Privacy Manifest Not Surfacing for Static Framework in CocoaPods Integration

Question

Privacy Manifest Not Surfacing for Static Framework in CocoaPods Integration

KunJeongPark opened this issue a month ago · comments

I've read and understood the CONTRIBUTING guidelines and have done my best effort to follow.

Report

We have identified an issue where the privacy terms defined in the PrivacyInfo.xcprivacy files of our static framework dependencies are not being surfaced in the privacy report of test apps that integrate our SDK via CocoaPods. This issue specifically affects our PPRiskMagnes.xcframework, which is included in our BraintreeDataCollector subspec.

What did you do?

Integrate the Braintree SDK via CocoaPods into a test iOS application.
Ensure the BraintreeDataCollector subspec is included, which depends on the PPRiskMagnes.xcframework.
Run pod install
Build and archive the application.
Observe that the privacy terms from PPRiskMagnes.xcframework are not surfaced in the generated App Privacy Report.

What did you expect to happen?

The privacy terms specified in the PrivacyInfo.xcprivacy file within the PPRiskMagnes.xcframework should be correctly surfaced in the app’s privacy report, ensuring compliance and transparency.

What happened instead?

The privacy terms are not being surfaced in the app’s privacy report when the SDK is integrated via CocoaPods, despite the inclusion of these terms in the framework’s bundled resources.

CocoaPods Environment

CocoaPods version: 1.15.2
Braintree SDK version: 6.16.0, 6.17. 0
Xcode version: 15.2, 15.3

Project that demonstrates the issue

bt_coco_vp.zip
you need to run pod install

Paul Beusterien · Answer 1 · Sat Apr 27 2024 09:12:57 GMT+0800 (China Standard Time)

This may be an Apple detection issue. Note the dynamic framework wording in https://developer.apple.com/news/?id=pvszzano

Victoria Park · Answer 2 · Mon Apr 29 2024 22:58:47 GMT+0800 (China Standard Time)

@paulb777 Thank you for your reply and the Apple link. That is interesting that they announced this on Friday.
I have followed closely your discussions around workarounds for Xcode 15.3 SPM validation error.

Thank you for that as well. We have implemented that workaround and thought Cocoapods could
provide a fix for this issue for surfacing static frameworks' privacy terms.

But I agree that Apple's wording implies that there may be official guidelines regarding static frameworks.