feat(privacy): iOS privacy manifest + Android 14 photo picker permission#35
Merged
feat(privacy): iOS privacy manifest + Android 14 photo picker permission#35
Conversation
…mission
Audit (2026-05-01, P1.6) flagged App Store / Play Store gates the starter
would hit on first submission.
iOS — NSPrivacyAccessedAPITypes
Apple rejects iOS 17+ apps that link a "required reason API" without
declaring an approved reason. Ship default reason codes for the four
APIs every fresh Expo + expo-secure-store app already touches:
- NSPrivacyAccessedAPICategoryUserDefaults (CA92.1)
- NSPrivacyAccessedAPICategoryFileTimestamp (C617.1)
- NSPrivacyAccessedAPICategorySystemBootTime (35F9.1)
- NSPrivacyAccessedAPICategoryDiskSpace (E174.1)
+ NSPrivacyTracking: false (flip when adding analytics/ads SDKs)
Android — partial photo access (Android 14, API 34+)
Always include READ_MEDIA_VISUAL_USER_SELECTED — it's the fallback
granted when the user picks "Selected photos." Without it, partial
grants silently fail and the app sees zero photos despite the user
thinking they shared some.
docs/PRIVACY_MANIFEST.md
Tabular reference for the reason codes, when to add more, and the
Apple / Android docs links. Future contributors can extend the manifest
without re-deriving the policy.
tests/app.test.js
Lock in: iOS privacyManifests block exists with at least one API and
at least one reason code per API, NSPrivacyTracking is false, and
android.permissions contains READ_MEDIA_VISUAL_USER_SELECTED.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
From the 2026-05-01 audit (P1.6). App Store / Play Store first-submission gates.
Changes
app.json— iOSprivacyManifestsNSPrivacyAccessedAPITypeentries with approved reason codes covering UserDefaults / FileTimestamp / SystemBootTime / DiskSpace (everything a fresh Expo + expo-secure-store app already touches)NSPrivacyTracking: false, empty tracking domains/data types — flip when adding analyticsapp.json— Androidpermissions: ["READ_MEDIA_VISUAL_USER_SELECTED"]— Android 14 partial photo access fallbackdocs/PRIVACY_MANIFEST.md— when to add new reason codes, mapping table, Apple/Android linkstests/app.test.js— locks the policy in:privacyManifestsexists, every declared API carries ≥1 reason code,NSPrivacyTracking === falseREAD_MEDIA_VISUAL_USER_SELECTEDTest plan