tjarvstrand
commented
7 months ago Thank you for bringing this to my attention. I will look into it!
Closed StatusCode200 closed 3 months ago
tjarvstrand
commented
7 months ago Thank you for bringing this to my attention. I will look into it!
jsch-adt
commented
6 months ago Any chance this will be added by May 1?
tjarvstrand
commented
6 months ago I'm currently absolutely swamped and I'm not sure if I'll have time to look into this before then.
tjarvstrand
commented
6 months ago @StatusCode200 Are you certain that it's necessary for libraries/SDKs to include an empty privacy file and that it doesn't just apply to apps?
The documentation states:
You need to include a privacy manifest file in your third-party SDK if it’s listed in “SDKs that require a privacy manifest and signature,” in Upcoming third-party SDK requirements. Otherwise, include a privacy manifest file in your third-party SDK if it uses required reasons API, collects data about the person using apps that include the third-party SDK, enables the app to collect data about people using the app, or contacts tracking domains. Providing a privacy manifest file helps app developers to understand the API use and data-collection practices of your third-party SDK.
As far as I understand, this should mean that flutter_timezone should not need to include a privacy manifest
StatusCode200
commented
6 months ago @tjarvstrand Sorry for the late reply.
I share this information from Apple. https://developer.apple.com/news/?id=3d8a9yyh
A discussion was held and we will share this as well. https://github.com/flutter/flutter/issues/131940
If you want to add a simple addition, the following can help https://github.com/mogol/flutter_secure_storage/pull/696
I believe that third-party plugins that include iOS code should be supported as they tend to be supported across the board. I would appreciate it if you could please ...
Sorry, translated English.
martin-headspace
commented
6 months ago Based on my reading of Apple's announcement, it sounds to me like adding third-party privacy manifests is only mandatory for a very specific number of third-party libraries. (see https://developer.apple.com/support/third-party-SDK-requirements/)
I am, however, exercising the same caution the Flutter team did. Since this list is non-exhaustive, it feels like in the future these requirements could be extended to other libraries. (see https://github.com/flutter/flutter/issues/131940)
In that case, I believe it's fair to include an empty privacy manifest for now and modify it in the future if Apple changes their requirements for them.
I've opened a PR tackling just that
tjarvstrand
commented
3 months ago Hi @martin-headspace
You closed the PR mentioned above so I'll close this for now as well. I haven't been able to find anything in Apple's documentation indicating that this plugin should include a privacy file. I also haven't heard any indications that users are encountering any such issues with flutter_timezone.
Feel free to reopen if you think this is important.
Apple recently announced that starting in Spring 2024, apps will be required to include more privacy-related reasoning for "third-party SDKs." This includes providing details in privacy manifests about data use by these SDKs. You can read more about this requirement on the Apple Developer website: Describing Data Use in Privacy Manifests
Many popular Flutter plugins, such as shared_preferences, have already implemented these manifests. You can see an example of such a manifest in the shared_preferences plugin here: PrivacyInfo.xcprivacy
Given these upcoming requirements, it's important to note that even libraries that do not collect privacy-policy-relevant information may need to include an empty PrivacyInfo.xcprivacy file to avoid potential rejection.
Thank you for your attention to this matter.