Post

Replies

Boosts

Views

Activity

Reply to Privacy manifest requirement for SDKs
While I agree with the manifests in general, this response from Apple is problematic in a couple of ways. I will likely write a separate thread detailing all the issues I know about currently, as this is going to be a huge pain point for many (perhaps an overwhelming majority) of iOS developers. The new requirements apply to any new app or app update that you submit starting Spring 2024. if your app links against any of the listed SDK, then be sure to request an updated version of the SDK that includes the privacy manifest file. "Request an updated version of the SDK" is an interesting way of stating this, and it is problematic, especially within the time table proposed. Half the SDKs listed are maintained by FANG companies, meaning app developers have absolutely no leverage over whether or not they comply with Apple's manifest requirements. If Apple needs Google and Facebook to change their SDKs to help with international privacy law compliance then that is something that needs to happen at the trillion dollar corporation level, as app developers have no say in it. Many of the rest are open source tools libraries that are compiled from source and have no official iOS frameworks to begin with. OpenSSL, nanapb, sqflite, etc. It's against our corporate policy to use unofficial third party compilations of open source software (for obvious reasons), so we would either have to create our own signed xcframeworks of someone else's code or convince all major open source tools libraries to release signed xcframeworks within the next few weeks. Any app and third party SDK that collects data, uses required reason API, or both must include a privacy manifest file. If your app uses an SDK not listed but that falls under the mentioned requirements, then this SDK must include a privacy manifest. This is mainly a problem because it was not expressed until four days ago. You had the list, now you tell us the list is "only a list" and EVERYTHING that "phones home" needs a manifest within the next few weeks. This is going to cause quite a bit of panic among a lot of framework developers who were under the impression that the requirements were going to be put only on the listed SDKs first, and then apply to all others later. There are other issues that I think I should detail at length inside a separate thread, but those two are going to be problematic, especially since it's already January fifteenth and we do not have any hard date as to what part of "Spring" this refers to.
Jan ’24