ITMS-90683: Missing Purpose String in Info.plist NSCameraUsageDescription

Question

I upload my app in app store successfully.

App store send me an email like this:

App Store Connect

Dear Developer,

We identified one or more issues with a recent delivery for your app, "Kupona Online" 1.0.2 (1.2). Please correct the following issues, then upload again.

ITMS-90683: Missing Purpose String in Info.plist - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSCameraUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data are required to include a purpose string. If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).

Best regards,

The App Store Team

To fix this error I put in Info.plist in Xcode 10.2.1 like in this:

but nothing happens. App store send me always this error.

How do I fix this error?

Answer 1

For NSCameraUsageDescription, Add the exact purpose of using camera in the Value column. For example,

Answer 2

Folks are saying they're getting rejected even though they're not request access to camera. You have to know that Apple will scan your code with their static analysis tools. And even if you have this protected behind a feature flag, still the app store review process would reject your app. Because they don't know when you'll turn that feature flag on.

Additionally you could get this issue if a third-party service has a camera access related code in their code. Again even if you don't hit that line (of the 3rd party framework), you'd need that key in.

But then I've had issues where we've added that plist in, but then the app store review team was never able to test it out because the feature was protected by a feature flag. And because they couldn't test it, they didn't approve it ¯\ (ツ) /¯

Last but not least, if you did really need that key in your plist, then make sure its reasoning is generic enough to cover all cases e.g. If you need access to the camera for both take profile pictures and scanning QR code, then given that your app can request access for the camera at either the profile picture step or at scanning a PR code, then your description in the plist should cover both features, not just one of them. If you say "need access to take profile photos" then there is a chance that you could rejected if user hits the QR flow first but sees you're requesting access to take a profile photo. Hence you should say "need access to take profile photos and QR code scan for new devices"

tl;dr identify where in your app flow you're requesting access. If you need it then add its key/value in your plist. If you don't need it then comment out that line. You shouldn't just add the plist just for the sake of passing an app store review. It could fail but it also can happen to succeed, but then in a future release it would succeed...