Can I enter usage descriptions for all available permissions in the Info.plist file and actually use only a few in the application?
Can I enter usage descriptions for all available permissions in the Info.plist file and actually use only a few in the application?
Of course you can. You can do whatever you like. But don't try get such an app thru the App Store; Apple doesn't like that. There needs to be a place in the app where the user might encounter every usage permission dialog you register, and you will have to tell Apple how to reach it.
Related
I've just deployed a Flutter app to App Store Connect and received a rejection for the following reasons :
ITMS-90683: Missing Purpose String in Info.plist - Your app's code
references one or more APIs that access sensitive user data. The app's
Info.plist file should contain a NSLocationAlwaysUsageDescription key
with a user-facing purpose string explaining clearly and completely
why your app needs the data...
ITMS-90683: Missing Purpose String in Info.plist - Your app's code
references one or more APIs that access sensitive user data. The app's
Info.plist file should contain a NSLocationWhenInUseUsageDescription
key with a user-facing purpose string explaining clearly and
completely why your app needs the data...
Now, I know how to fix this by putting that string into my Info.plist file, EXCEPT this app doesn't use location services.
(at least not as far as I am aware)
I want to tell App Store Connect that I do not need location services.
What can I check for in my Flutter code that might be making iOS think I want location access?
If I'm not wrong, when you introduce the SKAdNetworkIdentifier, Apple will ask you yo provide these strings.
But!
To don't provide these strings should not be a reason for rejection if your app actually does not use user' location.
So either you(or a widget) actually uses the location, or your app was not rejected. Which you can extract from the fact that more likely in the first paragraph says:
...you may wish to correct the followin...
I received this message from the App Store Team:
We identified one or more issues with a recent delivery for your app,
"App Name here" 1.11 (11). Please correct the following
issues, then upload again.
ITMS-90683: Missing Purpose String in Info.plist - Your app's code
references one or more APIs that access sensitive user data. The app's
Info.plist file should contain a NSPhotoLibraryUsageDescription key
with a user-facing purpose string explaining clearly and completely
why your app needs the data. Starting Spring 2019, all apps submitted
to the App Store that access user data are required to include a
purpose string. If you're using external libraries or SDKs, they may
reference APIs that require a purpose string. While your app might not
use these APIs, a purpose string is still required. You can contact
the developer of the library or SDK and request they release a version
of their code that doesn't contain the APIs. Learn more
(https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).
Best regards,
The App Store Team
How can I fix the described issue?
Basically NSPhotoLibraryUsageDescription this key is used by Apple to show when your app is trying to access Photo Library first time. That time Apple will ask the user whether they want your app to access Photo Library. Popup will look like.
I hope I have cleared your question.
I upload my app in app store successfully.
App store send me an email like this:
App Store Connect
Dear Developer,
We identified one or more issues with a recent delivery for your app, "Kupona Online" 1.0.2 (1.2). Please correct the following issues, then upload again.
ITMS-90683: Missing Purpose String in Info.plist - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSCameraUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data are required to include a purpose string. If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).
Best regards,
The App Store Team
To fix this error I put in Info.plist in Xcode 10.2.1 like in this:
but nothing happens. App store send me always this error.
How do I fix this error?
For NSCameraUsageDescription, Add the exact purpose of using camera in the Value column.
For example,
Folks are saying they're getting rejected even though they're not requesting access to camera. You have to know that Apple will scan your code with their static analysis tools. And even if you have this protected behind a feature flag, still the app store review process would reject your app. Because they don't know when you'll turn that feature flag on.
Additionally you could get this issue if a third-party service has a camera access related code in their code. Again even if you don't hit that line (of the 3rd party framework), you'd need that key in.
But then I've had issues where we've added that plist in, but then the app store review team was never able to test it out because the feature was protected by a feature flag. And because they couldn't test it, they didn't approve it ¯\ (ツ) /¯
Last but not least, if you did really need that key in your plist, then make sure its reasoning is generic enough to cover all cases e.g. If you need access to the camera for both take profile pictures and scanning QR code, then given that your app can request access for the camera at either the profile picture step or at scanning a PR code, then your description in the plist should cover both features, not just one of them. If you say "need access to take profile photos" then there is a chance that you could rejected if user hits the QR flow first but sees you're requesting access to take a profile photo. Hence you should say "need access to take profile photos and QR code scan for new devices"
tl;dr identify where in your app flow you're requesting access. If you need it then add its key/value in your plist. If you don't need it then comment out that line. You shouldn't just add the plist just for the sake of passing an app store review. It can fail but it can also succeed, while in a future release it would fail...
In the new version of IOS, apps accessing the camera trigger a dialog that will prompt the user to allow or deny permission for the app.
That's why you need to explain why the application is accessing the input device (Camera, Microphone, etc).
To do this, you need to edit your project Runner/info.plist file by adding the key and string description inside the dict tag.
<dict>
...
<key>NSCameraUsageDescription</key>
<string>My_app_name needs to access the camera to do x_thing.
</string>
<dict>
Or you can add it by opening your product in xcode the image below for more details.
I just tried submitting my app and I got an email saying:
This app attempts to access privacy-sensitive data without a usage
description. The app's Info.plist must contain an
NSMicrophoneUsageDescription key with a string value explaining to the
user how the app uses this data.
I am using The Amazing Audio Engine, but I am not using the microphone at all anywhere in my code. So I am assuming Apple is seeing my binary includes TAAE and that has methods involving the microphone, even though they are not being used.
So my question is, is there a way to get around this? Should I remove the headers for the audio recorder files? Or am I forced to have my app give an alert that it needs to use the microphone even though it never will (bleah!!!) ?
Apple can see that there is code that accesses the microphone. There is no way that Apple can tell that during the run of your app, that code isn't actually accessed.
So you have two choices:
Keep using TAAE (which includes code that does access the microphone even if your app doesn't use it), and provide the NSMicrophoneUsageDescription key in Info.plist. The user will never see this as long as your app doesn't ever trigger the use of the microphone.
Eliminate the use of TAAE from your app.
Running SDK 5.5.0.GA and the iOS app is being rejected by Apple because of the following privacy keys that I have not included in the plist:
NSPhotoLibraryUsageDescription
NSMicrophoneUsageDescription
NSAppleMusicUsageDescription
I am not using any 3rd party modules or widgets and I am not aware what Titanium Module, Class, or Objects that would require these permissions. I have handled the one for the calendar as I am accessing the device's calendar but I am not using the microphone, apple music, nor the photo library.
Is there a way to figure out what Modules, Classes or Objects that would be using these?
I know I can get around the rejection by just adding these to the plist but I would like to figure out what is using them and not just get around it.
Thanks!
See https://jira.appcelerator.org/browse/TIMOB-23925
Unless you request a specific permission, the user shouldn't see the xUsageDescription string you put in the plist.
In one of our usages, the camera, we just added all the descriptions and said 'This app uses your camera to upload photos' and resubmitted. Its pending review now, so it passed the prescan 2nd time around.
Basically Apple prescans your binary on upload, finds some strings (method names) that it expects other things for and flags the binary. This is how binaries get rejected for using 'private methods' when in reality it may just be a function named 'offensively' in Apple's mind.