Dealing with "Missing Purpose String" and 3rd Party SDKs

As of today starting to get this on uploads to the App Store:


Missing Purpose String in Info.plist File. Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSLocationAlwaysUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting spring 2019, all apps submitted to the App Store that access user data will be required to include a purpose string.If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).


Unfortunately I'm using a few SDKs and I'm not quite sure which is the offender. Is there any way for me to figure this out from my xcarchive?

Replies

>not quite sure which is the offender.


I don't believe there is a simple lever to pull that will do that homework for you. I'll assume you know exactly what each one does, and suggest you assume all of those that involve data collection/tracking/privacy etc. require disclosure via a PS alert.

The only (probably not the best) way I can think to figure this out is:

1 - Build an archive

2 - Navigate to Products/Applications/appname

3 - Run otool and pipe results into a grep for Location otool -L Products/Applications/appname.app/appname | grep Location

4 - If output is printed, try removing an SDK and return to step 1

Simple. Remove all. (The app won't work. Ignore that issue but be sure not to submit these bad builds for approval.) Upload the app and see if you get that error message. Add back one SDK at a time until you get that errior message. Bingo.


By the way - when you discover who is doing this be sure they have a legitamate reason to track the user. If they do not - tell Apple.