maplibre-native icon indicating copy to clipboard operation
maplibre-native copied to clipboard

Published 20 hours ago verified publisher icon maplibre

About Apple privacy manifests

Open 150vb opened this issue 1 year ago • 6 comments

I recently learned about the new privacy management feature, Privacy Manifest, that Apple announced at this year's WWDC. I understand that relevant support will be subject to review from April 2024.

I'm particularly interested in when Maplibre will be implementing support for this new feature. Could anyone provide some insight or direct me to resources where I could find more information? Your help would be greatly appreciated. Thank you.

150vb avatar Nov 15 '23 01:11 150vb

This is the first time this is brought up, thanks for that.

MapLibre Native is vendor-agnostic. You specify where it needs to pull data (tiles, fonts, etc.) from. So you need to include a privacy manifest that specifies the specific domains that you are using for this.

MapLibre Native itself does not do any tracking

https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_data_use_in_privacy_manifests?language=objc

This anti-fingerprinting measure seems relevant for us (we use NSUserDefaults).

https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api?language=objc

WWDC Video: https://developer.apple.com/videos/play/wwdc2023/10060/

louwers avatar Nov 15 '23 18:11 louwers

We should add a PLIST file called PrivacyInfo.xcprivacy to the XCFramework that we distribute.

louwers avatar Nov 15 '23 18:11 louwers

Adding dependency signatures would be a beneficial enhancement .

https://developer.apple.com/videos/play/wwdc2023/10061/?time=731

By the way, could I know the version in which the privacy file is planned to be added?

150vb avatar Dec 07 '23 03:12 150vb

No ETA at this point. MapLibre is not listed in the first batch of third-party SDKs that require a privacy manifest. https://developer.apple.com/support/third-party-SDK-requirements/

louwers avatar Dec 12 '23 21:12 louwers

  • Should stop using .systemUptime in MLNMapView.mm or declare NSPrivacyAccessedAPICategorySystemBootTime.
  • Should declare NSPrivacyAccessedAPICategoryUserDefaults.
  • Perhaps also NSPrivacyAccessedAPICategoryFileTimestamp?

halset avatar Mar 21 '24 10:03 halset

Hey, we use your SDK in an App on the Apple Store and we just got the warning on our latest release.

TMS-91053: Missing API declaration - Your app’s code in the “APPNAME” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

Same Warning for NSPrivacyAccessedAPICategoryDiskSpace, NSPrivacyAccessedAPICategorySystemBootTime.

KevPantelakis avatar Mar 26 '24 20:03 KevPantelakis