Need clarification for UserDefaults NSPrivacyAccessedAPITypeReasons CA92.1

In the Required Reason API doc, the UserDefaults section defines NSPrivacyAccessedAPITypeReasons CA92.1:

Declare this reason to access user defaults to read and write information that is only accessible to the app itself.

This reason does not permit reading information that was written by other apps or the system, or writing information that can be accessed by other apps.

If I store a user generated string in UserDefaults, later on fetch it within the same app, send it to my backend component, and lastly my backend component share the string with 3rd party developers, do I still fall into the CA92.1 category? In other words, do I need to submit an approval request for this kind of usage?

My understanding is this usage still falls into CA92.1 because it does not access device signals for fingerprinting purposes, but I am not sure. Please advice. Thanks!

It's mysterious, isn't it?

To be safe, stop using NSUserDefaults and just use a regular file in the filesystem.

(Apart from some minor ease-of-use features, what advantage does NSUserDefaults have?)

For what I understood, this is a measure to keep apps in the iOS environment to read each other's information. So if you save and read, then send to the backend, I believe this goes beyond the App environment and you are still classify as CA92.1. It would be great to hear what Apple has to say about it.

Need clarification for UserDefaults NSPrivacyAccessedAPITypeReasons CA92.1
 
 
Q