phonegap app freeze in ios10

Question

I have a phonegap application, that was working properly until last friday, when it stoped from being accept in apple store with the following message:

This app attempts to access privacy-sensitive data without a usage description. The app's Info.plist must contain an NSPhotoLibraryUsageDescription key with a string value explaining to the user how the app uses this data.

This app attempts to access privacy-sensitive data without a usage description. The app's Info.plist must contain an NSBluetoothPeripheralUsageDescription key with a string value explaining to the user how the app uses this data.

This app attempts to access privacy-sensitive data without a usage description. The app's Info.plist must contain an NSMicrophoneUsageDescription key with a string value explaining to the user how the app uses this data.

To correct this issue, after some research, I come to the following solution, to add some cordova plugins in my config.xml file:

<plugin name="cordova-plugin-media-capture" source="npm" spec="1.4.0">
    <variable name="MICROPHONE_USAGE_DESCRIPTION" value="App would like to access your microphone." />
    <variable name="CAMERA_USAGE_DESCRIPTION" value="App would like to access the camera." />
    <variable name="PHOTOLIBRARY_USAGE_DESCRIPTION" value="App would like to access the library." />
</plugin>
<plugin name="cordova-plugin-ios-ble-permissions" source="npm" spec="*">
    <variable name="BLUETOOTH_USAGE_DESCRIPTION" value="App would like to access your bluetooth." />
</plugin>

This solved the problem in the apple store, and I confirmed that the Info.plist file have all this variables there.

But now the app freezes/crashes in, and only in iOs10 devices.

I'm asking for some guidance/help to identify what could be this problem source.

Thank you all in advance.

---

EDIT:

Finnaly was able to debug the app remotely and find out some errors like this:

[Error] Refused to load data:text/javascript;charset=utf-(...)-app-shell.html-170.js%0A because it does not appear in the script-src directive of the Content Security Policy

My current meta tag has this values:

<meta http-equiv="Content-Security-Policy" content="default-src gap://ready file://* *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: blob: *; media-src 'self' mediastream: blob:; connect-src * blob:">

and whitelist configuration:

<plugin name="cordova-plugin-whitelist" spec="1.3.1"/>
<access origin="*"/>
<allow-navigation href="*"/>
<allow-intent href="http://*/*"/>
<allow-intent href="https://*/*"/>
<allow-intent href="tel:*"/>
<allow-intent href="sms:*"/>
<allow-intent href="mailto:*"/>
<allow-intent href="geo:*"/>

any tip of what im doing wrong?

Answer 1

It might be caused by Content-Security-Policy.

try to add the default-src gap: in the <meta> tag.

e.g:

<head>
  <meta http-equiv="Content-Security-Policy" content="default-src * 'self' gap: wss: ws:; font-src * data:; img-src * data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'">
</head>

ref: "No Content-Security-Policy meta tag found." error in my phonegap application

Answer 2

Solved it!

In the meta tag instead of:

script-src 'self' 'unsafe-inline' 'unsafe-eval' *

I added:

script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *;