Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Apple privacy manifest - Required Reason #895

Open
mauroolivo opened this issue Mar 26, 2024 · 5 comments
Open

Apple privacy manifest - Required Reason #895

mauroolivo opened this issue Mar 26, 2024 · 5 comments

Comments

@mauroolivo
Copy link

Apple is requiring all api calls that fall under this ruleset

https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api

be declared in a privacy manifest file: "... your app or third-party SDK must declare one or more approved reasons that accurately reflect your use of each of these APIs and the data derived from their use ..."

Do you have any ETA to support the privacy manifest?

@kingonly
Copy link
Member

@dangeross can you please look into it?

@dangeross
Copy link
Collaborator

Thanks for the issue @mauroolivo, did you get notified of the use of any of theses APIs?

I've taken a look through the API list that requires reasons for use and as far as I know, none are used by the SDK itself. Any use of these APIs used by vendors/developers need to be disclosed by themselves. Also looking at the data use list, the SDK and/or Breez do not collect any personal/tracking information. Maybe there is a case for including NSPrivacyCollectedDataTypePaymentInfo but again, it is not collected for user linking/tracking but for functionality.

@mauroolivo
Copy link
Author

Thanks @dangeross for your answer.

I've been notified by email from Apple with this "Your app’s code references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryDiskSpace"

To find where this is coming from I did a scan of the code and the embedded binaries with this: https://github.com/Wooder/ios_17_required_reason_api_scanner

What I got is:

Used symbols in binary ./libgdk/libs/ios_simulator_x86/libgreenaddress_full.a: fstat, fstatfs, lstat, mach_absolute_time, stat, statfs, statvfs

Probably a false positive.

@dangeross
Copy link
Collaborator

Do you use Blockstream Green C/C++ SDK or GreenAddress swift package?

@mauroolivo
Copy link
Author

GreenAddress swift package

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants