I just tried submitting my app and I got an email saying:
This app attempts to access privacy-sensitive data without a usage
description. The app's Info.plist must contain an
NSMicrophoneUsageDescription key with a string value explaining to the
user how the app uses this data.
I am using The Amazing Audio Engine, but I am not using the microphone at all anywhere in my code. So I am assuming Apple is seeing my binary includes TAAE and that has methods involving the microphone, even though they are not being used.
So my question is, is there a way to get around this? Should I remove the headers for the audio recorder files? Or am I forced to have my app give an alert that it needs to use the microphone even though it never will (bleah!!!) ?
Apple can see that there is code that accesses the microphone. There is no way that Apple can tell that during the run of your app, that code isn't actually accessed.
So you have two choices:
Keep using TAAE (which includes code that does access the microphone even if your app doesn't use it), and provide the NSMicrophoneUsageDescription key in Info.plist. The user will never see this as long as your app doesn't ever trigger the use of the microphone.
Eliminate the use of TAAE from your app.
Related
I've just deployed a Flutter app to App Store Connect and received a rejection for the following reasons :
ITMS-90683: Missing Purpose String in Info.plist - Your app's code
references one or more APIs that access sensitive user data. The app's
Info.plist file should contain a NSLocationAlwaysUsageDescription key
with a user-facing purpose string explaining clearly and completely
why your app needs the data...
ITMS-90683: Missing Purpose String in Info.plist - Your app's code
references one or more APIs that access sensitive user data. The app's
Info.plist file should contain a NSLocationWhenInUseUsageDescription
key with a user-facing purpose string explaining clearly and
completely why your app needs the data...
Now, I know how to fix this by putting that string into my Info.plist file, EXCEPT this app doesn't use location services.
(at least not as far as I am aware)
I want to tell App Store Connect that I do not need location services.
What can I check for in my Flutter code that might be making iOS think I want location access?
If I'm not wrong, when you introduce the SKAdNetworkIdentifier, Apple will ask you yo provide these strings.
But!
To don't provide these strings should not be a reason for rejection if your app actually does not use user' location.
So either you(or a widget) actually uses the location, or your app was not rejected. Which you can extract from the fact that more likely in the first paragraph says:
...you may wish to correct the followin...
I upload my app in app store successfully.
App store send me an email like this:
App Store Connect
Dear Developer,
We identified one or more issues with a recent delivery for your app, "Kupona Online" 1.0.2 (1.2). Please correct the following issues, then upload again.
ITMS-90683: Missing Purpose String in Info.plist - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSCameraUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data are required to include a purpose string. If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).
Best regards,
The App Store Team
To fix this error I put in Info.plist in Xcode 10.2.1 like in this:
but nothing happens. App store send me always this error.
How do I fix this error?
For NSCameraUsageDescription, Add the exact purpose of using camera in the Value column.
For example,
Folks are saying they're getting rejected even though they're not requesting access to camera. You have to know that Apple will scan your code with their static analysis tools. And even if you have this protected behind a feature flag, still the app store review process would reject your app. Because they don't know when you'll turn that feature flag on.
Additionally you could get this issue if a third-party service has a camera access related code in their code. Again even if you don't hit that line (of the 3rd party framework), you'd need that key in.
But then I've had issues where we've added that plist in, but then the app store review team was never able to test it out because the feature was protected by a feature flag. And because they couldn't test it, they didn't approve it ¯\ (ツ) /¯
Last but not least, if you did really need that key in your plist, then make sure its reasoning is generic enough to cover all cases e.g. If you need access to the camera for both take profile pictures and scanning QR code, then given that your app can request access for the camera at either the profile picture step or at scanning a PR code, then your description in the plist should cover both features, not just one of them. If you say "need access to take profile photos" then there is a chance that you could rejected if user hits the QR flow first but sees you're requesting access to take a profile photo. Hence you should say "need access to take profile photos and QR code scan for new devices"
tl;dr identify where in your app flow you're requesting access. If you need it then add its key/value in your plist. If you don't need it then comment out that line. You shouldn't just add the plist just for the sake of passing an app store review. It can fail but it can also succeed, while in a future release it would fail...
In the new version of IOS, apps accessing the camera trigger a dialog that will prompt the user to allow or deny permission for the app.
That's why you need to explain why the application is accessing the input device (Camera, Microphone, etc).
To do this, you need to edit your project Runner/info.plist file by adding the key and string description inside the dict tag.
<dict>
...
<key>NSCameraUsageDescription</key>
<string>My_app_name needs to access the camera to do x_thing.
</string>
<dict>
Or you can add it by opening your product in xcode the image below for more details.
I have an iOS app that uses the Google maps library which I have added via CocoaPods. This app fetches user location even in background so it asks the user for NSLocationAlwaysUsageDescription.
But upon running the app from Xcode, I get the correct permission alert but I also get the following error message in the console.
This app has attempted to access privacy-sensitive data without a
usage description. The app's Info.plist must contain an
NSLocationWhenInUseUsageDescription key with a string value explaining
to the user how the app uses this data
Doesn't NSLocationAlwaysUsageDescription automatically allow when in usage as well? Because I don't want the When In Use option to be available in the Settings because if the user later changes to that, it will cause the app to behave not as intended.
You have to add a key value pair of NSLocationAlwaysUsageDescription as key and value is like you have to notify user , or something else that user can understand that this app is going to use gps location.
You can try this or add this in your plist
Privacy - Location Always Usage Description as key and
Application would like to use your location. By allowing background locations, we can notify you when a customer is requesting for service. Continued use of GPS running in the background can dramatically decrease battery life as value
If your app uses camera, you have to set NSCameraUsageDescription in InfoPlist.strings. But what if I don't want to use any custom message? Is it accepted to set empty empty NSCameraUsageDescription like this:
NSCameraUsageDescription = "";
Docs say a bit strange about this:
If your app attempts to access the device’s camera without a corresponding purpose string, your app exits.
What is "exits"? Will my app rejected?
You can use
NSCameraUsageDescription = "";
Without any message, you just need to put the key in the plist. Also in the doc
If your app attempts to access the device’s camera without a
corresponding purpose string, your app exits.
They mentioned exits, it means the app will get closed if you don't put that string but i have checked it now, and the popup is showing without any message just the title.
No it is not accepted .
iOS already required permissions to access microphone, camera, and media library earlier (iOS6, iOS7), but since iOS10 the apps will crash if you don't provide the description why you are asking for the permission.
from : https://stackoverflow.com/a/38498347/3901620
Running SDK 5.5.0.GA and the iOS app is being rejected by Apple because of the following privacy keys that I have not included in the plist:
NSPhotoLibraryUsageDescription
NSMicrophoneUsageDescription
NSAppleMusicUsageDescription
I am not using any 3rd party modules or widgets and I am not aware what Titanium Module, Class, or Objects that would require these permissions. I have handled the one for the calendar as I am accessing the device's calendar but I am not using the microphone, apple music, nor the photo library.
Is there a way to figure out what Modules, Classes or Objects that would be using these?
I know I can get around the rejection by just adding these to the plist but I would like to figure out what is using them and not just get around it.
Thanks!
See https://jira.appcelerator.org/browse/TIMOB-23925
Unless you request a specific permission, the user shouldn't see the xUsageDescription string you put in the plist.
In one of our usages, the camera, we just added all the descriptions and said 'This app uses your camera to upload photos' and resubmitted. Its pending review now, so it passed the prescan 2nd time around.
Basically Apple prescans your binary on upload, finds some strings (method names) that it expects other things for and flags the binary. This is how binaries get rejected for using 'private methods' when in reality it may just be a function named 'offensively' in Apple's mind.