Overview › Privacy & Compliance

Privacy & Compliance

ATS exceptions present; Background Location for geofencing needs disclosure.

0 findings in this category · iOS

SCORE

Summary

Permissions: camera (QR scanning), photo library, location (geofencing), background location for warehouse alerts. Adobe Target/Optimize, Contentstack, ThreatMetrix, NokNok all collect data. App Privacy Manifest is required since 2024 — verify it ships.

Findings

CRITICAL

App Privacy Manifest verification

Apple requires PrivacyInfo.xcprivacy for apps and SDKs accessing Required Reason APIs (UserDefaults, FileManager, Keychain). Without it, App Review will reject submissions; SDKs without manifests block your release.

Recommendation: Generate PrivacyInfo.xcprivacy covering app's data collection + Required Reason API usage. Audit each third-party SDK.

HIGH

Background location justification

NSLocationAlwaysAndWhenInUseUsageDescription requires clear user-facing justification. Apple App Review scrutinizes this.

Recommendation: Document the user-visible feature requiring background location; provide a foreground-only path; ensure permission flow is staged.

HIGH

App Store privacy nutrition labels alignment

Confirm App Store Connect privacy labels match what each SDK actually collects.

Recommendation: Annual audit before each iOS-major release; cross-check with Adobe / Contentstack / ThreatMetrix vendor docs.

MEDIUM

NSAllowsArbitraryLoads in NSE

See Security category — same finding flagged here for compliance reasons (App Review checks ATS posture).

No findings logged in this category yet for iOS.

Costco iOS · Code Review Report · Generated 2026-05-07 · 88 machine-curated findings