Privacy manifest

[mvaivre]

WIP: I get a white screen on iOS.

Series of errors in the native logs:

Invariant Violation: Failed to call into JavaScript module method RCTLog.logIfNoNativeHook(). Module has not been registered as callable. Bridgeless Mode: false. Registered callable JavaScript modules (n = 0): .
A frequent cause of the error is that the application entry file path is incorrect. This can also happen when the JS bundle is corrupt or there is an early initialization error when loading React Native., js engine: hermes

Edit: reanimated was the culprit. I had to downgrade it, to be investigated later. Hopefully this package doesn't need any of the privacy reasons.

---

EDIT ILIAS: Closes #489

[changeset-bot]

⚠️ No Changeset found

Latest commit: 99cd81b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[nop33]

I am having issues getting passed this:

pnpm exec expo prebuild
Cannot read properties of undefined (reading 'extract')
✖ Failed to create the native directories
You may want to delete the ./ios and/or ./android directories before trying again.

What am I doing wrong?

[nop33]

It worked with dlx...

Anyway, I get a diff, do you get it too?

diff --git a/apps/mobile-wallet/ios/Alephium.xcodeproj/project.pbxproj b/apps/mobile-wallet/ios/Alephium.xcodeproj/project.pbxproj
index 6a662ef37..b3cb3606d 100644
--- a/apps/mobile-wallet/ios/Alephium.xcodeproj/project.pbxproj
+++ b/apps/mobile-wallet/ios/Alephium.xcodeproj/project.pbxproj
@@ -15,6 +15,7 @@
 		96905EF65AED1B983A6B3ABC /* libPods-Alephium.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 58EEBF8E8E6FB1BC6CAF49B5 /* libPods-Alephium.a */; };
 		B18059E884C0ABDD17F3DC3D /* ExpoModulesProvider.swift in Sources */ = {isa = PBXBuildFile; fileRef = FAC715A2D49A985799AEE119 /* ExpoModulesProvider.swift */; };
 		BB2F792D24A3F905000567C9 /* Expo.plist in Resources */ = {isa = PBXBuildFile; fileRef = BB2F792C24A3F905000567C9 /* Expo.plist */; };
+		6B096B42FB32404DB27C1C7C /* PrivacyInfo.xcprivacy in Resources */ = {isa = PBXBuildFile; fileRef = D4025BE02671404FB854B757 /* PrivacyInfo.xcprivacy */; };
 /* End PBXBuildFile section */
 
 /* Begin PBXFileReference section */
@@ -33,6 +34,7 @@
 		BB2F792C24A3F905000567C9 /* Expo.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Expo.plist; sourceTree = "<group>"; };
 		ED297162215061F000B7C4FE /* JavaScriptCore.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = JavaScriptCore.framework; path = System/Library/Frameworks/JavaScriptCore.framework; sourceTree = SDKROOT; };
 		FAC715A2D49A985799AEE119 /* ExpoModulesProvider.swift */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = sourcecode.swift; name = ExpoModulesProvider.swift; path = "Pods/Target Support Files/Pods-Alephium/ExpoModulesProvider.swift"; sourceTree = "<group>"; };
+		D4025BE02671404FB854B757 /* PrivacyInfo.xcprivacy */ = {isa = PBXFileReference; name = "PrivacyInfo.xcprivacy"; path = "/Users/ilias/dev/alephium/alephium-frontend/apps/mobile-wallet/ios/Alephium/PrivacyInfo.xcprivacy"; sourceTree = "<group>"; fileEncoding = undefined; lastKnownFileType = unknown; explicitFileType = undefined; includeInIndex = 0; };
 /* End PBXFileReference section */
 
 /* Begin PBXFrameworksBuildPhase section */
@@ -59,6 +61,7 @@
 				AA286B85B6C04FC6940260E9 /* SplashScreen.storyboard */,
 				98CAA98A22DC4D0892E6A61E /* noop-file.swift */,
 				8A111DCF41FA48C8BB6F8997 /* Alephium-Bridging-Header.h */,
+				D4025BE02671404FB854B757 /* PrivacyInfo.xcprivacy */,
 			);
 			name = Alephium;
 			sourceTree = "<group>";
@@ -202,6 +205,7 @@
 				BB2F792D24A3F905000567C9 /* Expo.plist in Resources */,
 				13B07FBF1A68108700A75B9A /* Images.xcassets in Resources */,
 				3E461D99554A48A4959DE609 /* SplashScreen.storyboard in Resources */,
+				6B096B42FB32404DB27C1C7C /* PrivacyInfo.xcprivacy in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};

[nop33]

Are there any resources on how you came to decide to add these? Not sure how to review this...

[mvaivre]

https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api

[nop33]

I saw you had posted a link to an expo issue somewhere but I can't find it.

[nop33]

ah, it was in the slack canvas

[mvaivre]

Anyway, I get a diff, do you get it too?

Yes, here. And I don't like that there's a local path in there..!

[nop33]

Oh shit, you're right. It doesn't make sense to have a local path. So many questions...

1. how do we avoid committing it in the future since it will always appear when running prebuild?
2. will the app work fine if we don't commit it?

[nop33]

TL;DR:

1. I am not sure why the specified NSPrivacyAccessedAPIType values were chosen over others.
2. I think that our code doesn't use any native code APIs that requires a privacy manifest. It's probably our deps. Outdated versions of them do not include a privacy manifest. Maintainers of those deps are updating them and we should upgrade them as they do.
3. The fact that a local path is referenced in ios/Alephium.xcodeproj/project.pbxproj seems like a bug to me. A few lines above, for example, the Info.plist file is referenced as path = Alephium/Info.plist;. That's how the PrivacyInfo.xcprivacy should as well: path = "Alephium/PrivacyInfo.xcprivacy"; (instead of path = "/Users/mika/Documents/Projects/Alephium/alephium-frontend/apps/mobile-wallet/ios/Alephium/PrivacyInfo.xcprivacy";)
4. Some important info seems to be added to the ios/Alephium.xcodeproj/project.pbxproj file after a clean prebuild run.

---

What process did you follow to decide which NSPrivacyAccessedAPITypeReasons values to use? Reading the Apple docs I wouldn't know which ones to chose for each NSPrivacyAccessedAPIType listed in the email that Apple sent us.

I understand that they want us to include reasons for the following API categories:

• NSPrivacyAccessedAPICategoryFileTimestamp
• NSPrivacyAccessedAPICategoryDiskSpace
• NSPrivacyAccessedAPICategorySystemBootTime
• NSPrivacyAccessedAPICategoryUserDefaults

But I don't understand why the values C617.1, E174.1, 35F9.1 and CA92.1 were chosen instead of any others (same question as this guy). I need to do more investigation, but if you already know the reasons let me know to save time.

To be honest, it feels weird to me that our app is accessing file timestamps, disk space, system boot time and user defaults. I don't think our code does any of that. But it's probably our outdated deps that do. Updated versions of the deps should include privacy files themselves. But I am hesitant to update them "manually" and not through expo install ... which installs compatible versions with expo.

It would be useful to know which packages are the ones that require these new privacy declarations. Maybe at the end of the day we don't need them or we can update them so that we use their privacy files.

For example, I found out that @react-native-async-storage/async-storage recently added a privacy file to version 1.23.0. We are using this package. Maybe if we update it we don't need to manually the NSPrivacyAccessedAPICategoryFileTimestamp category.

Another is react-native-gesture-handler (PR, fixed version).

I read through the whole expo issue (what a read). I tried the following command:

pnpm dlx expo prebuild --clean

and I get an interesting diff: adca479

A few things I notice there:

1. The first few lines are just reordered with different hashes, doesn't seem important
2. 🤷 It replaced /Users/mika with /Users/ilias
3. ❓ It removed DevelopmentTeam = Z3J8P4JW24
4. ⁉️ It added 4 *privacy.bundle files in inputPaths and outputPaths:
   1. ExpoApplication_privacy.bundle
   2. ExpoDevice_privacy.bundle,
   3. ExpoFileSystem_privacy.bundle
   4. ExpoLocalization_privacy.bundle

Point (4) seems important, WDYT?

What the hell is going on!?

[nop33]

In the installation docs of @react-native-async-storage/async-storage I read that it should be installed with:

npx expo install @react-native-async-storage/async-storage

So I tried all these options but in all cases I see that the wrong version of expo is being used:

pnpm expo install @react-native-async-storage/async-storage
pnpm exec expo install @react-native-async-storage/async-storage
pnpm dlx expo install @react-native-async-storage/async-storage

› Installing 1 SDK 50.0.0 compatible native module using pnpm
> pnpm add @react-native-async-storage/async-storage@1.21.0

From what I understand, npx expo refers to @expo/cli, not the legacy expo-cli:

The modern local Expo CLI is included with the expo package and does not need to be installed separately. Run it with npx expo. Its source code lives in the expo/expo repo.
https://github.com/expo/expo-cli

When I do pnpm exec expo --version I get 0.17.10. But in the repo expo/expo repo I see that the latest version is 0.18.4
https://github.com/expo/expo/blob/main/packages/%40expo/cli/package.json

---

EDIT: OK, I found out why 0.17.10 is being used, I looked into the source code of the expo package and saw that the 50.0.17 version has "@expo/cli": "0.17.10" in its deps: https://github.com/expo/expo/blob/sdk-50/packages/expo/package.json

[nop33]

If we want to release this before the dw secrets, we need to change the base branch from next to master.