Apple rejects all binaries built using this package, unless ALL permissions have purposes/reasons added in the .plist, even if the app is not using most of them...

[manuelgomes2]

Apple now rejects all apps, the error is as follows:

Missing Purpose String in Info.plist File - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSContactsUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data will be required to include a purpose string.If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).

Missing Purpose String in Info.plist File - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSCalendarsUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data will be required to include a purpose string.If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).

Missing Purpose String in Info.plist File - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSAppleMusicUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data will be required to include a purpose string.If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).

Missing Purpose String in Info.plist File - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSMotionUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data will be required to include a purpose string.If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).

Missing Purpose String in Info.plist File - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSSpeechRecognitionUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data will be required to include a purpose string.If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).

[mvanbeusekom]

@manuelgomes2 have you added the required permissions to your Info.plist file? You can check the Info.plist file of the example app (here) for examples?

[indiluk]

I think at least there should be an information for devs to add the required purpose strings on this Github project.

[rknell]

Yeah this is a bit of a disappointment, the geolocator package uses this package and I need to specify all the permissions.

I don't care about having to specify the permissions - but I do care if Apple starts asking questions about why I need to access apple music for an app that clearly has nothing to do with music.

I think this is a ticking time bomb and should be modularised.

[elricym]

This plugin handles too many permissions which is not necessary for just a geolocator. And it's not a very professional way in production. I'm very grateful for the works of the author but there should be an optimized approach of handling permissions. Or maybe simply integrate a specific permission handler inside of Geolocator. Thank you.

[firsthour]

I agree this project probably needs to be broken up, possibly one permission handler project per permission. I may tinker with ripping out everything not needed for geolocator to function.

[mortenboye]

I had the same issue, and did the quick and dirty fix that @firsthour mentioned.
Here is a fork, where everything but the location permissions are stripped out:
https://github.com/mortenboye/flutter-permission-handler

And here is a fork of geolocator that references the above fork:
https://github.com/mortenboye/flutter-geolocator

It's not pretty but it works.

[mvanbeusekom]

@manuelgomes2, @indiluk, @rknell, @elricym, @firsthour, @mortenboye, I have set out some probes with Google and Apple to see if there is a way to work around this issue. The plugin implements code for all SDKs that require user permissions and therefore the Apple analytics tools think we are actually using all the SDKs in our Apps (which is not the case).

Worst case scenario is that we will convert the Geolocator component back into handling it's own permissions and add a clear disclaimer to this components readme explaining this drawback on iOS.

Hopefully I will receive some useful feedback from Google (Flutter team) and/ or Apple to add some sort of compiler directives or conditional statements which allows us to only include that code/ SDKs that we are actually interested in.

I will follow up on this as soon as possible.

P.S. if any of you have a suggestion I would love to hear it of course.

[smiLLe]

@mvanbeusekom maybe an easy fix would be to update geolocator to use it's own permission handler? And long term would be to make permission-hanler more modular?

[rvera]

👍 on this issue, my app just got rejected because of this. At the very least, make this explicit on the project documentation.

[yvanvds]

👍 on this issue, my app just got rejected because of this. At the very least, make this explicit on the project documentation.

Same here. I wish I had known this when I implemented geolocator, instead of learning about when uploading my app to itunes (which is always the very last step because Android publishing is so much easier). Don't get me wrong: I am very grateful for you people sharing this library. But when you do explain in the docs about the location permissions, it would have helped a lot to mention this problem.

BTW: Waiting for Apple to comment on this mostly useless. They almost never answer. And the flutter team cannot do anything about this. It's been this way with iOS for as long as I know. Either you really use the permission, or you remove the offending code. I really doubt that they are willing to change that 'rule' because of flutter.

[rvera]

👍 on this issue, my app just got rejected because of this. At the very least, make this explicit on the project documentation.

Same here. I wish I had known this when I implemented geolocator, instead of learning about when uploading my app to itunes (which is always the very last step because Android publishing is so much easier). Don't get me wrong: I am very grateful for you people sharing this library. But when you do explain in the docs about the location permissions, it would have helped a lot to mention this problem.

BTW: Waiting for Apple to comment on this mostly useless. They almost never answer. And the flutter team cannot do anything about this. It's been this way with iOS for as long as I know. Either you really use the permission, or you remove the offending code. I really doubt that they are willing to change that 'rule' because of flutter.

@mortenboye made a fork which removes the extra fluff, I forked this and made this Swift 4.2 compatible if you wanna take a took and need a quick solution.

[lifenautjoe]

@BaseFlowIT do you have plans on updating this? It's pretty unusable atm... 🙏

[marilozgz]

Hi, any update?? Apple rejected all the time, all the strings added to plist, but still rejected.

[nabeelof]

@mortenboye your solution seems good for me but how to implement this fork in flutter. I didn't deal with forks before.I have read the readme but there is no different dependencies
Thank you

[mortenboye]

@nabeelof you would have to reference the git repo directly:

dependencies:
  geolocator:
    git: 'git@github.com:mortenboye/flutter-geolocator.git'

[smiLLe]

@nabeelof
non androidX

geolocator:
    git:
      url: https://github.com/mortenboye/flutter-geolocator.git
      ref: cd3de2ada46b0f124039c8a39298df1e4edada33

[nabeelof]

@mortenboye @smiLLe
I couldn't use git@github.com directly
I used
geolocator: git: url: https://github.com/mortenboye/flutter-geolocator.git ref: 0d635c3ddcc4fec775e85fc3971c87b486240a99
after I get the latest ref sha using
curl -i https://api.github.com/repos/mortenboye/flutter-geolocator/git/refs/

then I uploaded a new binary with new build number
but apple rejected with same email
sorry guys this is not working

[j3g]

from what I am understanding, this library only works for Android at this time. Someone please update the documentation.

[mvanbeusekom]

We are currently in the process of splitting up the permission_handler in smaller packages to work around this issue. These will become available to the open-source community and can be found here. At the moment we have extracted the code to request permissions for the location services and published it as a separate plugin. This means we will slowly be phasing out this plugin.

@smiLLe, @mortenboye, @nabeelof, we have recently release version 4.0.0 of the Geolocator plugin which now uses the location_permissions plugin to handle permissions. Meaning we no longer use the permission_handler to prevent this issue.

[j3g]

right on, i'm still newbie in dart and flutter or I would contribute...I'll try to share back in the future

[chenxianqi]

We are currently in the process of splitting up the permission_handler in smaller packages to work around this issue. These will become available to the open-source community and can be found here. At the moment we have extracted the code to request permissions for the location services and published it as a separate plugin. This means we will slowly be phasing out this plugin.

@smiLLe, @mortenboye, @nabeelof, we have recently release version 4.0.0 of the Geolocator plugin which now uses the location_permissions plugin to handle permissions. Meaning we no longer use the permission_handler to prevent this issue.

Hasn't other permissions been modularized separately yet?

[zhancheng]

why not delete the info.list in package and let user add their want in their project?

[jeanmatthieud]

FYI, I published two apps with dummy reasons in the plist file for all the permissions I'm not using, and Apple approved the releases.

[mZadorskii]

Baseflow/flutter-permission-plugins#12

[chris-wickens]

Are there any consequences to the user for adding permission strings that we don't use? For instance, if I add a geolocation permission string but never request geolocation, would users be warned on the app store that the app may request their location?

[ThinkDigitalSoftware]

@Rekubot I want to know this too. I believe Apple shows the messages only when used, so it wouldn't be shown. I just feel weird making up fake reasons.

[kinex]

@Rekubot @ThinkDigitalSoftware I have a clear opinion about this: you should absolutely NOT do it.

Firstly, it simply does not make any sense. Basic idea of permissions is that you add only permission you need. Otherwise we would not need permissions at all. There are good reasons why required permissions need to be defined for each app. It is question of user's privacy and security.

Most importantly it may be a security risk to user's device if there is an app with all possible permissions. Even if your own app behaves correctly, some other app (malware) or even a 3rd party lib you are using could in theory use your app (as it has all permissions) to attack user's device. Maybe it is possible in iOS, maybe not. But better not to give them even a chance. If I knew some app in my device has all permissions even if it doesn't really use them, I would uninstall it immediately, give it 1 star and most probably also report the app to Apple as a possible malware.

So adding all permissions is the worst workaround ever. Don't do it.

[ThinkDigitalSoftware]

The alternative is not to use this plugin or not to publish. My app doesn’t have any code to access these unused permissions and it doesn’t request them either. Even still, the user would have to allow them at the time of use first, which makes my app actually safer than any others that request these permissions and actually use them, right?

…

On Jul 22, 2019, at 2:28 PM, kinex ***@***.***> wrote: @Rekubot <https://github.com/Rekubot> @ThinkDigitalSoftware <https://github.com/ThinkDigitalSoftware> I have a clear opinion about this: you should absolutely NOT do it. Firstly, it simply does not make any sense. Basic idea of permissions is that you add only permission you need. Otherwise we would not need permissions at all. There are good reasons why required permissions need to be defined for each app. It is question of user's privacy and security. Most importantly it may be a security risk to user's device if there is an app with all possible permissions. Even if your own app behaves correctly, some other app (malware) or even a 3rd party lib you are using could in theory use your app (as it has all permissions) to attack user's device. Maybe it is possible in iOS, maybe not. But better not to give them even a chance. If I knew some app in my device has all permissions even if it doesn't really use them, I would uninstall it immediately, give it 1 star and most probably also report the app to Apple as a possible malware. So adding all permissions is the worst workaround ever. Don't do it. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#26>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AFPYO7J6ZQV5EV4YEV7KP6DQAYRATANCNFSM4FVQWVWQ>.

[kinex]

@ThinkDigitalSoftware You can fork this plugin and remove extra stuff as suggested in earlier comments. There are also other similar plugins available, not sure if they have the same issue. Or wait until this plugin gets fixed. I have not started my iOS project yet, so my own plan is still open.

[yanqiuLove]

嗨，任何更新？Apple一直拒绝，所有字符串都添加到plist中，但仍被拒绝。

在info.plist中添加相关配置如果APP实际用不到这些权限的话肯定会被拒的，苹果要求每一项权限都有合理的使用地方

[remoteportal]

I'm using a DIFFERENT permissions package but it has the SAME problem; permission_handler.

[ty0x2333]

@martijn00 @mvanbeusekom I submitted a pull request to solve this problem: #182

[GioPan04]

If anyone is interested in getting just storage permissions, y just forked the repo into a new one where I removed all the permissions but storage. The new repo is flutter-storage-permission-handler.

You can include it in your project by adding this dependency to your pubscpec.yaml file:

dependencies:
  flutter:
    sdk: flutter

  permission_handler:
    git: https://github.com/ramoncardena/flutter-sotrage-permission-handler

@ramoncardena In Android I get PermissionStatus.unknown when I try to check the storage permission

[GioPan04]

I used @ty0x2333 PR, and works perfectly. Thanks!
I don't know why they refused the PR in the code review...

[mvanbeusekom]

As of version 4.1.0 (released 10th of January) it is now possible to use the solution provided by @ty0x2333 to remove not needed permissions.

[yamdkh]

Hello dears I have found the solution for this issue, Just go to this path down

ios/.symlinks/plugins/permission_handler/ios/Classes/PermissionHandlerEnums.h

• then change the permission you don't want to 0 instead of one -

then clean and restart your idea then build

Thanks,

[VictorUvarov]

Flutter 1.20 changed the podfile and the solution no longer works

[xafgun]

Flutter 1.20 changed the podfile and the solution no longer works

+1 I have tried changes which writen on IOS side at plugin; but it doesn't work.

[scaraux]

Flutter 1.20 changed the podfile and the solution no longer works

+1 I have tried changes which writen on IOS side at plugin; but it doesn't work.

I am using Flutter 1.20.2, and the following Podfile configuration works. If it does not, then you probably have one more library requesting unwanted permissions.

post_install do |installer|
  installer.pods_project.targets.each do |target|
    target.build_configurations.each do |config|
      config.build_settings['ENABLE_BITCODE'] = 'NO'
      config.build_settings['GCC_PREPROCESSOR_DEFINITIONS'] ||= [
        '$(inherited)',
        ## dart: PermissionGroup.calendar
        'PERMISSION_EVENTS=0',

        ## dart: PermissionGroup.reminders
        'PERMISSION_REMINDERS=0',

        ## dart: PermissionGroup.contacts
        # 'PERMISSION_CONTACTS=0',

        ## dart: PermissionGroup.camera
        'PERMISSION_CAMERA=0',

        ## dart: PermissionGroup.microphone
        'PERMISSION_MICROPHONE=0',

        ## dart: PermissionGroup.speech
        'PERMISSION_SPEECH_RECOGNIZER=0',

        ## dart: PermissionGroup.photos
        'PERMISSION_PHOTOS=0',

        ## dart: [PermissionGroup.location, PermissionGroup.locationAlways, PermissionGroup.locationWhenInUse]
        'PERMISSION_LOCATION=0',

        ## dart: PermissionGroup.notification
        # 'PERMISSION_NOTIFICATIONS=0',

        ## dart: PermissionGroup.mediaLibrary
        'PERMISSION_MEDIA_LIBRARY=0',

        ## dart: PermissionGroup.sensors
        'PERMISSION_SENSORS=0'
      ]
    end
    flutter_additional_ios_build_settings(target)
  end
end

Please see 671992982

[AnkitPanchal10]

Flutter 1.20 changed the podfile and the solution no longer works

+1 I have tried changes which writen on IOS side at plugin; but it doesn't work.

I am using Flutter 1.20.2, and the following Podfile configuration works. If it does not, then you probably have one more library requesting unwanted permissions.

post_install do |installer|
  installer.pods_project.targets.each do |target|
    target.build_configurations.each do |config|
      config.build_settings['ENABLE_BITCODE'] = 'NO'
      config.build_settings['GCC_PREPROCESSOR_DEFINITIONS'] ||= [
        '$(inherited)',
        ## dart: PermissionGroup.calendar
        'PERMISSION_EVENTS=0',

        ## dart: PermissionGroup.reminders
        'PERMISSION_REMINDERS=0',

        ## dart: PermissionGroup.contacts
        # 'PERMISSION_CONTACTS=0',

        ## dart: PermissionGroup.camera
        'PERMISSION_CAMERA=0',

        ## dart: PermissionGroup.microphone
        'PERMISSION_MICROPHONE=0',

        ## dart: PermissionGroup.speech
        'PERMISSION_SPEECH_RECOGNIZER=0',

        ## dart: PermissionGroup.photos
        'PERMISSION_PHOTOS=0',

        ## dart: [PermissionGroup.location, PermissionGroup.locationAlways, PermissionGroup.locationWhenInUse]
        'PERMISSION_LOCATION=0',

        ## dart: PermissionGroup.notification
        # 'PERMISSION_NOTIFICATIONS=0',

        ## dart: PermissionGroup.mediaLibrary
        'PERMISSION_MEDIA_LIBRARY=0',

        ## dart: PermissionGroup.sensors
        'PERMISSION_SENSORS=0'
      ]
    end
    flutter_additional_ios_build_settings(target)
  end
end

Please see 671992982

If there is any other library that is using the permission, then is there any way we can identify which library is that?

[bartekpacia]

any solution?

[smolugu]

@ty0x2333 @mvanbeusekom
As of version 4.1.0 (released 10th of January) it is now possible to use the solution provided by @ty0x2333 to remove not needed permissions.

Does this mean this package can be used without the risk of getting rejected by apple.

I need access to location, bluetooth and camera in my app.

I am a bit confused after going through this post as I am new to app development.

Regards,
Shyam.

[cormalenv]

@smolugu you have likely already tested this but for the sake of answering the question for others, yes this does prevent rejection by Apple.

[Antol]

I've got my app rejected with a message

"ITMS-90683: Missing Purpose String in Info.plist - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSContactsUsageDescription key with a user-facing purpose string explaining clearly and..."

I use permission_handler: 5.0.0+hotfix.4
But I turned off usage of Contacts in Podfile

    ## dart: PermissionGroup.contacts    
    'PERMISSION_CONTACTS=0',    

What may cause a problem? I need help

[NieYinlong]

`config.build_settings['ENABLE_BITCODE'] = 'NO'
# Here are some configurations automatically generated by flutter # You can remove unused permissions here

        # for more infomation: https://github.com/BaseflowIT/flutter-permission-handler/blob/develop/ios/Classes/PermissionHandlerEnums.h

        # eg when you don't need camera permission, just add 'PERMISSION_CAMERA=0'

        config.build_settings['GCC_PREPROCESSOR_DEFINITIONS'] ||= [ '$(inherited)',

        ## dart: PermissionGroup.calendar

          'PERMISSION_EVENTS=0',

        ## dart: PermissionGroup.reminders

          'PERMISSION_REMINDERS=0',

        ## dart: PermissionGroup.contacts

          'PERMISSION_CONTACTS=0',

        ## dart: PermissionGroup.microphone

          'PERMISSION_MICROPHONE=0',

        ## dart: PermissionGroup.speech

          'PERMISSION_SPEECH_RECOGNIZER=0',

        ## dart: PermissionGroup.photos

          'PERMISSION_PHOTOS=0',

        ## dart: PermissionGroup.notification

          'PERMISSION_NOTIFICATIONS=0',

        ## dart: PermissionGroup.mediaLibrary

          'PERMISSION_MEDIA_LIBRARY=0',

        ## dart: PermissionGroup.sensors

          'PERMISSION_SENSORS=0' ]`

I had add these, but Apple reject it also. how to resolve it?

[LucasHenriqueAbreu]

My app was rejected by NSAppleMusicUsageDescription.

[mvanbeusekom]

My app was rejected by NSAppleMusicUsageDescription.

This issue has been resolved some time ago. Instructions on how to setup iOS correctly can be found in the README under the "iOS" section. It requires you to register some macros in your ios/Podfile and enable the permissions you require in your project.

Of course you still need to make sure you add valid descriptions to your ios/Runner/Info.plist file for the permissions your project requires.

[EinatK]

@mvanbeusekom the solution doesn't work. I enabled only the used permissions in my pod file and i'm still getting rejected for stuff i'm not asking for such as media, movement and more.

This is the relevant part of my podfile

post_install do |installer|
  installer.pods_project.targets.each do |target|
    flutter_additional_ios_build_settings(target)
    target.build_configurations.each do |config|
      config.build_settings['IPHONEOS_DEPLOYMENT_TARGET'] = '11.0'
      config.build_settings["EXCLUDED_ARCHS[sdk=iphonesimulator*]"] = "arm64"
      
      config.build_settings['GCC_PREPROCESSOR_DEFINITIONS'] ||= [
        '$(inherited)',

        ## dart: PermissionGroup.calendar
         'PERMISSION_EVENTS=1',

        ## dart: PermissionGroup.reminders
        # 'PERMISSION_REMINDERS=1',

        ## dart: PermissionGroup.contacts
         'PERMISSION_CONTACTS=1',

        ## dart: PermissionGroup.camera
         'PERMISSION_CAMERA=1',

        ## dart: PermissionGroup.microphone
        # 'PERMISSION_MICROPHONE=1',

        ## dart: PermissionGroup.speech
        # 'PERMISSION_SPEECH_RECOGNIZER=1',

        ## dart: PermissionGroup.photos
         'PERMISSION_PHOTOS=1',

        ## dart: [PermissionGroup.location, PermissionGroup.locationAlways, PermissionGroup.locationWhenInUse]
         'PERMISSION_LOCATION=1',

        ## dart: PermissionGroup.notification
         'PERMISSION_NOTIFICATIONS=1',

        ## dart: PermissionGroup.mediaLibrary
        # 'PERMISSION_MEDIA_LIBRARY=1',

        ## dart: PermissionGroup.sensors
        # 'PERMISSION_SENSORS=1',

        ## dart: PermissionGroup.bluetooth
         'PERMISSION_BLUETOOTH=1',

        ## dart: PermissionGroup.appTrackingTransparency
        # 'PERMISSION_APP_TRACKING_TRANSPARENCY=1',

        ## dart: PermissionGroup.criticalAlerts
        # 'PERMISSION_CRITICAL_ALERTS=1'
      ]
    end
  end
end

Getting rejected for NSAppleMusicUsageDescription, NSMotionUsageDescription and NSSpeechRecognitionUsageDescription being missing.

[mvanbeusekom]

@EinatK, which version of the permission_handler are you using? Could you open a new issue with the following information:

1. The version of the permission_handler you are using;
2. The relevant part of your ios/Podfile (as listed above);
3. The output of the flutter doctor -v command.

Note that specifically enabling permissions is only supported from version 8.0.0. In versions before 8.0.0 the logic was switch around and permissions where enabled by default and you had to explicitly disable permission in your podfile.