[Bug]: Create ITMS privacy manifest for Apple builds

[orkun1675]

Platform

Apple / Swift

Plugin

connectivity_plus, device_info_plus, package_info_plus, share_plus

Version

Various (all latest as of March 22)

Flutter SDK

3.19.4

Steps to reproduce

Apple now requires privacy file for plugins/frameworks that access sensitive APIs. See: flutter/flutter#131940

Apple has published the list of commonly used Flutter packages that access these sensitive APIs but do not provide a privacy manifest: https://developer.apple.com/support/third-party-SDK-requirements/

It would be great if _plus plugins can remove calls to these sensitive APIs and/or create a privacy manifest where appropriate.

PS: Please feel free to close if there is already a bug tracking this. Thank you!

Code Sample

We noticed one or more issues with a recent submission for TestFlight review for the following app:

<APP NAME OMITTED>
Version <APP VERSION OMITTED>
Build <APP BUILD NUMBER OMITTED>
Although submission for TestFlight review was successful, you may want to correct the following issues in your next submission for TestFlight review. Once you've corrected the issues, upload a new binary to App Store Connect.

ITMS-91053: Missing API declaration - Your app’s code in the “Runner” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryDiskSpace. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

ITMS-91053: Missing API declaration - Your app’s code in the “Runner” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategorySystemBootTime. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

ITMS-91053: Missing API declaration - Your app’s code in the “Runner” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

ITMS-91053: Missing API declaration - Your app’s code in the “Runner” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

Apple Developer Relations

Logs

N/A

Flutter Doctor

N/A

Checklist before submitting a bug

• I searched issues in this repository and couldn't find such bug/problem
• I Google'd a solution and I couldn't find it
• I searched on StackOverflow for a solution and I couldn't find it
• I read the README.md file of the plugin
• I'm using the latest version of the plugin
• All dependencies are up to date with flutter pub upgrade
• I did a flutter clean
• I tried running the example project

[orkun1675]

As an example, see how the shared_preferences package handles this requirement here:

• https://github.com/flutter/packages/blob/main/packages/shared_preferences/shared_preferences_foundation/darwin/Resources/PrivacyInfo.xcprivacy
• https://github.com/flutter/packages/blob/611aea1657fbfc0d2564a14b08e12dffc70189bb/packages/shared_preferences/shared_preferences_foundation/darwin/shared_preferences_foundation.podspec#L26

[LBYPatrick]

Good call! Though, I am not trying to be devil's advocate, but due to the way the IPAs are packaged and thereby obfuscated, I honestly don't think Apple will enforce this one but in practice throw submitted apps into a sandbox to see if there's any offenses. In this case, package_info_plus is indeed a usual suspect for causing privacy issues, but Apple will simply return dummy data to it for some privacy-related APIs unless some explicit Permissions/Entitlements are declared ahead of time.

I am curious about whether Apple will be able to read GeneratedPluginRegistrant.h in plain text inside a packaged application. If not, then what I said is true.

[miquelbeltran]

Hello! We already have the privacy manifests in place and the modifications on the podspec files, have you looked at them?

Is there a way to check that those requirements come from plus plugins and not from other packages?

[miquelbeltran]

Also this ticket duplicates #2447

But I will keep it open since the other was closed.

[miquelbeltran]

Let's take a look at NSPrivacyAccessedAPICategoryDiskSpace: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api#4278397

Looking at the codebase, I cannot find a single use of the APIs like systemSize by the plugins.

I also used this tool: https://github.com/Wooder/ios_17_required_reason_api_scanner which wasn't able to detect any usage as well. I found it in this discussion here: expo/expo#27678 (comment)

[vbuberen]

We already have privacy manifests in place since last release of plugins.
There are no evidence that issues mentioned in the email are related to Plus Plugins.
I would advice the issue reporter to deal with Flutter team packages first, since currently the main source of issue with APIs usage mentioned in that email are plugins like shared_preferences. Because it had no releases for 5 months already it is rarely happens that somebody goes and does pub upgrade shared_preferences to fetch latest iOS part of that plugin, which was released recently with privacy manifest included: https://pub.dev/packages/shared_preferences_foundation/changelog#235
However, shared_preferences has quite relaxed version range allowed (as of writing this message it is ^2.2.0): https://github.com/flutter/packages/blob/main/packages/shared_preferences/shared_preferences/pubspec.yaml#L32

I was also confused recently with how versions are resolved, so created this PR to make things more straightforward as new releases of touched plugins will have iOS native parts with privacy manifests included: flutter/packages#6355

With that being said I don't want us to keep this issue open to not confuse other users who might think that Plus plugins still don't have privacy manifests added.

[miquelbeltran]

With that being said I don't want us to keep this issue open to not confuse other users who might think that Plus plugins still don't have privacy manifests added.

Agreed. I will close this one.

Unless someone can point out how the plus plugins are responsible for using those APIs, there is nothing else we can do.

From personal anecdote, I was using connectivity_plus, device_info_plus, package_info_plus in a project recently, together with many other packages of course, and the email from Apple only mentioned NSPrivacyAccessedAPICategorySystemBootTime, for example, and no mention of the other three privacy accessed APIs. We resolved the issue by creating our own privacy manifest in our app, even if we didn't know which package was responsible for it.

[orkun1675]

Thanks both, I'll report back if there is any proof that the culprit is plus plugins.