rudder_sdk_flutter v2.3.0 is not compliant with Apple Privacy requirement

[ghassenchaar96]

Hi, we're using rudder_sdk_flutter v2.3.0 in our flutter app.

We got an update from Apple on Rudder SDK is not compliant with Apple Privacy requirement.

ITMS-91107: Invalid tracking information - A PrivacyInfo.xcprivacy file contains invalid tracking information at the following path: “Frameworks/Rudder.framework/Rudder.bundle/PrivacyInfo.xcprivacy”. In addition to the privacy manifest files in the locations outlined in the documentation, starting November 12, 2024, all privacy manifests you submit must have valid content. NSPrivacyTracking must be true if NSPrivacyTrackingDomains isn’t empty. Keys and values in any privacy manifest must be valid. For more details, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files and https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/adding_a_privacy_manifest_to_your_app_or_third-party_sdk.

Can you have this ready up soon. Thanks!

Which platform is the issue occurring on Is the error occurring on:

• [ ] iOS

flutter doctor -v
[✓] Flutter (Channel stable, 3.24.3, on macOS 14.5 23F79 darwin-arm64, locale en-FR)
    • Flutter version 3.24.3 on channel stable at /Users/ghassen/dev/tools/flutter
    • Upstream repository https://github.com/flutter/flutter.git
    • Framework revision 2663184aa7 (il y a 3 semaines), 2024-09-11 16:27:48 -0500
    • Engine revision 36335019a8
    • Dart version 3.5.3
    • DevTools version 2.37.3

[✓] Android toolchain - develop for Android devices (Android SDK version 34.0.0)
    • Android SDK at /Users/ghassen/Library/Android/sdk
    • Platform android-34, build-tools 34.0.0
    • ANDROID_HOME = /Users/ghassen/Library/Android/sdk
    • Java binary at: /Applications/Android Studio.app/Contents/jbr/Contents/Home/bin/java
    • Java version OpenJDK Runtime Environment (build 17.0.7+0-17.0.7b1000.6-10550314)
    • All Android licenses accepted.

[✓] Xcode - develop for iOS and macOS (Xcode 15.4)
    • Xcode at /Applications/Xcode.app/Contents/Developer
    • Build 15F31d
    • CocoaPods version 1.15.2

[✓] Chrome - develop for the web
    • Chrome at /Applications/Google Chrome.app/Contents/MacOS/Google Chrome

[✓] Android Studio (version 2023.1)
    • Android Studio at /Applications/Android Studio.app/Contents
    • Flutter plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/9212-flutter
    • Dart plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/6351-dart
    • Java version OpenJDK Runtime Environment (build 17.0.7+0-17.0.7b1000.6-10550314)

[✓] VS Code (version 1.93.1)
    • VS Code at /Applications/Visual Studio Code.app/Contents
    • Flutter extension version 3.96.0

[✓] Connected device (4 available)
    • sdk gphone64 arm64 (mobile)     • emulator-5554             • android-arm64  • Android 13 (API 33)
      (emulator)
    • Ghassen Chaar (mobile)          • 00008101-0011505836C3003A • ios            • iOS 17.3 21D50
    • Mac Designed for iPad (desktop) • mac-designed-for-ipad     • darwin         • macOS 14.5 23F79
      darwin-arm64
    • Chrome (web)                    • chrome                    • web-javascript • Google Chrome 129.0.6668.60

[✓] Network resources
    • All expected network resources are available.

• No issues found!

[1abhishekpandey]

Hey @ghassenchaar96,

Thank you for raising this issue, as per our documentation:

If your application utilizes data for tracking users as outlined by Apple, it is important to seek the user’s consent first. Also, make sure to include the following domain in your app’s privacy manifest under the purpose NSPrivacyTrackingDomains: rudderstack.com/

You need to add this rudderstack.com/ domain to your privacy manifest file and set NSPrivacyTracking to true.

[ghassenchaar96]

Hi @1abhishekpandey ,

Thank you for the clarification.

However, the Pods folder is not included in my version control, so I can't rely on manual changes to the PrivacyInfo.xcprivacy file. When I build the app in the CI environment, running pod install regenerates the PrivacyInfo.xcprivacy file under ./ios/Pods/Rudder/Sources/Resources/PrivacyInfo.xcprivacy, which means any manually added keys like NSPrivacyTracking and NSPrivacyTrackingDomains would be overwritten.

Is there a recommended way to persist these changes across builds, perhaps via configuration or another approach that wouldn't be impacted by pod installs?

Thank you!

[1abhishekpandey]

We recommend adding this information to your app's PrivacyInfo.xcprivacy file instead of the SDK's. This way, the values will remain persistent even after pod installations.

Let me know if this resolves your issue.

[ghassenchaar96]

Thank you for the suggestion. I have added the necessary information to my app's PrivacyInfo.xcprivacy file and will check if the warning is resolved in the next release.

I'll post an update once the new version is pushed to the App Store.

Thanks again for your help!

[ghassenchaar96]

Hey @1abhishekpandey,

The issue has been resolved following your recommendation.

Thanks a lot.