Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Privacy manifests only included in release 17.0.0 with breaking changes #2384

Open
5 tasks done
elitree opened this issue Apr 10, 2024 · 14 comments
Open
5 tasks done

Comments

@elitree
Copy link

elitree commented Apr 10, 2024

Checklist before submitting a bug report

Xcode version

15.2

Facebook iOS SDK version

17.0.0

Dependency Manager

CocoaPods

SDK Framework

Core

Goals

I want to use the Facebook iOS SDK to include the required privacy manifest changes without breaking my app (due to the new requirements for limited login added in 17.0.0. Currently developers can only get the privacy manifests by updating to 17.0.0.

Please release a 16.x minor update of the SDK which includes the privacy manifests for the imminent Apple App Store restriction, so that devs have time to update their app code and more successfully test v17.

Expected results

I would expect that the privacy manifest changes would be made available in a minor release, without breaking changes associated.

Actual results

Currently developers can only get the privacy manifests by updating to 17.0.0, and implementing the required breaking changes if they haven't been made.

Steps to reproduce

Using an app which hasn't implemented Limited Login:

  1. Download v17.0.0 of the Facebook iOS SDK
  2. Note that it includes privacy manifest information
  3. Compile and build the app
  4. Attempt a login
  5. Note that the "Invalid OAuth access token - Cannot parse access token" error is received

Code samples & details

Other issues where this is being encountered include:

https://github.com/facebook/facebook-ios-sdk/issues/2365
https://github.com/facebook/facebook-ios-sdk/issues/2375

This isn't a duplicate of those issues, but rather pointing out that this required privacy manifest change should be made available in a non-major release.
@short-dsb
Copy link

Thanks for reporting this @elitree.

For more context, the Apple requirement for privacy manifests goes in to effect on May 1st, so the window for this is rapidly closing.

@harshil-vyas08
Copy link

This isn't a duplicate of those issues; instead, it's pointing out that this required privacy manifest change should be made available in a non-major release.

@stivmac
Copy link

stivmac commented Apr 18, 2024

+1

@lurenzhangdeshuai
Copy link

+1 17.0.0 is instability

@yosukapro
Copy link

+1 The moment is gradually approaching

@jonathanNitiparsong
Copy link

+1 but coming here from the Facebook SDK for Unity. Building for iOS for us has these same issues and we are also in need of any solution found here.

@Louisload
Copy link

Louisload commented Apr 23, 2024

+1 Yes please. This is too big of a change just to cope with the Privacy Manifest.

@AleksandrZhmurkovMD
Copy link

+1

@fabiomsouto
Copy link

Please consider this possibility!

@lkuczborski
Copy link

+1 Any update on this? Is there a chance for Privacy Manifest to be added in v16.x.x without breaking changes?

@pahnev
Copy link

pahnev commented Apr 25, 2024

The privacy manifest deadline is approaching fast, please make an intermediate release with only those added since 16.3.1 release.

As the many threads here show, the 17.0.0 was completely botched and there simply are no clear solutions to resolve the login issues many of us are having.

@floriangbh
Copy link

The least they could do would be to get feedback from the team that manages the SDK. Even if it's a definite "no".
Facebook probably needs to collect data through the SDK as much as we need it for our users' uses. Many developers are already removing the SDK now.
Wake up!

@zhong-meta
Copy link

Hello,

We made changes both to the iOS SDK and our core login systems to support the privacy manifest requirements based on the upcoming App Transparency Tracking enforcement so that iOS users who have opted out of ATT are able to use FBLogin. As a result, we do not plan to release the privacy manifest as part of a minor update. Our recommendation is that users integrate Limited Login following the official documentation:
https://developers.facebook.com/docs/facebook-login/limited-login/ios
https://developers.facebook.com/docs/facebook-login/limited-login/unity/

See more details here.

@NuckChorris
Copy link

This issue and the fact that it has not been resolved in the past 6 months (as well as the fact that Limited Login was released in March and then mandatory two months later, with a massive reduction in capabilities vs both web and Android) raises a LOT of red flags for the Facebook SDK and makes me think I ought to remove Facebook login entirely, on all platforms. Like, hear me out:

  1. What possible reason could the Login SDK have for apparently using device fingerprinting so heavily that complying with these restrictions entailed building out an entirely separate, fully incompatible login implementation? Should we be concerned that Android is still using the old system which has (presumably, given Apple won't let you publish an app with it) an enormous privacy violation?
  2. How was two months notice acceptable? Why was this not mentioned in the CHANGELOG? Why is this still not mentioned in the README while a small change to Apple's privacy disclosures from 4 years ago is?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests