-
Notifications
You must be signed in to change notification settings - Fork 611
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
iOS App submission will require a privacy manifest and signature #1216
Comments
Thanks for flagging this. We've been aware of this policy and are working on the necessary steps |
It looks like Apple may be referring to this Hermes, not our JS engine: https://github.com/imgur/hermes |
This repository is archived, last release Jul 2015 |
Has there been any movement here? I can see @tmikov mentioned it potentially being another lib but not sure how to verify. Currently have some pretty nervous stakeholders at the moment is all. If there's anything the community can do to support the change happy to help. Thanks! |
Please note that Hermes repository is just source code and doesn't provide binaries for iOS. Hermes obviously doesn't collect any data or do anything privacy related, it is just a library, but we can't include a privacy manifest in the source, it has to be paired with a binary, and we don't provide one. This has to be addressed by React Native (I believe it will be soon) or anyone else who compiles and distributes a Hermes binary. |
Hi @tmikov! If you open
The scripts build Xcode frameworks both ios/tvos automatically for Cocoapods in destroot/Library/Frameworks/universal/hermes.xcframework when you add it as a dependency to your project and the same as React Native does. So the scripts should put |
https://developer.apple.com/news/ |
@ikhvorost as I mentioned, Hermes is built by React Native: https://github.com/facebook/react-native/tree/main/packages/react-native/sdks/hermes-engine |
First, there is All versions are pointed to https://github.com/facebook/hermes, e.g.:
If you download this source and unzip you can find ready to use frameworks in Next, if you add this pod to your app and make
You can find the frameworks inside your The same happens with React Native's Where does React Native build hermes? |
@ikhvorost sorry for the delayed response. You will note that versions linked from https://github.com/CocoaPods/Specs/tree/master/Specs/5/d/0/hermes-engine are 2-3 years old, as are the releases pointed by them (like https://github.com/facebook/hermes/releases/download/v0.11.0/hermes-runtime-darwin-v0.11.0.tar.gz). We stopped building and distributing Hermes independently from this repository years ago, because it was becoming very difficult to ensure binary compatibility with React Native, tracking which version of Hermes corresponds to which version of RN, etc. Plus, the intricacies of building pods or npms are really not our area of expertise. So, at that time, React Native took over building and distributing Hermes, which eliminated all version confusion and compatibility problems, plus it improved the pod build in various ways (which you will see if you compare the old Hermes podspec in this repo against the RN podspec in that repo). That is the current situation. As I mentioned, we do not really understand CocoaPods (last time I tried, I couldn't even install it, because apparently it requires a newer version of Ruby than the one in MacOS). I am also not familiar with the details of how exactly React Native builds Hermes. They are the experts on that, and I do not envy them for having to deal with all that... They are excellent engineers and enable us to spend our time on Hermes itself. I dug a little into the podspec on their repository, and if you look here, you can see that they download a Hermes binary matching RN's version from Maven: https://github.com/facebook/react-native/blob/f7bbaffdc3aa4e7af0b4d5f62e594cc7edd4f837/packages/react-native/sdks/hermes-engine/hermes-utils.rb#L204. Comments in their podspec imply that the podspec is used to build Hermes in CircleCI, which makes sense. Presumably that's where they upload it to Maven. I am sure that they are aware of the new Apple requirements and the corresponding deadlines and are working to address it. |
I've opened an issue at the react-native github to get more information about this: facebook/react-native#43439 |
We have spoken with representatives at Apple, and they have informed us that the hermes SDK on the commonly-used SDKs list is referring to another Hermes, not the one made by Meta. They are referring to this one: https://github.com/Imgur/Hermes/blob/master/README.md. As such, Facebook/hermes is not required to provide a Privacy Manifest and Signature ahead of the May 1 date for this SDK. You will be able to continue to submit versions of your apps that use Facebook/hermes without disruption beyond that date, based on current policies. |
Problem
12/07 Apple published a privacy update on their website: Privacy updates for App Store submissions
It requires third-party SDKs to include a privacy manifest file and this will be required by Spring 2024.
Hermes is on the list of third-party SDKs that require a privacy manifest and signature
So do we have any plan on this?
The text was updated successfully, but these errors were encountered: