Guideline 5.1.1
Guideline 5.1.1 - Privacy: Excessive or Unused Permission Declarations
Low RiskEasy0 Reports
Our Take
Your app declares permissions (NS*UsageDescription keys in Info.plist) for hardware or data access that your source code never actually uses.
Asking for permissions your app doesn't need isn't cool. Apple rejects apps that do this.
Resolution Guide
01
**Audit your Info.plist permissions** — List all `NS*UsageDescription` keys in your Info.plist. Common ones: NSCameraUsageDescription, NSLocationWhenInUseUsageDescription, NSMicrophoneUsageDescription, NSPhotoLibraryUsageDescription, NSContactsUsageDescription, NSBluetoothAlwaysUsageDescription.
02
**Cross-reference with source code** — For each declared permission, search your entire source tree for the corresponding framework API. If `NSCameraUsageDescription` is declared but no code imports `AVFoundation` or uses `AVCaptureSession`, `UIImagePickerController(.camera)`, or similar — the permission is unused.
03
**Remove unused permissions** — Delete the `NS*UsageDescription` key from Info.plist for any permission with no corresponding source code usage. This is safe — the key only controls the system prompt, and if you don't use the API, the prompt never fires.
04
**Check third-party SDKs** — Some SDKs (e.g., analytics, ad networks) may require permissions not obvious from your code. Check SDK documentation before removing a permission.
05Only add permission keys when you add the feature that needs them Review permissions as part of your pre-submission checklist Remove permissions when you remove the feature that required them
**Write clear, specific purpose strings** — For permissions you do keep, ensure the description text clearly explains why your app needs access. Generic text like "This app needs camera access" will be flagged. Instead: "Chain uses your camera to scan QR codes for ride check-in."
Prevention:
Community Solutions · 0
Sign in to share your solution.
More Guideline 5 (Legal) rejections
- Guideline 5 - Legal: Remove Watermark Feature
- Guideline 5.1.1 - Data Collection and Storage: Incomplete Privacy Manifest
- Guideline 5.1.1 - Data Collection and Storage: Missing Purpose Strings
- Guideline 5.1.1 - Data Collection and Storage: Privacy Manifest Missing
- Guideline 5.1.1 - Data Collection and Storage: Privacy Nutrition Label Mismatch
- Guideline 5.1.1 - Data Collection and Storage: Privacy Policy