Privacy Manifests in a static xcframework

We have a closed-source SDK distributed as a static framework. We are experiencing some difficulty in incorporating Privacy Manifests. We added the Privacy Manifest as a resource in the xcframework using the Copy Bundle Resources phase. Our expectation was that the developer could then add the xcframework to their application and select the Embed Without Signing embed option. Even though it's a static framework, Xcode removes the static archive from the framework when it is embedded in the target bundle as described here:

Embedding a static framework using a Copy Files build phase now removes the static archive from the framework when it is embedded in the target bundle. The REMOVE_STATIC_EXECUTABLES_FROM_EMBEDDED_BUNDLES build setting can be set to NO to opt out of this behavior. The COPY_RESOURCES_FROM_STATIC_FRAMEWORKS build setting, previously used in the legacy build system to extract and copy the resources from a static framework to the target bundle, no longer has any effect with the new build system as the entire framework is copied instead (minus the static archive as described above)

The problem is that by doing this, the Info.plists present in the platform folder (.framework) is also embedded into the host app. The Info.plist now references the binary that was removed, causing a validation error when uploading to iTunes Connect. Similarly, if we remove the Info.plist from the xcframework platforms folders, it is not possible to run the host application on the simulator. Firebase is facing the same problem as they prepare to incorporate Privacy Manifests into their frameworks.

When distributing via CocoaPods and SPM, we do not have this problem since it is possible to reference an external .xcprivacy to the xcframework in the package itself. So, in summary, how do we incorporate Privacy Manifests into a static framework?

Hi @pedroatanasio Could you please give any reference how to do this using cocoapods. As I was trying to add xcprivacy file in my framework and in my podspec I am adding like this - s.resource_bundle = { "PrivacyInfo" => "PrivacyInfo.xcprivacy" }, But still I am not able to get privacy file into app where I install my cocoapod. And hence not able to generate the privacy report. Thanks!

Hey @PareshKarnawat

You need to place the xcprivacy outside of your framework and reference it in your podspec. For example, if the structure of your repository is as follows:

MyFramework.xcframework
Resources/PrivacyInfo.xcprivacy

Your podspec should be something like this:

Pod::Spec.new do |s|
    s.name             = 'MyFramework'
    ... other podspec properties ...
    s.vendored_frameworks = 'MyFramework.xcframework'
    s.resource_bundles = {'MyFramework_Privacy' => ['Resources/PrivacyInfo.xcprivacy']}
end

This setup ensures that a bundle called MyFramework_Privacy is added to the host application and it's PrivacyInfo.xcprivacy considered when generating the Privacy Report.

Hi @pedroatanasio,

is it expect behaviour to copy using bundle because.

The COPY_RESOURCES_FROM_STATIC_FRAMEWORKS build setting, previously used in the legacy build system to extract and copy the resources from a static framework to the target bundle, no longer has any effect with the new build system as the entire framework is copied instead (minus the static archive as described above)

How to deal about this for binary distortion of the SPM?

Hi @pedroatanasio,

We also ship a closed source binary static .xcframework via SPM and Cocoapods and are hitting the issue where apps that consume our SDK aren't getting the PrivacyInfo.xcprivacy file embedded into their application.

You mention in your initial post that you have been successful in making this work with both CocoaPods and SPM. Would you mind sharing what your Package.swift file looks like to get this to work? I just had a customer reach out to me stating that they were notified by Apple that they need to provide usage reasons for the required reason APIs and we are not sure how to best get them consuming the PrivacyInfo.xcprivacy file that we have shipped.

Appreciate your guidance!

Apple has added this page to its documentation, which includes instructions for manifests with static libraries. https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/adding_a_privacy_manifest_to_your_app_or_third-party_sdk

Privacy Manifests in a static xcframework
 
 
Q