App rejected for referencing (while not using) APIs that access sensitive user data
See original GitHub issueDescription of the problem:
It seems that @capacitor/core
code references APIs that access sensitive user data. In this case it’s the photo library.
I’m not calling any of the functions that request authorisation to use the API, but it seems that apple will now check the code up front and if you reference any of these sensitive API’s which capacitor does with its native plugin core the will reject it with a warning.
ITMS-90683: Missing Purpose String in Info.plist - Your app’s code references one or more APIs that access sensitive user data. The app’s Info.plist file should contain a NSPhotoLibraryUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data are required to include a purpose string. If you’re using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn’t contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).
example in Camera.swift
func showCamera(_ call: CAPPluginCall) {
...
AVCaptureDevice.requestAccess(for: .video) { granted in
Affected platform
- Android
- [ x] iOS
- electron
- web
OS of the development machine
- Windows
- [x ] macOS
- linux
Other information:
Capacitor version: 1.2.0
node version: v10.16.1
npm version: 6.9.0
CocoaPods version: 1.7.5
Steps to reproduce:
Remove unused privacy explanation keys in Info.plist
for those API’s you never call and upload to app store for a testflight.
For now I will place dummys as a workaround, but I think the core could potentially be split into modules that we can install when needed instead of having all the privacy API’s up front.
Issue Analytics
- State:
- Created 4 years ago
- Reactions:1
- Comments:5 (2 by maintainers)
Top GitHub Comments
@naranjamecanica yes I removed them since I don’t use them nor intend to. One workaround is to put in some dummy values, but I think it would be better if you can opt out of the ones you done use. It’s more clean in my opinion.
Thanks for the issue! This issue is being locked to prevent comments that are not relevant to the original issue. If this is still an issue with the latest version of Capacitor, please create a new issue and ensure the template is fully filled out.