Need clarification for UserDefaults NSPrivacyAccessedAPITypeReasons CA92.1

Question

Unipopcorn OP

Created Aug ’23

Replies 2

Boosts 1

Views 2.7k

Participants 4

In the Required Reason API doc, the UserDefaults section defines NSPrivacyAccessedAPITypeReasons CA92.1:

Declare this reason to access user defaults to read and write information that is only accessible to the app itself.

This reason does not permit reading information that was written by other apps or the system, or writing information that can be accessed by other apps.

If I store a user generated string in UserDefaults, later on fetch it within the same app, send it to my backend component, and lastly my backend component share the string with 3rd party developers, do I still fall into the CA92.1 category? In other words, do I need to submit an approval request for this kind of usage?

My understanding is this usage still falls into CA92.1 because it does not access device signals for fingerprinting purposes, but I am not sure. Please advice. Thanks!

Boost

Answer 1

endecotp OP

Aug ’23

It's mysterious, isn't it?

To be safe, stop using NSUserDefaults and just use a regular file in the filesystem.

(Apart from some minor ease-of-use features, what advantage does NSUserDefaults have?)

0

Answer 2

ariane Clarke OP

Mar ’24

For what I understood, this is a measure to keep apps in the iOS environment to read each other's information. So if you save and read, then send to the backend, I believe this goes beyond the App environment and you are still classify as CA92.1. It would be great to hear what Apple has to say about it.

0