Required PrivacyInfo.xcprivacy - NSPrivacyAccessedAPICategoryFileTimestamp AND NSPrivacyAccessedAPICategoryDiskSpace

[aliza-khu]

How frequently does the bug occur?

Always

Description

I am receiving the email from the apple store regarding ITMS-91053: Missing API Declaration for NSPrivacyAccessedAPICategoryDiskSpace

PrivacyInfo.xcprivacy has to be included in the repo of realm.

I guess based on the log output: NSPrivacyAccessedAPICategoryFileTimestamp AND NSPrivacyAccessedAPICategoryDiskSpace required with proper reason of usage.

Stacktrace & log output

Used symbols in binary ./XCFrameworkIntermediates/RealmJS/librealm-js-ios.a: fstat, stat, statvfs

Can you reproduce the bug?

Always

Reproduction Steps

Refer to the Apple Link: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api
Refer to the blog link: https://dev.to/aishanipach/include-nsprivacyaccessedapicategorydiskspace-nsprivacyaccessedapicategoryfiletimestamp-information-59hi

sh required_reason_api_binary_scanner.sh {directory}

Version

12.7.1

What services are you using?

Local Database only

Are you using encryption?

Yes

Platform OS and version(s)

iOS 17.3

Build environment

Which debugger for React Native: ..

Cocoapods version

No response

[sync-by-unito]

➤ PM Bot commented:

Jira ticket: RJS-2810

[kneth]

@aliza-khu Thank you for reporting, and hinting which categories we need to include. We will try to address the issue as soon as possible - as you know our first attempt failed.

[aliza-khu]

@aliza-khu Thank you for reporting, and hinting which categories we need to include. We will try to address the issue as soon as possible - as you know our first attempt failed.

@kneth, Pleasure. Can you please add the PrivacyInfo.xcprivacy ASAP. As 1st, May is too close now(Apple deadline for next release).

[nirinchev]

@aliza-khu our understanding is that the realm-js SDK is not covered by the list of 3rd party SDKs that are covered by the requirement to have a privacy manifest: https://developer.apple.com/support/third-party-SDK-requirements/ by May 1st. So if you only use realm-js and not realm-swift, you should not be affected by the May 1st deadline.

[aliza-khu]

@nirinchev, Have you tried the command: sh required_reason_api_binary_scanner.sh {directory}
refer: https://github.com/Wooder/ios_17_required_reason_api_scanner/blob/main/required_reason_api_binary_scanner.sh

While executing this command I found the app binary file generated contains the statvfs method which only be found in the realm library I used.

Ref: Used symbols in binary ./XCFrameworkIntermediates/RealmJS/librealm-js-ios.a: fstat, stat, statvfs

The method statvfs relying under the privacy Declaration of the required reason API category due to which the app store asking the same for my app as using the realm library.

Feel free to ask the query.

[kneth]

@aliza-khu We are trying to figure out how to fix it, and we would like to ask you to try the following:

1. Add the following line to node_modules/realm/RealmJS.podspec (after the s.frameworks line):

s.resource_bundles = { 'realm_js_privacy' => ['PrivacyInfo.xcprivacy'] }

2. Add the following file as node_modules/realm/PrivacyInfo.xcprivacy:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>NSPrivacyTrackingDomains</key>
	<array/>
	<key>NSPrivacyCollectedDataTypes</key>
	<array/>
	<key>NSPrivacyAccessedAPITypes</key>
	<array>
		<dict>
			<key>NSPrivacyAccessedAPITypeReasons</key>
			<array>
				<string>C617.1</string>
			</array>
			<key>NSPrivacyAccessedAPIType</key>
			<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
		</dict>
	</array>
	<key>NSPrivacyTracking</key>
	<false/>
</dict>
</plist>

In my simple RN app, I don't see Ref: Used symbols in binary ./XCFrameworkIntermediates/RealmJS/librealm-js-ios.a: fstat, stat, statvfs after adding it. If you can confirm, our confidence of a solution is higher.

[aliza-khu]

@kneth, I follow the instructions you provided and also refer to others and how they handle them. I created a sample react-native project and added only the realm dependency. Please use the link I shared, download it and follow the below instructions to reach the actual problem.

Link: https://drive.google.com/file/d/1mZ9-GbHf8xR6XUet3HFPeWqnL9dG4z1r/view?usp=sharing

Steps:

1. Extract the above link go to RealmPrivacy/ios directory and hit the command pod install.
2. Open RealmPrivacy.xcworkspace with Xcode.
3. Build the project, From Xcode menu Product -> Build.
4. Download required_reason_api_binary_scanner.sh file into your system from this link: https://github.com/Wooder/ios_17_required_reason_api_scanner/blob/main/required_reason_api_binary_scanner.sh
5. Open the Terminal and change the directory to where required_reason_api_binary_scanner.sh file downloaded in the system.
6. Hit command sh required_reason_api_binary_scanner.sh /Library/Developer/Xcode/DerivedData/RealmPrivacy-<anything>/Build/Products/Debug-iphoneos and you will see the below log:

As you can see it says realm somewhere used directly or indirectly statvfs method. For your reference, you can visit this page: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api#4278397 where Apple has a list of methods due to which realm has to declare the NSPrivacyAccessedAPIType - NSPrivacyAccessedAPICategoryDiskSpace in its PrivacyInfo.xcprivacy file.

Sample:

Feel free to ask any query.

[kneth]

@aliza-khu We have used your app to test in #6642. So far we have only validated the app locally, and we might want to upload the app (or a similar one) to Apple App Store for review. We plan to create a prerelease tomorrow or Friday for you to test.

[aliza-khu]

@kneth, Okay, Thank You!

[kneth]

@aliza-khu We have released v12.8.1-alpha.0 with a privacy manifest which we believe solve the issue.

Please try to upgrade (npm install realm@12.8.1-alpha.0) and give us feedback before we do the final release.

[kneth]

@aliza-khu Did you have a chance to install 12.8.1-alpha.0?

[aliza-khu]

@kneth, Yes, I installed the version you shared but it is pending to deploy for development review due to the urgency. Once I receive any update regarding that I will share it here.

[liamjones]

I'm hitting the "asset validation failed" issue too. We're on Realm 11 but I backported the patch (both the old and new versions).

Somehow, there's a binary ending up in the resource bundle? I've not yet worked out why.

Realm's resource bundle:

An equivalent for another RN native module, react-native-device-info:

I don't really see a difference in the podspec with how Realm is doing it vs react-native-device-info: https://github.com/react-native-device-info/react-native-device-info/blob/98de4817c8911349023af5725f0a789dabb8641c/RNDeviceInfo.podspec#L17

The binary name always seems to match the resource bundle name, with the old patch it was realm_js_privacy, with the new one it's RealmJS.

[liamjones]

Okay, I found the cause of the issue, it's the 'VERSIONING_SYSTEM' => 'apple-generic' definition in the podspec. I've removed it locally and the bundle only contains the Info.plist and the PrivacyInfo.xcprivacy now.

Removing it doesn't seem to break the app but I don't know why Realm was setting this - possibly the Realm code is now missing versioning information it used to rely on?

@kneth you probably need this in addition to what's already been done in PR #6715

[liamjones]

Actually, my mistake @kneth, it's already gone in 12.10-rc.0, it's only an issue for me since I'm backporting the patch to 11. 🙏

[kneth]

@liamjones The 'VERSIONING_SYSTEM' => 'apple-generic' was used very old versions, and we simply forgot to remove it in #4163 🙈. And by "we" I actually mean me!