Just in the last couple of weeks — mid-March — Apple started sending emails warning about a requirement that affects the App Store and TestFlight starting May 1, four weeks from tomorrow. I learned this because we got such an email after today's v0.0.13 release of our Flutter beta app:

• "Missing API declaration" warning from Apple zulip-flutter#612

The issue there isn't specific to Flutter, though, and it's going to be a very similar story for all package ecosystems used for building iOS apps. That includes React Native.

Our last release of this app was v27.225 on 2024-02-27, a couple of weeks before the warning emails started. It's very likely that as of that version, some of our dependencies lack privacy manifests, and that therefore if we uploaded the same build today we'd get a warning along these lines. In that case if we were to try to make a release after 2024-05-01 with no changes dealing with this, we wouldn't be able to publish it for iOS.

We should try to get ahead of this issue and resolve any such warnings, to maintain our ability to get a new release out promptly if anything urgent comes up. Similarly to the steps at zulip/zulip-flutter#612 :

• The first step is to upgrade our dependencies with yarn upgrade. That might resolve the issue…
• … except we're on a fairly old version of React Native at this point (because upgrading to new React Native releases has always been a substantial amount of work, and this app is now in maintenance mode). So it's quite likely that, at least in order to resolve this automatically, there are upstream RN changes we'd need that were made in the last year, likely some made in the last few weeks.
• So after a yarn upgrade we'll need to try an upload, and see what warnings we get. Then, very likely, the lowest-effort solution is going to be to create our privacy manifest by hand, giving reasons in each of the flagged categories. To identify the reasons, we can do a combination of:
  • look at each of our dependencies (RN itself as well as others), at their latest versions, and see what they put in privacy manifests there;
  • go grepping through our dependencies' source, and/or their binaries (using nm as mentioned in "Missing API declaration" warning from Apple zulip-flutter#612 ), to find what APIs our dependencies use, and then try to determine how they do so.