Fix Apple warnings about location APIs

[gnprice]

On each release in recent months, on sending it to alpha on iOS I've gotten the following pair of warnings in email from Apple:

ITMS-90683: Missing Purpose String in Info.plist - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSLocationAlwaysUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data are required to include a purpose string. If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).

ITMS-90683: Missing Purpose String in Info.plist - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSLocationWhenInUseUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data are required to include a purpose string. If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).

In other words: a bot thinks it looks like we might use the APIs for querying the user's location, and notices that we don't provide text to explain to the user why we do.

In fact (barring a surprise in some dependency) we never use these APIs; we never attempt to access the user's location.

This is a marked improvement over the notice we got, just once, in 2018 which said "This app attempts to access" the same data. The 2019 version of this warning acknowledges that it's likely we don't actually access it, and merely pull in some library which optionally could do so.

I did some debugging when we got this then: https://chat.zulip.org/#narrow/stream/48-mobile/topic/ios/near/570693 I determined the offending dependency appeared to be a chunk of RN, and then I took that out and made a build that worked and didn't get this warning; that became release 12.4.84.

It looks like I never actually merged those changes, though, oops -- so releases 13.1.85 and later went back to including that dependency. Apparently Apple's bot just stopped noticing, or sending this warning, for a year or so. To resolve this it might be enough to merge the changes I made then.

[gnprice]

OK, went and pushed that code as tag 12.4.84-ios . (It'd been sitting on the local disk of the Zulip office Mac.) The change of particular interest for this issue is commit ca7ebf180 .

The change is a bit opaque in the usual Xcode way, but the chat thread explains how I made it:

Well, those were easy to remove -- I just right-clicked on the "RCTGeolocation.xcodeproj" reference in the "Project navigator" of the UI, and said to delete it, and all the mentions of it in our project file were gone.

I think that commit, and a bit of investigation in the chat thread linked above, are a complete braindump of the relevant information I learned in the previous round of looking at this.