惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Apple Machine Learning Research
Apple Machine Learning Research
AWS News Blog
AWS News Blog
Google DeepMind News
Google DeepMind News
U
Unit 42
博客园 - 叶小钗
博客园 - 聂微东
GbyAI
GbyAI
Stack Overflow Blog
Stack Overflow Blog
有赞技术团队
有赞技术团队
aimingoo的专栏
aimingoo的专栏
D
DataBreaches.Net
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Jina AI
Jina AI
美团技术团队
The Cloudflare Blog
M
MIT News - Artificial intelligence
Microsoft Azure Blog
Microsoft Azure Blog
I
InfoQ
S
Schneier on Security
C
Check Point Blog
Project Zero
Project Zero
The Hacker News
The Hacker News
Scott Helme
Scott Helme
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Cisco Talos Blog
Cisco Talos Blog
P
Privacy International News Feed
SecWiki News
SecWiki News
Latest news
Latest news
MongoDB | Blog
MongoDB | Blog
S
Secure Thoughts
Google Online Security Blog
Google Online Security Blog
F
Fortinet All Blogs
博客园 - 三生石上(FineUI控件)
H
Help Net Security
TaoSecurity Blog
TaoSecurity Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Last Week in AI
Last Week in AI
P
Privacy & Cybersecurity Law Blog
Forbes - Security
Forbes - Security
G
GRAHAM CLULEY
N
Netflix TechBlog - Medium
L
Lohrmann on Cybersecurity
A
About on SuperTechFans
T
The Exploit Database - CXSecurity.com
C
Cisco Blogs
PCI Perspectives
PCI Perspectives
大猫的无限游戏
大猫的无限游戏
T
Troy Hunt's Blog
H
Hacker News: Front Page
Vercel News
Vercel News

Inside Nutrient

A guide to the invisible work behind documents Introducing Nutrient Documents for Salesforce: Native document generation and signing Document AI vs. traditional OCR: Choosing between OCR, AI, and hybrid pipelines PDF SDK compliance and security evaluation checklist for enterprise teams (2026) Invariant Corp replaces paper processes with Nutrient Workflow and scales without limits What is process mapping? A complete guide Nutrient vs. Conga Composer for Salesforce document generation (2026) Document routing: How to automate document distribution The CTO’s AI playbook: Why accountability architecture beats orchestration Compliance workflow automation: Why built-in compliance is table stakes Workflow diagrams: Examples, symbols, and how to build one that actually runs Digital forms: Replace paper forms with automated workflows Approval workflow software: How to automate approvals Why document-centric automation is different The CEO’s AI playbook: Why decision architecture beats model selection Nutrient SDK product updates for Q1 2026 PDF redaction verification: How to prove sensitive data is permanently removed What is a VPAT? The complete guide to accessibility conformance reports What is PDF/UA? The accessible PDF standard explained Salesforce eSignatures: Generate, sign, and track documents in one flow Online document viewer: Options, tradeoffs, and how to embed one Document viewer for web apps: React, Vue, Angular (2026) Best document viewers in 2026: A buyer’s guide How to edit a PDF in Python: Add text, images, and annotations Nutrient advances Workflow platform with agentic AI for enterprise-grade speed and consistency in document-heavy operations How to create a Salesforce quote template from opportunity data The business case for accessibility: Five ways it drives enterprise value Python PDF library comparison (2026): 7 libraries for developers Why your AI agent hallucinates PDF table data PDF.js limitations: When to upgrade to a commercial PDF SDK How Subject scaled 5× with Nutrient’s PDF SDK without rebuilding its document layer I replaced our sales training with an AI coach that runs in Slack — here’s what broke Redirecting to: https://securitybuzz.com/cybersecurity-news/why-enterprise-permissions-are-ais-most-dangerous-inheritance/ Nutrient .NET SDK vs. iText Core: Complete comparison for .NET developers DocuVieware: Support’s most frequently asked setup questions Introducing Nutrient Workflow How to convert PDF to Word in C# (.NET) When email and spreadsheets stop working: Work order approval workflows for field teams on the move Compliance with confidence: Why document-centric automation is the foundation of your mission Nutrient expands AI Assistant, automating multistep document workflows inside any application What is document generation? A developer’s guide to PDF generation Document Converter data flow and how real-time watermarks skip the queue PDF/UA compliance guide: Requirements, standards, and best practices Computers still can’t understand you How Athena Intelligence built AI agents for regulated enterprises with Nutrient’s document infrastructure How to convert HTML to PDF (2026): 4 methods from browser print to SDK How to build a document extraction pipeline with Nutrient Vision API OCR vs. intelligent document processing: Choosing the right document extraction engine Beyond OCR: How document intelligence eliminates manual processing in regulated industries Nutrient vs. IronPDF: Complete comparison for .NET developers Nutrient vs. Aspose.PDF: Complete comparison for .NET developers Redirecting to: https://fortune.com/2026/02/19/openclaw-who-is-peter-steinberger-openai-sam-altman-anthropic-moltbook/ Lufthansa Systems uses Nutrient to deliver reliable, scalable PDF rendering for pilots worldwide Nutrient vs. Syncfusion: Complete comparison for .NET developers React’s useTransition: The hook you’re probably using wrong First City Monument Bank streamlines banking processes with Nutrient Workflow Redirecting to: https://www.sdcexec.com/warehousing/automation/article/22957364/nutrient-workflow-automation-the-missing-link-in-supply-chain-efficiency The complete guide to digital signatures: PAdES, CAdES, and XAdES explained Nutrient Python SDK: Production-grade document processing for Python Introducing agentic document editing for web applications with AI Assistant Nutrient vs. QuestPDF: Complete comparison for .NET developers How we fixed the GdPicture license expiration (and what to do if you’re affected) Red team security testing with agentic AI The future of healthcare document automation Best healthcare workflow software compared Nutrient SDK product updates for Q4 2025 How Harvey scaled legal document workflows 50 percent MoM without rebuilding infrastructure HIPAA-compliant document management in hospitals How we optimized rendering performance while handling thousands of annotations in React — Part 2 Automated PII removal with Nutrient API Redirecting to: https://www.devopsdigest.com/2026-low-code-no-code-predictions Redirecting to: https://www.kmworld.com/Articles/Editorial/ViewPoints/Leaders-predict-AI-to-continue-permeating-all-aspects-of-KM-in-2026-172594.aspx What are deep agents and how do they solve complex problems? Whipping up document magic: Your easy-bake recipe for Vue and Nutrient Web SDK 🧁 What I’ve learned about product iteration planning while building SDKs Passwordless document signing: Three-layer security guide New zip folder functionality streamlines file management in Document Automation Server The keyboard shortcuts playbook: Taking control of keyboard events in Nutrient Web SDK From experienced engineer to AI beginner: My unexpected journey AI-assisted manual testing: Handling Safari’s PDF rendering and UI quirks How to keep a 20-year-old SDK up to date How we optimized rendering performance while handling thousands of annotations in React — Part 1 Nutrient announces new executive hires to accelerate next phase of growth High performance UI using web workers Automate document conversion at scale with Python and Nutrient DCS From curiosity to PLG (and AI): My journey to understanding product-led growth Prost to progress: One year as Nutrient Pigeon usage at Nutrient: Bridging native SDKs to Flutter Modernizing CI build servers: How to migrate from Chef to Ansible Unix man pages: AI-friendly documentation since 1971 Consistent hashing for even load distribution Best AI redaction APIs: Complete comparison guide for 2025 Why AI document redaction matters for modern security From coding to coordinating: How AI transformed my workflow What is intelligent document processing (IDP)? A complete guide Enterprise PDF SDKs: Best PSPDFKit (now Nutrient) alternatives Nutrient SDK product updates for Q3 2025 GdPicture support best practices Redacting sensitive data with Nutrient AI redaction API How AI is transforming the customer experience at Nutrient: From instant answers to intelligent support
Privacy Manifests and Required Reason APIs on iOS
Nishant Desai · 2024-04-24 · via Inside Nutrient

At WWDC 2023, Apple announced upcoming requirements for iOS apps and SDKs to include privacy manifests beginning 1 May 2024.

A privacy manifest is a property list file that declares the privacy practices of an app or SDK, such as if the software collects any data, how this data is used, and whether the data is linked to individual users. This information allows app developers bundling third-party SDKs to show the app’s privacy details on the App Store. The WWDC session on privacy manifests(opens in a new tab) covers this in greater detail.

With the release of PSPDFKit 13.3 for iOS, we added privacy manifests to our frameworks. In this blog post, we’ll discuss the approach we took for adding the necessary details.

Privacy Tracking

The best way to get started with a manifest file is to add details, including whether the app or SDK tracks any kind of user data, along with the domains with which the apps communicate for tracking purposes. These are specified in the manifest file against the NSPrivacyTracking and NSPrivacyTrackingDomains keys, respectively.

If your app collects any kind of data, then you need to also describe the kind of data collected, along with its usage(opens in a new tab).

Use of Required Reason APIs

The next step is to list all the required reason APIs(opens in a new tab) Apple has outlined as necessary in the privacy manifest files. This is because, according to Apple documentation(opens in a new tab), “some APIs that your app uses to deliver its core functionality…have the potential of being misused to access device signals to try to identify the device or user, also known as fingerprinting.”

If any of these APIs are used for reasons not listed(opens in a new tab), developers are required to fill out a form detailing their APIs and use cases and requesting a new approved reason.

For us, the task of tracking down the usage of the required reason APIs and ensuring they adhere to the guidelines was challenging. This is because PSPDFKit for iOS is a huge SDK with a codebase dating back to 2011, and it was necessary to review each of the listed APIs individually.

We began with text search, which gave us promising results. You can use the regular expression below to search for these APIs in your project. This will find most occurrences and give you a good starting point to audit their usage:

creationDate|modificationDate|fileModificationDate|contentModificationDateKey|creationDateKey|getattrlist|getattrlistbulk|fgetattrlist|fstat|fstatat|lstat|getattrlistat|systemUptime|mach_absolute_time|volumeAvailableCapacityKey|volumeAvailableCapacityForImportantUsageKey|volumeAvailableCapacityForOpportunisticUsageKey|volumeTotalCapacityKey|systemFreeSize|systemSize|statfs|statvfs|fstatfs|fstatvfs|getattrlist|fgetattrlist|getattrlistat|activeInputModes|UserDefaults

The regex above isn’t exhaustive, as it doesn’t include the stat API. That’s because searching for stat not only turns up required reason APIs, but it also has unrelated false positives, such as status functions or properties with the word status in them. As such, it’s better to manually search for stat.

Using our regex search results, we looked into the exact use of each of these APIs, and we tried to determine if there was a different way to achieve the same thing they did without using required reason APIs.

Tracking Down the Usage

Here are three examples of APIs we found we were using and what we did to comply with Apple guidelines.

ProcessInfo.systemUptime Usage

When ProcessInfo.systemUptime(opens in a new tab) is called, it returns information about how long the system has been awake since it was last rebooted. PSPDFKit supports adding biometric data for ink signature annotations by using the touch input timestamps of the annotation drawings. The timestamps are provided by the drawing inputs’ UITouch.timestamp, which is relative to the system uptime. We used ProcessInfo.systemUptime to convert this relative timestamp to an absolute timestamp by adding the system uptime (ProcessInfo.systemUptime) to the UITouch.timestamp to destroy the privacy-sensitive data about the system boot time.

It’s ironic that we accessed the privacy-sensitive information to cancel that information out; the ProcessInfo.systemUptime API can easily be misused to find out the exact boot time of a device by adding the uptime from the current date time to categorize the user into a small group of users who booted their device around the same time.

We found an alternate approach that wouldn’t entail the usage of ProcessInfo.systemUptime for generating timestamps for biometric data for ink signatures. More specifically, we changed the touch timestamps to be relative to the first touch instead of the Unix timestamp.

statfs Usage

The statfs API — which returns information about the mounted file systems, such as the total size of the file system, free space, file system type name, etc. — falls under the file timestamp APIs category, which requires a specified reason. We were using this API to get the type of the file system where a document was stored, but not to identify users in any manner. Determining whether the file system type of the document is APFS helped us know whether cheap APFS copies could be made, which in turn aided with conflict resolution while saving PDF documents.

The information returned here — such as total data blocks in the system, free blocks, etc. — can be maliciously used to make a unique signature of a device, which can then be used to track a user across different apps and websites. This becomes especially potent when combined with other information, such as the device model and OS version.

We didn’t need this data, so we replaced statfs with the URL.getResourceValue(_:forKey:)(opens in a new tab) APIs, specifically using URLResourceKey.volumeTypeNameKey(opens in a new tab) to determine the file system and retrieve volume type names such as APFS or HFS.

URLResourceKey.volumeTypeNameKey is a relatively new API that didn’t exist when we first added support for conflict resolution, which is why we had to resort to using statfs.

UserDefaults Usage

UserDefaults is another foundation API that’s a required reason API. We used this API to store user preferences set for annotation tools, as well as to persist the currently visible document page for state restoration. The search also showed we were using systemFreeSize to check if there was enough space on the disk for storing temporary cache files.

We weren’t able to find alternates for these APIs that didn’t require the use of these required reason APIs. Fortunately, the usage of them falls within the guidelines. Thus, we added the reasons (E174.1 for systemFreeSize and CA92.1 for UserDefaults) to declare their usage in the privacy manifest file.

Conclusion

Apple’s new requirements may feel overwhelming to address, but what worked for us was to carry out a careful audit of our usage and try to find alternative APIs that would achieve the same result as the initial ones we used. However, we weren’t able to find alternates for all the required reason APIs we use, as some of them provide essential functionality.

It’s mandatory for all apps and SDKs to include the privacy manifest beginning 1 May 2024. This not only makes it easier for users to understand what an app does under the hood, but it also helps us as developers in reevaluating the choices we make during development to ensure privacy.