Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Privacy Manifest files #2187

Open
julianrex opened this issue Mar 15, 2024 · 2 comments
Open

Support Privacy Manifest files #2187

julianrex opened this issue Mar 15, 2024 · 2 comments
Labels
Answered A question was answered Question

Comments

@julianrex
Copy link

Privacy Manifests will soon be a requirement for SDKs used in apps launched on the App Store. From https://developer.apple.com/news/?id=3d8a9yyh

At WWDC23, we introduced new privacy manifests and signatures for commonly used third-party SDKs and announced that developers will need to declare approved reasons for using a set of APIs in their app’s privacy manifest. These changes help developers better understand how third-party SDKs use data, secure software dependencies, and provide additional privacy protection for users.

Starting March 13: If you upload a new or updated app to App Store Connect that uses an API requiring approved reasons, we’ll send you an email letting you know if you’re missing reasons in your app’s privacy manifest. This is in addition to the existing notification in App Store Connect.

Starting May 1: You’ll need to include approved reasons for the listed APIs used by your app’s code to upload a new or updated app to App Store Connect. If you’re not using an API for an allowed reason, please find an alternative. And if you add a new third-party SDK that’s on the list of commonly used third-party SDKs, these API, privacy manifest, and signature requirements will apply to that SDK. Make sure to use a version of the SDK that includes its privacy manifest and note that signatures are also required when the SDK is added as a binary dependency.

This functionality is a step forward for all apps and we encourage all SDKs to adopt it to better support the apps that depend on them.

Although MoltenVK isn't included in the initial list of commonly used SDKs, I would expect all SDKs to require privacy manifests in the not too distant future.

See:
@spnda
Copy link
Collaborator

spnda commented Mar 15, 2024

There is a list of all APIs which require a reason in the privacy manifest, which you can find here. This, as far as I can tell, doesn't apply to MoltenVK in any way, as Metal or CoreGraphics APIs are not listed. There is also a list of collected data types that need to be listed here, where again, this is only confidential data, files, location, ..., nothing which would apply to MoltenVK.

@billhollings billhollings added Question Answered A question was answered labels Mar 19, 2024
@billhollings
Copy link
Contributor

There is a list of all APIs which require a reason in the privacy manifest, which you can find here.

Thanks for that research.

This looks to be something to be aware of, but since MoltenVK doesn't deal in any of the private user data content that Apple is working to protect, it's unlikely this will become an issue in the near future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Answered A question was answered Question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@billhollings @julianrex @spnda