OpenSSL-Universal and Privacy Manifest / Apple Privacy Policy Compliance

Question

OpenSSL-Universal and Privacy Manifest / Apple Privacy Policy Compliance

Opened this issue 8 months ago · 3 comments

Is there expected to be any privacy policy compliance issue due to the fact that this library uses OpenSSL-Universal (= 1.0.2.19), given that OpenSSL is an sdk which will require a privacy manifest when apple rolls out their new privacy policy. Although OpenSSL-Universal is not mentioned for this policy, OpenSSL is and Apple explains:

Any version of a listed SDK, as well as any SDKs that repackage those on the list, are included in the requirement.

It appears that any OpenSSL-Universal may need to be updated to 3.1.5000+ which adds the privacy manifest .

Answer 1 · 2024-05-07T13:34:28.000Z

Regarding the Apple privacy manifest policy, we used a scanner (https://github.com/Wooder/ios_17_required_reason_api_scanner) to check our project and saw that this library is using "required reason" APIs. The deadline by Apple to be compliant was May 1st and there has been no activity in this thread since March. Are there any plans to make this library compliant? Thanks, Marc

Answer 2 · 2024-05-14T12:39:11.000Z

@urm-dev The only required reason I found with the script was referred in example folder. I have not checked the example app but maybe it uses features which have to be declared but are not related to this library.

Answer 3 · 2024-05-15T05:38:57.000Z

@urm-dev The only required reason I found with the script was referred in example folder. I have not checked the example app but maybe it uses features which have to be declared but are not related to this library.

I checked the example app and this was a good hint. On said lines, "FKUserDefaultsPlugin" is used, containing the text "UserDefaults" that seems to be a "required reason" API. So I assume this is a false positive result of the text based scanner script.