Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Apple privacy manifest #1064

Open
jtdLab opened this issue May 6, 2024 · 7 comments
Open

Add Apple privacy manifest #1064

jtdLab opened this issue May 6, 2024 · 7 comments
Assignees
@aboedo
Labels
bug Something isn't working

Comments

@jtdLab
Copy link

jtdLab commented May 6, 2024
edited

Use case
It's seems that the underlying iOS-SDKS of purchases_flutter require a privacy manifest.
See flutter/flutter#131940 for context.

Apple announcement here: developer.apple.com/support/third-party-SDK-requirements

May 1st deadline announcement here: developer.apple.com/news/?id=3d8a9yyh

This analyzer reported that PurchasesHybridCommon and RevenueCat needs to add a privacy policy for these APIs:

Analyzing PurchasesHybridCommon ...
Mach-O Type: mh_dylib
⚠️  Missing privacy manifest file!
API usage analysis result(s): 1
[0] NSPrivacyAccessedAPICategoryUserDefaults:UserDefaults:./Pods/PurchasesHybridCommon/ios/PurchasesHybridCommon/PurchasesHybridCommon/Purchases+HybridAdditions.swift
🛠️  Descriptions for the following required API reason(s) may be missing: 1
[0] NSPrivacyAccessedAPICategoryUserDefaults

Analyzing RevenueCat ...
Mach-O Type: mh_dylib
💡 Found privacy manifest file(s): 1
[0] ./Pods/RevenueCat/Sources/PrivacyInfo.xcprivacy
API usage analysis result(s): 12
[0] NSPrivacyAccessedAPICategoryUserDefaults:UserDefaults:./Pods/RevenueCat/Sources/Caching/DeviceCache.swift
[1] NSPrivacyAccessedAPICategoryUserDefaults:UserDefaults:./Pods/RevenueCat/Sources/FoundationExtensions/UserDefaults+Extensions.swift
[2] NSPrivacyAccessedAPICategoryFileTimestamp:creationDate:./Pods/RevenueCat/Sources/LocalReceiptParsing/BasicTypes/AppleReceipt.swift
[3] NSPrivacyAccessedAPICategoryFileTimestamp:creationDate:./Pods/RevenueCat/Sources/LocalReceiptParsing/Builders/AppleReceiptBuilder.swift
[4] NSPrivacyAccessedAPICategoryUserDefaults:UserDefaults:./Pods/RevenueCat/Sources/Logging/Strings/AttributionStrings.swift
[5] NSPrivacyAccessedAPICategoryUserDefaults:UserDefaults:./Pods/RevenueCat/Sources/Logging/Strings/ConfigureStrings.swift
[6] NSPrivacyAccessedAPICategoryUserDefaults:UserDefaults:./Pods/RevenueCat/Sources/Logging/Strings/IdentityStrings.swift
[7] NSPrivacyAccessedAPICategoryUserDefaults:UserDefaults:./Pods/RevenueCat/Sources/Misc/Concurrency/SynchronizedUserDefaults.swift
[8] NSPrivacyAccessedAPICategoryUserDefaults:UserDefaults:./Pods/RevenueCat/Sources/Misc/Deprecations.swift
[9] NSPrivacyAccessedAPICategoryUserDefaults:UserDefaults:./Pods/RevenueCat/Sources/Networking/HTTPClient/ETagManager.swift
[10] NSPrivacyAccessedAPICategoryUserDefaults:UserDefaults:./Pods/RevenueCat/Sources/Purchasing/Configuration.swift
[11] NSPrivacyAccessedAPICategoryUserDefaults:UserDefaults:./Pods/RevenueCat/Sources/Purchasing/Purchases/Purchases.swift
🛠️  Descriptions for the following required API reason(s) may be missing: 1
[0] NSPrivacyAccessedAPICategoryFileTimestamp
@jtdLab jtdLab added the bug Something isn't working label May 6, 2024
@RCGitBot
Copy link
Contributor

RCGitBot commented May 6, 2024

👀 We've just linked this issue to our internal tracker and notified the team. Thank you for reporting, we're checking this out!

@aboedo
Copy link
Member

aboedo commented May 6, 2024

Hi! Thanks for opening!
🤔 Which version of the SDK are you using?

We did introduce the privacy manifest for cocoapods in our iOS 4.40.0 release, and that's what is in use for our flutter SDK starting with 6.26.0

If you're on an SDK previous to 6.26.0, updating should do the trick. If you're already on 6.26.0 or higher, let me know and we can try to figure out what's going on

@aboedo aboedo self-assigned this May 6, 2024
@jtdLab
Copy link
Author

jtdLab commented May 6, 2024
edited

I am on 6.29.0 .

Podfile.lock

  - purchases_flutter (6.29.0):
    - Flutter
    - PurchasesHybridCommon (= 10.6.1)
  - PurchasesHybridCommon (10.6.1):
    - RevenueCat (= 4.41.2)
  - RevenueCat (4.41.2)

@jtdLab
Copy link
Author

jtdLab commented May 6, 2024

I can not find a privacy manifest in https://github.com/RevenueCat/purchases-hybrid-common.

@jtdLab
Copy link
Author

jtdLab commented May 6, 2024

In https://github.com/RevenueCat/purchases-ios/blob/main/Sources/PrivacyInfo.xcprivacy NSPrivacyAccessedAPICategoryFileTimestamp is missing.

This was referenced May 7, 2024
Closed
Merged
@aboedo
Copy link
Member

aboedo commented May 7, 2024

@jtdLab thanks for reporting! We are indeed missing one for purchases-hybrid-common, we mistakenly thought that since that framework doesn't access any APIs directly (only through purchases-ios, which does have a privacy manifest), it'd be enough. We'll get it added.
As for NSPrivacyAccessedAPICategoryFileTimestamp, we don't access any APIs that are related, we believe this to be a false positive from the detection script because we do have our own logic that uses a method called creationDate, but it's unrelated to those APIs.

vegaro added a commit to RevenueCat/purchases-hybrid-common that referenced this issue May 8, 2024
@vegaro
Add PrivacyInfo.xcprivacy (#814)
93bece1 
As reported in
RevenueCat/purchases-flutter#1064 we were
missing a PrivacyInfo.xcprivacy

Added CA92.1 as reason which reads:

> Declare this reason to access user defaults to read and write
information that is only accessible to the app itself.
>
> This reason does not permit reading information that was written by
other apps or the system, or writing information that can be accessed by
other apps.


https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api#4278393
@jtdLab
Copy link
Author

jtdLab commented May 10, 2024

When will this be on pub.dev?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aboedo aboedo

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aboedo @jtdLab @RCGitBot