Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
App rejected for referencing (while not using) APIs that access sensitive user data
See original GitHub issueDescription of the problem:
It seems that @capacitor/core code references APIs that access sensitive user data. In this case it’s the photo library.
I’m not calling any of the functions that request authorisation to use the API, but it seems that apple will now check the code up front and if you reference any of these sensitive API’s which capacitor does with its native plugin core the will reject it with a warning.
ITMS-90683: Missing Purpose String in Info.plist - Your app’s code references one or more APIs that access sensitive user data. The app’s Info.plist file should contain a NSPhotoLibraryUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data are required to include a purpose string. If you’re using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn’t contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).
example in Camera.swift
func showCamera(_ call: CAPPluginCall) {
...
AVCaptureDevice.requestAccess(for: .video) { granted in
Affected platform
- Android
- [ x] iOS
- electron
- web
OS of the development machine
- Windows
- [x ] macOS
- linux
Other information:
Capacitor version: 1.2.0
node version: v10.16.1
npm version: 6.9.0
CocoaPods version: 1.7.5
Steps to reproduce:
Remove unused privacy explanation keys in Info.plist for those API’s you never call and upload to app store for a testflight.
For now I will place dummys as a workaround, but I think the core could potentially be split into modules that we can install when needed instead of having all the privacy API’s up front.
Issue Analytics
- State:
- Created 4 years ago
- Reactions:1
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@naranjamecanica yes I removed them since I don’t use them nor intend to. One workaround is to put in some dummy values, but I think it would be better if you can opt out of the ones you done use. It’s more clean in my opinion.
Thanks for the issue! This issue is being locked to prevent comments that are not relevant to the original issue. If this is still an issue with the latest version of Capacitor, please create a new issue and ensure the template is fully filled out.