Complience with Apples Required Reason API

[Daenara]

Feature Request

Plugin

filesystem

Description

Starting May 1st 2024 Apple requires a PrivacyInfo.xcprivacy file to be added when specific functionality is used, and the filesystem plugin is using one of those. After Apple sent us an email about this required change, I ran a tool that checks where affected functions are used and this was in the results:

Found potentially required reason API usage '.modificationDate' in './/node_modules/@capacitor/filesystem/ios/Plugin/FilesystemPlugin.swift'

Since this coincides with the email from Apple, this means that such a file is required for the fileystem plugin starting in May, and since Apple requires 3rd party SDKs to have this file, I wrote this feature request. This one mention I found might not be the only one, since the tool I used to find where functionality is used is very crude.

Platform(s)

ios

Preferred Solution

The PrivacyInfo.xcprivacy file is added and with the correct reasons.

Alternatives

The affected functionality is not used anymore (not very likely since it is used for a reason to begin with)

Additional Context

https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_ap

[Kevin-Hamilton]

I came here with a similar concern, in my case the Disk Space APIs are being flagged in my code by Apple, which I tracked back to the volumeAvailableCapacityForImportantUsageKey called in the getRealFreeDiskSize function of the device plugin.

Your app’s code file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryDiskSpace. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api

My app does not use the disk space info returned by the device plugin, so I cannot declare any of the supported reasons for calling this API. It would be nice if there were an alternate version of this plugin which excludes the required reason APIs so I do not need to maintain a fork with these API calls removed.

[spacewolf39]

@Daenara would it be possible to share the tool you used to identify the required API?

[alicerocheman]

I'm encountering this issue as well.

The issue came up when I tried to publish the new version of my app on the app store.

Email from Apple:

ITMS-91053: Missing API declaration - Your app’s code in the “My Target” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

ITMS-91053: Missing API declaration - Your app’s code in the “My Target” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryDiskSpace. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

More investigation led to this doc which explains how to create the privacy file

And this doc that describes each possible reason for each API.

Seeing as I don't know how capacitor uses these API, or which capacitor dependency uses them, I'm having difficulties picking reasons.

FYI, I'm using these capacitor dependencies:

    "@capacitor-community/firebase-analytics": "^4.0.0",
    "@capacitor/android": "4.7.2",
    "@capacitor/app": "^4.1.1",
    "@capacitor/core": "4.7.2",
    "@capacitor/device": "^4.1.0",
    "@capacitor/geolocation": "^4.1.0",
    "@capacitor/haptics": "^4.1.0",
    "@capacitor/ios": "4.7.2",
    "@capacitor/keyboard": "^4.1.1",
    "@capacitor/preferences": "^4.0.2",
    "@capacitor/status-bar": "^4.1.1",

[Daenara]

@Daenara would it be possible to share the tool you used to identify the required API?

This is one of the two I used, the other was a worse version of the text search included in this. Pretty sure neither the text search nor the binary one found all places though. Apparently Apples strategy is "have ppl upload apps, tell them something is missing but not which sdk it is, and then rinse and repeat"

[dtarnawsky]

Version 1.81 of the Ionic VS Code Extension will detect missing privacy manifest reasons (based on known plugins) and help you choose the reasons.

I've also written an article on this. If you find any plugins that require you to modify the privacy manifest I'd like to hear about them.

[Daenara]

Version 1.81 of the Ionic VS Code Extension will detect missing privacy manifest reasons (based on known plugins) and help you choose the reasons.

I've also written an article on this. If you find any plugins that require you to modify the privacy manifest I'd like to hear about them.

Do you know of any way to access the list used by the extension manually? We do not use VS Code and just having the list of which plugin uses what would be far more helpful than what all the text and binary searches I used so far output.

[martinreder]

For us, the plugins capacitor/device and capacitor/filesystem require us to modify the privacy manifest and, as @Kevin-Hamilton wrote in his comment, we have troubles choosing the correct reason code because we do not actually use the APIs.
We also would appreciate a modified plugin version where we can exclude the problematic API calls.

[dtarnawsky]

Hey @Daenara, I wrote a tool to find which plugins uses which APIs. Here is the resulting JSON file: https://github.com/dtarnawsky/plugin-scan/blob/main/privacy.json. You could cross reference this list with your package.json and manually edit your privacy manifest file. You could also just use VS Code once - I swear neoVIM won't get jealous.

[Daenara]

Hey @Daenara, I wrote a tool to find which plugins uses which APIs. Here is the resulting JSON file: https://github.com/dtarnawsky/plugin-scan/blob/main/privacy.json. You could cross reference this list with your package.json and manually edit your privacy manifest file. You could also just use VS Code once - I swear neoVIM won't get jealous.

neoVIM might not, but as an avid IntelliJ Ultimate user, I prefer to not touch vs code at all, I just don't have the time to spend setting up plugins so it feels even remotely like a true IDE I can work with and less like a glorified text editor. That json file will be very helpful, as will the list of plugins you scanned, leaves me only my own two plugins, and I actually know what I am doing there.

While manually adding everything to my own privacy manifest file doesn't seem like it is what apple intended, at least I know what I have to add thanks to your list and it will hopefully be enough to stop them from sending those nice not very helpful emails all the time.

[NoelLH]

Version 1.81 of the Ionic VS Code Extension will detect missing privacy manifest reasons (based on known plugins) and help you choose the reasons.

I've also written an article on this. If you find any plugins that require you to modify the privacy manifest I'd like to hear about them.

This looks super promising, but I'm seeing some confusing behaviour in v1.81.5 of the plugin.

One app which has recently uploaded to Apple without any warnings showed me the recommendation you mentioned and has added a PrivacyInfo list upon clicking Yes on it – though seemingly an empty one that doesn't explain anything in particular.

And a second app that did lead to Apple emailing about NSPrivacyAccessedAPICategoryUserDefaults and NSPrivacyAccessedAPICategoryDiskSpace shows nothing of that sort in the plugin's Recommendations.

These are the second app's plugins:

And ionic info:

Ionic:

   Ionic CLI                     : 7.2.0 (/Users/noel/.nvm/versions/node/v20.9.0/lib/node_modules/@ionic/cli)
   Ionic Framework               : @ionic/angular 7.8.1
   @angular-devkit/build-angular : 17.3.2
   @angular-devkit/schematics    : 17.3.2
   @angular/cli                  : 17.3.2
   @ionic/angular-toolkit        : 11.0.1

Capacitor:

   Capacitor CLI      : 5.7.4
   @capacitor/android : 5.7.4
   @capacitor/core    : 5.7.4
   @capacitor/ios     : 5.7.4

Utility:

   cordova-res : not installed globally
   native-run  : 2.0.1

System:

   NodeJS : v20.9.0 (/Users/noel/.nvm/versions/node/v20.9.0/bin/node)
   npm    : 10.2.5
   OS     : macOS Unknown

[dtarnawsky]

Hey @NoelLH, with that list of plugins in the screenshots the extension is picking that NSPrivacyAccessedAPICategoryUserDefaults is needed. But, it doesn't find NSPrivacyAccessedAPICategoryDiskSpace as necessary. I couldn't see which of those plugins touched disk space though so I'm unclear why Apple would flag your app.

Obviously, you can add NSPrivacyAccessedAPICategoryDiskSpace with a reason but it would be really useful to know which code/plugin could trigger this. Perhaps you also have native code in your project?

[dtarnawsky]

Hey @NoelLH , I think the culprit is Firebase Analytics which requires a privacy manifest for the SDK it uses. There is already an issue on its repo for it: capacitor-community/firebase-analytics#178

The plugin itself wraps the firebase SDK and doesn't cause your app to need a privacy manifest file.

[NoelLH]

Thanks @dtarnawsky, I had a hunch it might be that plugin. The project's not adding any native code.

Am I right in thinking that the VS Code plugin relies on Capacitor plugins' inclusion of their own privacy manifests to build a suggested addition for the app? So the VS Code recommendations should pop up and mirror the Firebase plugin's suggested reasons for the permissions, once they add some?

[dtarnawsky]

Plugins like firebase analytics pull in the firebaseAnalytics cocoapod dynamically (ref) and so it is actually that code that needs the privacy manifest file as its the thing that is using the disk space API.
The plugin itself doesn't touch that API (which is why the extension didn't find it).

The VSCode extension has a long list of known plugins that use particular APIs. That list was generated using this project, which scans 1149 known Capacitor/Cordova plugins for API usage.

The process to scan source code of plugins is pretty time intensive and took several hours to find the 180 plugins that access APIs Apple are interested in.

My guess is that Apple called out the particular SDKs like Firebase (here) because they may have some sort of fingerprinting based on the APIs used, it's a way to get developers to put pressure on plugin/SDK authors to avoid or justify the usage of those APIs as well as ensure that those binaries have a signature.

[Kevin-Hamilton]

@dtarnawsky Should I open a separate issue about the device plugin flagging apps for usage of the NSPrivacyAccessedAPICategoryDiskSpace API category, triggered here?

capacitor-plugins/device/ios/Sources/DevicePlugin/Device.swift

Lines 40 to 44 in 0ccb9c4

	public func getRealFreeDiskSize() -> Int64? {
	do {
	let values = try URL(fileURLWithPath: NSHomeDirectory() as String).resourceValues(forKeys: [URLResourceKey.volumeAvailableCapacityForImportantUsageKey])
	if let available = values.volumeAvailableCapacityForImportantUsage {
	return available

We would still be interested in a way of using some of this device plugin's features without using any privacy-impacting features.

[christocracy]

This thread just posted by the React Native team shows that the new policy is going to be for App developers to take control of their Privacy Manifest, that plugin developers are going to have to offer Setup Instructions to their consumers on adding the required Privacy Manifest elements required by their plugin.

there will be no automatic way for a plugin to provide its privacy manifest elements.

react-native-community/discussions-and-proposals#776 (comment)

[dtarnawsky]

@dtarnawsky Should I open a separate issue about the device plugin flagging apps for usage of the NSPrivacyAccessedAPICategoryDiskSpace API category, triggered here?

capacitor-plugins/device/ios/Sources/DevicePlugin/Device.swift

Lines 40 to 44 in 0ccb9c4

	public func getRealFreeDiskSize() -> Int64? {
	do {
	let values = try URL(fileURLWithPath: NSHomeDirectory() as String).resourceValues(forKeys: [URLResourceKey.volumeAvailableCapacityForImportantUsageKey])
	if let available = values.volumeAvailableCapacityForImportantUsage {
	return available

We would still be interested in a way of using some of this device plugin's features without using any privacy-impacting features.

Yes, definitely open a separate issue as it is a feature request that the team would need to evaluate.

[IT-MikeS]

This is actively on the teams road map to add privacy codes information to plugin documentation in the coming week