May 2024 iOS privacy manifest requirements tracking issue #27796
Comments
keith-kurak
changed the title
keith-kurak
removed
the
needs review
|
If we get our submissions approved before may 1st to the app store, does that mean we can still have our app in the store and continue with javascript updates? Does this only impact new build submissions? |
No, all submissions will be affected... I'm going through this right now, in fact. |
|
Can the description be added manually in Xcode (expo's prebuilded apps)? Which content should be used in that strings? |
I've been trying this a few hours ago... Here are more details (https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api).. in theory it should be something like which would be added to the .plist, but I haven't been successful yet... |
|
@adrielschmitz You shouldn't be adding this to the .plist file, but to the new privacy manifest file (PrivacyInfo.xcprivacy) |
Thanks! |
|
@adrielschmitz did you have to create a new privacy manifest file or is this just an update to your .plist file? |
At first yes, I no longer received the email from Apple. I created a new privacy manifest file on the root project... |
The current warning is just that- a warning. You can still build and submit and publish to the stores without any changes before May 1st, and app versions already available in the store will have the same functionality they always had (so, if you built it with updates, it will still have updates). I'm not aware of a previous cutoff like this where builds were retroactively invalidated. |
Quick question @adrielschmitz...
I mean the short description provided by Apple is far to vague and hence not conclusive for going with one option or the others and this is specially true for 3rd party libs for which we don't any clue what they do under the hood. So I wanted to better to understand the logic/mechanism/tool? you used to select the correct reason/s for each API type flagged by Apple... Thanks in advance! 👍 |
|
I just want to confirm the best fix for this is to wait for expo and react native libs (async storage etc) to add this file to their modules for the build pipeline and then upgrade these libs. We're not doing anything manually in our app with these things that apple is warning of. This issue will at some time get updated with guidance on if devs who are just using RN and expo modules are going to need to include a privacy manifest in their ios folder? I just see a lot of people trying to add their own manifest file, is it better to wait for libs to fix this? |
Yes, please give us a little time, we're working hard on this so you (as much as possible) don't have to. You don't need to include these in your project to submit yet, so there's no need to rush ahead with your own workaround. To some extent, individual app developers could fill in their own xcprivacy files, but, there's certain 3rd party SDK's that need both the declaration and the signing piece, and no individual app developer can work around the signing bit. If you wait a bit, too, we'll be working on guidance for, situations where it would help for you to provide your own manifest, you can do that while still being compatible with CNG/ Prebuild, so it'll be easier than the workarounds described above if you don't maintain your own native project files. |
Hello... By the way, the project in question is in React Native, I'm not using Expo. |
|
Async Storage added privacy manifest. |
Does this fix will also work on React Native or just expo? |
Both |
# Why As per https://developer.apple.com/documentation/bundleresources/privacy_manifest_files, 3rd party SDKs need to provide .xcprivacy files if: - The 3rd party dependency uses one of the APIs listed in required reasons APIs. This is also relevant for 3rd party SDKs shipped as swift code = entire expo SDK. We need to add an .xcprivacy file to expo-go to pass app review after May 1st, so we bundle xcprivacy files with expo-modules that require it. We use this mechanism: https://github.com/SDWebImage/SDWebImage/blob/98d058a1ea053484bc4df447153654a0e4a70549/SDWebImage.podspec#L49, that I tested and confirmed to bundle correctly. I identifed all expo-modules that make use of APIs listed in required reasons – using https://github.com/Wooder/ios_17_required_reason_api_scanner Related to: #27796 https://linear.app/expo/issue/ENG-11731/investigate-ios-privacy-manifest-requirements # Test Plan Tested by generating a privacy report using xCode – the items don't show since they don't add any privacy labels, but after adding the label to any of the generated xcprivacy files those labels do show up: <img width="1761" alt="image" src="https://github.com/expo/expo/assets/5597580/af887839-90db-456b-b76a-5ad6d9fe4511"> # Checklist <!-- Please check the appropriate items below if they apply to your diff. This is required for changes to Expo modules. --> - [ ] Documentation is up to date to reflect these changes (eg: https://docs.expo.dev and README.md). - [ ] Conforms with the [Documentation Writing Style Guide](https://github.com/expo/expo/blob/main/guides/Expo%20Documentation%20Writing%20Style%20Guide.md) - [ ] This diff will work correctly for `npx expo prebuild` & EAS Build (eg: updated a module plugin). --------- Co-authored-by: Łukasz Kosmaty <lukasz.kosmaty@swmansion.com>
|
Hello, any new news here? I'm having the same problem, I'm not sure if there is already a solution, thank you very much |
|
Will this fix be applied to expo 49 as well? |
Would very much like a fix in expo 49 as this is a short timeframe and not ready to go to 50 yet. |
|
any updates? |
|
I'm experiencing the same issue as below @kliakhovskii-brex The guide in your comment is for managed workflow right? How about for bare workflow? How do I fix the issue w/ Sentry for a bare workflow project? |
How do I get pass the issue/error when upgrading sentry-expo and @sentry/react-native ? Our project is still at Expo 49 SDK and we are using Bare Workflow. |
I stopped getting the error once I upgraded those libraries to their most current versions: sentry-expo to 7.2.0 and @sentry/react-native to 5.22.0. |
I'm guessing you are using managed workflow? |
Hey @aleqsio , Referring to this commit: efa9096 Tried the newest released Expo 50.0.18 which is launched today. Still facing the error with absolute path. Changes you made seem to be in the code though: 
Error Screenshot - Fastlane Any advice how to fix, a workaround maybe? any suggestions is appreciated as May starts tomorrow 😅 |
That is weird, are you sure you made a clean prebuild? |
Im having the same problem with a clean prebuild of 50.0.18. For now I solved it by adding the ios folder to .easignore :) |
@aleqsio @KesoGizmoYoshi updated my prebuild step to |
|
For anyone on Expo SDK 48 ou 49, there is now a polyfill plugin to add support for the ios.privacyManifests config.
|
|
Confirmed, this is working for us with Expo v49! Thank you all. $ grep '"expo"' package.json
"expo": "49.0.13",
$ grep sentry package.json
"@sentry/react": "7.112.2",
"@sentry/react-native": "5.22.0",
"sentry-expo": "7.2.0",// app.config.ts
const config: ExpoConfig = {
...
plugins: [
"expo-privacy-manifest-polyfill-plugin",
...
],
ios: {
...
// @ts-expect-error - this is a polyfill from expo-privacy-manifest-polyfill-plugin
privacyManifests: {
NSPrivacyAccessedAPITypes: [
{
NSPrivacyAccessedAPIType: "NSPrivacyAccessedAPICategoryFileTimestamp",
NSPrivacyAccessedAPITypeReasons: ["CA92.1"],
},
{
NSPrivacyAccessedAPIType: "NSPrivacyAccessedAPICategoryDiskSpace",
NSPrivacyAccessedAPITypeReasons: ["CA92.1"],
},
],
},
},
|
Will that work w/ Bare Workflow as well? |
|
If I make Error: Dependencies from package.json: Privacy manifests on app.json: |
This might work for you:
|
The following should not be installed as dependencies/devDependencies: "@expo/config-plugins": "^7.8.0",
"@expo/prebuild-config": "^6.7.0",
"eas-cli": "^8.0.0",You should generally also avoid By the way, are you using JSC? "jsc-android": "^250230.2.1",And you seem to have some duplication. e.g.: "expo-document-picker": "~11.10.1",
"react-native-document-picker": "^9.1.0",
"expo-linear-gradient": "~12.7.2",
"react-native-linear-gradient": "^2.7.3", |
|
expo-privacy-manifest-polyfill-plugin this does not support expo go. all my apps is using expo go(Managed) is it possible to support expo go since is expo things? |
|
@statico Did you receive any notification from Apple after submitting to the store? |
|
I can`t pass eas build [Privacy Manifest Aggregation] Appending aggregated reasons to existing PrivacyInfo.xcprivacy file. with I am on the latest npx expo install --fix with no issue @ expo-doctor |
How did you get passed the error w/ @sentry/react-native? Did you silenced Expo Doctor? |
|
expo-privacy-manifest-polyfill-plugin Error: Problem validating fields in app.json. Learn more. |
@wodin I'm really confused now. How were the others still in Expo 49 got passed the issue w/ @sentry/react-native? |
@statico How were you able to get pass the error w/ |
|
@next6leo Expo Go will have a privacy manifest set when it is published, no need to do anything there. |
@rooksFX I have no idea. Expo Doctor has been complaining about version mismatches since we started the project a year ago. Trying to fix every version mismatch is near impossible and results in madness and hair loss. I've been ignoring the Expo Doctor warnings — the app works, and users are happy.
@KarlaSaenz Yes, I just tried submitting a build and got an "Invalid Binary" error and an email with eight messages that looked like this:
I'm currently investigating. |
That should not normally be the case. What does your |
|
Apparently I misread the Describing Use of Required Reason API document. I don't know why Google needs these APIs, I've tried googling, and I don't know how to figure out where Since we're a small company with limited time and resources, I've chosen these reasons in an in-good-faith, best-effort attempt at describing why they're used: // @ts-expect-error - this is a polyfill from expo-privacy-manifest-polyfill-plugin
// See https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api
privacyManifests: {
NSPrivacyAccessedAPITypes: [
{
NSPrivacyAccessedAPIType: "NSPrivacyAccessedAPICategoryFileTimestamp",
// I think this happens because we allow users to pick files from their device
NSPrivacyAccessedAPITypeReasons: ["3B52.1"],
},
{
NSPrivacyAccessedAPIType: "NSPrivacyAccessedAPICategoryDiskSpace",
// My guess is this is part of a disk caching system for Google's APIs
NSPrivacyAccessedAPITypeReasons: ["E174.1"],
},
],
},Full I'm beginning to think that the only way to write software in a team that's smaller than 1,000 people is to never rely on third-party dependencies at all, and that I should give up entirely and start an alpaca farm. |
|
@KarlaSaenz et al, we are successful!
|
|
@statico Thanks for the reply! |
and others
UPDATE
We now have guide on how to add a privacy manifest via your app config (app.json / app.config.js).
Overview
Recently, Apple announced that, starting May 1, they would start enforcing that all new apps and updates must declare approved reasons for using specific APIs in a privacy manifest, preventing uploads to TestFlight if the requirement is not met. These requirements also apply to 3rd party SDK's, with specific SDK's identified by Apple requiring a signature in addition to the manifest.
If you submitted to TestFlight after March 13th, you may have received an email from Apple with an "ITMS-91053" warning, indicating that they found API usage matching an
NSPrivacyAccessedAPIcategory in your app that will require these changes in order to meet the requirements after May 1st (common categories might includeNSPrivacyAccessedAPICategoryDiskSpaceandNSPrivacyAccessedAPICategoryFileTimestamp).What Expo is doing about it
Expo engineers are actively engaged with this issue, doing everything in our power ensure that your app submissions continue uninterrupted despite the relatively short notice:
react-native) and ensuring our version validation is updated accordingly as these updates go live.As this potentially requires action by any number of 3rd party library maintainers, we can't guarantee that you will not see a rejection for this reason from Apple after May 1st. However, we are focused on taking care of what is in our control, and providing guidance on what is outside of our control.
What's next
We expect to have more specific information about the steps we're taking to address this requirement, including more information about action required on your end to keep your iOS app submissions running smoothly past May 1st.
We will keep this issue open and will post updates here, so watch this issue to keep up-to-date!
The text was updated successfully, but these errors were encountered: