IS PrivacyManifest.xcprivacy still required for Framework even if no privacy accessed API is used?

I'm developing a (XC) 3rd party framework, but the framework doesn't use any privacy access API as listed in listed in this document. Do I still need to include the PrivacyManifest.xcprivacy file which will have empty content into the framework?

Post not yet marked as solved Up vote post of spasin Down vote post of spasin
2.4k views
Posted by
spasin
Reply

  • I'm curious about this, too.

    kimjitae

  • I am curious too, but I think you can still code sign the framework.

    jdheeraj11

  • @jdheeraj11 Isn't code signing done only by the libraries presented by Apple??

    I think the libraries that are not that will only need PrivacyInfo.. I may be wrong. Please share your opinion.

    kimjitae
Add a Comment

Replies

Add a privacy manifest to your framework if your framework requires it. To determine if your framework needs a privacy manifest, see Upcoming third-party SDK requirements, Describing use of required reason API, and Describing data use in privacy manifests.

If your framework doesn't require a privacy manifest, do nothing. Avoid adding an empty privacy manifest to your framework.

but the framework doesn't use any privacy access API as listed in listed in this document.

Confirm that your framework doesn't repackage an SDK on the list of third-party SDKs requiring a privacy manifest and signature. If your framework does, then you need to add a privacy manifest to it.

Posted by
DTS Engineer
Up vote reply of DTS Engineer Down vote reply of DTS Engineer

  • Hi @DTS Engineer One of our apps still depends on AFNetworking which was included in Apple SDKs list by using Cocoapods (worth to mention that this project is archived and will no receive any updates). We checked the code and it does not use any of the listed APIs. Do we still need to add Privacy Manifest for this SDK? We are actively working on adding Privacy Manifests to our dependencies and to our project itself.

    fernando.reynoso
  • but the framework doesn't use any privacy access API as listed in listed in this document.

    Where is the above statement found in the Apple official documentation? Thanks!

    YusukeTashiro

  • In this link (https://developer.apple.com/support/third-party-SDK-requirements/), the flutter_inappwebview SDK is listed, but it doesn't actually use any required APIs. Does that mean other SDKs or apps using flutter_inappwebview don't need to add a privacy manifest file?

    JooYang
Add a Comment

@DTS Engineer

I've checked SPM libraries on GitHub. Among them, I can see some empty in PrivacyInfo.

Many libraries are doing this, will this be a problem??

Posted by
kimjitae
Up vote reply of kimjitae Down vote reply of kimjitae

  • @DTS Engineer

    kimjitae

  • Add and set a key if you have data for it. Otherwise, remove it.

    DTS Engineer

  • @DTS Engineer If I submit it in the same state as the picture, will there be a problem??

    kimjitae

@DTS Engineer , we have added empty manifests because we worry that people will not be able to tell the difference between these situations:

  • there is no manifest because we use no APIs requiring reason codes and we collect no data
  • there is no manifest because we did not check if we needed a manifest

Is there any penalty for adding an empty manifest?

Posted by
SlippedCognitive
Post not yet marked as solved Up vote reply of SlippedCognitive Down vote reply of SlippedCognitive

  • In fact, the most obvious thing is to do the screening yourself. There is no problem with the screening even if you submit an empty menifest.

    kimjitae
Add a Comment