CODEWITHSUNDEEP
iosangularfirebaseionic-frameworkcapacitor
MadMac
MadMac

Reputation: 4933

Handling Privacy Manifest Requirements with Outdated Firebase and Angular Version

I’ve been caught off guard by the new privacy manifest requirements, which are asking for 11 declarations—mostly related to Firebase.

Obviously missed the memo, I don't remember any communication from Apple. I released updates to existing apps in December with no issues. This is a new app release. Unfortunately, my app is somewhat outdated, as I haven’t had time to update all the dependencies. I’m currently using:

I see two possible options:

  1. Upgrade to Firebase 10.22.0, which includes the privacy manifest. However, this would also require upgrading to AngularFire 16.0.0 and Angular 16, introducing a large number of breaking changes that could be difficult to manage in a short time frame. Not to mention having to retest everything as we just completed testing.

  2. Manually create a privacy manifest or use a tool to generate one. Would it be possible to copy the Firebase 10.22.0 manifest contents into my own manually created file? This would be the ideal interim solution due to the time constraint and I could update the packages after the release to the store.

I’m on a tight deadline and have very limited time to resolve this. Any advice would be greatly appreciated!

SDKS listed by App Store

Frameworks/Capacitor.framework/Capacitor Frameworks/Cordova.framework/Cordova Frameworks/FBLPromises.framework/FBLPromises Frameworks/FirebaseCore.framework/FirebaseCore Frameworks/FirebaseCoreDiagnostics.framework/FirebaseCoreDiagnostics Frameworks/FirebaseDynamicLinks.framework/FirebaseDynamicLinks Frameworks/FirebaseInstallations.framework/FirebaseInstallations Frameworks/FirebaseMessaging.framework/FirebaseMessaging Frameworks/GoogleDataTransport.framework/GoogleDataTransport Frameworks/GoogleUtilities.framework/GoogleUtilities Frameworks/nanopb.framework/nanopb

UPDATE

Update: I have manually created a privacy manifest file (PrivacyInfo.xcprivacy) but I am getting exactly the same issues for the same packages from App Store Connect. Is it not recognizing the privacy manifest or is it incorrectly formated?

I added the privacy manifest in Xcode like so:

  1. Selected my App/App folder in the project navigator
  2. Selected File -> New -> File from the menu.
  3. Selected App Privacy File type under Resources.
  4. Checked my app target in the Targets list.
  5. Clicked Create. This created a PrivacyInfo.xcprivacy file next to the Info.plist file.
  6. Copied my manually created PrivacyInfo.xcprivacy content into this file in VSCode.

When I generate a Privacy Report from the organizer it seems to work.

PrivacyInfo.xcprivacy:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <!-- Global Tracking Settings -->
    <key>NSPrivacyTracking</key>
    <false/>
    <key>NSPrivacyTrackingDomains</key>
    <array/>
    
    <!-- Collected Data Types -->
    <key>NSPrivacyCollectedDataTypes</key>
    <array>
      <!-- NSPrivacyCollectedDataTypeOtherDiagnosticData -->
      <dict>
        <key>NSPrivacyCollectedDataType</key>
        <string>NSPrivacyCollectedDataTypeOtherDiagnosticData</string>
        <key>NSPrivacyCollectedDataTypeLinked</key>
        <false/>
        <key>NSPrivacyCollectedDataTypeTracking</key>
        <false/>
        <key>NSPrivacyCollectedDataTypePurposes</key>
        <array>
          <!-- From Firestore, Installations, GoogleDataTransport -->
          <string>NSPrivacyCollectedDataTypePurposeAnalytics</string>
          <!-- From Messaging -->
          <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
        </array>
      </dict>
      <!-- NSPrivacyCollectedDataTypeDeviceID from Messaging -->
      <dict>
        <key>NSPrivacyCollectedDataType</key>
        <string>NSPrivacyCollectedDataTypeDeviceID</string>
        <key>NSPrivacyCollectedDataTypeLinked</key>
        <false/>
        <key>NSPrivacyCollectedDataTypeTracking</key>
        <false/>
        <key>NSPrivacyCollectedDataTypePurposes</key>
        <array>
          <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
        </array>
      </dict>
      <!-- NSPrivacyCollectedDataTypeOtherDataTypes from Messaging and Dynamic Links -->
      <dict>
        <key>NSPrivacyCollectedDataType</key>
        <string>NSPrivacyCollectedDataTypeOtherDataTypes</string>
        <key>NSPrivacyCollectedDataTypeLinked</key>
        <false/>
        <key>NSPrivacyCollectedDataTypeTracking</key>
        <false/>
        <key>NSPrivacyCollectedDataTypePurposes</key>
        <array>
          <string>NSPrivacyCollectedDataTypePurposeAnalytics</string>
          <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
        </array>
      </dict>
    </array>
    
    <!-- Accessed API Types -->
    <key>NSPrivacyAccessedAPITypes</key>
    <array>
      <!-- NSPrivacyAccessedAPICategoryFileTimestamp from Dynamic Links and GoogleUtilities -->
      <dict>
        <key>NSPrivacyAccessedAPIType</key>
        <string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
        <key>NSPrivacyAccessedAPITypeReasons</key>
        <array>
          <string>C617.1</string>
        </array>
      </dict>
      <!-- NSPrivacyAccessedAPICategoryUserDefaults from Firebase Core, Dynamic Links, and GoogleUtilities -->
      <dict>
        <key>NSPrivacyAccessedAPIType</key>
        <string>NSPrivacyAccessedAPICategoryUserDefaults</string>
        <key>NSPrivacyAccessedAPITypeReasons</key>
        <array>
          <string>CA92.1</string>
          <string>1C8F.1</string>
          <string>C56D.1</string>
        </array>
      </dict>
    </array>
  </dict>
</plist>

Email:

Please correct the following issues and upload a new binary to App Store Connect. ITMS-91061: Missing privacy manifest - Your app includes “Frameworks/Capacitor.framework/Capacitor”, which includes Capacitor, an SDK that was identified in the documentation as a commonly used third-party SDK. If a new app includes a commonly used third-party SDK, or an app update adds a new commonly used third-party SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests, visit: https://developer.apple.com/support/third-party-SDK-requirements.

Repeated 10 more times for the other SDKs.

Upvotes: 0

Views: 875

Answers (1)

MadMac
MadMac

Reputation: 4933

It looks like as of 12 Feb 2025 all SDKs require their own privacy manifest and signature.

Therefore it seems the manually creating a master privacy manifest is no longer possible and updating all packages / SDKs is the only option.

https://developer.apple.com/support/third-party-SDK-requirements/

I am not 100% sure this is the case and still investigating. I will accept when I run out of options. Related question: Manually created privacy manifest appears to be ignored

Upvotes: 1

Related Questions