{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 老娘就宠你 的问题《The app's Info.plist must contain an NSMicroph》','https://www.manongdao.com/q-204703.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Got a build rejection
The app's Info.plist must contain an NSMicrophoneUsageDescription key with a string value explaining to the user how the app uses this data.
The app does not use microphone. Or so I think.
How do I track down where mic is used?
UPD23112016: given that the lazy answer is being upvoted I've filed a new feature request with apple to close this security hole.
UPD05042017: it is still bothersome that once you proxy mic access into some 3rd party framework via some half baked NSMicrophoneUsageDescription you have zero control on where and when it can be used if user agrees to allow mic access. Folks, please do due diligence and craft precise NSMicrophoneUsageDescription that reflects on the fact that the mic is used by the code that's completely outside of your control when the usage is obscured by a 3rd party binary-only framework. Thanks.
And the culprit was (drums) : Instabug framework. They tell you right there on their marketware pages they allow users to take audio notes during feedback composition. So I've added
NSMicrophoneUsageDescriptioninto the app plist explaining that.Note that there is a lot of apple API that instabug uses
Undefined symbols for architecture arm64: (i've removed some that seems legitimate according to what that framework claims to do and left what I see no claims for in the marketware)
"_AVMakeRectWithAspectRatioInsideRect", referenced from: +[IBGIAMImageAttachmentView sizeForContent:forWidth:] in InstabugHost_lto.o
"_OBJC_CLASS_$_CTTelephonyNetworkInfo", referenced from: objc-class-ref in InstabugHost_lto.o
"_AVNumberOfChannelsKey", referenced from: -[IBGVoiceNoteManager startRecording] in InstabugHost_lto.o
"_CTRadioAccessTechnologyHSDPA", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o
"_CTRadioAccessTechnologyGPRS", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o
"_CTRadioAccessTechnologyWCDMA", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o
"_CTRadioAccessTechnologyEdge", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o
"_CTRadioAccessTechnologyCDMA1x", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o
"_CTRadioAccessTechnologyCDMAEVDORevA", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o
"_CTRadioAccessTechnologyCDMAEVDORevB", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o
"_CTRadioAccessTechnologyLTE", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o
"_OBJC_CLASS_$_AVURLAsset", referenced from: _OBJC_CLASS_$_IBGAsset in InstabugHost_lto.o
"_OBJC_METACLASS_$_AVURLAsset", referenced from: _OBJC_METACLASS_$_IBGAsset in InstabugHost_lto.o
"_CTRadioAccessTechnologyCDMAEVDORev0", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o
"_CTRadioAccessTechnologyHSUPA", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o
ld: symbol(s) not found for architecture arm64
So in this post-Snowden world I have to wonder why does it need coretelephony, for example.
So what I'm getting at is that if you do not have the source the a 3rd party framework you have to disclose to the user that your app itself is NOT using microphone, or camera so that the user has an option of denying access to that device.
You don't want to be in the news someday due to some security flaw exploited via YOUR app.
Unresolved: The carefully crafted microphone usage description does not solve the issue with security completely though in case your app DOES use microphone and a 3rd party framework (think that it) needs it too.
Here's where credits disclosure could come handy giving users an idea which 3rd party code your are relying on. Give the credit where it's due :^)
If you are lazy such as myself and never read through the ios security whitepaper here's a short https://developer.apple.com/videos/play/wwdc2016/705/
If you are really lazy around 19:00 mark the speaker tells you explicitly that you should not be lazy about those descriptions.
For the lazy:
if you want to quickly add usageDescriptions for most media access (on-device photos, camera, video recording, location):
right click your info.plist file and -> open as -> Source Code
then paste the following between the current values:
These descriptions, of course, are up to you. I tried to make them as generic as possible.
Hope this saves someone's time!
Instabug uses
NSMicrophoneUsageDescriptionto allow your users record a voice note about a bug or a feedback to you.Just having
AVAudioSession.sharedInstance().requestRecordPermission()somewhere in your code base is enough to trigger this error with iTunes Connect. It's not even necessary to actively call that code!Just add
NSMicrophoneUsageDescriptionkey & in value add the justification that why your app is using Microphone. This is the latest requirement in iOS 10.iOS apps require the user to grant permission before accessing the Microphone. Trying to access it without user permission will lead to app crash.
To request user permission, we just need to add NSMicrophoneUsageDescription key in the info.plist file & and provide a value for this key. Value can be any string stating the applications need to access the microphone.