Xamarin ios requesting unnecessary permissions - ios

I have an Xamarin App for ios and android. Lately Apple has been rejecting my builds due to missing purpose strings, for features my app does not use.
My app only needs access to Camera and Media Storage. I request permission once that feature is being used. However Apple is requiring I explain why my app needs access to:
contacts
location
bluetooth
siri
microphone
None of which are in use! It seems like every time I do a release something is added to the list. My info.plist is getting filled with messages like "This app does not require this feature". Its very unprofessional.
It seems that if I use a nuget package that has the potential to use a feature, the app thinks that feature IS in use.
Is there a way to make it very clear my app does NOT use these features and to NOT ask the user for permission to use them when they first run the app? (This is not a programmed permission request that is occurring.)

Related

Keep rejecting my app because I don't clearly identify HealthKit functionality in my app's user interface

I've tried like 5 times with different combination of alert before the asking permission for writing on Health app (with the purpose: add workouts).
I also added an explicit phrase on app description and my info.plist has both NSHealthShareUsageDescription and NSHealthUpdateUsageDescription but they keep rejecting my app with this reason:
Guideline 2.5.1 - Performance - Software Requirements
Your app uses the HealthKit or CareKit APIs but does not indicate integration with the Health app in your app description and clearly identify the HealthKit and CareKit functionality in your app's user interface.
Next Steps
To resolve this issue, please clearly identify the HealthKit functionality in app's user interface to avoid confusion.
What can I do about it? In the last build I removed the HeathKit function so they maybe can approve with no other excuse but sooner or later I want to add this functionality...

iOS native app wrapper for push notifications in PWA

Is it possible to create a native iOS app which only services as a wrapper for a pwa?
So the native app has no functionality other then to load the pwa inside of it and some background functions like push notifications.
This way I would like to create the functionality of push notifications, but still only have to create a pwa.
So when you open the native app this app will open the pwa (In my mind it looks similar to an iframe inside the native app). Everything will happen in the pwa, but we can still send push notification and use other features which are not yet available in the pwa.
If this is possible how can this be accomplished?
Apple writes:
Your app should include features, content, and UI that elevate it beyond a repackaged website. If your app is not particularly useful, unique, or “app-like,” it doesn’t belong on the App Store. If your App doesn’t provide some sort of lasting entertainment value, it may not be accepted.
Link here
I've heard that they are very consistent in not allowing apps outside of their guidelines and as long as you are not giving additional value in the app, that is not present on the website (your PWA), it will not be accepted.
I still have not heard anyone who succeeded with the wrapping alone, but if there are cases I am very interested to know too.
I think Apple will not approve your app

iOS - Security concerns installing a self-signed 3rd party app via Cydia Impactor

Pretty much what the title says.
I would like to install a 3rd party app on my iOS 11 device, but the only way to do so is by self-signing the .ipa and installing it via Cydia Impactor.
What are the possible security concerns in doing so?
How much control and access would said app have over my device once trusted?
There's no way of saying for certain.
Private APIs
iOS 11 fixed a number of vulnerabilities that allowed access to personal info such as SMS messages without user knowing. There might be other vulnerabilities but it looks like iOS 11 is pretty good in regards to private API access. Pretty much every known personal info leak was fixed.
The problem here is you can't do anything about it. Only way is to disassemble the application and see for yourself.
Permissions
Of course, there're many ways third-party app can steal your personal info if you give it the access. For example, contacts, calendar, call history (without phone number but still), microphone, photo library - once given permission to access, can be accessed at any point even when running in the background without you knowing it. Application can run in the background indefinitely, it's still not fixed by Apple.
Accessing location will always display an icon in the status bar so that's fine. But there're ways you can fool iOS to access location once and not display the icon. It's not reliable but it works.
If application is running in the foreground then it can access camera, microphone, location and iOS will not tell you anything about it. Recently there was an article about camera specifically. You can't tell when it's recording and that's a real problem.
Solution here is simple - don't give the permission.
Jailbreak
Jailbreaking relies on a number of vulnerabilities to modify kernel to disable security measures. No one is stopping you from using these exploits to be executed from a third-party app not meant for jailbreaking. In fact, all recent jailbreaks are done by installing an application using Cydia Impactor. And there's an actual example of that - Filza. It's a file manager that can access root file system. It does that by executing exploits used in jailbreak.
Solution here is to make sure your iOS is up to date and has no jailbreak for it. Of course there's a possibility of unknown exploits. Serious vulnerabilities found regularly in iOS. You can disassemble the application to see what it's actually doing but I don't think you would asking this question if you knew how do that.

iOS 8 Suggested Apps - How does it work?

Over the past little while I’ve been working with a client who would like to leverage Apple’s new Suggested App feature on iOS 8. The client's goal was to display a suggest app lock screen notification any time a person passes by a specific geo-location. After spending some time trying to find a concrete answer to what level of control (if any) the client would have over Apple’s Suggest App feature, it was decided to send our questions directly to Apple.
Below is copy of the questions I sent to Apple.
Hello,
For our next app release, my team and I would like to leverage Apple's Suggest App feature provided in iOS 8.
We've taken a look through the iTunes Connect portal and we haven't been able to find a configuration panel anywhere which allows us to control when/where our app should appear as a suggested app.
Questions:
Is it possible for us to specify the conditions that out app will appear as a suggested app for users who haven't downloaded it yet?
Can we specify a geo-fence that will display our app as a suggested app on a user's lock screen?
If we have no control over Apple's Suggested App configuration, under what conditions will our iOS appear on a user's lock screen as a suggested app?
STEPS TO REPRODUCE
Turn on your phone
Enable suggested apps
Enable 3G
Lock your screen
Walk past a region.
Expected Result: A suggested app appears on the iPhone lock screen.
Here is the response I received directly from Apple Developer Support Team:
Hello,
Location relevant Apps are recommended on the lock screen and in the App Store based on a number of factors, including their popularity at the location, and there is no mechanism or process by which an App developer can add their App to the list of recommended Apps.
However, if your iOS App is directly related to the location or venue (such as a mall guide iOS App which is published by the mall owner or operator), and you believe your iOS App’s relevance warrants it being included the list of recommended Apps, then you are encouraged to submit an enhancement request via http://bugreport.apple.com/, and request that Apple consider whether your iOS App should be included in the list of recommended Apps for that location.
You should provide as much detail in the ’enhancement request' about the App and venue/location as possible, such as the App ID, App Name, URL to the App on the App Store, venue name, venue location (address & lat/lon), the relevance (if any) of your iOS App to the venue/location, and relationship (if any) between you as the developer and the owner/operator of the venue/location.
Submission of an enhancement request does not guarantee that a particular iOS App will be added to the list of recommended Apps for a venue or location, and the sole feedback from Apple on the request will come through the http://bugreport.apple.com/ bug report system.
Regards,
Apple Developer Technical Support

Programmatically executing the application out of sandbox in iPhone

How to build an application which is capable of executing outside the sandbox in non-jail broken devices? Because I need to access the files and other informations like sms, call history etc ...
I'm afraid you will probably not be able to do this. The provided SDK, and terms of using the SDK do not allow you to operate outside of the sandbox.
Even if you were able to access the information, then the app would only ever be for your own use (unless you are an enterprise developer) as it would most likely get a rejection from the App Store approvals process.
The only access outside the sandbox that is allowed is mediated through Apple's SDK. You will only be able to access specific items, such as the Address Book or Photo library, through the iPhone OS framework.
If you have a more specific question about what you want to accomplish, perhaps we can answer based on what is currently allowed.
There's no method that I know of to perform access outside the sandbox that is defined by the iPhone SDK.
Even if there were, your app would not be available for non-jailbroken phones, as it wouldn't be approved by the app store.

Resources