Apple rejects all binaries built using this package, unless ALL permissions have purposes/reasons added in the .plist, even if the app is not using most of them...
manuelgomes2 opened this issue · comments
Apple now rejects all apps, the error is as follows:
Missing Purpose String in Info.plist File - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSContactsUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data will be required to include a purpose string.If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).
Missing Purpose String in Info.plist File - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSCalendarsUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data will be required to include a purpose string.If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).
Missing Purpose String in Info.plist File - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSAppleMusicUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data will be required to include a purpose string.If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).
Missing Purpose String in Info.plist File - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSMotionUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data will be required to include a purpose string.If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).
Missing Purpose String in Info.plist File - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSSpeechRecognitionUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data will be required to include a purpose string.If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).
@manuelgomes2 have you added the required permissions to your Info.plist file? You can check the Info.plist file of the example app (here) for examples?
I think at least there should be an information for devs to add the required purpose strings on this Github project.
Yeah this is a bit of a disappointment, the geolocator package uses this package and I need to specify all the permissions.
I don't care about having to specify the permissions - but I do care if Apple starts asking questions about why I need to access apple music for an app that clearly has nothing to do with music.
I think this is a ticking time bomb and should be modularised.
This plugin handles too many permissions which is not necessary for just a geolocator. And it's not a very professional way in production. I'm very grateful for the works of the author but there should be an optimized approach of handling permissions. Or maybe simply integrate a specific permission handler inside of Geolocator. Thank you.
I agree this project probably needs to be broken up, possibly one permission handler project per permission. I may tinker with ripping out everything not needed for geolocator to function.
I had the same issue, and did the quick and dirty fix that @firsthour mentioned.
Here is a fork, where everything but the location permissions are stripped out:
https://github.com/mortenboye/flutter-permission-handler
And here is a fork of geolocator that references the above fork:
https://github.com/mortenboye/flutter-geolocator
It's not pretty but it works.
@manuelgomes2, @indiluk, @rknell, @elricym, @firsthour, @mortenboye, I have set out some probes with Google and Apple to see if there is a way to work around this issue. The plugin implements code for all SDKs that require user permissions and therefore the Apple analytics tools think we are actually using all the SDKs in our Apps (which is not the case).
Worst case scenario is that we will convert the Geolocator component back into handling it's own permissions and add a clear disclaimer to this components readme explaining this drawback on iOS.
Hopefully I will receive some useful feedback from Google (Flutter team) and/ or Apple to add some sort of compiler directives or conditional statements which allows us to only include that code/ SDKs that we are actually interested in.
I will follow up on this as soon as possible.
P.S. if any of you have a suggestion I would love to hear it of course.
@mvanbeusekom maybe an easy fix would be to update geolocator to use it's own permission handler? And long term would be to make permission-hanler more modular?
👍 on this issue, my app just got rejected because of this. At the very least, make this explicit on the project documentation.
👍 on this issue, my app just got rejected because of this. At the very least, make this explicit on the project documentation.
Same here. I wish I had known this when I implemented geolocator, instead of learning about when uploading my app to itunes (which is always the very last step because Android publishing is so much easier). Don't get me wrong: I am very grateful for you people sharing this library. But when you do explain in the docs about the location permissions, it would have helped a lot to mention this problem.
BTW: Waiting for Apple to comment on this mostly useless. They almost never answer. And the flutter team cannot do anything about this. It's been this way with iOS for as long as I know. Either you really use the permission, or you remove the offending code. I really doubt that they are willing to change that 'rule' because of flutter.
👍 on this issue, my app just got rejected because of this. At the very least, make this explicit on the project documentation.
Same here. I wish I had known this when I implemented geolocator, instead of learning about when uploading my app to itunes (which is always the very last step because Android publishing is so much easier). Don't get me wrong: I am very grateful for you people sharing this library. But when you do explain in the docs about the location permissions, it would have helped a lot to mention this problem.
BTW: Waiting for Apple to comment on this mostly useless. They almost never answer. And the flutter team cannot do anything about this. It's been this way with iOS for as long as I know. Either you really use the permission, or you remove the offending code. I really doubt that they are willing to change that 'rule' because of flutter.
@mortenboye made a fork which removes the extra fluff, I forked this and made this Swift 4.2 compatible if you wanna take a took and need a quick solution.
@BaseFlowIT do you have plans on updating this? It's pretty unusable atm... 🙏
Hi, any update?? Apple rejected all the time, all the strings added to plist, but still rejected.
@mortenboye your solution seems good for me but how to implement this fork in flutter. I didn't deal with forks before.I have read the readme but there is no different dependencies
Thank you
@nabeelof you would have to reference the git repo directly:
dependencies:
geolocator:
git: 'git@github.com:mortenboye/flutter-geolocator.git'
@nabeelof
non androidX
geolocator:
git:
url: https://github.com/mortenboye/flutter-geolocator.git
ref: cd3de2ada46b0f124039c8a39298df1e4edada33
@mortenboye @smiLLe
I couldn't use git@github.com directly
I used
geolocator: git: url: https://github.com/mortenboye/flutter-geolocator.git ref: 0d635c3ddcc4fec775e85fc3971c87b486240a99
after I get the latest ref sha using
curl -i https://api.github.com/repos/mortenboye/flutter-geolocator/git/refs/
then I uploaded a new binary with new build number
but apple rejected with same email
sorry guys this is not working
from what I am understanding, this library only works for Android at this time. Someone please update the documentation.
We are currently in the process of splitting up the permission_handler in smaller packages to work around this issue. These will become available to the open-source community and can be found here. At the moment we have extracted the code to request permissions for the location services and published it as a separate plugin. This means we will slowly be phasing out this plugin.
@smiLLe, @mortenboye, @nabeelof, we have recently release version 4.0.0 of the Geolocator plugin which now uses the location_permissions plugin to handle permissions. Meaning we no longer use the permission_handler to prevent this issue.
right on, i'm still newbie in dart and flutter or I would contribute...I'll try to share back in the future
We are currently in the process of splitting up the
permission_handlerin smaller packages to work around this issue. These will become available to the open-source community and can be found here. At the moment we have extracted the code to request permissions for the location services and published it as a separate plugin. This means we will slowly be phasing out this plugin.@smiLLe, @mortenboye, @nabeelof, we have recently release version 4.0.0 of the Geolocator plugin which now uses the
location_permissionsplugin to handle permissions. Meaning we no longer use thepermission_handlerto prevent this issue.
Hasn't other permissions been modularized separately yet?
why not delete the info.list in package and let user add their want in their project?
FYI, I published two apps with dummy reasons in the plist file for all the permissions I'm not using, and Apple approved the releases.
Are there any consequences to the user for adding permission strings that we don't use? For instance, if I add a geolocation permission string but never request geolocation, would users be warned on the app store that the app may request their location?
@Rekubot I want to know this too. I believe Apple shows the messages only when used, so it wouldn't be shown. I just feel weird making up fake reasons.
@Rekubot @ThinkDigitalSoftware I have a clear opinion about this: you should absolutely NOT do it.
Firstly, it simply does not make any sense. Basic idea of permissions is that you add only permission you need. Otherwise we would not need permissions at all. There are good reasons why required permissions need to be defined for each app. It is question of user's privacy and security.
Most importantly it may be a security risk to user's device if there is an app with all possible permissions. Even if your own app behaves correctly, some other app (malware) or even a 3rd party lib you are using could in theory use your app (as it has all permissions) to attack user's device. Maybe it is possible in iOS, maybe not. But better not to give them even a chance. If I knew some app in my device has all permissions even if it doesn't really use them, I would uninstall it immediately, give it 1 star and most probably also report the app to Apple as a possible malware.
So adding all permissions is the worst workaround ever. Don't do it.
@ThinkDigitalSoftware You can fork this plugin and remove extra stuff as suggested in earlier comments. There are also other similar plugins available, not sure if they have the same issue. Or wait until this plugin gets fixed. I have not started my iOS project yet, so my own plan is still open.
嗨,任何更新?Apple一直拒绝,所有字符串都添加到plist中,但仍被拒绝。
在info.plist中添加相关配置如果APP实际用不到这些权限的话肯定会被拒的,苹果要求每一项权限都有合理的使用地方
Add not used permissions with any string value and your binary will be accepted
In review apple don't care about unused permissions because it not appears to user so this is secure because permission not allowed until user allow it
I did that and my app now on app store
@nabeelof that is not always correct. There are many different Apple reviewers, they review differently (fortunately or unfortunately).
A month ago, reviewers asked me why do I need a permission for background music playback, because when they did a review, they didn't trigger the player which appears only on some specific conditions. So, I had to explain and show the video with a player which could play a long audio file, off course it also should play in background mode.
Any update on the progress of this?
I see there's a package for the location permissions, any plan on continuing with other permissions?
Great library and thank you for the hard work to build this out. It's become a staple of our new permission handling.
But I would highly recommend documenting the required changes to plist for the new permissions. Had a bit of a frustrated morning with our testers today when the new build didn't show up due to rejection and had to have a meeting to discuss the implications of the new permission requirements.
@mvanbeusekom could you give us an update on whether/how you plan to go forward with this issue?
I'm planning on releasing an iOS version of my app in the near future and need to make a decision whether to use a (future) version of this library which is compliant with the App Store guidelines or switch to a different means of permission handling.
Thanks a lot!
If you like to see how I removed permissions, that I did not need, you can look at my fork:
https://github.com/masewo/flutter-permission-handler
Great library and thank you for the hard work to build this out. It's become a staple of our new permission handling.
But I would highly recommend documenting the required changes to plist for the new permissions. Had a bit of a frustrated morning with our testers today when the new build didn't show up due to rejection and had to have a meeting to discuss the implications of the new permission requirements.
Agree with indiestream. Spent days trying to debug this issue. IDE would simply lose connection to device without ability to catch error so impossible to track down. As soon as plist updated no problems.
If you like to see how I removed permissions, that I did not need, you can look at my fork:
https://github.com/masewo/flutter-permission-handler
can you describe it?
Is there an update on this? I see there's some new versions released of the package.
I removed some permissions , remaining [ camera, location, locationAlways, locationWhenInUse, microphone, photos, notification, unknown], you guys can look at my fork https://github.com/bestK/flutter-permission-handler
Hi bestK, tried it out, however when requesting permissions I'm getting unknown status all the time.
@lifenautjoe Hey dude,maye you need try it flutter clean or reinstall package
If anyone is interested in getting just storage permissions, y just forked the repo into a new one where I removed all the permissions but storage. The new repo is flutter-storage-permission-handler.
You can include it in your project by adding this dependency to your pubscpec.yaml file:
dependencies:
flutter:
sdk: flutter
permission_handler:
git: https://github.com/ramoncardena/flutter-sotrage-permission-handler
I'm using a DIFFERENT permissions package but it has the SAME problem; permission_handler.
@martijn00 @mvanbeusekom I submitted a pull request to solve this problem: #182
If anyone is interested in getting just storage permissions, y just forked the repo into a new one where I removed all the permissions but storage. The new repo is flutter-storage-permission-handler.
You can include it in your project by adding this dependency to your
pubscpec.yamlfile:dependencies: flutter: sdk: flutter permission_handler: git: https://github.com/ramoncardena/flutter-sotrage-permission-handler
@ramoncardena In Android I get PermissionStatus.unknown when I try to check the storage permission
I used @ty0x2333 PR, and works perfectly. Thanks!
I don't know why they refused the PR in the code review...
As of version 4.1.0 (released 10th of January) it is now possible to use the solution provided by @ty0x2333 to remove not needed permissions.
Hello dears I have found the solution for this issue, Just go to this path down
ios/.symlinks/plugins/permission_handler/ios/Classes/PermissionHandlerEnums.h
- then change the permission you don't want to 0 instead of one -
then clean and restart your idea then build
Thanks,
Flutter 1.20 changed the podfile and the solution no longer works
Flutter 1.20 changed the podfile and the solution no longer works
+1 I have tried changes which writen on IOS side at plugin; but it doesn't work.
Flutter 1.20 changed the podfile and the solution no longer works
+1 I have tried changes which writen on IOS side at plugin; but it doesn't work.
I am using Flutter 1.20.2, and the following Podfile configuration works. If it does not, then you probably have one more library requesting unwanted permissions.
post_install do |installer|
installer.pods_project.targets.each do |target|
target.build_configurations.each do |config|
config.build_settings['ENABLE_BITCODE'] = 'NO'
config.build_settings['GCC_PREPROCESSOR_DEFINITIONS'] ||= [
'$(inherited)',
## dart: PermissionGroup.calendar
'PERMISSION_EVENTS=0',
## dart: PermissionGroup.reminders
'PERMISSION_REMINDERS=0',
## dart: PermissionGroup.contacts
# 'PERMISSION_CONTACTS=0',
## dart: PermissionGroup.camera
'PERMISSION_CAMERA=0',
## dart: PermissionGroup.microphone
'PERMISSION_MICROPHONE=0',
## dart: PermissionGroup.speech
'PERMISSION_SPEECH_RECOGNIZER=0',
## dart: PermissionGroup.photos
'PERMISSION_PHOTOS=0',
## dart: [PermissionGroup.location, PermissionGroup.locationAlways, PermissionGroup.locationWhenInUse]
'PERMISSION_LOCATION=0',
## dart: PermissionGroup.notification
# 'PERMISSION_NOTIFICATIONS=0',
## dart: PermissionGroup.mediaLibrary
'PERMISSION_MEDIA_LIBRARY=0',
## dart: PermissionGroup.sensors
'PERMISSION_SENSORS=0'
]
end
flutter_additional_ios_build_settings(target)
end
end
Please see 671992982
Flutter 1.20 changed the podfile and the solution no longer works
+1 I have tried changes which writen on IOS side at plugin; but it doesn't work.
I am using Flutter 1.20.2, and the following Podfile configuration works. If it does not, then you probably have one more library requesting unwanted permissions.
post_install do |installer| installer.pods_project.targets.each do |target| target.build_configurations.each do |config| config.build_settings['ENABLE_BITCODE'] = 'NO' config.build_settings['GCC_PREPROCESSOR_DEFINITIONS'] ||= [ '$(inherited)', ## dart: PermissionGroup.calendar 'PERMISSION_EVENTS=0', ## dart: PermissionGroup.reminders 'PERMISSION_REMINDERS=0', ## dart: PermissionGroup.contacts # 'PERMISSION_CONTACTS=0', ## dart: PermissionGroup.camera 'PERMISSION_CAMERA=0', ## dart: PermissionGroup.microphone 'PERMISSION_MICROPHONE=0', ## dart: PermissionGroup.speech 'PERMISSION_SPEECH_RECOGNIZER=0', ## dart: PermissionGroup.photos 'PERMISSION_PHOTOS=0', ## dart: [PermissionGroup.location, PermissionGroup.locationAlways, PermissionGroup.locationWhenInUse] 'PERMISSION_LOCATION=0', ## dart: PermissionGroup.notification # 'PERMISSION_NOTIFICATIONS=0', ## dart: PermissionGroup.mediaLibrary 'PERMISSION_MEDIA_LIBRARY=0', ## dart: PermissionGroup.sensors 'PERMISSION_SENSORS=0' ] end flutter_additional_ios_build_settings(target) end endPlease see 671992982
If there is any other library that is using the permission, then is there any way we can identify which library is that?
any solution?
@ty0x2333 @mvanbeusekom
As of version 4.1.0 (released 10th of January) it is now possible to use the solution provided by @ty0x2333 to remove not needed permissions.
Does this mean this package can be used without the risk of getting rejected by apple.
I need access to location, bluetooth and camera in my app.
I am a bit confused after going through this post as I am new to app development.
Regards,
Shyam.
@smolugu you have likely already tested this but for the sake of answering the question for others, yes this does prevent rejection by Apple.
I've got my app rejected with a message
"ITMS-90683: Missing Purpose String in Info.plist - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSContactsUsageDescription key with a user-facing purpose string explaining clearly and..."
I use permission_handler: 5.0.0+hotfix.4
But I turned off usage of Contacts in Podfile
## dart: PermissionGroup.contacts
'PERMISSION_CONTACTS=0',
What may cause a problem? I need help
`config.build_settings['ENABLE_BITCODE'] = 'NO'
# Here are some configurations automatically generated by flutter # You can remove unused permissions here
# for more infomation: https://github.com/BaseflowIT/flutter-permission-handler/blob/develop/ios/Classes/PermissionHandlerEnums.h
# eg when you don't need camera permission, just add 'PERMISSION_CAMERA=0'
config.build_settings['GCC_PREPROCESSOR_DEFINITIONS'] ||= [ '$(inherited)',
## dart: PermissionGroup.calendar
'PERMISSION_EVENTS=0',
## dart: PermissionGroup.reminders
'PERMISSION_REMINDERS=0',
## dart: PermissionGroup.contacts
'PERMISSION_CONTACTS=0',
## dart: PermissionGroup.microphone
'PERMISSION_MICROPHONE=0',
## dart: PermissionGroup.speech
'PERMISSION_SPEECH_RECOGNIZER=0',
## dart: PermissionGroup.photos
'PERMISSION_PHOTOS=0',
## dart: PermissionGroup.notification
'PERMISSION_NOTIFICATIONS=0',
## dart: PermissionGroup.mediaLibrary
'PERMISSION_MEDIA_LIBRARY=0',
## dart: PermissionGroup.sensors
'PERMISSION_SENSORS=0' ]`
I had add these, but Apple reject it also. how to resolve it?
My app was rejected by NSAppleMusicUsageDescription.
My app was rejected by NSAppleMusicUsageDescription.
This issue has been resolved some time ago. Instructions on how to setup iOS correctly can be found in the README under the "iOS" section. It requires you to register some macros in your ios/Podfile and enable the permissions you require in your project.
Of course you still need to make sure you add valid descriptions to your ios/Runner/Info.plist file for the permissions your project requires.
@mvanbeusekom the solution doesn't work. I enabled only the used permissions in my pod file and i'm still getting rejected for stuff i'm not asking for such as media, movement and more.
This is the relevant part of my podfile
post_install do |installer|
installer.pods_project.targets.each do |target|
flutter_additional_ios_build_settings(target)
target.build_configurations.each do |config|
config.build_settings['IPHONEOS_DEPLOYMENT_TARGET'] = '11.0'
config.build_settings["EXCLUDED_ARCHS[sdk=iphonesimulator*]"] = "arm64"
config.build_settings['GCC_PREPROCESSOR_DEFINITIONS'] ||= [
'$(inherited)',
## dart: PermissionGroup.calendar
'PERMISSION_EVENTS=1',
## dart: PermissionGroup.reminders
# 'PERMISSION_REMINDERS=1',
## dart: PermissionGroup.contacts
'PERMISSION_CONTACTS=1',
## dart: PermissionGroup.camera
'PERMISSION_CAMERA=1',
## dart: PermissionGroup.microphone
# 'PERMISSION_MICROPHONE=1',
## dart: PermissionGroup.speech
# 'PERMISSION_SPEECH_RECOGNIZER=1',
## dart: PermissionGroup.photos
'PERMISSION_PHOTOS=1',
## dart: [PermissionGroup.location, PermissionGroup.locationAlways, PermissionGroup.locationWhenInUse]
'PERMISSION_LOCATION=1',
## dart: PermissionGroup.notification
'PERMISSION_NOTIFICATIONS=1',
## dart: PermissionGroup.mediaLibrary
# 'PERMISSION_MEDIA_LIBRARY=1',
## dart: PermissionGroup.sensors
# 'PERMISSION_SENSORS=1',
## dart: PermissionGroup.bluetooth
'PERMISSION_BLUETOOTH=1',
## dart: PermissionGroup.appTrackingTransparency
# 'PERMISSION_APP_TRACKING_TRANSPARENCY=1',
## dart: PermissionGroup.criticalAlerts
# 'PERMISSION_CRITICAL_ALERTS=1'
]
end
end
end
Getting rejected for NSAppleMusicUsageDescription, NSMotionUsageDescription and NSSpeechRecognitionUsageDescription being missing.
@EinatK, which version of the permission_handler are you using? Could you open a new issue with the following information:
- The version of the permission_handler you are using;
- The relevant part of your
ios/Podfile(as listed above); - The output of the
flutter doctor -vcommand.
Note that specifically enabling permissions is only supported from version 8.0.0. In versions before 8.0.0 the logic was switch around and permissions where enabled by default and you had to explicitly disable permission in your podfile.