Skip to content

Meet camera discoverability and update App Review materials#4

Open
debbieyuen wants to merge 6 commits into
PhilipRosedale:mainfrom
debbieyuen:main
Open

Meet camera discoverability and update App Review materials#4
debbieyuen wants to merge 6 commits into
PhilipRosedale:mainfrom
debbieyuen:main

Conversation

@debbieyuen

Copy link
Copy Markdown

Forked Repository: https://github.com/debbieyuen/fairshare
Google Drive Videos and Images: Link

This pull request is focused on addressing the flow, communication, and issues regarding personal camera usage. While debugging, I tested the application with TestFlight, building the app locally via a web browser (Safari on Mac), building it on an iPhone 16 Pro simulator with Xcode, and testing it with 2 physical iPhones (iPhone 13 and iPhone 16).

Summary of Commits

  • Originally the Meet handshake's camera view was an unlabeled 80x100px thumbnail with no indication it was an active QR scanner. Now it is larger, labeled "Scan QR Code," with instructions and a live green flash animation to confirm when a QR code is detected in frame.
  • Updated NSCameraUsageDescription (and the matching table in the review notes) to disclose the fourth camera use case regarding suggesting a new profile picture for a contact. This was previously missing.
  • Added a "Quick Start" walkthrough to docs/app-store-review-notes.md. The content will need additional review to fit within App Store Connect's 4,000 character Notes field limit. The idea behind the Quick Start section was to give reviewers a faster and clearer path through sign in, the Meet handshake (including a single device testing workaround), contacts, and groups.
  • Added a public "For App Store reviewers" section to support.html with real screenshots of the Meet flow, since a visual walkthrough conveys the camera interaction better than text alone.
  • Added setup instructions to README.md (clone, install, run locally, run via Xcode).

Tests I Tried
1. Camera permission denial has no recovery path
Theory: tapping "Don't Allow" leads to a dead end toast with no path back to Settings.
Test: reproduced on a real device.
Verdict: did not hold up because requiring a manual trip to Settings is standard iOS behavior, not a review risk.

2. Selfies get shared with a contact without their consent
Theory: add_contact_selfie mirrors a photo to both sides of a contact pair with no approval step.
Test: reproduced live with two real accounts (iPhone and web). Confirmed a photo and notification arrive with zero action on the receiving side.
Verdict: confirmed behavior, but not a privacy violation. It was structurally the same as receiving an unsolicited photo via iMessage.

3. No way to delete a single unwanted photo
Theory: no way to remove one specific selfie short of blocking the whole contact.
Test: confirmed via code.
Verdict: a real issue worth fixing, but not a guideline requirement, since Report and Block already satisfy Guideline 1.2.
Outcome: not fixed. Real product improvement, weak as a rejection theory.

4. Selfies are stored in a public, unauthenticated storage bucket
Theory: the Supabase Storage bucket is fully public with no access control.
Test: verified directly in sql/fairshare-schema.sql.
Verdict: could be a security issue, independent of Apple.
Outcome: not fixed yet. Flagged separately as worth addressing in the future

5. The Meet camera's purpose is undiscoverable
Theory: the camera view gave no indication it was an active QR scanner.
Test: through personal experience using the app
Outcome: fixed. Larger labeled camera view, explicit instructions, live QR detected feedback. Verified via a full two account handshake test

project.pbxproj, Podfile.lock, and the .xcscheme were temporarily
changed to a personal Apple Developer team + bundle ID for local
device testing during this session. Reverting before merge so this
PR doesn't overwrite Philip's own signing configuration.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant