search

mapbox / mapbox-maps-ios

Interactive, thoroughly customizable maps for iOS powered by vector tiles and Metal
https://www.mapbox.com/mapbox-mobile-sdk
Other
462 stars 150 forks source link

Missing Purpose String in Info.plist for NSLocationWhenInUseUsageDescription #1023

Open karaiskc opened 2 years ago

karaiskc commented 2 years ago

I am in the process of updating from version 6.3.0 to 10.2.0 and I see the following issue after uploading a new build to App Store Connect:

ITMS-90683: Missing Purpose String in Info.plist - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSLocationWhenInUseUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data are required to include a purpose string. If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).

My app does not require user location or heading at all and I would like to avoid adding such a purpose string to Info.plist, since an accidental request from any of the app's linked third party libs now or in future could present the alert to the user. I had no such issue with 6.x SDKs, is there some way to avoid this?

macdrevx commented 2 years ago

Thanks for the feedback. I agree with you — if your app doesn't need location, the Mapbox Maps SDK shouldn't be forcing you to add that key.

The location component in v10 was designed to only request permission if NSLocationWhenInUseUsageDescription is present in the Info.plist; however, that's clearly not a useful approach since Apple requires the key to be present if the request permission API is used.

At the moment, I'm not seeing a way to change this behavior in a non-breaking way, so I'm going to label this as a bug and add it to the list of things we need to rethink for v11.

richardpineo commented 2 years ago

This is also an issue for our application. We do not need location and do not want to query the user about whether location can be used.

Edit: It looks like the user is not queried until an actual request to use location services is sent, so this shouldn't affect our end users unless somehow Mapbox internals make that request.

dmitryshliugaev commented 3 months ago

Any updates folks?

dmitryshliugaev commented 3 months ago

I think you should give access to change mayRequestWhenInUseAuthorization https://github.com/mapbox/mapbox-maps-ios/blob/32edc19b902c3ba591f1c252e144bdf5e4a702e1/Sources/MapboxMaps/Location/AppleLocationProvider.swift#L191

dmitryshliugaev commented 3 months ago

@evil159 Hey, could u pls take a look at this proposal ☝️