Meet camera discoverability and update App Review materials#4
Open
debbieyuen wants to merge 6 commits into
Open
Meet camera discoverability and update App Review materials#4debbieyuen wants to merge 6 commits into
debbieyuen wants to merge 6 commits into
Conversation
project.pbxproj, Podfile.lock, and the .xcscheme were temporarily changed to a personal Apple Developer team + bundle ID for local device testing during this session. Reverting before merge so this PR doesn't overwrite Philip's own signing configuration.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Forked Repository:
https://github.com/debbieyuen/fairshareGoogle Drive Videos and Images: Link
This pull request is focused on addressing the flow, communication, and issues regarding personal camera usage. While debugging, I tested the application with TestFlight, building the app locally via a web browser (Safari on Mac), building it on an iPhone 16 Pro simulator with Xcode, and testing it with 2 physical iPhones (iPhone 13 and iPhone 16).
Summary of Commits
NSCameraUsageDescription(and the matching table in the review notes) to disclose the fourth camera use case regarding suggesting a new profile picture for a contact. This was previously missing.README.md(clone, install, run locally, run via Xcode).Tests I Tried
1. Camera permission denial has no recovery path
Theory: tapping "Don't Allow" leads to a dead end toast with no path back to Settings.
Test: reproduced on a real device.
Verdict: did not hold up because requiring a manual trip to Settings is standard iOS behavior, not a review risk.
2. Selfies get shared with a contact without their consent
Theory: add_contact_selfie mirrors a photo to both sides of a contact pair with no approval step.
Test: reproduced live with two real accounts (iPhone and web). Confirmed a photo and notification arrive with zero action on the receiving side.
Verdict: confirmed behavior, but not a privacy violation. It was structurally the same as receiving an unsolicited photo via iMessage.
3. No way to delete a single unwanted photo
Theory: no way to remove one specific selfie short of blocking the whole contact.
Test: confirmed via code.
Verdict: a real issue worth fixing, but not a guideline requirement, since Report and Block already satisfy Guideline 1.2.
Outcome: not fixed. Real product improvement, weak as a rejection theory.
4. Selfies are stored in a public, unauthenticated storage bucket
Theory: the Supabase Storage bucket is fully public with no access control.
Test: verified directly in
sql/fairshare-schema.sql.Verdict: could be a security issue, independent of Apple.
Outcome: not fixed yet. Flagged separately as worth addressing in the future
5. The Meet camera's purpose is undiscoverable
Theory: the camera view gave no indication it was an active QR scanner.
Test: through personal experience using the app
Outcome: fixed. Larger labeled camera view, explicit instructions, live QR detected feedback. Verified via a full two account handshake test