bug: Request for location and push messages permission without using related plugin

[basvdijk]

Bug Report

Capacitor Version

💊   Capacitor Doctor  💊

Latest Dependencies:

  @capacitor/cli: 2.4.2

  @capacitor/core: 2.4.2

  @capacitor/android: 2.4.2

  @capacitor/electron: 2.4.2

  @capacitor/ios: 2.4.2

Installed Dependencies:

  @capacitor/electron not installed


  @capacitor/cli 2.1.0

  @capacitor/core 2.4.1

  @capacitor/ios 2.4.1

  @capacitor/android 2.4.1

[success] Android looking great! 👌
  Found 2 Capacitor plugins for ios:
    es6-promise-plugin (4.2.2)
    phonegap-plugin-barcodescanner (8.1.0)
[success] iOS looking great! 👌

Platform(s)

Android and iOS

Current Behavior

I am using the following Capacitor plugins:

• Share
• Camera
• Browser
• Device
• Keyboard
• Permissions

When looking in my XCode project the info.plist contains:

• Privacy - Location Always Usage Description
• Privacy - Location When In Use Usage Description

I can't figure which of the plugins above need to use the user's location. When removing them from the info.plist I got the following warnings when uploading to Apple Connect:

ITMS-90078: Missing Push Notification Entitlement - Your app appears to register with the Apple Push Notification service, but the app signature's entitlements do not include the 'aps-environment' entitlement. If your app uses the Apple Push Notification service, make sure your App ID is enabled for Push Notification in the Provisioning Portal, and resubmit after signing your app with a Distribution provisioning profile that includes the 'aps-environment' entitlement. Xcode does not automatically copy the aps-environment entitlement from provisioning profiles at build time. This behavior is intentional. To use this entitlement, either enable Push Notifications in the project editor's Capabilities pane, or manually add the entitlement to your entitlements file. For more information, see https://developer.apple.com/library/content/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/HandlingRemoteNotifications.html#//apple_ref/doc/uid/TP40008194-CH6-SW1.

ITMS-90683: Missing Purpose String in Info.plist - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSLocationWhenInUseUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data are required to include a purpose string. If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).

The push notifications also surprised me since I am not using any push nor enabled push.

For Android goes the same, there for example ACCESS_FINE_LOCATION is added.

The only place where I could found these permissions is in: node_modules/@capacitor/cli/assets/ios-template/App/App/Info.plist

	<key>NSLocationAlwaysUsageDescription</key>
	<string>Always allow Geolocation?</string>
	<key>NSLocationWhenInUseUsageDescription</key>
	<string>Allow Geolocation?</string>
	<key>NSMicrophoneUsageDescription</key>

For Android in node_modules/@capacitor/cli/assets/android-template/app/src/main/AndroidManifest.xml

    <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
    <uses-feature android:name="android.hardware.location.gps" />
    <!-- Audio -->
    <uses-permission android:name="android.permission.RECORD_AUDIO" />
    <uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS"/>

It is quite weird these permissions are all requested by default. For example, the microphone isn't used as well, but after removing these was no error from the App Store / Google Play that code used the microphone. It is different for the geolocation permissions which seemed to be used somewhere in the code.

Expected Behavior

Clearly inform which plugins require what permissions since now there is no way to find out what plugin is causing the issues mentioned above.

Code Reproduction

Other Technical Details

npm --version output: 6.14.5

node --version output: v12.13.0

pod --version output (iOS issues only): 1.9.3

Additional Context

[jcesarmobile]

In capacitor 3 we are moving plugin out so it doesn’t include any code that requires permissions or usage descriptions.

[basvdijk]

In capacitor 3 we are moving plugin out so it doesn’t include any code that requires permissions or usage descriptions.

Great! My next question will be off course: when are you estimating Capacitor 3 will be ready for production? We are in the middle of an upgrade from Ionic3 -> Ionic5 and Cordova -> Capacitor so it would really help our roadmap to know an estimate release date. Thanks!

[ionitron-bot]

Thanks for the issue! This issue is being locked to prevent comments that are not relevant to the original issue. If this is still an issue with the latest version of Capacitor, please create a new issue and ensure the template is fully filled out.