AppAuth-iOS icon indicating copy to clipboard operation
AppAuth-iOS copied to clipboard

Published 20 hours ago verified publisher icon openid

Add Privacy Manifest

Open chrs1885 opened this issue 2 years ago • 5 comments

Is your feature request related to a problem you're having? Please describe. We recently became aware that, according to the new Apple privacy regulations, third-party SDKs will also be required to provide a Privacy Manifest to ensure compliance with privacy policies in the future.

Describe the solution you'd like Add a privacy manifest.

Describe alternatives you've considered

Additional context Privacy Manifest

chrs1885 avatar Dec 01 '23 10:12 chrs1885

Hello,

Do you have any idea which key should be defined regarding AppAuth?

AntonyARHS avatar Dec 21 '23 10:12 AntonyARHS

AppAuth is explicitly listed by Apple as needing a privacy manifest: https://developer.apple.com/support/third-party-SDK-requirements/

Can you please let us know when one will be provided?

mattgapadmi avatar Jan 10 '24 15:01 mattgapadmi

Apps that include your library will be rejected if this isn't provided. Would you be able to include it in your next release?

fraserscottmorrison avatar Jan 12 '24 02:01 fraserscottmorrison

I wanted to bring this topic to your attention once again. Since AppAuth is explicitly listed, this will pose a barrier for all iOS apps using the framework. Therefore, this topic is rather important. Are there any insights into whether and within what timeframe this will be implemented? It is also crucial for app developers to be able to make a feasible plan.

Thank you for your great work, and this is not intended to be a complaint. I am not pleased with the move Apple made here, leveraging all app developers to enforce changes in frameworks within a relatively short time.

tkhho avatar Jan 24 '24 00:01 tkhho

Hi all. Thank you for the issue and the comments. I appreciate your patience. :)

I have begun researching what is needed for the privacy manifest, and will follow up shortly (on the order of a few weeks) with a pull request. I will get a release out thereafter.

mdmathias avatar Jan 24 '24 17:01 mdmathias

When attempting to update the App Auth from the Pod, the "PrivacyInfo.xcprivacy" file is not included with the library. this file is required, do I need to be added manually. Regarding permissions based on Apple's documentation, the sample manifest does not specify the permissions needed according to Apple's guidelines.

To address this, it's essential to understand the details of the SDK usage. For example, if the app accesses file timestamps via an API (NSPrivacyAccessedAPIType), the permissions required should be specified accordingly in PrivacyInfo.xcprivacy can you help with this two.

Thank you in advance.

snehalvaishnav28 avatar Apr 04 '24 06:04 snehalvaishnav28

@snehalvaishnav28 The screenshots in https://github.com/openid/AppAuth-iOS/pull/822 show that the privacy manifest is bundled with an app built via Swift Package Manager and CocoaPods. Please use the latest release: https://github.com/openid/AppAuth-iOS/releases/tag/1.7.3.

The privacy manifest is empty because AppAuth does not do any tracking (or use any required reasons APIs) itself. Rather, it is the host app and its identity provider that may do the tracking. Host apps should declare their privacy impacting usage (including what their identity providers track) in their own privacy manifest files.

mdmathias avatar Apr 04 '24 16:04 mdmathias

Thank you @mdmathias

snehalvaishnav28 avatar Apr 05 '24 08:04 snehalvaishnav28