Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

App rejected due to NSLocationAlwaysUsageDescription #490

Closed
lifenautjoe opened this issue Mar 28, 2019 · 24 comments
Closed

App rejected due to NSLocationAlwaysUsageDescription #490

lifenautjoe opened this issue Mar 28, 2019 · 24 comments
Labels
Help Wanted

Comments

@lifenautjoe
Copy link

Just got an email from Apple in regards to the latest built

Dear Developer,

We identified one or more issues with a recent delivery for your app, "Openbook Social". Please correct the following issues, then upload again.

"Missing Purpose String in Info.plist File. Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSLocationAlwaysUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting spring 2019, all apps submitted to the App Store that access user data will be required to include a purpose string.If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy)."

"Missing Purpose String in Info.plist File. Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSLocationWhenInUseUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting spring 2019, all apps submitted to the App Store that access user data will be required to include a purpose string.If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy)."

Best regards,

The App Store Team

I do not use the location of people in the app nor wish to do so or even ask for it.

I'm also calling setLocationShared(false). Still rejected.

This might be in regards to new privacy laws adopted on the 20th of the current month.
@Nightsd01
Copy link
Contributor

@lifenautjoe as a temporary fix to get around this issue, I would suggest including an NSLocationWhenInUse string in your Info.plist. Our SDK will not request user location permission so your users will never see it. It’s pretty silly for Apple to be doing this...

In the long term it is planned to split the location code into a separate OneSignal+Location framework but for now that should fix the issue.

@lifenautjoe
Copy link
Author

Unfortunately that does not work... Apple rejects it if it doesn't include both the NSLocationWhenInUse and NSLocationAlwaysUsageDescription.

I sense this will be a chaos in the upcoming days.

@Nightsd01
Copy link
Contributor

@lifenautjoe then there shouldn’t be an issue with including both strings - they won’t end up getting used.

@coffeemao
Copy link

Can you remove the location feature? I also encountered the same problem。@Nightsd01

@JanC
Copy link

JanC commented Mar 29, 2019

Hello,
I started to have the same issue. The reflection usage to get the CLLocationManager in OneSignalLocation.m#L142 might be the cause I believe. I wonder if Apple is now analysing the binaries also for class strings.

Maybe something like this would work:

NSString *clazzName = [NSString stringWithFormat:@"%@%@%@", @"CL", @"Location", @"Manager"];
if( (int)[NSClassFromString(clazzName) performSelector:@selector(authorizationStatus)] == 3) {

@jkasten2
Copy link
Member

@JanC @lifenautjoe @coffeemao Do you happen to have the CoreLocation.framework link in your Xcode project? If so can you try removing and re-submit to Apple?

  1. Select your project on left.
  2. Select your app target.
  3. Open the "Build Phases" tab.
  4. Expand the "Link Binary With Libraries"
  5. Select CoreLocation.framework and press delete.
    image

Do you get the rejection right away after uploading or after a fews days, etc?

@JanC It is possible something like that might work. It's hard to say if app is using static analytics or some kind of runtime instrumentation that flags any access to the class. Let me know if you had the framework linked, and if removing that ends up fixing the problem.

@JanC
Copy link

JanC commented Mar 29, 2019

In my case, it was rejected during the automated binary processing.

I do have the CoreLocation linked as I’m using some CL structs but not the actual user gps location.

I ended up adding the plist entry and the TestFlight beta submission was successful.

@summera
Copy link

summera commented Apr 4, 2019

@jkasten2 I don't have the CoreLocation.framework in my project and am receiving this warning after submitting builds to App Store Connect. Is there a short-term plan to find a solution here? I'd really like to avoid making changes to our Info.plist file since we aren't asking for the user's location.

@Nightsd01
Copy link
Contributor

@summera adding these strings will not ask the user for location permission. As long as you call OneSignal.setLocationShared(false) you will be fine. Same if you don’t link CoreLocation.

Unfortunately there isn’t much we can do about Apple having overly-aggressive binary scans. In the future we will probably split out the location features into a separate framework but for now, adding the strings to your Info.plist is literally the only permanent fix.

@rgomezp
Copy link
Contributor

rgomezp commented Apr 16, 2019

Closing issue due to no response

@rgomezp rgomezp closed this as completed Apr 16, 2019
@wtsnz
Copy link

wtsnz commented Jul 11, 2019

@summera adding these strings will not ask the user for location permission. As long as you call OneSignal.setLocationShared(false) you will be fine. Same if you don’t link CoreLocation.

Unfortunately there isn’t much we can do about Apple having overly-aggressive binary scans. In the future we will probably split out the location features into a separate framework but for now, adding the strings to your Info.plist is literally the only permanent fix.

+1 to splitting the feature out into another framework to avoid this.

@danhhgl
Copy link

danhhgl commented Oct 8, 2019

This is a bug! Ignore it.

@rgomezp rgomezp reopened this Oct 8, 2019
@rgomezp
Copy link
Contributor

rgomezp commented Oct 9, 2019

@danhhgl ,
Did the above workarounds not work for you?

@danhhgl
Copy link

danhhgl commented Oct 10, 2019

@rgomezp I got the same email "Missing Purpose String in Info.plist" for "NSLocationAlwaysUsageDescription " and "NSLocationWhenInUseUsageDescription". But after a few minutes, I got a successful email: "App Store Connect: Version 1.0.0 (1) for YOUR_APP_NAME has completed processing." I did nothing at all. So I think this is a bug, so you can ignore it.

@rgomezp
Copy link
Contributor

rgomezp commented Oct 10, 2019

Thanks for the details @danhhgl

@rgomezp rgomezp closed this as completed Oct 10, 2019
@p3v9d5ui
Copy link

p3v9d5ui commented Apr 8, 2020

This is still happening for me. Is there no resolution for this yet, without adding the two Purpose Strings?

@sinosoidal
Copy link

What is the last OneSignal version where this doesn't happen? What has been the recommend guide lines for this?

@p3v9d5ui
Copy link

@sinosoidal , Just add the two permission strings (NSLocationWhenInUse and NSLocationAlwaysUsageDescription) to your build and call OneSignal.setLocationShared(false). The two permission strings satisfy the App store, but are never used because setLocationShared == false. I also don't like to have to do this, because it I understand that there is no other way around it.

@davidfgc
Copy link

Should OneSignal.setLocationShared(false) be called before or after OneSignal.initWithLaunchOptions? Does it matter?

@p3v9d5ui
Copy link

Before: https://documentation.onesignal.com/docs/sdk-reference#setlocationshared-method

@JulianAlonso
Copy link

Even with OneSignal.setLocationShared(false) apple launches the issue.
I know the strings will never be used, but, there is no way to fix this due we're not using the location?

@SteveBlackUK
Copy link

SteveBlackUK commented Sep 26, 2020
edited
Loading

I get the wanting from Apple but then the build is approved for test flight. So as per some comments above, the email from Apple seems to be a bug more than an actual blocker.

I haven't yet tried to submit to the App Store, so perhaps it would be blocked there with out the plist update?

@rgomezp rgomezp mentioned this issue Nov 3, 2021
Closed
@ghost ghost mentioned this issue Apr 2, 2023
Closed
1 task
@bndkt bndkt mentioned this issue Jul 24, 2023
Closed
@rignaneseleo
Copy link

This still seem to happen today

@hakonk
Copy link

hakonk commented Jan 16, 2025

This is a similar issue to when the Google Analytics iOS SDK included symbols and linked against libraries that made use of the IDFA.

IMO, one should be able to opt in on functionality such as location sharing, where the default does not at all link against libraries where location related code is accessed. I believe this can be made possible with OneSignal too. Any thoughts?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Help Wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests