Skip to content

Gdpr privacy #361

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Nightsd01 merged 8 commits into from
Apr 24, 2018
Merged

Gdpr privacy #361

Nightsd01 merged 8 commits into from
Apr 24, 2018

Conversation

@Nightsd01
Copy link
Contributor

@Nightsd01 Nightsd01 commented Apr 16, 2018
edited by jwilm
Loading

• Adds ability to require privacy consent and lets developers add privacy consent/revoke to their apps
• Uses Onesignal_require_privacy_consent info.plist key to let developers require consent
• Adds consentGranted(boolean) to indicate if the user gives their consent. Can also be used to revoke previously granted consent

This change is Reviewable

@Nightsd01
Privacy Consent
07f9761 
• Adds the capability to require user privacy consent before the SDK can be initialized
@Nightsd01
Revoke Consent
c7f7f29 
• Made it so that when the user revokes consent after granting it, the SDK will immediately stop sending any information to the server
• Added checks in some internal methods to make sure personal data is never sent when consent is revoked or not provided
@Nightsd01
Improve Consent
9be784e 
• Adds consent checks to location data so that the SDK will not send location data if consent is revoked
• Adds nullability specifiers to the new DelayedInitializationParameters class
@Nightsd01 Nightsd01 requested a review from jkasten2 April 16, 2018 22:15
@Nightsd01
Add Test
c308345 
• Adds a test to make sure the privacy consent functionality works correctly, delays initialization, and resumes correctly.
@Nightsd01
Add Consent Setting Override
80997c3 
• Adds a method to override the plist consent setting, intended for wrapper SDK's that cannot use a plist setting
@jkasten2
Copy link
Member

jkasten2 commented Apr 23, 2018

handleNotificationOpened should have a call to shouldLogMissingPrivacyConsentErrorWithMethodName: incase the user removes their acceptance.

Review status: 0 of 14 files reviewed at latest revision, all discussions resolved, some commit checks failed.

iOS_SDK/OneSignalSDK/UnitTests/UnitTests.m, line 1865 at r1 (raw file):

    //indicates initialization was delayed
    XCTAssertNil(OneSignal.app_id);

Can you try calling a few other OneSignal methods here like sendTags in the test?

iOS_SDK/OneSignalSDK/UnitTests/UnitTests.m, line 1876 at r1 (raw file):

    [NSBundleOverrider setPrivacyState:false];
}

Can we add a 2nd test for shouldRequireUserConsent?

Comments from Reviewable

@Nightsd01
Download Params
913d653 
• Changes the SDK so that iOS params are still downloaded even if the user has not provided consent yet (to make things faster if they do eventually provide consent)
• Added additional checks to ensure that the SDK will _never_ initiate an HTTP request (asides from GET requests) if the user has not provided consent
• Adds test to make sure that swizzled methods (ie. didRegisterForRemoteNotifications) do not initiate HTTP requests or change state (ie. push token) if consent has not been granted
• Adds a test to make sure the OneSignal setRequiresUserPrivacyConsent: override method works correctly
• Adds a check to make sure handleNotificationOpened: does not execute if the user has not provided consent
@jkasten2
Copy link
Member

jkasten2 commented Apr 24, 2018

Reviewed 10 of 14 files at r1, 4 of 4 files at r2.
Review status: 14 of 16 files reviewed at latest revision, all discussions resolved, some commit checks failed.

iOS_SDK/OneSignalDevApp/OneSignalDevApp/Info.plist, line 5 at r2 (raw file):

<plist version="1.0">
<dict>
	<key>Onesignal_require_privacy_consent</key>

This should be OneSignal_require_privacy_consent instead to match the casing of our other plist entires. Code will need to be update to check this case difference too.

Comments from Reviewable

@Nightsd01
Plist Capitalization
869a466 
• Changes the privacy consent parameter name capitalization from Onesignal_require_privacy_consent to OneSignal_require_privacy_consent to be more consistent
@jkasten2
Copy link
Member

jkasten2 commented Apr 24, 2018

Reviewed 2 of 2 files at r3.
Review status: all files reviewed at latest revision, all discussions resolved, some commit checks failed.

Comments from Reviewable

@Nightsd01 Nightsd01 merged commit 0e25931 into master Apr 24, 2018
@Nightsd01 Nightsd01 deleted the gdpr_privacy branch April 24, 2018 22:21
@nan-li nan-li mentioned this pull request Feb 13, 2025
Merged
18 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkasten2 jkasten2 Awaiting requested review from jkasten2

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Nightsd01 @jkasten2