Your app uses public APIs in an unapproved manner

Guidelines 4.2.1. says :

4.2.1 Apps should use APIs and frameworks for their intended purposes and indicate that integration in their app description. For example, the HomeKit framework should provide home automation services; and HealthKit should be used for health and fitness purposes and integrate with the Health app. Apps using ARKit should provide rich and integrated augmented reality experiences; merely dropping a model into an AR view or replaying animation is not enough.

Check what you use Photo access for.

Did you include a short description of why you need it ?

"Specifically, your app does not request user consent before accessing the Photos on the user’s device."

Besides plist keys, can you describe the process to place an alert in front of the user? When is it presented, what it says, how you track any response, etc. Can you show your code for that?

It seems like you are trying to access the photo library. To do that using iOS APIs you must first ask permission from the user. Apple is indicating that you may be trying to access the photo library using other APIs and without asking permission from the user. By adding that key to the plist you are telling the compiler to give you access to the photolibrary, but that key does not ask anything of the user of the app. So explore this command:

PHPhotoLibrary requestAuthorization:^(PHAuthorizationStatus status)

Currently I am using UIImagePickerController. Whether I need to use PHPhotoLibrary and ask for permission and then use UIImagePicker?

I don't believe so. I think that UIImagePickerController will automatically ask permission using the entitlement key as an explanation for why you want access. I guess the question is - when you run the app does it ask permission?

I think I figured it out. The first time you use UIImagePickerController the system will request permission. The system may use the 'explanation' you post in that plist entry. If the user does not grant permission then UIImagePickerController will not access the photo album.

Apple is telling you that they think you have "public APIs" in your app that can display the photo album content without requiring that the user give you that permission (i.e. "Your app uses public APIs in an unapproved manner....your app does not request user consent before accessing the Photos on the user’s device).

Apple believes this because either

1) they scraped your compiled code and recognized APIs that do that

or

2) they used your code and it accessed the photo album without requesting permission by using those APIs

or

3) you failed to write a reasonable 'explanation' for why you want to use the photo album in that plist entry and App Review, in their 'we use shorthand for efficiency' approach, does not have the ability to click on 'your app needs better explanation in plist entry' - instead they push the closest thing to that which is 'accesses photo album without sufficient permission'.