We got a report from our security tool that ArcGIS SDK needs to add private reason for those API usage:
- User Defaults
- System Boot Time API
- Disk Space AP
- File Timestamp API
Regarding Apple document, we must address and fix them before Spring 2024, if not our application will be rejected by Apple: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_r...
From Apple words:
Important
From Fall 2023 you’ll receive an email from Apple if you upload an app to App Store Connect that uses required reason API without describing the reason in its privacy manifest file. From Spring 2024, apps that don’t describe their use of required reason API in their privacy manifest file won’t be accepted by App Store Connect.
Your app or third-party SDK must declare one or more approved reasons that accurately reflect your use of each of these APIs and the data derived from their use. You may use these APIs and the data derived from their use for the declared reasons only. These declared reasons must be consistent with your app’s functionality as presented to users, and you may not use the APIs or derived data for tracking.
Did those issues fix or any plan to resolve them?
Thanks!
Hello! Yes, we do plan on adding a privacy manifest and it will be a part of the next release which will be released in December. Also, can you clarify what this security tool is and what you are getting is from our SDK? Are those required reason APIs coming from another SDK your app is using or is it coming from the code you are using in your application? Thank you.
Hi @ZacharyKline,
Thanks for your information!
We're using Data Theorem to scan security and privacy issue: https://www.securetheorem.com
Here are result I got from this tool
1. App Store Blocker: Privacy Manifest is Missing System Boot Time API Usage Reason
2. App Store Blocker: Privacy Manifest is Missing Disk Space API Usage Reason
3. App Store Blocker: Privacy Manifest is Missing File Timestamp API Usage Reason
Are there any plans to add a manifest to 100.x versions at any point? We have a lot of legacy code we don't currently have the resources to upgrade and are depending on the older package which Apple may decide also needs a privacy manifest declared.
Hello Dean,
Thank you for your feedback. We will take it into consideration in the future.
@DeanKellyNISC We have added privacy manifests for the 100.15.5 patch release of ArcGIS Runtime SDK for iOS