yes, adding a privacy manifest is on our work plan, and will be available on one of our next versions (no exact date yet). I can reassure you that our latest versions do not utilize any APIs that necessitate reasoning. Furthermore, to the best of my knowledge in that case there isn't immediate risk in the near future as Pendo is not part of the list of the SDKs that currently requires a manifest

[bmalbuck]

@shlomipendo thanks for the update. Even though Pendo iOS SDK is not listed on the link you provided, it was flagged by Apple when my team submitted a distribution release for Test Flight for our testers. Apple indicated use of UserDefaults which I was able to confirm in your developer documentation Pendo uses UserDefaults to store app id and device id.

See the user defaults section in link 4 @mithleshgomotive posted above.

[shlomipendo]

@bmalbuck thanks, we'll look into it. Can you share the SDK version that you're currently using?

[bmalbuck]

@shlomipendo 3.1.1 Our app adds the Pendo SDK from Swift Package Manager so in the distribution you would need to include a privacy manifest file .xcprivacy

[MikePendo]

@bmalbuck We dont use NSUserDefaults, we used it in the past. On which sdk version you are and can you share what how apple display it

[bmalbuck]

@MikePendo SDK version 3.1.1. If I run my app with this version of Pendo SDK and inspect the app container I see a PNDUserDefaults.plist. Here are the contents:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PNDScreenManager_includeFeatureClickImage</key>
    <true/>
    <key>PNDScreenManager_includeFeatureClickNestedTexts</key>
    <false/>
    <key>PNDScreenManager_includeFeatureClickTexts</key>
    <true/>
    <key>PNDScreenManager_includePageViewTexts</key>
    <true/>
    <key>PNDScreenManager_includeRetroElementCompatibilityHashes</key>
    <false/>
    <key>Pendo.jwtPublicKeySdkVersion</key>
    <string>3.1.1.8220</string>
    <key>bufferDuration</key>
    <integer>10</integer>
    <key>bufferQueueSize</key>
    <integer>10</integer>
    <key>immediateEvents</key>
    <array>
        <string>guideDismissed</string>
        <string>guideSnoozed</string>
        <string>AppSessionEnd</string>
        <string>AppInBackground</string>
    </array>
    <key>io.insert.IDEV9060.deviceId</key>
    <string>8696754183487311123</string>
    <key>kSessionTimeoutKey</key>
    <real>1800</real>
    <key>maxStorageSizeMB</key>
    <integer>10</integer>
    <key>pnd_trackDeviceOrientation</key>
    <integer>1</integer>
</dict>
</plist>```

[MikePendo]

you are right, but its PNDUserDefaults (PND prefix) its just .plist file we use instead of standard NSUserDefaults. We decided to go with that approach to prevent any collisions from hosting app.

[bmalbuck]

That makes sense to keep it separate from standard. If Pendo SDK is not using the UserDefaults APIs to create/read/write values to this plist then maybe the privacy manifest is not required in your distribution. It just seems the timing of dropping in the Pendo SDK in our app and receiving an email from Apple after Test Flight distribution that this was flagged is not coincidental.

[MikePendo]

It's in our road map we still need to add privacy manifests to explain what data is collected. Will be available in 3.2 SDK

[mithleshgomotive]

Do we have any timeline or ETA for v3.2 SDK release @MikePendo ?

[SwiftNativeDeveloper]

Even though the latest version of the library, as you've stated isn't using a required usage API, it is still incredibly important for you to add this with the collected data types so that third party developers can accurately describe to our users what data the app collects.

I can't say it better, this perfectly captures app developer frustrations with vendor sdk with respect to user privacy: https://developer.apple.com/wwdc23/10060?time=104

We have heard from developers like you that it can be challenging to get all the information you need from the great third-party SDKs that your apps depend on.

As such, please add the privacy manifest and include all four keys that it supports as of today, not just the 'required' ones.

NSPrivacyTracking - this should be set to false because you don't do that, right? NSPrivacyTrackingDomains - this should be an empty array, until Apple considers you a tracking domain NSPrivacyCollectedDataTypes - this should be filled out with respect to what the SDK can do NSPrivacyAccessedAPITypes - this should be an empty array, according to the thread above

Regarding the collected data types, as shared before, here is your quick start to getting this done. https://developer.apple.com/app-store/app-privacy-details/

Looking at the SDK functions, documentation, marketing, and capabilities of Pendo, the SDK sure should be disclosing via the collected data types everything it can do. Here is what it feels like your SDK collects, and it is a lot.

https://support.pendo.io/hc/en-us/articles/360053369051-Mobile-SDK-data-collection

• Location (Coarse, maybe even Precise; your backend captures IP and geotags events)
• Customer Support (track event API)
• Other User Content (track event API)
• User ID (visitor ID, right from your docs)
• Device ID (auto generated device id, right from your docs)
• Product Interaction (duh that is your business model, page events, click events)
• Other Usage Data (generic usage analytics, right from your docs)
• Other Data Types (device data, right from your docs)

There are probably other categories that apply, since your SDK is a binary target the community can't help you much beyond looking at what is public.

This data is used for:

• Analytics (your business model)
• App Functionality (your business model)
• Product Personalization (your business model)
• Other Purposes (covering your bases)

Data Linked to the user: Yes Data used to track the user: I sure hope not

[TehilaTaub]

Hi @mithleshgomotive, version 3.2.0 is in our timeline but unfortunately we don't have specific date yet. We will update when it's out.

[randeep-ot]

Hi guys please add the privacy manifest file to v2 as well? Really appreciate it thanks

[shlomipendo]

@randeep-ot Hey, We're not planning to add the privacy manifest to v2, which is only getting critical updates at this point.

[randeep-ot]

Thanks @shlomipendo for letting me know. This seems pretty critical don't you think? Anyway would really appreciate if you could release a patch with the manifest file

[shlomipendo]

@randeep-ot It is important for us to align to Apple's standard, but as we're not currently using APIs that require reasoning and are not obligated to add the manifest, we're planning to only add it to our 3.x releases. Is there a reason you can't upgrade to our latest version?

[randeep-ot]

Thanks @shlomipendo I believe the requirement is to add the privacy manifest file event when the app or SDK is not using any tracking. Upgrading to the latest version of Pendo is in our backlog but we won't get to it before Apple's deadline in May

[shlomipendo]

@randeep-ot I think the privacy manifest is necessary for the commonly used SDKs. Anyway, as an update (that is currently not planned) for 2.22 will still require an SDK upgrade, I highly recommend using our latest SDK, as it includes improvements and bug fixes.

[shlomipendo]

Version 3.2.0, which includes the privacy manifest, is now released.