# Guideline 5.1.1(iii) - Privacy: Requesting Unnecessary Permissions

**Guideline:** 5.1.1 · **Store:** Apple App Store · **Risk:** low · **Difficulty:** easy · **Typical turnaround:** 1-2 hours

Canonical URL: https://appstorereject.com/rejections/apple/5/guideline-511iii-privacy-requesting-unnecessary-permissions

## Description

Apple is rejecting your app because it requests access to system permissions (camera, microphone, contacts, location, photos, etc.) that are not relevant to the app's core functionality. Guideline 5.1.1(iii) enforces data minimization — your app should only request permissions it genuinely needs to deliver its primary features. This rejection is triggered when the reviewer cannot find a clear connection between a requested permission and a visible feature. For example, a calculator app requesting microphone access, a weather app requesting contacts access, or a note-taking app requesting camera access without any photo feature in the app. Even if your app does use the permission for a secondary feature, if that feature is not discoverable during review, the rejection will happen. The root cause is usually one of: (1) a leftover permission from development or a removed feature, (2) a third-party SDK that declares permissions your app doesn't actively use, or (3) a feature that uses the permission but isn't easily discoverable by the reviewer. The fix depends on which case applies — remove the permission, strip the SDK declaration, or make the feature more discoverable and explain it in review notes.

## Common variations

- App requests permission not relevant to core functionality
- Unnecessary permission request for Camera/Microphone/Contacts/Location
- App requests access to system capability without corresponding feature
- Third-party SDK requires permissions not used by the app
- Permission requested but no visible feature uses it

## Example rejection email

```
Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage

Your app requests access to a system capability that is not relevant to the core functionality of the app. Specifically, your app requests access to the following without a corresponding feature that requires this access:

- Camera
- Microphone

Next Steps:
Please remove the request for access to capabilities that are not necessary for your app's core functionality, or update your app to include a feature that requires this access and explain the feature in your review notes.
```

## Resolution steps

## Quick Assessment
- **Risk level:** Low
- **Resolution path:** Fix & Resubmit
- **Typical turnaround:** 1-2 hours

## The Fix

01. **Audit your Info.plist** — List every `NS*UsageDescription` key in your Info.plist. For each one, identify the specific feature that requires it.

02. **Remove unused permissions** — If a permission has no corresponding feature, remove the `NS*UsageDescription` key from Info.plist. This prevents the system from prompting the user.

03. **Check third-party SDK entitlements** — Some SDKs (e.g., Facebook SDK, ad SDKs) declare permissions in their podspec/package manifest. If you don't use those SDK features, check if the SDK offers a 'lite' version or a build flag to exclude those capabilities.

04. **Make hidden features discoverable** — If the permission IS needed for a real feature, ensure the reviewer can find it. Add a note in the App Review Notes field with exact steps to reach the feature.

05. **Write clear purpose strings** — For permissions you keep, ensure the NSUsageDescription text clearly explains what feature uses the permission and why.

## Prevention
- Audit Info.plist permissions before every submission
- When removing features, also remove their associated permissions
- Use SDK lite versions when you don't need full SDK capabilities
- Always document permission usage in review notes for non-obvious features

## Appeal guidance

Appeal if the feature exists but was not discovered by the reviewer. Provide detailed reproduction steps showing how to reach the feature that requires the permission, and include screenshots. Otherwise, remove the unused permission and resubmit.

## Before / after examples

**Before:** Note-taking app's Info.plist includes NSCameraUsageDescription, NSMicrophoneUsageDescription, and NSContactsUsageDescription — but the app has no camera, voice, or contacts features
**After:** Info.plist only contains NSPhotoLibraryUsageDescription (for inserting images into notes) with a clear purpose string: 'Select photos to insert into your notes'
**Why it works:** Only request permissions your app actively uses. Remove SDK-inherited or leftover permissions from Info.plist.

## Common questions

**Can you appeal a 5.1.1 rejection?**

Appeal if the feature exists but was not discovered by the reviewer. Provide detailed reproduction steps showing how to reach the feature that requires the permission, and include screenshots. Otherwise, remove the unused permission and resubmit.

**How long does this typically take to fix?**

Typical turnaround is 1-2 hours (difficulty: easy). After resubmission, most re-reviews complete within 24-48 hours.

---
*Machine-readable source: https://api.appstorereject.com/api/rejections/detail?slug=guideline-511iii-privacy-requesting-unnecessary-permissions*