The app's Info.plist must contain an NSMicrophoneUsageDescription key with a string value explaining to the user how the app uses this data

Question

Got a build rejection The app's Info.plist must contain an NSMicrophoneUsageDescription key with a string value explaining to the user how the app uses this data.

The app does not use microphone. Or so I think.

How do I track down where mic is used?

UPD23112016: given that the lazy answer is being upvoted I've filed a new feature request with apple to close this security hole.

UPD05042017: it is still bothersome that once you proxy mic access into some 3rd party framework via some half baked NSMicrophoneUsageDescription you have zero control on where and when it can be used if user agrees to allow mic access. Folks, please do due diligence and craft precise NSMicrophoneUsageDescription that reflects on the fact that the mic is used by the code that's completely outside of your control when the usage is obscured by a 3rd party binary-only framework. Thanks.

UPD2021: Apple did what they could with audit trail for shared resource (such as mic) usage in the latest iOS so the users have some recourse checking when actual access has happened. Nice try, but how many are gonna do the due diligence though?

UPD2022: Apple added summary of the audit trail to the lock screen in iOS 16 so you can see offenders like MapsMe to get rid of spyware.

I guess OP's questio is why the NSMicrophoneUsageDescription key is required when he is not asking for that permission anywhere. — Jakub Truhlář, Sep 23 '16 at 09:24
Yes, you're right with your updated notes UPD05042017. The descriptions are mandatory for any content you or any frameworks you link against attempt to access. The errors are generated upon an attempt to access the content if a usage description was not supplied, so if you're getting those errors your app must be requesting them. You should discover why your app or its frameworks require these and add appropriate usage descriptions to your app's info.plist, or consider to remove that framework. — user8675, Sep 09 '18 at 21:38
I hear Apple saying - "if you want to use the hardware, you better get a handle on what you are doing, and not outsource the details to someone else's framework." — benc, Jan 28 '19 at 18:54
which means in this particular case instabug has to be jettisoned out of your app since it's the user of the microphone — Anton Tropashko, Jan 29 '19 at 12:01

score 94 · Answer 1 · edited Dec 13 '22 at 23:25

For the lazy:

if you want to quickly add usageDescriptions for most media access (on-device photos, camera, video recording, location):

right click your info.plist file and -> open as -> Source Code

then paste the following between the current values:

<key>NSMicrophoneUsageDescription</key>
<string>Need microphone access for uploading audio</string>
<key>NSCameraUsageDescription</key>
<string>Need camera access for uploading images</string>
<key>NSLocationUsageDescription</key>
<string>Need location access for updating nearby friends</string>
<key>NSLocationWhenInUseUsageDescription</key>
<string>This app will use your location to show features near you.</string>
<key>NSPhotoLibraryUsageDescription</key>
<string>Need photo library access for saving and uploading images</string>

These descriptions, of course, are up to you. I tried to make them as generic as possible.

Hope this saves someone's time!

score 44 · Accepted Answer · answered Sep 20 '16 at 09:21

44

Just add NSMicrophoneUsageDescription key & in value add the justification that why your app is using Microphone. This is the latest requirement in iOS 10.

answered Sep 20 '16 at 09:21

iYoung

3,596
3
32
59

You didn't even specify the plist. – hmedia1 Jan 04 '20 at 04:17
IMHO this answer does not deserve to be accepted one. Author didn't explain how to do it, failed to mention that it must be done in Info.plist file and didn't provide any example. – greenskin Jul 07 '21 at 23:02
Where in the Info.plist does one add this key? At the top? In one of the main keys? In what format? Use quotes or braces? – MichM Jul 30 '21 at 16:26

Anton Tropashko · Answer 3 · 2022-10-04T10:47:56.933

And the culprit was (drums) : Instabug framework. They tell you right there on their marketware pages they allow users to take audio notes during feedback composition. So I've added NSMicrophoneUsageDescription into the app plist explaining that.

Note that there is a lot of apple API that instabug uses

Undefined symbols for architecture arm64: (i've removed some that seems legitimate according to what that framework claims to do and left what I see no claims for in the marketware)

"_AVMakeRectWithAspectRatioInsideRect", referenced from: +[IBGIAMImageAttachmentView sizeForContent:forWidth:] in InstabugHost_lto.o

"OBJC_CLASS$_CTTelephonyNetworkInfo", referenced from: objc-class-ref in InstabugHost_lto.o

"_AVNumberOfChannelsKey", referenced from: -[IBGVoiceNoteManager startRecording] in InstabugHost_lto.o

"_CTRadioAccessTechnologyHSDPA", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o

"_CTRadioAccessTechnologyGPRS", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o

"_CTRadioAccessTechnologyWCDMA", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o

"_CTRadioAccessTechnologyEdge", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o

"_CTRadioAccessTechnologyCDMA1x", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o

"_CTRadioAccessTechnologyCDMAEVDORevA", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o

"_CTRadioAccessTechnologyCDMAEVDORevB", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o

"_CTRadioAccessTechnologyLTE", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o

"OBJC_CLASS$_AVURLAsset", referenced from: OBJC_CLASS$_IBGAsset in InstabugHost_lto.o

"OBJC_METACLASS$_AVURLAsset", referenced from: OBJC_METACLASS$_IBGAsset in InstabugHost_lto.o

"_CTRadioAccessTechnologyCDMAEVDORev0", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o

"_CTRadioAccessTechnologyHSUPA", referenced from: +[IBGInspector getCarrier] in InstabugHost_lto.o

ld: symbol(s) not found for architecture arm64

So in this post-Snowden world I have to wonder why does it need coretelephony, for example.

So what I'm getting at is that if you do not have the source the a 3rd party framework you have to disclose to the user that your app itself is NOT using microphone, or camera so that the user has an option of denying access to that device.

You don't want to be in the news someday due to some security flaw exploited via YOUR app.

Unresolved: The carefully crafted microphone usage description does not solve the issue with security completely though in case your app DOES use microphone and a 3rd party framework (think that it) needs it too. You'd have to craft a lengthy description outlining the risks.

Here's where credits disclosure could come handy giving users an idea which 3rd party code your are relying on. Give the credit where it's due :^)

If you are lazy such as myself and never read through the ios security whitepaper here's a short https://developer.apple.com/videos/play/wwdc2016/705/

In case you have no desire to watch the video in its entirety: around 19:00 mark the speaker tells you explicitly that you must not be lazy with those descriptions (you are responsible for a 3rd party code potentially abusing the permissions user has granted to your app. gotta love the binary frameworks ;^)

UPD for iOS 15: Apple has acted up upon the security hole of 3rd party binary only frameworks requesting access to microphone and added an audit trail to (among other things) microphone usage in ios15. App Privacy Report it's called in settings. Thusly part of the responsibility to audit that trail is shifted towards the users of the app that has 3rd party junkware embedded. Amen.

True infinite loop style: "If you are really lazy around 19:00 mark the speaker tells you explicitly that you should not be lazy ..." and start around 0:00 mark. — Pavel P, May 30 '19 at 20:12
Apparently, I'm lazy. Couldn't find the speaker's point supporting this 19:00 marker. — tresf, Mar 23 '21 at 17:35
19:00 mark: says loud and clear YOU are responsible for ALL 3rdparty code that you incorporate into your app. — Anton Tropashko, Mar 25 '21 at 09:45
tresf. i am more voluminious in my description of 19:00 mark thanks to your note. — Anton Tropashko, Mar 25 '21 at 09:51

score 17 · Answer 4 · answered Feb 21 '18 at 04:31

iOS apps require the user to grant permission before accessing the Microphone. Trying to access it without user permission will lead to app crash.

To request user permission, we just need to add NSMicrophoneUsageDescription key in the info.plist file & and provide a value for this key. Value can be any string stating the applications need to access the microphone.

score 6 · Answer 5 · answered Feb 22 '17 at 21:28

6

Instabug uses NSMicrophoneUsageDescription to allow your users record a voice note about a bug or a feedback to you.

answered Feb 22 '17 at 21:28

Ennabah

2,303
2
20
39

score 3 · Answer 6 · answered Mar 13 '18 at 17:10

3

Just having AVAudioSession.sharedInstance().requestRecordPermission() somewhere in your code base is enough to trigger this error with iTunes Connect. It's not even necessary to actively call that code!

answered Mar 13 '18 at 17:10

bfx

897
10
16

score 3 · Answer 7 · answered Apr 24 '23 at 18:41

3

For those using the newer XCode's (currently running 14) - info.plist is not as exposed anymore. What you want to do is:

Open the relevant Target page
Go to Info
Hit plus on the last entry
It's called now "Privacy - Microphone Usage Description"

answered Apr 24 '23 at 18:41

Oded Ben Dov

9,936
6
38
53

The app's Info.plist must contain an NSMicrophoneUsageDescription key with a string value explaining to the user how the app uses this data

7 Answers7

Linked