cordova-ios
cordova-ios copied to clipboard
apache
Cordova was listed on the list of requirements for third-party SDKs announced by Apple today.
Feature Request
Cordova was listed on the list of requirements for third-party SDKs announced by Apple today. Is there any push on Cordova's part to include Privacy Manifests files or sign the SDK? https://developer.apple.com/support/third-party-SDK-requirements/
Motivation Behind Feature
If this is not addressed, Cordova apps will not be able to be submitted to the AppStore starting in the spring of 2024.
Feature Description
Privacy Manifests PR is found. Has anything been done about signing the SDK? Or does it need to be signed on the part of the app developer using Cordova?
Alternatives or Workarounds
Cordova itself is not distributed as a .framework or .xcframework file, so as far as I'm aware no SDK signing is necessary. When you create a Cordova app, the CordovaLib code is included as part of the app project.
As for privacy manifests, Cordova itself does not collect or store any user data and does not use any of the APIs that Apple has labelled as privacy impacting. However, plugins might use those APIs, so the challenge is figuring out how to manage plugins declaring their own privacy manifests.
Cordova itself is not distributed as a .framework or .xcframework file, so as far as I'm aware no SDK signing is necessary. When you create a Cordova app, the CordovaLib code is included as part of the app project.
I'm not sure if this is entirely true.
Cordova is distributed as source, but it is it's own independent project. We just don't pre-compile it. But the CordovaLib project has 2 targets, a static CordovaLib target, and a Cordova framework target. I'm not sure if the Cordova framework target is actually used because on the App project, it looks like it links against the CordovaLib static library. In my own project built by the Cordova CLI, there is no sign of cordova.framework present, i think the target just exists for whatever (probably legacy) reasons. Perhaps some people have their XCode projects modified to use the unsigned framework instead of the static library (or maybe there is a cordova flag that controls this too?). I'm not sure if there is any benefit of having a .framework target vs just the static library target, so maybe one can be removed?
If any project is actually using the Cordova.framework target, that target will need to be signed. But I'm not sure if it can be signed by the app developer of it needs to be signed by Apache for a globally consistent signature.
Now with signatures for SDKs, when you adopt a new version of a third-party SDK in your app, Xcode will validate that it was signed by the same developer, improving the integrity of your software supply chain.
Like I'm not 100% sure what this means or how they are really doing the validating.
As for the privacy manifest, most plugins don't have their own XCode project and instead their sources are directly added to the app project. So the app needs a xcprivacy file.
Good news is, we can probably have an intermediate JSON structure that is used to help de-dupe or generate the xcprivacy file and we can probably incorporate some plugin.xml directives that helps plugins control it.
A sample xcprivacy that I have for a geolocation project will look something like:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>NSPrivacyCollectedDataTypes</key>
<array>
<dict>
<key>NSPrivacyCollectedDataType</key>
<string>NSPrivacyCollectedDataTypePreciseLocation</string>
<key>NSPrivacyCollectedDataTypeLinked</key>
<false/>
<key>NSPrivacyCollectedDataTypeTracking</key>
<false/>
<key>NSPrivacyCollectedDataTypePurposes</key>
<array>
<string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
</array>
</dict>
<dict>
<key>NSPrivacyCollectedDataType</key>
<string>NSPrivacyCollectedDataTypeCoarseLocation</string>
<key>NSPrivacyCollectedDataTypeLinked</key>
<false/>
<key>NSPrivacyCollectedDataTypeTracking</key>
<false/>
<key>NSPrivacyCollectedDataTypePurposes</key>
<array>
<string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
</array>
</dict>
</array>
<key>NSPrivacyTracking</key>
<false/>
</dict>
</plist>
You don't put any actual human facing text in it. It's all constants that describe what privacy-sensitive features you're using, and constants that explain the reason or purpose for using. This was always required when distributing apps but it was done through the App Connect web portal, so this newer xcprivacy file allows more programmatic usage as well as putting the responsibility for SDK authors to provide their own privacy manifests (rather than the app developer trying to guess what a SDK may or may not do).
Also watching https://developer.apple.com/forums/thread/742835 to see if there is a Apple response, if we do need that .framework target it will be helpful to know if SDK signatures requires a globally consistent signature if the app developer can sign their copy. It's not really clear on how exactly will XCode validate third-party SDK updates and such.
I will also share an Issue that is being addressed by Flutter, which is facing the same problem. https://github.com/flutter/flutter/issues/131940
https://developer.apple.com/news/?id=3d8a9yyh They say the policy will be applied in May.
I've tried master branch and I can see the privacy manifest in the CordovaLib project, but I don't think it's in the CordovaLib.a library file that gets generated from the CordovaLib project. So are we sure the merged change will be enough when the Cordova's manifest doesn't seem to be part of the resulting user app? Or will we need to switch to using a Cordova.framework as breautek commented? (despite his comment was about signing, but might be needed for adding the privacy manifest too)
I believe the PrivacyInfo.xcprivacy manifest file in CordovaLib only used when CordovaLib is loaded into a project by CocoaPods. It is not used when a project is created by Cordova-CLI.
When the project is created by Cordova-CLI, the project's template PrivacyInfo.xcprivacy will be used.
@dpogue can confirm this.
Yeah, that's what I'm thinking, and since Apple tagged Cordova as a "framework" that needs to ship a privacy manifest, I don't think current changes cover the problem for most users as most users use Cordova from the CLI/npm, not from CocoaPods.
Not sure if users or us can try to argue with Apple and say that Cordova is being used as a Library and not as a Framework so they remove the requirement.
So are we sure the merged change will be enough when the Cordova's manifest doesn't seem to be part of the resulting user app?
Since the CordovaLib privacy manifest is essentially an empty set of declarations (since CordovaLib doesn't use any impacted APIs), I'm not sure that it actually matters as long as the app has a manifest that covers the same declarations.
Or will we need to switch to using a Cordova.framework as breautek commented?
I tried this locally, and Xcode complained that the framework wasn't signed. It's probably not too hard (in Xcode) to set it up to sign locally and do a test, but trying to set up the framework project to use the same codesigning settings as the app via the CLI is probably going to be a pain.
I also, for what it's worth, tried pulling in CordovaLib as a Swift package, and the results are also weird there. It does include a bundle resource with the Privacy Manifest, but Xcode doesn't seem to pick that up when assembling the combined manifest, and a few people on the Apple forums have noted the same issue.
Or will we need to switch to using a Cordova.framework as breautek commented?
I think the main strength of using Cordova.framework is that the privacy manifest file can be managed independently of the app's privacy manifest. But realistically I don't ever foresee us having to add a privacy entry for the framework code, so the privacy manifest will effectively just be an empty file. I don't think the core framework will ever use any privacy-sensitive API so I don't really see much value of switching to a .framework.
The con of using the static library approach, if we do have to add a privacy-sensitive API usage in the core framework, then we will need to make sure we can merge the entry into the app's privacy manifest, but I don't think we will ever need to do this, so it's not really a significant con.
My concern is that Apple has flagged the Cordova "framework" as one of the frameworks that has to provide a manifest, not users using the Cordova "framework", but the Cordova "framework" itself. So, even if it's a blank manifest, the Cordova "framework" should provide it. I've seen other frameworks on that list to provide an empty manifest, but provide it anyway.
Maybe we can tell the person from Apple who offered to help us if we had problems with the manifest, that CordovaLib is not distributed as a framework and that it doesn't use any privacy-sensitive API and ask them to remove Cordova from the list of frameworks that are required to ship a manifest. But I doubt they will do that.
I believe Cordova was flagged because if anybody is using the framework version of Cordova, (which the Cordova project does have, just isn't used by the CLI afaik) then it needs to provide a manifest, even if it's just an empty one, as you stated as others have done.
So in otherwords if we keep the CordovaLib framework target it should bundle a privacy manifest. That manifest can be an empty manifest since that manifest will be specific to the code within the framework bundle and we don't use any sensitive APIs.
Only swift packages, framework bundles or XCframeworks can have a privacy manifest file according to Apple's Docs, so by extension I don't think our static target needs a manifest file. If I'm wrong... then that might mean Apple is going to start restricting distribution to one of those above methods.
I've browsed the Apple dev forums for any kind of answer with static libraries, and some people are adding relevant manifest entries as part of the app manifest, others are wrapping the static library into a framework... And no one really seems to know what is the proper approach is.
A newly upload app to test flight is getting flagged with this issue -- is there a resolution?
A newly upload app to test flight is getting flagged with this issue -- is there a resolution?
PR https://github.com/apache/cordova-ios/pull/1406 was landed to allow app developers to declare the privacy manifest entries. It doesn't provide a means for plugin authors to declare what their plugin uses. That will likely come at some later date and it's actively being discussed in our dev mailing lists. #1406 should be a stopgap however.
The PR is not in any stable release at the time of writing. You can try it out by installing nightly, feedback would be appreciated. But I'd recommend keeping an eye on our blog or subscribe to the RSS feed for the stable release announcement.
I just wanted to clarify how we actually make our apps compliant with this new requirement if possible please.
So we don't use any of these apis in our project but they are used in various cordova plugins we have installed.
Do we need to declare how the plugins are using these apis in our apps privacy manifest? Or is it just the third party sdks that need to add their own manifests and we can just use an empty one?
If we do need to update ours how is this done? I noticed PR #1383 which adds the empty file but how do we actually amend this so that it's picked up each build?
I just wanted to clarify how we actually make our apps compliant with this new requirement if possible please.
So we don't use any of these apis in our project but they are used in various cordova plugins we have installed.
Do we need to declare how the plugins are using these apis in our apps privacy manifest? Or is it just the third party sdks that need to add their own manifests and we can just use an empty one?
If we do need to update ours how is this done? I noticed PR #1383 which adds the empty file but how do we actually amend this so that it's picked up each build?
Sorry I linked the wrong PR, the correct PR is https://github.com/apache/cordova-ios/pull/1406
#1383 is to add the default empty file for the project, and an empty file for core cordova framework project. #1406 introduces a config.xml API to add entries to the app's privacy manifest. I've updated my original post to link the correct PR.
I don't think the keys are documented anywheres at this time, but if you create a xcode app project and add a Privacy Manifest item to it, you should be able to discover all the valid key entries. Not on a mac right now, but if needed I can provide more detailed steps / screenshots.
Note that it's Apple's intention for framework/library authors to provide their own manifest entry so that they can declare if they use any privacy sensitive APIs. Cordova Plugins aren't frameworks, they are just loose source code that gets added to the app project, which kind of puts the responsibility on the app developer to add those entries, if those plugins uses any sensitive APIs, from Apple's perspective. At this point of time, there isn't a way for plugin authors to declare their own privacy entries, so if you wanted to be compliant today, you may have to do some code analysis of all your used plugins. This is something we obviously want to improve on.
Thank you that helps clear up how we actually declare our manifest file.
So essentially review all the plugins to identify which of them use these apis and why, then declare all of this in the new privacy manifest node of the config.xml file?
So essentially review all the plugins to identify which of them use these apis and why, then declare all of this in the new privacy manifest node of the config.xml file?
In my understanding, yes I think you got it.
Is this new PR going to get rolled into a release or do I need to apply this myself -- apologies if this is a dumb question.
Is this new PR going to get rolled into a release or do I need to apply this myself -- apologies if this is a dumb question.
No such thing as a dumb question. The 2 mentioned PRs is merged so it will be included in the next release, but I can't reliably say when that will be done due to the volunteer nature of Apache Cordova. Currently this can be tested by using @nightly, or installing from directly from git using the https git clone url.
First of all.. thanks to all for your hard work.
Just today I published my app update and I have had the same notice from Apple about:
NSPrivacyAccessedAPITypes -> NSPrivacyAccessedAPICategoryUserDefaults
NSPrivacyAccessedAPITypes -> NSPrivacyAccessedAPICategoryFileTimestamp
NSPrivacyAccessedAPITypes -> NSPrivacyAccessedAPICategoryDiskSpace
Reading many posts #1391 #1383 #1406 I think to have understand that the trouble is around to the installed plugin and it will be fixed with next release (7.1.0).
There will be in config.xml a setting like this:
<platform name="ios">
<privacy-manifest>
<key>NSPrivacyTracking</key>
<false/>
<key>NSPrivacyTrackingDomains</key>
<array/>
<key>NSPrivacyCollectedDataTypes</key>
<array/>
<key>NSPrivacyAccessedAPITypes</key>
<array>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>C617.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryUserDefaults</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>CA92.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryDiskSpace</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>E174.1</string>
</array>
</dict>
</array>
</privacy-manifest>
</platform>
Than, after cordova build there will be an PrivacyInfo.xcprivacy
Is it all correct?... or I'll have to do something else?
References: https://stackoverflow.com/questions/78163859/itms-91053-missing-api-declaration-privacy https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api
I tested @FranGhe's example with config.xml with the nightly build and it was accepted by App Store Connect without warnings, thank you all! Will wait for the 7.1.0 release
So once I have a list of the required declarations from the App Store report (NSPrivacyAccessedAPICategoryFileTimestamp, NSPrivacyAccessedAPICategoryUserDefaults, etc.), I would just have to update the cordova-ios to the 7.1.0 version (or currently the nightly build) and then declare these in config.xml as @FranGhe and @Scooby27 suggested?
I'll wait for the stable version... I don't have any updates to make on my app at the moment. In any case you must give your right permissions to:
- NSPrivacyAccessedAPICategoryFileTimestamp
- NSPrivacyAccessedAPICategoryUserDefaults
- etc...
following here so as not to have problems with Apple, because I don't know what your App does.
That ones that I wrore (C617.1 | CA92.1 | E174.1) it's just for example
That's great news -- is there a blog post or updated documentation to show us what to do exactly?
https://cordova.apache.org/announcements/2024/04/03/cordova-ios-7.1.0.html
Are there any plans to release a 6.x version with support for node v10 and including the privacy Manifest? I'm currently using cordova-ios 6.3 version and have some limitations upgrading to v7.
Are there any plans to release a 6.x version with support for node v10 and including the privacy Manifest? I'm currently using cordova-ios 6.3 version and have some limitations upgrading to v7.
No. Node v10 also has been out of LTS for a significant amount of time now.
You can try forking cordova-ios and cherry-picking https://github.com/apache/cordova-ios/pull/1383 and https://github.com/apache/cordova-ios/pull/1406 but I'm not sure if they are any dependencies on other changes so mileage may vary.
I have updated my cordova-ios to 7.1.0 and also added the manifest code in config.xml with all the required reasons. Though when i run the command ionic cordova prepare ios and then open the xcworkspace file in xCode and under the CordovaLib folder check the privacy manifest file it does not have the updates that I made using config file, it is still the template file that cordova is providing by default. How can i fix that?
Here's my manifest code from config file:
<privacy-manifest>
<key>NSPrivacyTracking</key>
<false/>
<key>NSPrivacyTrackingDomains</key>
<array/>
<key>NSPrivacyCollectedDataTypes</key>
<array/>
<key>NSPrivacyAccessedAPITypes</key>
<array>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>0A2A.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryDiskSpace</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>E174.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryUserDefaults</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>C56D.1</string>
</array>
</dict>
</array>
</privacy-manifest>
