chore: enable SumSub Fisherman device intelligence with privacy compliance (#1714)

* clean up permissions * updates for permissions * update permissions and packages * fix: mark device ID collection as linked in privacy manifest Address CodeRabbit feedback: - Set NSPrivacyCollectedDataTypeLinked to true (device signals are tied to applicant identity) - Clarify Android Data Safety checklist requirements with explicit data-linking declaration Co-authored-by: Cursor <cursoragent@cursor.com> * remove for now --------- Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-19 02:24:25 -05:00 · 2026-02-06 12:08:08 -08:00
parent c8191aa60b
commit a1b04f2b03
11 changed files with 89 additions and 79 deletions
--- a/app/Gemfile.lock
+++ b/app/Gemfile.lock
@@ -23,7 +23,7 @@ GEM
    artifactory (3.0.17)
    atomos (0.1.3)
    aws-eventstream (1.4.0)
-    aws-partitions (1.1212.0)
+    aws-partitions (1.1213.0)
    aws-sdk-core (3.242.0)
      aws-eventstream (~> 1, >= 1.3.0)
      aws-partitions (~> 1, >= 1.992.0)
--- a/app/ios/Podfile
+++ b/app/ios/Podfile
@@ -4,11 +4,15 @@ source "https://cdn.cocoapods.org/"
 unless ENV["E2E_TESTING"] == "1"
  source "https://github.com/SumSubstance/Specs.git"

-  # Enable Fisherman (Device Intelligence) module
+  # Enable Fisherman (Device Intelligence) module for fraud detection
+  # Privacy: Device ID collection declared in app/ios/PrivacyInfo.xcprivacy
  ENV["IDENSIC_WITH_FISHERMAN"] = "true"

-  # Enable VideoIdent module
-  ENV["IDENSIC_WITH_VIDEOIDENT"] = "true"
+  # VideoIdent module disabled for current release
+  # This feature provides liveness checks via live video calls with human agents
+  # Disabled to avoid microphone permission requirements on both platforms
+  # TODO: Re-enable for future release when liveness checks are needed
+  # ENV["IDENSIC_WITH_VIDEOIDENT"] = "true"
 end

 use_frameworks!
--- a/app/ios/Podfile.lock
+++ b/app/ios/Podfile.lock
@@ -158,11 +158,6 @@ PODS:
  - IdensicMobileSDK/Fisherman (1.40.2):
    - FingerprintPro (~> 2.11)
    - IdensicMobileSDK/Core
-  - IdensicMobileSDK/VideoIdent (1.40.2):
-    - IdensicMobileSDK/VideoIdent-latest
-  - IdensicMobileSDK/VideoIdent-latest (1.40.2):
-    - IdensicMobileSDK/Core
-    - TwilioVideo (>= 5.8.2)
  - lottie-ios (4.5.0)
  - lottie-react-native (7.2.2):
    - DoubleConversion
@@ -1554,7 +1549,6 @@ PODS:
  - react-native-mobilesdk-module (1.40.2):
    - IdensicMobileSDK (= 1.40.2)
    - IdensicMobileSDK/Fisherman (= 1.40.2)
-    - IdensicMobileSDK/VideoIdent (= 1.40.2)
    - React-Core
  - react-native-netinfo (11.4.1):
    - React-Core
@@ -2152,7 +2146,7 @@ PODS:
    - ReactCommon/turbomodule/core
    - Sentry/HybridSDK (= 8.53.2)
    - Yoga
-  - RNSVG (15.15.1):
+  - RNSVG (15.12.1):
    - DoubleConversion
    - glog
    - hermes-engine
@@ -2172,9 +2166,9 @@ PODS:
    - ReactCodegen
    - ReactCommon/turbomodule/bridging
    - ReactCommon/turbomodule/core
-    - RNSVG/common (= 15.15.1)
+    - RNSVG/common (= 15.12.1)
    - Yoga
-  - RNSVG/common (15.15.1):
+  - RNSVG/common (15.12.1):
    - DoubleConversion
    - glog
    - hermes-engine
@@ -2204,7 +2198,6 @@ PODS:
    - React-Core
  - SwiftQRScanner (1.1.6)
  - SwiftyTesseract (3.1.3)
-  - TwilioVideo (5.11.1)
  - Yoga (0.0.0)

 DEPENDENCIES:
@@ -2346,7 +2339,6 @@ SPEC REPOS:
    - Sentry
    - SocketRocket
    - SwiftyTesseract
-    - TwilioVideo

 EXTERNAL SOURCES:
  boost:
@@ -2624,7 +2616,7 @@ SPEC CHECKSUMS:
  react-native-cloud-storage: 8d89f2bc574cf11068dfd90933905974087fb9e9
  react-native-compat: b80530ebcd3d574be5dd99cb27b984a17c119abc
  react-native-get-random-values: d16467cf726c618e9c7a8c3c39c31faa2244bbba
-  react-native-mobilesdk-module: 4770cb45fdd19dc4eed04615f0fcdab013b3dfe2
+  react-native-mobilesdk-module: 08c16fea2be97669f8e4c38153106e5fe698126a
  react-native-netinfo: cec9c4e86083cb5b6aba0e0711f563e2fbbff187
  react-native-nfc-manager: c8891e460b4943b695d63f7f4effc6345bbefc83
  react-native-passkey: 8853c3c635164864da68a6dbbcec7148506c3bcf
@@ -2671,16 +2663,15 @@ SPEC CHECKSUMS:
  RNReactNativeHapticFeedback: e526ac4a7ca9fb23c7843ea4fd7d823166054c73
  RNScreens: 806e1449a8ec63c2a4e4cf8a63cc80203ccda9b8
  RNSentry: f79dd124cc49088445c16d23955860dd0d1db6f3
-  RNSVG: 8cd7dadbe9bdc7d70872910dbe611c8e0f4597bb
+  RNSVG: 0c1fc3e7b147949dc15644845e9124947ac8c9bb
  segment-analytics-react-native: 0eae155b0e9fa560fa6b17d78941df64537c35b7
  Sentry: 59993bffde4a1ac297ba6d268dc4bbce068d7c1b
  SocketRocket: d4aabe649be1e368d1318fdf28a022d714d65748
  sovran-react-native: a3ad3f8ff90c2002b2aa9790001a78b0b0a38594
  SwiftQRScanner: e85a25f9b843e9231dab89a96e441472fe54a724
  SwiftyTesseract: 1f3d96668ae92dc2208d9842c8a59bea9fad2cbb
-  TwilioVideo: 9f51085d4e4fb3aff8e168b8215b31cb0f486a2f
  Yoga: 1259c7a8cbaccf7b4c3ddf8ee36ca11be9dee407

-PODFILE CHECKSUM: 8cfd84595c3e826f512f5c545d232a27f1850ff3
+PODFILE CHECKSUM: ced4db0072978f965783277bc810af9a7bebe695

 COCOAPODS: 1.16.2
--- a/app/ios/PrivacyInfo.xcprivacy
+++ b/app/ios/PrivacyInfo.xcprivacy
@@ -30,7 +30,20 @@
 		</dict>
 	</array>
 	<key>NSPrivacyCollectedDataTypes</key>
-	<array/>
+	<array>
+		<dict>
+			<key>NSPrivacyCollectedDataType</key>
+			<string>NSPrivacyCollectedDataTypeDeviceID</string>
+			<key>NSPrivacyCollectedDataTypeLinked</key>
+			<true/>
+			<key>NSPrivacyCollectedDataTypeTracking</key>
+			<false/>
+			<key>NSPrivacyCollectedDataTypePurposes</key>
+			<array>
+				<string>NSPrivacyCollectedDataTypePurposeFraudPreventionAndSecurity</string>
+			</array>
+		</dict>
+	</array>
 	<key>NSPrivacyTracking</key>
 	<false/>
 </dict>
--- a/app/ios/Self.xcodeproj/project.pbxproj
+++ b/app/ios/Self.xcodeproj/project.pbxproj
--- a/app/package.json
+++ b/app/package.json
@@ -164,7 +164,7 @@
    "react-native-safe-area-context": "^5.6.2",
    "react-native-screens": "4.15.3",
    "react-native-sqlite-storage": "^6.0.1",
-    "react-native-svg": "15.15.1",
+    "react-native-svg": "15.12.1",
    "react-native-svg-web": "1.0.9",
    "react-native-url-polyfill": "^3.0.0",
    "react-native-web": "^0.21.2",
--- a/app/src/integrations/sumsub/sumsubService.ts
+++ b/app/src/integrations/sumsub/sumsubService.ts
@@ -116,7 +116,17 @@ export const launchSumsub = async (
    })
    .withDebug(config.debug ?? __DEV__)
    .withLocale(config.locale ?? 'en')
-    .withAnalyticsEnabled(true); // Device Intelligence requires this
+    // Platform configuration:
+    // - Device Intelligence (Fisherman): Enabled on both iOS and Android
+    //   * iOS: Configured via IDENSIC_WITH_FISHERMAN in Podfile
+    //   * Android: Configured via idensic-mobile-sdk-fisherman in patch file
+    //   * Privacy: iOS declares device ID collection in PrivacyInfo.xcprivacy
+    //   * Privacy: Android should declare device fingerprinting in Google Play Data Safety
+    // - VideoIdent (live video calls): Disabled on both platforms for current release
+    //   * iOS: Disabled in Podfile (avoids microphone permission requirements)
+    //   * Android: Disabled in patch file (avoids FOREGROUND_SERVICE_MICROPHONE permission)
+    //   * Note: VideoIdent will be re-enabled on both platforms in future release for liveness checks
+    .withAnalyticsEnabled(true); // Required for Device Intelligence to function

  // Pre-select document type and country if provided
  // This skips the document selection step in Sumsub