Usage Description to Access Protected Resources on iOS

 

Introduction:

Apple take user's privacy really seriously. Most of their marketing is about how they are confident with the security of their device. One of their marketing is "what happens on your iPhone, stays on your iPhone". That's why most people have confidence & faith in Apple's product mostly because they take their product's security & user's privacy as their main priority.

Starting from iOS 14, Apple required developer to list all data used to track users and data linked to users so that iPhone users will know what kind of data this app want from you.

If your apps does collect users data and want to access their protected resources like location, contacts, photos and etc, you need to provide with the usage description on why your app require this data from the users. You can see the list of protected resources from Apple developer website, Protected Resources | Apple Developer Documentation.

If you didn't provide the usage description, your app will probably crash and App Review Team will definitely reject your app submission. These usage description will show up in a popup alert on the app when certain feature that require the access of your data is trigger. User then can decide wheather they want to allow you to access their data or not.

 

 

How to add usage description when requesting access to protected resources:

You need to add resource-specific key in your Info.plist file first if you haven't done it yet. You need to locate your Info.plist file in your project folder in Xcode and open the file using the property list editor built into Xcode. Then press control button on your keyboard and hold then click on your mousepad and a list of option will show up. Select Add Row and then a new row will be add to your Info.plist. Click on the dropdown button in the Key column and the a list of key you can add to your Info.plist will appear. You can choose your key from the key name that is start with "Privacy -" that is related to the protected resources that you are requesting access from user. Then you just need to fill the Value column with a purpose string or a usage description.

You need to be clear your intention on why you need access to their protected resources. For example if your app has a function to allow user to update their profile picture and you need to access their photos in order to do that, then you can say something like "Your photos is used to allow you to update your profile picture"

 

Reasons why Apple Review Team usually rejected your app submission:

Apple usually really strict when it comes to reviewing you app submission and you will probably experience your app being rejected by them. One of the reason why your app submission being rejected is either you forgot to add usage description when you access user's protected resources or there is something wrong your usage description. If your usage description is not focus and straight to the point in explaining to the user why you need to access to their protected resources, Apple Review Team will probably rejected your app submission.

One example when your usage description is being rejected is when your app need to access user's current location and you write your usage description like "Your location is being used for the app to function properly". We can clearly see from this example that the app doesn't really explain why user's location is needed to use the app. Instead it just tell the user that the app need the access to location for the app to function properly without telling the user exactly what is the reason for. If user's location is needed to fetch the data that is nearby with user's current location then they need to tell user just that. 

 

Conclusion:

Apple really want their customer to feel safe and it is their choice what kind of data they are willing to share and what not to share. That's why if your app need to access their protected resources, your purpose string or usage description needs to be clear on what your app intention with the protected resources that is needed from your app. We don't want user to feel like we use their protected resources for malicious purpose and to avoid your app being rejected by Apple Review Team.