facebook-ios-sdk icon indicating copy to clipboard operation
facebook-ios-sdk copied to clipboard

Published 20 hours ago verified publisher icon facebook

Privacy manifests only included in release 17.0.0 with breaking changes

Open elitree opened this issue 10 months ago • 14 comments

Checklist before submitting a bug report

Xcode version

15.2

Facebook iOS SDK version

17.0.0

Dependency Manager

CocoaPods

SDK Framework

Core

Goals

I want to use the Facebook iOS SDK to include the required privacy manifest changes without breaking my app (due to the new requirements for limited login added in 17.0.0. Currently developers can only get the privacy manifests by updating to 17.0.0.

Please release a 16.x minor update of the SDK which includes the privacy manifests for the imminent Apple App Store restriction, so that devs have time to update their app code and more successfully test v17.

Expected results

I would expect that the privacy manifest changes would be made available in a minor release, without breaking changes associated.

Actual results

Currently developers can only get the privacy manifests by updating to 17.0.0, and implementing the required breaking changes if they haven't been made.

Steps to reproduce

Using an app which hasn't implemented Limited Login:

  1. Download v17.0.0 of the Facebook iOS SDK
  2. Note that it includes privacy manifest information
  3. Compile and build the app
  4. Attempt a login
  5. Note that the "Invalid OAuth access token - Cannot parse access token" error is received

Code samples & details

Other issues where this is being encountered include:

https://github.com/facebook/facebook-ios-sdk/issues/2365
https://github.com/facebook/facebook-ios-sdk/issues/2375

This isn't a duplicate of those issues, but rather pointing out that this required privacy manifest change should be made available in a non-major release.

elitree avatar Apr 10 '24 14:04 elitree

Thanks for reporting this @elitree.

For more context, the Apple requirement for privacy manifests goes in to effect on May 1st, so the window for this is rapidly closing.

short-dsb avatar Apr 17 '24 14:04 short-dsb

This isn't a duplicate of those issues; instead, it's pointing out that this required privacy manifest change should be made available in a non-major release.

harshil-vyas08 avatar Apr 18 '24 10:04 harshil-vyas08

+1

stivmac avatar Apr 18 '24 14:04 stivmac

+1 17.0.0 is instability

lurenzhangdeshuai avatar Apr 19 '24 01:04 lurenzhangdeshuai

+1 The moment is gradually approaching

yosukapro avatar Apr 22 '24 02:04 yosukapro

+1 but coming here from the Facebook SDK for Unity. Building for iOS for us has these same issues and we are also in need of any solution found here.

jonathanNitiparsong avatar Apr 22 '24 20:04 jonathanNitiparsong

+1 Yes please. This is too big of a change just to cope with the Privacy Manifest.

Louisload avatar Apr 23 '24 12:04 Louisload

+1

AleksandrZhmurkovMD avatar Apr 23 '24 14:04 AleksandrZhmurkovMD

Please consider this possibility!

fabiomsouto avatar Apr 23 '24 14:04 fabiomsouto

+1 Any update on this? Is there a chance for Privacy Manifest to be added in v16.x.x without breaking changes?

lkuczborski avatar Apr 25 '24 09:04 lkuczborski

The privacy manifest deadline is approaching fast, please make an intermediate release with only those added since 16.3.1 release.

As the many threads here show, the 17.0.0 was completely botched and there simply are no clear solutions to resolve the login issues many of us are having.

pahnev avatar Apr 25 '24 10:04 pahnev

The least they could do would be to get feedback from the team that manages the SDK. Even if it's a definite "no". Facebook probably needs to collect data through the SDK as much as we need it for our users' uses. Many developers are already removing the SDK now. Wake up!

floriangbh avatar Apr 25 '24 12:04 floriangbh

Hello,

We made changes both to the iOS SDK and our core login systems to support the privacy manifest requirements based on the upcoming App Transparency Tracking enforcement so that iOS users who have opted out of ATT are able to use FBLogin. As a result, we do not plan to release the privacy manifest as part of a minor update. Our recommendation is that users integrate Limited Login following the official documentation: https://developers.facebook.com/docs/facebook-login/limited-login/ios https://developers.facebook.com/docs/facebook-login/limited-login/unity/

See more details here.

zhong-meta avatar Apr 26 '24 19:04 zhong-meta

This issue and the fact that it has not been resolved in the past 6 months (as well as the fact that Limited Login was released in March and then mandatory two months later, with a massive reduction in capabilities vs both web and Android) raises a LOT of red flags for the Facebook SDK and makes me think I ought to remove Facebook login entirely, on all platforms. Like, hear me out:

  1. What possible reason could the Login SDK have for apparently using device fingerprinting so heavily that complying with these restrictions entailed building out an entirely separate, fully incompatible login implementation? Should we be concerned that Android is still using the old system which has (presumably, given Apple won't let you publish an app with it) an enormous privacy violation?
  2. How was two months notice acceptable? Why was this not mentioned in the CHANGELOG? Why is this still not mentioned in the README while a small change to Apple's privacy disclosures from 4 years ago is?

NuckChorris avatar Sep 13 '24 07:09 NuckChorris