Application rejected from AppStore due to lack of permission strings for capabilities that we DO NOT use

Hi,

Our last submission to Apple’s AppStore got rejected due to:

Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage

We noticed that your app requests the user’s consent to access their camera but does not clarify the use of the camera in the applicable purpose string.

Next Steps

Please revise the relevant purpose string in your app’s Info.plist file to specify why the app is requesting access to the user’s camera. You can modify your app’s Info.plist file using the property list editor in Xcode.

To help users understand why your app is requesting access to their personal data, all permission request alerts in your app should specify how your app will use the requested feature.

Resources
For additional information and instructions on requesting permission, please review the Requesting Permission section of the iOS Human Interface Guidelines and the [Information Property List Key Reference. You may also want to review the Technical Q&A QA1937: Resolving the Privacy-Sensitive Data App Rejection page for details on how to provide a usage description for permission request alerts.

Please see attached screenshot for details.

There was also a screenshot attached with Camera (not our app) in the background and the general Expo’s message: “Allow {this-app} to use your camera”. The problem is that we do not use Camera module anywhere in our app, we’re not requesting it, or need. The only permission that our app asks is for Notifications.

I tried to remove those Info.plist entries via code like this in our app.json file:

"NSCameraUsageDescription": false

But then I cannot even submit the app to the store (it fails to upload).

What should I do? I’ve searched the forum and found those issues:



But it was way back in 2018, and it seems something is changing in the review process:

Starting spring 2019, all apps submitted to the App Store that access user data will be required to include a purpose string.If you’re using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required.

So what should I put in those purpose string?

Thanks for help!

Hey @khronedev,

Classic Apple and their unpredictable reviews :confused:

I think the best course of action would be to provide a standard string like "The camera is used to capture pictures." just so you can get passed the Apple review. If you’re not explicitly using the module, your users will never see the prompt/string.

Cheers,
Adam

Hi @adamjnav,

We have put this:

"infoPlist": {
    "NSCalendarsUsageDescription": "This permission is not needed by the app, but it is required by an underlying API. If you see this dialog, contact us.",
    "NSCameraUsageDescription": "This permission is not needed by the app, but it is required by an underlying API. If you see this dialog, contact us.",
    "NSContactsUsageDescription": "This permission is not needed by the app, but it is required by an underlying API. If you see this dialog, contact us.",
    "NSLocationWhenInUseUsageDescription": "This permission is not needed by the app, but it is required by an underlying API. If you see this dialog, contact us.",
    "NSMicrophoneUsageDescription": "This permission is not needed by the app, but it is required by an underlying API. If you see this dialog, contact us.",
    "NSMotionUsageDescription": "This permission is not needed by the app, but it is required by an underlying API. If you see this dialog, contact us.",
    "NSPhotoLibraryAddUsageDescription": "This permission is not needed by the app, but it is required by an underlying API. If you see this dialog, contact us.",
    "NSPhotoLibraryUsageDescription": "This permission is not needed by the app, but it is required by an underlying API. If you see this dialog, contact us.",
    "NSRemindersUsageDescription": "This permission is not needed by the app, but it is required by an underlying API. If you see this dialog, contact us."
},

To our app.json and the app was approved by Apple. We’re not asking for any of those permissions so the user will never see them - but Apple review can.

Thanks

7 Likes

We have had a rejection along these same grounds - the reason given:

To resolve this issue, it would be appropriate to revise the relevant purpose string in your app's Info.plist file to specify why the app is requesting access to the user's camera, photos, and location.

However - our app.json states:

"ios": {
      "supportsTablet": true,
      "bundleIdentifier": "com.[app name]",
      "infoPlist": {
        "NSCameraUsageDescription": "[app name] requires access to your camera to let you add pictures to post to your social media channels",
        "NSPhotoLibraryUsageDescription": "[app name] needs to access your camera roll so that you can upload images. Your images will not be shared without your permission",
        "NSPhotoLibraryAddUsageDescription": "[app name] needs to access your camera roll so that you can upload images. Your images will not be shared without your permission",
        "NSLocationWhenInUseUsageDescription": "[app name] requires your location so that we can centre the map on you & show you where [x] is",
        "NSLocationAlwaysUsageDescription": "[app name] requires your location so that we can centre the map on you & show you where [x] is",
        "NSLocationAlwaysAndWhenInUseUsageDescription": "[app name] requires your location so that we can centre the map on you & show you where [x] is",
        "NSLocationUsageDescription": "[app name] requires your location so that we can centre the map on you & show you where [x] is"
      }
    },

Has anyone else had this issue? Are Apple specifying we require an entirely separate Info.plist file outside of the app.json.

Thanks!

Hey @davidapears,

That looks more than adequate. Just to be certain, did you build a binary after adding those strings to your app.json? Publishing them won’t be sufficient here as they are baked into the binary at build time.

1 Like

Hi Adam and thanks for the reply. I will double check this, thanks for the heads up. D