I just started facing this issue with the iOS 10 GM release. I received an email saying:
To process your delivery, the following issues must be corrected:
This app attempts to access privacy-sensitive data without a usage description. The app's Info.plist must contain an NSCameraUsageDescription key with a string value explaining to the user how the app uses this data.
Once the required corrections have been made, you can then redeliver the corrected binary.
The App Store team
Workaround Solution I used: Google's frameworks for AdMob and GoogleSignIn installs firebase automatically which uses such permissions even though the app never does. After I defined
NSCameraUsageDescription in the
info.plist, it let me submit without problem hoping that the app won't prompt the user ever so they won't see the text either. But google really should fix this, this sounds like some super shady thing of spying via camera or something.