Need clarification for UserDefaults NSPrivacyAccessedAPITypeReasons CA92.1

In the Required Reason API doc, the UserDefaults section defines NSPrivacyAccessedAPITypeReasons CA92.1:

Declare this reason to access user defaults to read and write information that is only accessible to the app itself.

This reason does not permit reading information that was written by other apps or the system, or writing information that can be accessed by other apps.

If I store a user generated string in UserDefaults, later on fetch it within the same app, send it to my backend component, and lastly my backend component share the string with 3rd party developers, do I still fall into the CA92.1 category? In other words, do I need to submit an approval request for this kind of usage?

My understanding is this usage still falls into CA92.1 because it does not access device signals for fingerprinting purposes, but I am not sure. Please advice. Thanks!

Post not yet marked as solved Up vote post of Unipopcorn Down vote post of Unipopcorn
2.2k views
Posted by
Unipopcorn
Reply
Add a Comment

Replies

It's mysterious, isn't it?

To be safe, stop using NSUserDefaults and just use a regular file in the filesystem.

(Apart from some minor ease-of-use features, what advantage does NSUserDefaults have?)

Posted by
endecotp
Up vote reply of endecotp Down vote reply of endecotp

  • Do we need to supply a required reason to use @AppStorage in SwiftUI? I believe it uses UserDefaults under the covers.

    JimH SF
Add a Comment

For what I understood, this is a measure to keep apps in the iOS environment to read each other's information. So if you save and read, then send to the backend, I believe this goes beyond the App environment and you are still classify as CA92.1. It would be great to hear what Apple has to say about it.

Posted by
ariane Clarke
Up vote reply of ariane Clarke Down vote reply of ariane Clarke
Add a Comment