capacitor icon indicating copy to clipboard operation
capacitor copied to clipboard

Published 20 hours ago verified publisher icon ionic-team

feat: Add required Privacy Manifest file for iOS

Open davidkroeg opened this issue 1 year ago • 3 comments

Feature Request

Description

Starting with Spring 2024 Apple requires third-party SDKs to add a Privacy Manifest file (similar to the privacy nutrition labels in the store). Apple specifically lists Capacitor as one of the SDKs that must include this manifest otherwise any App that includes it is not allowed to release an update (or new app) to the store.

https://developer.apple.com/support/third-party-SDK-requirements/

Platform(s)

iOS

Preferred Solution

Alternatives

None

Additional Context

  • https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_data_use_in_privacy_manifests
  • https://developer.apple.com/videos/play/wwdc2023/10060/

davidkroeg avatar Jan 05 '24 13:01 davidkroeg

Is someone tracking this?

Also, Apple requires that SDKs need to be signed by the developer.

Thanks

JLLA113 avatar Feb 01 '24 22:02 JLLA113

We are indeed planning to add a privacy manifest to supported frameworks, signing will only be needed for binary frameworks we ship. Source frameworks will just need the manifest.

markemer avatar Feb 05 '24 14:02 markemer

@markemer Hello, which frameworks specifically do you plan to add the privacy manifest to?

edshkliaruk avatar Feb 16 '24 09:02 edshkliaruk

The deadlines for this have been published: https://developer.apple.com/news/?id=3d8a9yyh

This issue has been opened two months ago, can somebody please take a look?

ph1ps avatar Mar 06 '24 13:03 ph1ps

If you have not already, please upvote (👍) the first post in the issue. The team uses that for ranking issues.

They also already know this is important, of course, but upvoting issues you care about always helps. Thx!!

kensodemann avatar Mar 06 '24 14:03 kensodemann

@markemer @jcesarmobile Thanks for working on this, do we have any dates when this will be rolled out?

usmanniqbal avatar Mar 11 '24 21:03 usmanniqbal

I'll second Usman's comment about wondering when this will be rolled out. I'm not sure why his comment was marked as abuse, but knowing when this will be released (and whether it will be available for 5.x or is being held for 6.x is going to be extremely important for many teams.

Apple's announcement says that they'll begin notifying apps tomorrow (March 13th) that they need to update, and enforcing it in 1.5 months (April 1). If Ionic's plan is to include this in the 6.0.0 (supposed to be released as Stable in February) but not in the 5.x branch, that has a significant impact on teams building Capacitor apps, since we don't know when 6.0.0 will be released or what the migration strategy will be.

Can you please share some information on whether this will be in 5.x or just in 6.0.0, and if the plan is to only include it in 6.0.0 can you please share when that will be available?

SpenserJ avatar Mar 12 '24 14:03 SpenserJ

Should we wait for the capacitor hotfix, or is it prefered to do this manually by developers?

sasos90 avatar Mar 19 '24 18:03 sasos90

there were Capacitor 4.x, 5.x and 6.x releases last week including this change

jcesarmobile avatar Mar 20 '24 14:03 jcesarmobile

For 5.x is it 5.7.4 perhaps? I am getting some DiskSpace type warning from appstore, and I don't think this is included is it?

sasos90 avatar Mar 21 '24 14:03 sasos90

I am getting also new warnings from AppStore: image

The types are:

  • FileTimestamp
  • SystemBootTime
  • UserDefaults
  • DiskSpace

These are features we don't and the only community library we use (barcode-scanner) doesn't seem to use any of this APIs

ezequielfalcon avatar Apr 03 '24 19:04 ezequielfalcon

So I tried ios platform version 5.7.4 and it didn't fix the issue. Do we have to put this in manually?

sasos90 avatar Apr 09 '24 10:04 sasos90

First I want to say: thanks for your work and time! I noticed, checking out the committed changes, that there are some crucial bits missing. It includes NSPrivacyAccessedAPITypes, but the specific NSPrivacyAccessedAPIType and NSPrivacyAccessedAPITypeReasons are not declared. For example, The type is NSPrivacyAccessedAPICategoryUserDefaults and the reason could be User Defaults - CA92.1: Access info from same app, per documentation. Here is a link to the description where Apple states that "apps that don’t describe their use of required reason API in their privacy manifest file aren’t accepted by App Store Connect." https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api#4278393.

carolinasofiab avatar Apr 11 '24 15:04 carolinasofiab

I am getting also new warnings from AppStore: image

The types are:

  • FileTimestamp
  • SystemBootTime
  • UserDefaults
  • DiskSpace

These are features we don't and the only community library we use (barcode-scanner) doesn't seem to use any of this APIs

These are probably because you're using some combination of the @capcaitor/device, @capacitor/preferences and @capacitor/filesystem plugins. They have methods that use these privacy APIs. We'll be figuring out how to best address plugins like this for a future Capacitor update to hopefully avoid , but for now, you'll need to add the reason codes to your privacy manifest if you're using these plugins. We've got a PR to land soon that will add codes to our docs with "default suggestions" that you can use.

We also just landed a new docs page around creating this privacy manifest file using either the VS Code extension or manually that may be helpful.

dallastjames avatar Apr 11 '24 16:04 dallastjames

First I want to say: thanks for your work and time! I noticed, checking out the committed changes, that there are some crucial bits missing. It includes NSPrivacyAccessedAPITypes, but the specific NSPrivacyAccessedAPIType and NSPrivacyAccessedAPITypeReasons are not declared. For example, The type is NSPrivacyAccessedAPICategoryUserDefaults and the reason could be User Defaults - CA92.1: Access info from same app, per documentation. Here is a link to the description where Apple states that "apps that don’t describe their use of required reason API in their privacy manifest file aren’t accepted by App Store Connect." https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api#4278393.

Capacitor 6 (what's currently on main) removed the use of UserPreferences, so it by itself shouldn't need to declare any restricted APIs, only plugins added may require this. The default manifest for Capacitor 4 and 5 though should have UserPreferences with the appropriate code declared.

dallastjames avatar Apr 11 '24 16:04 dallastjames

I am getting also new warnings from AppStore: image

The types are:

  • FileTimestamp
  • SystemBootTime
  • UserDefaults
  • DiskSpace

These are features we don't and the only community library we use (barcode-scanner) doesn't seem to use any of this APIs

You can try using this script to analyze the usage of APIs: App Store Privacy Manifest Analyzer.

crasowas avatar Apr 22 '24 09:04 crasowas

Anybody else having a problem getting rejected after defining their PrivacyInfo.xcprivacy file and submitting?

I was emailed noting that NSPrivacyAccessedAPICategoryDiskSpace and NSPrivacyAccessedAPICategoryUserDefaults needed reasons, so I followed the steps in the capacitor docs. Resubmitted, but got an email with the same errors.

bryantbrock avatar Apr 26 '24 20:04 bryantbrock

Thanks for the issue! This issue is being locked to prevent comments that are not relevant to the original issue. If this is still an issue with the latest version of Capacitor, please create a new issue and ensure the template is fully filled out.

ionitron-bot[bot] avatar May 26 '24 20:05 ionitron-bot[bot]