Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: Add Apple's Privacy Manifest #291

Closed
Oleg-Pecheneg opened this issue Mar 18, 2024 · 4 comments · Fixed by #292
Closed

Feature request: Add Apple's Privacy Manifest #291

Oleg-Pecheneg opened this issue Mar 18, 2024 · 4 comments · Fixed by #292
Labels
enhancement New feature or request

Comments

@Oleg-Pecheneg
Copy link

Is your feature request related to a problem?

There's a new requirement for the apps and SDKs from Apple to include description of some APIs usage.
Starting from May 1st, 2024 Apple will reject apps that don't comply with this regulation.
I can see that XMTP iOS SDK uses UserDefaults hence it should add Privacy manifest.

Describe the solution to the problem

Add Privacy manifest to the SDK specifying NSPrivacyAccessedAPICategoryUserDefaults reasons

Describe the uses cases for the feature

No response

Additional details

No response
@Oleg-Pecheneg Oleg-Pecheneg added the enhancement New feature or request label Mar 18, 2024
@nplasterer
Copy link
Contributor

Capturing osme context here: The User Defaults was recently added to store an encryption key for the group chat database. Ideally the integrator would do the storing and handling of the encryption key in the Secure Enclave not user defaults. Which is why we allow the encryption key to be passed in… wondering if it would be simpler for integrators for us to remove this dependency and instead error if no encryption key is provided. 🤔 @richardhuaaa & @zombieobject do you have any thoughts?

@richardhuaaa
Copy link
Contributor

The UserDefaults doesn't add much security over encrypting with a hardcoded key given it's readily available to anyone with access to the device, so removing it makes sense.

Whether the encryption key argument being set by the integrator should be required or not seems like a matter of taste. If it is required, it forces integrators to think about it, and explicitly hardcode an encryption key value if they do not wish to use the keychain (unclear if helpful or not). If it is not required, it makes it easier to release debug builds with an unencrypted DB. I suppose I err towards giving the choice to developers, but I don't feel strongly!

@nplasterer
Copy link
Contributor

Okay in favor of just dropping the UserDefaults encryption key for now. I'm going to add a error for now so that integrators using groups will not make the mistake of accidentally not providing a key for production data.

@zombieobject
Copy link
Contributor

The UserDefaults doesn't add much security over encrypting with a hardcoded key given it's readily available to anyone with access to the device, so removing it makes sense.

I agree with both @nplasterer and @richardhuaaa here. UserDefaults should be discouraged entirely for this sort of thing and erroring is appropriate approach. 👨🏼‍🚒

@nplasterer nplasterer mentioned this issue Mar 20, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove UserDefaults for the default encryption key xmtp/xmtp-ios
4 participants
@richardhuaaa @nplasterer @zombieobject @Oleg-Pecheneg