search

russell-archer / StoreHelper

Implementing In-App Purchases with StoreKit2 in Xcode 13 - 15 using SwiftUI, Swift 5.7 - 5.9, iOS 15 - 17 and macOS 12 - 14. Also supports tvOS and visionOS.
MIT License
410 stars 48 forks source link

Any support of Privacy Manifest? #69

Closed iharkatkavets closed 6 months ago

iharkatkavets commented 6 months ago

Privacy Updates for AppStore submission

Expected Behavior

Developers are responsible for all code included in their apps. At WWDC23, Apple introduced new privacy manifests and signatures for commonly used third-party SDKs and announced that developers will need to declare approved reasons for using a set of APIs in their app’s privacy manifest.

Current Behavior

The library doesn't provide Privacy Manifest file

Possible Solution

The library should provide Privacy Manifest if it collects information or access "Required Reasons API"

Additional Info

Screenshot 2024-03-08 at 09 26 02
russell-archer commented 6 months ago

I’ll try and sort that out today as a matter of urgency!

Interesting that it’s the first time I’ve encountered this. I very recently successfully submitted an update to an app that uses StoreHelper with no problem.

russell-archer commented 6 months ago

And just to confirm, StoreHelper doesn't collect any data whatsoever 😁

russell-archer commented 6 months ago

Done. I've added a privacy manifest (see StoreHelper/Sources/Resources) and made sure it's correctly bundled with the target (see the package manifest).

The privacy manifest correctly states that there's no tracking or data collection and that StoreHelper does use the UserDefaults API. All seems correct.

To test, if I archive an app using StoreHelper, then right-click on the archive in the organizer and select Generate Privacy Report I should get a report as a pdf:

priv-manifest

However, the report file is always empty (no content), no matter what's in the manifest. I'm not sure if this is an Xcode bug or something I'm doing wrong.

So, I'll leave this issue open for now. Let me know if what I've done gets you through app store review!

Volodymyr-13 commented 6 months ago

But it should be empty, since yep - StoreHelper is not using any of these and doesn't collect any data. Also, deadline for this is 1 May, so lib developers have a plenty of time from now to add this.

russell-archer commented 6 months ago

Actually that's what I thought too. However, after digging a bit deeper it turns out that I need to declare use of the UserDefaults API (StoreHelper persists a list of purchases as a fallback in case the App Store's not available).