Hi everyone,
I’m encountering an issue when submitting my OutSystems iOS app to the App Store. After uploading the .ipa to App Store Connect, I get the following error message:
ITMS-90683: Missing purpose string in Info.plist
"Your app’s code references one or more APIs that access sensitive user data. The Info.plist file should contain a NSLocationAlwaysAndWhenInUseUsageDescription key with a user-facing purpose string explaining why the app needs access to location data."
I’ve followed OutSystems documentation and added the following to my Extensibility Configuration:
{ "preferences": { "ios": [ { "name": "NSLocationWhenInUseUsageDescription", "value": "This app accesses your location to give you the best restaurants near you." }, { "name": "NSLocationAlwaysAndWhenInUseUsageDescription", "value": "This app accesses your location to give you the best restaurants near you." } ] }}
Despite adding these entries, I’m still getting the error. Is there an additional step within OutSystems I’m missing to ensure these values are correctly injected into the native Info.plist?
If anyone has encountered this or has a solution, I’d greatly appreciate your help!
Thanks!
Hi Supriya,
If you're using plugins like Camera, Geolocation, or others that define their own usage descriptions, they might be overriding the custom values you've added. This is a common issue when multiple plugins define the same Info.plist keys.
To verify if your custom keys are being applied:
Build the .ipa file using MABS.
Rename the .ipa to .zip and extract it.
Locate the Info.plist file inside the main app bundle.
Check whether both NSLocationWhenInUseUsageDescription and NSLocationAlwaysAndWhenInUseUsageDescription keys are present and correctly set.
If one or both keys are missing or incorrect, that confirms the injection didn't happen as expected. In such cases, you may need to either:
Ensure no plugins are overriding your values, or
Use a custom Cordova plugin to force the values into the final Info.plist.
I’ve attached a sample Cordova plugin—cordova-plugin-edit-plist—that ensures the required location permission keys are injected properly. You can include it in your OutSystems mobile app through the Extensibility Configuration.
Upload the plugin zip (edit-plist-plugin.zip) to your OutSystems app as a resource or host it externally.
In your app’s Extensibility Configuration, reference it like this:
{
"plugin": {
"url": "resources/edit-plist-plugin.zip"
}
This plugin will enforce the correct location usage descriptions in the final Info.plist, regardless of what other plugins may define helping you avoid the error during App Store submission.
@Supriya Malla Did you ever find a fix for this? I am experiencing the exact same thing.
@Janakiraman JR I see your solution and it is something I have thought of doing. My only question is how can you guarantee that this new plist-setting plugin will build last? Won't the exact same issue occur if the new plugin builds before the problematic one?
Thanks
Found the issue to be linked to SSL Pinning plugin. Once SSL Pinning was removed, the usage descriptions were added to the plist file without issue.