Privacy Manifest - Required Reasons API

Question

Privacy Manifest - Required Reasons API

Closed this issue a year ago · 6 comments

Describe the feature

Starting Spring 2024, third-party iOS SDKs are required to include PrivacyInfo.xcprivacy manifests detailing reasons for usage of certain privacy-sensitive APIs or embedding apps will face App Review rejection.

https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api

It appears Branch uses UserDefaults & FileCreationDate, so it will need a PrivacyInfo.xcprivacy manifest.

Answer 1 · 2023-08-21T18:58:39.000Z

Hi @nwelch-disney!

We are actively working on the iOS 17 requirements. This includes the Privacy Manifest as well as SDK Signing. While I won't share too much now, the update will introduce a dedicated Tracking Domain, Data Minimization changes, Privacy Nutrition label declarations, required reason apis, etc

Much more to come soon as we will have updated docs, FAQs, possibly another iOS 17 blog post, and other materials.

Answer 2 · 2023-10-10T20:26:20.000Z

HI @nwelch-disney

The 3.0.0 release has support privacy manifests.

https://github.com/BranchMetrics/ios-branch-deep-linking-attribution/releases/tag/3.0.0

Answer 3 · 2023-10-24T07:06:39.000Z

Hi @echo-branch, in 3.0 release note, it's saying

Known Issue: When using cocoapods without the use_frameworks! option, the build can fail with a duplicate privacy manifest error. Workaround is to manually merge privacy manifests.

How do I manually merge, can you add more details?
And will this known issue be fixed in later release?

Answer 4 · 2023-10-24T17:33:31.000Z

@samuelcai-chancetop
You'll need to go through all your dependencies privacy manifests and copy their entries into your own privacy manifest. Then remove dependencies privacy manifests.

Fixing the issue is dependent on cocoapods support for it. There's a thread on the cocoapods github discussing possible support/workarounds for privacy manifests. We went with the simplest workaround, but really we want an official cocoapods way of doing it as to avoid potential conflicts with other libraries.

Answer 5 · 2024-03-18T18:37:43.000Z

Suggested Fix: Change the inclusion of PrivacyInfo.xcprivacy to resource_bundles for cocoapod to avoid resource name collision.

https://github.com/BranchMetrics/react-native-branch-deep-linking-attribution/issues/965

Answer 6 · 2024-03-19T07:55:07.000Z

@echo-branch can this issue be re-opened?

I believe Branch's use of the App's privacy manifest is incorrect. For SDKs Apples recommendations here

If you use the API in your third-party SDK’s code, then you need to report the API in your third-party SDK’s privacy manifest file. Your third-party SDK can’t rely on the privacy manifest files for apps that link the third-party SDK, or those of other third-party SDKs the app links, to report your third-party SDK’s use of required reasons API.