As an iOS developer, we all know that the review and release of an app must go through machine review and human review, so if you are tricked into the machine review, you will think how could you get stuck soon? After so long of development, there are still some hard requirements for machine review that I don't know? Ha ha.
In fact, chasing the reason is all caused by carelessness. Or some third-party libraries used internally are open to the outside world. "Hit" you.
Then the hard requirement that everyone encounters the most is the permission problem: (especially recently, some apps on the Android phone frequently access your address book, photo album, camera, etc., and the country has also begun to supervise the app. OK, now it's stricter too)
The following is an email whose submission was rejected by the machine review:
Dear Developer,
We identified one or more issues with a recent delivery for your app, “APP名称” 1.0.0 (1.0.0.6). Please correct the following issues, then upload again.
ITMS-90683: Missing Purpose String in Info.plist - Your app’s code references one or more APIs that access sensitive user data. The app’s Info.plist file should contain a NSContactsUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data are required to include a purpose string. If you’re using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn’t contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).
ITMS-90683: Missing Purpose String in Info.plist - Your app’s code references one or more APIs that access sensitive user data. The app’s Info.plist file should contain a NSCalendarsUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data are required to include a purpose string. If you’re using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn’t contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).
ITMS-90683: Missing Purpose String in Info.plist - Your app’s code references one or more APIs that access sensitive user data. The app’s Info.plist file should contain a NSAppleMusicUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data are required to include a purpose string. If you’re using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn’t contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).
ITMS-90683: Missing Purpose String in Info.plist - Your app’s code references one or more APIs that access sensitive user data. The app’s Info.plist file should contain a NSMotionUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data are required to include a purpose string. If you’re using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn’t contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).
ITMS-90683: Missing Purpose String in Info.plist - Your app’s code references one or more APIs that access sensitive user data. The app’s Info.plist file should contain a NSSpeechRecognitionUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data are required to include a purpose string. If you’re using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn’t contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).
Though you are not required to fix the following issues, we wanted to make you aware of them:
ITMS-90078: Missing Push Notification Entitlement - Your app appears to register with the Apple Push Notification service, but the app signature’s entitlements do not include the ‘aps-environment’ entitlement. If your app uses the Apple Push Notification service, make sure your App ID is enabled for Push Notification in the Provisioning Portal, and resubmit after signing your app with a Distribution provisioning profile that includes the ‘aps-environment’ entitlement. Xcode does not automatically copy the aps-environment entitlement from provisioning profiles at build time. This behavior is intentional. To use this entitlement, either enable Push Notifications in the project editor’s Capabilities pane, or manually add the entitlement to your entitlements file. For more information, see https://developer.apple.com/library/content/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/HandlingRemoteNotifications.html#//apple_ref/doc/uid/TP40008194-CH6-SW1.
Best regards,
The App Store Team
The reason is that the machine review detected that your info.plist file does not have corresponding descriptions for the fields of address book, calendar, media library, motion track, and voice recognition, but there are related codes in the project. (Don’t wonder how they found out that you used it. After all, the language was developed by themselves. In fact, you can also search for it yourself: you can refer to my previous article "About the Solution to the Rejection of Private API Review " )
solution:
1. Then we need to add descriptions to these permissions. At present, the iOS review is stricter and the descriptions should be written in more detail. To write what to do with these things, it can’t be as casual as before. Permissions will be checked every time. Don’t just write it down and leave it alone after this time. It’s hard to say which iteration of the submitted version will still be called back.
2. Find the corresponding third-party plug-in, delete it if you don’t use it, or update to the latest version (generally, the third-party will update it in time).
3. Or check the instructions and reminders of using the third-party library in time, and methods such as circumvention schemes.
During the process, some friends used flutter development.
Here are some commonly used plug-ins for flutter development: permission_handlerplug-ins for obtaining permissions. This plug-in includes permissions such as camera, photo album, address book, and location. If certain permissions are not used in the project, as long as the plug-in is introduced, it will be packaged into ipa , if the relevant permission key is not added to the info.plist, it will be checked by the machine, and this email will be sent to you.
A lot of developers only focus on how to use it. In fact, he introduced two summaries at the very beginning of the readme:
There is an introduction to iOS precautions and information about permissions:
Inform if you don’t use permissions, add config.build_settings['GCC_PREPROCESSOR_DEFINITIONS'] ||= []
array to define unused permissions in the podfile file, and then pod installexecute it (must be executed, otherwise it will not take effect), or you can re-flutter It is also possible to compile the project, and then it will be no problem to package and submit again.
post_install do |installer|
installer.pods_project.targets.each do |target|
target.build_configurations.each do |config|
config.build_settings['ENABLE_BITCODE'] = 'NO'
config.build_settings['GCC_PREPROCESSOR_DEFINITIONS'] ||= [
'$(inherited)',
## dart: PermissionGroup.calendar
'PERMISSION_EVENTS=0',
## dart: PermissionGroup.contacts
'PERMISSION_CONTACTS=0',
## dart: PermissionGroup.mediaLibrary
'PERMISSION_MEDIA_LIBRARY=0',
## dart: PermissionGroup.sensors
'PERMISSION_SENSORS=0'
]
end
end
endFor the specific Privety correspondence of iOS, you can click on Permission to view its several enumeration values, and look at the corresponding name fields of Android and iOS.
at last:
All the problems encountered in the machine review are small problems, mainly how to find them (I mentioned some special private API search methods above, which can be used for reference), and it will be easy to handle after finding them.