When I implement FaceID, I set on Info.plist the FaceID Usage Description, hence, everytime an user tries to use FaceID for the first time, iOS displays a prompt asking about FaceID permission.
But, I'm not sure why if I use Touch ID, a similar alert saying "Do you want to allow XXX to use Touch ID" does not appear asking for user permission. What it appears is an alert like this:
Is this behavior normal? Or how can I show that alert with TouchID?
This is a deliberate UX choice on Apple's part. It's having to do with the passive nature of Face ID (simply continuing to look at the device) vs. the intentional action a user takes to place their finger on the Touch ID sensor on the device. Without an interstitial asking for deliberate permission to use the feature, a user may inadvertently (successfully) authenticate with Face ID despite potentially having no intent to do so.
The behavior you detailed in your question is clearly documented in Logging a User into Your App with Face ID or Touch ID (emphasis mine):
Set the Face ID Usage Description
In any project that uses biometrics, include the
NSFaceIDUsageDescription
key in your app’s Info.plist file. Without this key, the system
won’t allow your app to use Face ID. The value for this key is a
string that the system presents to the user the first time your app
attempts to use Face ID. The string should clearly explain why your
app needs access to this authentication mechanism. The system
doesn’t require a comparable usage description for Touch ID.
Related
Is a formal description of using permission enough to approve an app in the Add Store?
For example, is this option suitable:
This app requires access to the camera
... or should it be specified as follows:
This app requires access to the camera to take a picture for the profile or scan a QR code
It is rather difficult to describe in detail what this permission will be used for. For example, the camera can be used for many functions (take a picture, read a QR, record a video). At the same time, I would not want the app to be rejected due to the lack of a detailed description.
In general, they will not reject you if you keep your message like the first option. But what is written in the documentation of Apple about this is:
For each key, provide a message that explains to the user why your app
needs to capture media, so that the user can feel confident granting
permission to your app.
This message will be shown to the user and do you think the user will be happy with your explanation of why you need the camera permission.
This app requires access to the camera.
If this is not a well-known app I will reject this permission.
Much better is if you show something like this:
This app requires access to the camera to take a picture for the
profile or scan a QR code when you need it.
At the end of the day, you deciding how to build trust in your users.
It depends on the Apple reviewer's mood...
My app passed with a usage description similar to your first option, but later it was rejected, so go with the specified version.
In my app I use the Apple's FaceID to confirm some actions.
I want to insert an additional step before the FaceID request is presented.
This because the FaceID appears immediately and the user doesn't have the time to read what he's going to confirm.
I saw that Apple use the approach to "Double-Click the Home button" before asking for FaceID.
I've read the Apple's docs but I didn't find any informations about this kind of API. I attached a screenshot with an example of what Apple does in its native apps.
Do you know how to achieve the same thing?
I don't believe apps have the ability to access side button presses.
If you don't want Face ID to immediately appear and authenticate, perhaps add a UIButton in-app for the user to tap before the Face ID authentication appears.
I've assumed that putting NSBluetoothPeripheralUsageDescription into info.plist will automatically trigger the alert view (at appropriate time) which will among the other things, show the (localized) error defined in InfoPlist.strings(current language). I assumed something like that, because of this statement from the docs:
NSBluetoothPeripheralUsageDescription (String - iOS) This key lets
you describe the reason your app uses Bluetooth. When the system
prompts the user to allow usage, the value that you provide for this
key is displayed as part of the alert.
Take a look at into this part:
When the system prompts the user to allow usage ...
IMO, this means that alert will be popped out automatically, rather than manually in the code by me.
I am using :
CoreBluetooth framework and many of its classes like:
CBPeripheral, CBCharacteristic, CBCentralManager etc. so I guess this alert should pop out. Of course, I can pop out the alert view by myself on the first use of Bluetooth, but I thought that point of these info.plist keys is, actually to warn the user automatically...
Not quite...
I would hate to have iOS automatically pop up every permission request dialog when the app first runs. Much better to allow me to show "Can I use the camera?" the first time the user gets to the section of my app where the camera is used, and "Can I use Bluetooth" when that section is used.
So, the strings are required so the users are not presented with generic "App wants to use Bluetooth" requests. Instead, you have to provide a suitably informative string (subject to the reviewer's opinion, of course).
But it won't be presented to the user until you want it to be shown.
Maybe you already answered the system popup and have an entry in the iOS settings? In this case iOS will not ask anymore.
We are developing an app that share user location on the map when they login and others can tap on their profile pic on map and start chatting with them .
Apple rejected the app with following reply :
"17.1 - Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used.
Upon further review, we found that your app enables the display of nearby users’ locations on a map but only prompts users on sign up or sign in for permission to show their location. If the user has signed in and previously agreed, then they are not prompted again until they log out. This is not appropriate for the App Store.
Specifically, it is not appropriate to display the user's location automatically without the option to decline if they have already signed in to access your app." We already tried to add multiple popup/confirm boxes for user permissions. what should be done to take care of this privacy issue ?
Should we add a button to manually checkin , everytime they want to update thier location ? this will defeat the purpose though if they have to click a button to update location to show where they are .
Or
Should we ask for permission to Show location each time App is opened since apple's objection is that it don't ask for permission again untill user is logged out and log in back ?
This is a speculative answer, since Apple has somewhat fuzzy replies, but this is my view:
Specifically, it is not appropriate to display the user's location automatically without the option to decline if they have already signed in to access your app."
You could solve it by:
* Sending a push notification when the user's location is being used (this could be annoying depending on app usage of location)
* Showing some info in a very visible place in the app, e.g. in the lateral menu, along with the option to reject to share your location (or otherwise, tell the user there that they can do so by logging out)
There must be other possible solutions, since the reviewer is a human being and the guideline broad and unspecific enough... But I think any of these options would work.
Is it possible to customize the default alert message when the iPhone wants to use users current location. I want to change not only the text but also the default blue screen alert view. Is it possible ?
Thanks.
Not possible. From documentation,
Important: In addition to hardware not being available, the user has
the option of denying an application’s access to location service
data. During its initial uses by an application, the Core Location
framework prompts the user to confirm that using the location service
is acceptable. If the user denies the request, the CLLocationManager
object reports an appropriate error to its delegate during future
requests. You can also check the application’s explicit authorization
status using the authorizationStatus method.
The alert is prompted by Core location framework. We don't have any control over it.
EDIT : To add up, from this Apple developer forum thread (login required)
That alert is shown in a standard fashion for all applications for
privacy reasons. The user's current location is sensitive
information, and we want to be sure that they give their informed
consent to any use of it on the device. The way that we do that is by
providing a clear, consistent mechanism for the user to give their
consent. If applications were allowed to override or disable the
alert, then that consistency would be lost.
and the answerer is an Apple employee..
Years later, Apple did implement some customization options!
Have a look at the documentation
documentation
If you put one of the following key in your info.plist (depending on your usage of the location services), you can specify a custom string, that is displayed in the default alert additionally.
NSLocationUsageDescription (available since iOS6)
NSLocationWhenInUseUsageDescription (since iOS8)
NSLocationAlwaysUsageDescription (since iOS8)