chore: enable SumSub Fisherman device intelligence with privacy compliance (#1714)

* clean up permissions

* updates for permissions

* update permissions and packages

* fix: mark device ID collection as linked in privacy manifest

Address CodeRabbit feedback:
- Set NSPrivacyCollectedDataTypeLinked to true (device signals are tied to applicant identity)
- Clarify Android Data Safety checklist requirements with explicit data-linking declaration

Co-authored-by: Cursor <cursoragent@cursor.com>

* remove for now

---------

Co-authored-by: Cursor <cursoragent@cursor.com>

app/Gemfile.lock

@@ -23,7 +23,7 @@ GEM
     artifactory (3.0.17)
     atomos (0.1.3)
     aws-eventstream (1.4.0)
-    aws-partitions (1.1212.0)
+    aws-partitions (1.1213.0)
     aws-sdk-core (3.242.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)

app/ios/Podfile

@@ -4,11 +4,15 @@ source "https://cdn.cocoapods.org/"
 unless ENV["E2E_TESTING"] == "1"
   source "https://github.com/SumSubstance/Specs.git"
 
-  # Enable Fisherman (Device Intelligence) module
+  # Enable Fisherman (Device Intelligence) module for fraud detection
+  # Privacy: Device ID collection declared in app/ios/PrivacyInfo.xcprivacy
   ENV["IDENSIC_WITH_FISHERMAN"] = "true"
 
-  # Enable VideoIdent module
-  ENV["IDENSIC_WITH_VIDEOIDENT"] = "true"
+  # VideoIdent module disabled for current release
+  # This feature provides liveness checks via live video calls with human agents
+  # Disabled to avoid microphone permission requirements on both platforms
+  # TODO: Re-enable for future release when liveness checks are needed
+  # ENV["IDENSIC_WITH_VIDEOIDENT"] = "true"
 end
 
 use_frameworks!

app/ios/Podfile.lock

@@ -158,11 +158,6 @@ PODS:
   - IdensicMobileSDK/Fisherman (1.40.2):
     - FingerprintPro (~> 2.11)
     - IdensicMobileSDK/Core
-  - IdensicMobileSDK/VideoIdent (1.40.2):
-    - IdensicMobileSDK/VideoIdent-latest
-  - IdensicMobileSDK/VideoIdent-latest (1.40.2):
-    - IdensicMobileSDK/Core
-    - TwilioVideo (>= 5.8.2)
   - lottie-ios (4.5.0)
   - lottie-react-native (7.2.2):
     - DoubleConversion
@@ -1554,7 +1549,6 @@ PODS:
   - react-native-mobilesdk-module (1.40.2):
     - IdensicMobileSDK (= 1.40.2)
     - IdensicMobileSDK/Fisherman (= 1.40.2)
-    - IdensicMobileSDK/VideoIdent (= 1.40.2)
     - React-Core
   - react-native-netinfo (11.4.1):
     - React-Core
@@ -2152,7 +2146,7 @@ PODS:
     - ReactCommon/turbomodule/core
     - Sentry/HybridSDK (= 8.53.2)
     - Yoga
-  - RNSVG (15.15.1):
+  - RNSVG (15.12.1):
     - DoubleConversion
     - glog
     - hermes-engine
@@ -2172,9 +2166,9 @@ PODS:
     - ReactCodegen
     - ReactCommon/turbomodule/bridging
     - ReactCommon/turbomodule/core
-    - RNSVG/common (= 15.15.1)
+    - RNSVG/common (= 15.12.1)
     - Yoga
-  - RNSVG/common (15.15.1):
+  - RNSVG/common (15.12.1):
     - DoubleConversion
     - glog
     - hermes-engine
@@ -2204,7 +2198,6 @@ PODS:
     - React-Core
   - SwiftQRScanner (1.1.6)
   - SwiftyTesseract (3.1.3)
-  - TwilioVideo (5.11.1)
   - Yoga (0.0.0)
 
 DEPENDENCIES:
@@ -2346,7 +2339,6 @@ SPEC REPOS:
     - Sentry
     - SocketRocket
     - SwiftyTesseract
-    - TwilioVideo
 
 EXTERNAL SOURCES:
   boost:
@@ -2624,7 +2616,7 @@ SPEC CHECKSUMS:
   react-native-cloud-storage: 8d89f2bc574cf11068dfd90933905974087fb9e9
   react-native-compat: b80530ebcd3d574be5dd99cb27b984a17c119abc
   react-native-get-random-values: d16467cf726c618e9c7a8c3c39c31faa2244bbba
-  react-native-mobilesdk-module: 4770cb45fdd19dc4eed04615f0fcdab013b3dfe2
+  react-native-mobilesdk-module: 08c16fea2be97669f8e4c38153106e5fe698126a
   react-native-netinfo: cec9c4e86083cb5b6aba0e0711f563e2fbbff187
   react-native-nfc-manager: c8891e460b4943b695d63f7f4effc6345bbefc83
   react-native-passkey: 8853c3c635164864da68a6dbbcec7148506c3bcf
@@ -2671,16 +2663,15 @@ SPEC CHECKSUMS:
   RNReactNativeHapticFeedback: e526ac4a7ca9fb23c7843ea4fd7d823166054c73
   RNScreens: 806e1449a8ec63c2a4e4cf8a63cc80203ccda9b8
   RNSentry: f79dd124cc49088445c16d23955860dd0d1db6f3
-  RNSVG: 8cd7dadbe9bdc7d70872910dbe611c8e0f4597bb
+  RNSVG: 0c1fc3e7b147949dc15644845e9124947ac8c9bb
   segment-analytics-react-native: 0eae155b0e9fa560fa6b17d78941df64537c35b7
   Sentry: 59993bffde4a1ac297ba6d268dc4bbce068d7c1b
   SocketRocket: d4aabe649be1e368d1318fdf28a022d714d65748
   sovran-react-native: a3ad3f8ff90c2002b2aa9790001a78b0b0a38594
   SwiftQRScanner: e85a25f9b843e9231dab89a96e441472fe54a724
   SwiftyTesseract: 1f3d96668ae92dc2208d9842c8a59bea9fad2cbb
-  TwilioVideo: 9f51085d4e4fb3aff8e168b8215b31cb0f486a2f
   Yoga: 1259c7a8cbaccf7b4c3ddf8ee36ca11be9dee407
 
-PODFILE CHECKSUM: 8cfd84595c3e826f512f5c545d232a27f1850ff3
+PODFILE CHECKSUM: ced4db0072978f965783277bc810af9a7bebe695
 
 COCOAPODS: 1.16.2

app/ios/PrivacyInfo.xcprivacy

@@ -30,7 +30,20 @@
 		</dict>
 	</array>
 	<key>NSPrivacyCollectedDataTypes</key>
-	<array/>
+	<array>
+		<dict>
+			<key>NSPrivacyCollectedDataType</key>
+			<string>NSPrivacyCollectedDataTypeDeviceID</string>
+			<key>NSPrivacyCollectedDataTypeLinked</key>
+			<true/>
+			<key>NSPrivacyCollectedDataTypeTracking</key>
+			<false/>
+			<key>NSPrivacyCollectedDataTypePurposes</key>
+			<array>
+				<string>NSPrivacyCollectedDataTypePurposeFraudPreventionAndSecurity</string>
+			</array>
+		</dict>
+	</array>
 	<key>NSPrivacyTracking</key>
 	<false/>
 </dict>

app/package.json

@@ -164,7 +164,7 @@
     "react-native-safe-area-context": "^5.6.2",
     "react-native-screens": "4.15.3",
     "react-native-sqlite-storage": "^6.0.1",
-    "react-native-svg": "15.15.1",
+    "react-native-svg": "15.12.1",
     "react-native-svg-web": "1.0.9",
     "react-native-url-polyfill": "^3.0.0",
     "react-native-web": "^0.21.2",

app/src/integrations/sumsub/sumsubService.ts

@@ -116,7 +116,17 @@ export const launchSumsub = async (
     })
     .withDebug(config.debug ?? __DEV__)
     .withLocale(config.locale ?? 'en')
-    .withAnalyticsEnabled(true); // Device Intelligence requires this
+    // Platform configuration:
+    // - Device Intelligence (Fisherman): Enabled on both iOS and Android
+    //   * iOS: Configured via IDENSIC_WITH_FISHERMAN in Podfile
+    //   * Android: Configured via idensic-mobile-sdk-fisherman in patch file
+    //   * Privacy: iOS declares device ID collection in PrivacyInfo.xcprivacy
+    //   * Privacy: Android should declare device fingerprinting in Google Play Data Safety
+    // - VideoIdent (live video calls): Disabled on both platforms for current release
+    //   * iOS: Disabled in Podfile (avoids microphone permission requirements)
+    //   * Android: Disabled in patch file (avoids FOREGROUND_SERVICE_MICROPHONE permission)
+    //   * Note: VideoIdent will be re-enabled on both platforms in future release for liveness checks
+    .withAnalyticsEnabled(true); // Required for Device Intelligence to function
 
   // Pre-select document type and country if provided
   // This skips the document selection step in Sumsub

packages/mobile-sdk-alpha/package.json

@@ -186,7 +186,7 @@
     "react-native-blur-effect": "^1.1.3",
     "react-native-haptic-feedback": "^2.3.3",
     "react-native-localize": "^3.6.1",
-    "react-native-svg": "15.15.1",
+    "react-native-svg": "15.12.1",
     "react-native-web": "^0.21.2",
     "react-native-webview": "13.16.0",
     "tsup": "^8.0.1",

patches/@sumsub+react-native-mobilesdk-module+1.40.2.patch

@@ -5,12 +5,18 @@ index 0000000..0000001 100644
 @@ -77,11 +77,11 @@ dependencies {
      implementation "com.sumsub.sns:idensic-mobile-sdk:1.40.2"
  
+     // Enable Device Intelligence (Fisherman) for fraud detection
+     // Privacy: Declare device fingerprinting/identifiers in Google Play Data Safety form
      // remove comment to enable Device Intelligence
 -    // implementation "com.sumsub.sns:idensic-mobile-sdk-fisherman:1.40.2"
 +    implementation "com.sumsub.sns:idensic-mobile-sdk-fisherman:1.40.2"
+     // VideoIdent disabled on both iOS and Android for current release
+     // Reason: Avoids microphone permission requirements (FOREGROUND_SERVICE_MICROPHONE on Android)
+     // Feature: Provides liveness checks via live video calls with human agents
+     // TODO: Re-enable on both platforms for future release when liveness checks are needed
      // remove comment if you need VideoIdent support
 -    // implementation "com.sumsub.sns:idensic-mobile-sdk-videoident:1.40.2"
-+    implementation "com.sumsub.sns:idensic-mobile-sdk-videoident:1.40.2"
++    // implementation "com.sumsub.sns:idensic-mobile-sdk-videoident:1.40.2"
      // remove comment if you need EID support
      // implementation "com.sumsub.sns:idensic-mobile-sdk-eid:1.40.2"
      // remove comment if you need NFC support

patches/react-native-svg+15.15.1.patch

@@ -1,24 +0,0 @@
-diff --git a/node_modules/react-native-svg/common/cpp/react/renderer/components/rnsvg/RNSVGLayoutableShadowNode.cpp b/node_modules/react-native-svg/common/cpp/react/renderer/components/rnsvg/RNSVGLayoutableShadowNode.cpp
---- a/node_modules/react-native-svg/common/cpp/react/renderer/components/rnsvg/RNSVGLayoutableShadowNode.cpp
-+++ b/node_modules/react-native-svg/common/cpp/react/renderer/components/rnsvg/RNSVGLayoutableShadowNode.cpp
-@@ -27,8 +27,18 @@ void RNSVGLayoutableShadowNode::updatePosition() {
-   auto style = yogaNode_.style();
-   style.setPositionType(yoga::PositionType::Absolute);
-   style.setPosition(yoga::Edge::All, yoga::Style::Length::points(0));
--  style.setDimension(yoga::Dimension::Width, yoga::StyleSizeLength::percent(100));
--  style.setDimension(yoga::Dimension::Height, yoga::StyleSizeLength::percent(100));
-+#if REACT_NATIVE_MINOR_VERSION >= 78
-+  style.setDimension(
-+      yoga::Dimension::Width, yoga::StyleSizeLength::percent(100));
-+  style.setDimension(
-+      yoga::Dimension::Height, yoga::StyleSizeLength::percent(100));
-+#elif REACT_NATIVE_MINOR_VERSION >= 77
-+  style.setDimension(yoga::Dimension::Width, yoga::StyleLength::percent(100));
-+  style.setDimension(yoga::Dimension::Height, yoga::StyleLength::percent(100));
-+#else
-+  style.setDimension(yoga::Dimension::Width, yoga::value::percent(100));
-+  style.setDimension(yoga::Dimension::Height, yoga::value::percent(100));
-+#endif
-   yogaNode_.setStyle(style);
- }
- 

yarn.lock

@@ -9092,7 +9092,7 @@ __metadata:
     react-native-safe-area-context: "npm:^5.6.2"
     react-native-screens: "npm:4.15.3"
     react-native-sqlite-storage: "npm:^6.0.1"
-    react-native-svg: "npm:15.15.1"
+    react-native-svg: "npm:15.12.1"
     react-native-svg-transformer: "npm:^1.5.2"
     react-native-svg-web: "npm:1.0.9"
     react-native-url-polyfill: "npm:^3.0.0"
@@ -9149,7 +9149,7 @@ __metadata:
     react-native-haptic-feedback: "npm:^2.3.3"
     react-native-localize: "npm:^3.6.1"
     react-native-nfc-manager: "npm:^3.17.2"
-    react-native-svg: "npm:15.15.1"
+    react-native-svg: "npm:15.12.1"
     react-native-svg-circle-country-flags: "npm:^0.2.2"
     react-native-web: "npm:^0.21.2"
     react-native-webview: "npm:13.16.0"
@@ -30315,6 +30315,20 @@ __metadata:
   languageName: node
   linkType: hard
 
+"react-native-svg@npm:15.12.1":
+  version: 15.12.1
+  resolution: "react-native-svg@npm:15.12.1"
+  dependencies:
+    css-select: "npm:^5.1.0"
+    css-tree: "npm:^1.1.3"
+    warn-once: "npm:0.1.1"
+  peerDependencies:
+    react: "*"
+    react-native: "*"
+  checksum: 10c0/ed94b57007125c715283fc760438ac8eac0677ced3201f6e272a7cd4459f3fecb672a8eed2c32664e5b8e6e0367585353b0f83f99b231f603d75094bb052c01f
+  languageName: node
+  linkType: hard
+
 "react-native-svg@npm:15.15.1":
   version: 15.15.1
   resolution: "react-native-svg@npm:15.15.1"