Privacy Manifest File for Airship SDK 16.x Versions?

[RGG-jayoung]

❗For how-to inquiries involving Airship functionality or use cases, please contact (support)[https://support.airship.com/].

Preliminary Info

What Airship dependencies are you using?

16.12.6

What are the versions of any relevant development tools you are using?

Xcode 15.3

Report

What unexpected behavior are you seeing?

There is no Privacy Manifest for 16.x of the SDKs (but there is for v17 and v18).

What is the expected behavior?

Per Apple's May 1st deadline, Airship 16.x versions would include a privacy manifest file.

What are the steps to reproduce the unexpected behavior?

Build with 16.x as a dependency.

Do you have logging for the issue?

We ran into issues where Apple blocked our submission with other dependencies per the March 13 deadline. We're trying to make sure that doesn't happen for the May 1st deadline.

[crow]

Thanks for the report, we'll see what we can do

[SwiftNativeDeveloper]

@RGG-jayoung Have you considered forking the library, adding the privacy manifest for version 16.x in your fork/branch, and then when you upgrade to 17 you switch back to the repo? Before I upgraded my team to latest, this was going to be my approach.

[RGG-jayoung]

Forking the library was a consideration, but give that v16 is still a maintained version for older platforms, my expectation would be that Airship is providing an SDK that meets these requirements.

The maintenance overhead of splitting that out is non-trivial. I'm also not an expert on the internals, so forking v16, adding a privacy manifest from v18 might not account for discrepancies in functionality. I don't own it, so I feel uncomfortable making privacy disclosure about it.

[rlepinski]

We are going to do a release on 16.x with the manifest. My understanding though is the SDK manifest just helps you fill yours out, which we document on how to fill it out here - https://docs.airship.com/platform/mobile/data-collection/ios-privacy-manifest/

Nothing really has changed from 16 -> 18 in terms of the privacy manifest.

[SwiftNativeDeveloper]

@rlepinski it is required per app and per extension at a minimum. So App Clip, Widget, App, Siri intents, App intents, etc.

I will look through my ITMS warnings I got in the last several weeks to see if it decoded anything from frameworks and bundles (swift packages). I know that the app privacy report generator tool in Xcode does show what is your app vs what is libraries your app references and it spells it out in the generated PDF file.

Do you guys upload any of your example apps with like Xcode Cloud for CI/CD and integration purposes? Might be handy to do. 😄

[rlepinski]

We have an app in the app store that we use for onboarding as well as to see what kind of issues customers might run into. We don't currently do anything with Xcode cloud but will look into it.

The privacy report definitely breaks it out per SDK, but its not clear to me still if its required by the SDK or if an app can define entries in its manifest for SDKs it uses. There is also a list of required SDKs that need this that we are currently not on, not sure if the behavior changes if we were to be on that.

Either way we should be able to get a release out for the privacy manifest today/tomorrow for SDK 16.x. Currently we only define it in the core module, I assume that is sufficient but if something changes where that wont be we can do a release to include the same manifest in all the modules.

[rlepinski]

Released in 16.12.7

[RGG-jayoung]

@rlepinski thank you for making the 16.x update.

I was curious as well about the interaction about multiple targets in the SPM. I did some before and after submissions with the different Airship SDK versions and did get a "PrivacyManifest.xcprivacy" missing error even when the App had a manifest that technically covered the underlying SDK APIs. Still a lot to learn on how Apple actually generates the report.

Thanks again for the support.