HealthKit privacy radar
Today I had to create a new radar for Apple in relation to HealthKit privacy descriptions.
When you integrate HealthKit into your App you need to add some privacy descriptions in the Info.plist so the user knows why you’re requesting the permission. It is a common thing in iOS, all the privacy sensitive APIs need it. You can check the list in Technical Q&A QA1937 Resolving the Privacy-Sensitive Data App Rejection.
As you can see there HealthKit has 2 description keys: NSHealthShareUsageDescription and NSHealthUpdateUsageDescription. One is for read APIs and the other is for write APIs.
The issue is that if your App only uses the read APIs common sense would dictate that you only need to add NSHealthShareUsageDescription to your Info.plist. And, if you do that, you will see that everything works as expected: the app compiles and you can call the appropriate methods at runtime.
But when you upload the binary to iTunes Connect it is rejected with the following error:
ERROR ITMS-90683: "Missing Info.plist key. This app attempts to access privacy-sensitive data without a usage description. The app's Info.plist must contain an NSHealthUpdateUsageDescription key with a string value explaining to the user how the app uses this data."
There is not much information online but we’re not the only ones that found this. And apparently the only way of solving it is by adding the requested key, even if you don’t actually need it because the app is not writing to HealthKit.