Community
Select to view content in your preferred language

Support privacy manifest

842
5
12-04-2023 02:09 AM
trieunguyenaxon
by
New Contributor III
‎12-04-2023 02:09 AM

We got a report from our security tool that ArcGIS SDK needs to add private reason for those API usage:

User Defaults

- System Boot Time API

- Disk Space AP

- File Timestamp API

Regarding Apple document, we must address and fix them before Spring 2024, if not our application will be rejected by Apple: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_r...

From Apple words:

Important

From Fall 2023 you’ll receive an email from Apple if you upload an app to App Store Connect that uses required reason API without describing the reason in its privacy manifest file. From Spring 2024, apps that don’t describe their use of required reason API in their privacy manifest file won’t be accepted by App Store Connect.

Your app or third-party SDK must declare one or more approved reasons that accurately reflect your use of each of these APIs and the data derived from their use. You may use these APIs and the data derived from their use for the declared reasons only. These declared reasons must be consistent with your app’s functionality as presented to users, and you may not use the APIs or derived data for tracking.

 

Did those issues fix or any plan to resolve them?

Thanks!

 

0 Kudos
5 Replies
ZacharyKline
by Esri Contributor
Esri Contributor
‎12-04-2023 09:04 AM

Hello! Yes, we do plan on adding a privacy manifest and it will be a part of the next release which will be released in December. Also, can you clarify what this security tool is and what you are getting is from our SDK? Are those required reason APIs coming from another SDK your app is using or is it coming from the code you are using in your application? Thank you.

0 Kudos
trieunguyenaxon
by
New Contributor III
‎12-05-2023 02:41 AM

Hi @ZacharyKline,

Thanks for your information!

We're using Data Theorem to scan security and privacy issue: https://www.securetheorem.com

Here are result I got from this tool

1. App Store Blocker: Privacy Manifest is Missing System Boot Time API Usage Reason

trieunguyenaxon_0-1701772736869.png

2. App Store Blocker: Privacy Manifest is Missing Disk Space API Usage Reason

trieunguyenaxon_1-1701772761732.png

3.  App Store Blocker: Privacy Manifest is Missing File Timestamp API Usage Reason

trieunguyenaxon_3-1701772816152.png

 

0 Kudos
DeanKellyNISC
by
New Contributor
‎01-31-2024 10:03 AM

Are there any plans to add a manifest to 100.x versions at any point? We have a lot of legacy code we don't currently have the resources to upgrade and are depending on the older package which Apple may decide also needs a privacy manifest declared.

ZacharyKline
by Esri Contributor
Esri Contributor
‎02-01-2024 10:36 AM

Hello Dean,

Thank you for your feedback. We will take it into consideration in the future.

0 Kudos
DiveshGoyal
by Esri Regular Contributor
Esri Regular Contributor
‎05-10-2024 02:32 PM

@DeanKellyNISC We have added privacy manifests for the 100.15.5 patch release of ArcGIS Runtime SDK for iOS