@jsq this list is bananas, where’s all the ad/analytics SDKs (e.g. UnityFramework but not UnityAds)? I refuse to believe this is even the top SDKs and not just google + fb + whatever pads out the list.
@jsq Apple’s requirements for these select third party SDKs also include a “signature”. So it could be that some of these libraries are targets of supply chain attacks.
@calicoding@jsq how are you supposed to sign an open-source library that’s build from source.
I codesigned a proprietary XCFramework, but Alamofire? They talk about that in their issue tracker and Apple just stopped responding.
This whole signature/privacy manifest thing has been handled very poorly, even Apple only landed decent support in Xcode 15.3, not long before the deadline.
@calicoding@jsq I think so too but Apple was not clear in their initial communication. They just dropped that list and say "add a manifest and sign, kthxbye"
@dt@jsq 💯 agree. There’s been a lack of clarity from Apple on this. Though I admit the documentation on the contents of the privacy manifest are pretty good
@jsq@dt I agree, but I’m not sure if there’s a better solution. System boot times are strong vectors for fingerprinting, but if Apple just removed (or broke) those APIs all kinds of apps with legitimate use cases would break. Not sure what’s up with UserDefaults, seems ridiculous to have to justify its usage.
Add comment