We also have calls to stat()

Maybe we should actually request a different reason code, since it's not actually returning the timestamp. Someone should probably at least document which calls we have in the libraries and apps, and if they use the timestamp or not.

FWIW, it’s not only about APIs being called (so-called required Reason APIs); that is only a subset of what is required (cf. eg.https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_data_use_in_privacy_manifests)

This really looks like something that people actually using OpenSSL in their iOS apps - who are presumably already doing this for their apps - could create a template for in a pull request, for OpenSSL folks to review and merge when agreed. Then other people using OpenSSL in their iOS apps could incorporate it into their binaries. i.e. this feels like something that should come from the appropriate part of the community

FWIW, it’s not only about APIs being called (so-called required Reason APIs); that is only a subset of what is required (cf. eg.https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_data_use_in_privacy_manifests)

OpenSSL does not collect any of that data.

OpenSSL does not collect any of that data.

That is what makes it so helpful about having at least those reason codes documented somewhere. Sure it would be best for my situation (and those like me) if that "documentation" was aPrivacyInfo.xcprivacy file all ready to go. But I can work with whatever I get, this is all open source after all with all that entails for usage expectations.

Since i'm not genuinely expecting OpenSSL to ever collecting tracked data on its own (as defined by apple) it means I mostly need a maintainable way of collecting those reason codes. That lets me avoid is creating a lengthy section in my team's internal "how to update OpenSSL" guide with details on how to takethis from Apple and compare that against the current release of OpenSSL to see if we need to add more reason codes to our own Privacy Manifest.

My understanding is that you need to add a privacy manifest about openssl. You will need to create it yourself.

My understanding is that you need to add a privacy manifest about openssl. You will need to create it yourself.

@kroeckx

Thank you for your answer.

I know how to add 'Privacy Manifest' to my app.

but

1. I don't know how to add it to OpenSSL.
2. I don't know how to add it to the '.a' library.

My understanding of what Apple means is to add 'PrivacyInfo' to each library.

But my situation is

OpenSSL -> Static Library(.a) -> My App

I think it's woven in order.

I also took over this project, so I can do an app, but I'm having a hard time because I don't make a library.

Since you're linking OpenSSL as a.a, then to the best of my personal understanding in those situations you just need to make sure to add the information PrivacyManifest information for OpenSSL directly into your app's own Privacy Manifest file.

Since you're linking OpenSSL as a .a, then to the best of my personal understanding in those situations you just need to make sure to add the information PrivacyManifest information for OpenSSL directly into your app's own Privacy Manifest file.

@nate-at-king

Yes, I am using OpenSSL in a library consisting of C and C++.

And I made it into '.a' and I'm using it in iOS project.
(I'm not a library developer, it's a library that already existed. So I'm trying to 'Privacy Manifest' without knowing how to set up the library.)

I understood that 'PrivacyInfo' doesn't have to be added directly to OpenSSL or directly to static library, but I can add it to 'PrivacyInfo' to the project of the app myself.

I thought Apple announced it to mean that all libraries should contain 'PrivacyInfo' respectively, is this wrong???

I may not be able to understand your meaning because I still lack development knowledge and am not good at English. Nevertheless, thank you for your help.

There's a lot of disagreement about this part. '.a' is included in the app, so some say to add 'PrivacyManifest' to the app's 'PrivacyManifest'.

Although OpenSSL calls stat()/fstat() it does not use the timestamp data obtained via this call at all. The call is done for other purposes such as identifying whether a given file node exists and what type is it (i.e., is it a directory or regular file).

Thus I do not think this reason should be declared but I am not an iOS expert.

Since i could not find a privacy manifest file for OpenSSL, could you provide us with details that can be incorporated into a privacy manifest file for OpenSSL for our reference as you might have more context on OpenSSL's functionality?