I'm developing a (XC) 3rd party framework, but the framework doesn't use any privacy access API as listed in listed in this document. Do I still need to include the PrivacyManifest.xcprivacy file which will have empty content into the framework?
IS PrivacyManifest.xcprivacy still required for Framework even if no privacy accessed API is used?
I'm curious about this, too.
I am curious too, but I think you can still code sign the framework.
@jdheeraj11 Isn't code signing done only by the libraries presented by Apple??
I think the libraries that are not that will only need PrivacyInfo.. I may be wrong. Please share your opinion.
Add a privacy manifest to your framework if your framework requires it. To determine if your framework needs a privacy manifest, see Upcoming third-party SDK requirements, Describing use of required reason API, and Describing data use in privacy manifests.
If your framework doesn't require a privacy manifest, do nothing. Avoid adding an empty privacy manifest to your framework.
but the framework doesn't use any privacy access API as listed in listed in this document.
Confirm that your framework doesn't repackage an SDK on the list of third-party SDKs requiring a privacy manifest and signature. If your framework does, then you need to add a privacy manifest to it.
@DTS Engineer
I've checked SPM libraries on GitHub. Among them, I can see some empty in PrivacyInfo.
Many libraries are doing this, will this be a problem??
@DTS Engineer , we have added empty manifests because we worry that people will not be able to tell the difference between these situations:
- there is no manifest because we use no APIs requiring reason codes and we collect no data
- there is no manifest because we did not check if we needed a manifest
Is there any penalty for adding an empty manifest?