App submissions to the app store which contain social logins are required to have a manual log in form along side the other logins (I am assuming this incase the 3rd party SDKs break then the user still has a method to log in).
Since apple have released their native 'Sign in with apple' capability (WWDC 2019) does this mean we can submit apps without a manual form? or will this still be a requirement?
I cannot find anything in the documentation to suggest either way.
The requirement is only if your app have social network login (Facebook, Google).
If your app uses a build in login (user/password), you don't need to implement.
In simple words, if your app is...
NOT USING THIRD PARTY LOGIN
If your app is not using any Third party login services then you do not need to implement login with Apple feature in your app.
USING NATIVE SIGN-IN/SIGNUP
If your app is using native sign-in/sign-up for user(user fill registration form and then login), then also you do not need to implement login with Apple in your app
USING THIRD PARTY LOGIN
If your app is using third party login Services like Facebook login, google login, Twitter login, etc. then You have to implement Sign in With Apple in your app.
USING THIRTY PARTY LOGIN + NATIVE SIGN-IN/SIGNUP(MIXED APPROACH)
If your app allows user to sign up via email by filling a registration form and also offers third party login then your app must implement Sign in with Apple.
Related
I am working on iOS Application which has Login and Sign Up requirement before using application.
Login screen has four option to login:
Login with email & password
Login with Apple
Login with Facebook
Login with Google
Sign Up module is divided into multiple screens according to design of application. In third & last step of sign up, where we are collecting user's email, first name, last name etc, we are also showing third party login buttons for Apple, Facebook & Google to auto fill all the information from social accounts and later on, user can login with social accounts.
So, Apple Review Team just rejected our application because of the reasons:
Guideline 2.1 - Performance - App Completeness
We continue to discover one or more bugs in your app. Specifically, we were still unable to access your app with third party login services.
Actually they are trying to login with third party login services and getting error on login screen:
No profile exists against this account. Please sign up or use another account to continue.
Reason: They are trying to login with social accounts but they didn't signed up with social accounts first. To sign up with social accounts, they need to go to sign up screens (multiple screens involved) and enter all the required information. They are not going to sign up screens and tapping on social accounts buttons from login screen and asking that its not working.
Multiple versions of our application already accepted by Apple but this time they rejected application.
Has anyone else had faced a similar issue? They continuously rejecting application even I tried multiple times to explain the flow even by attaching video of social login and sign up process.
Thanks in advance!
Apple Review team rejected the Application with the reason
"We noticed that your app uses a third-party login service but does not offer Sign in with Apple.
"
Even Application have normal Signup process as well with Email and Password.
Is it Mandatory to have Apple Signin in iOS 13 apps ?
Update 3 (March 04, 2020)
The App Store Review Guidelines have been updated to cover cases that use both third party and their own sign in services. Those apps are now required to offer Sign in with Apple. Therefore I'll be updating my apps to support Sign in with Apple and I recommend you do the same if you fall into this category.
Original Answer:
So my app just got rejected for the exact same reason. My app offers regular email and password authentication as well as Facebook and Google login. Here are a few interesting things that I found while reading the App Store Review Guidelines.
1. It says:
Apps that exclusively use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option.
But my app does NOT EXCLUSIVELY use a third-part or social login service. It also uses our own email/ password method. In fact the email and password method is on top and thus assumed to be the main method of authentication. So I feel like this rule does not apply to my app.
2. It also says:
Sign in with Apple is not required if:
Your app exclusively uses your company’s own account setup and sign-in systems...
3. The first 2 rules don't cover my app's case.
My app does NOT EXCLUSIVELY use third-party login services and does NOT EXCLUSIVELY use our own method. It uses both. So it's neither required to implement the Sign in with Apple nor exempt from implementing it.
4. I submitted 2 apps for review in the same day with the exact same authentication methods and only one of them got rejected.
Yesterday I submitted 2 apps for review that are part of the same project and have the exact same authentication methods with the exact same auth screen design. They both got in review at the same time. The first one got approved and the second one got rejected for not implementing Sign in with Apple. Funny, right?
So unless they update the Review Guidelines to cover a case where you use both methods of authentication I believe we are not violating any rule. I'm trying to argue with the review team that my rejected app does not violate the App Store Review Guidelines and they should not have rejected it.
I'll update my answer when this get's resolved but till then it might actually help if others who face the same issue point this out to the review team. We'll either win our case and get our apps approved or they'll update their Review Guidelines to cover our case. Either way it'll be helpful for others in the future.
Update 1
Apple kinda understood that this is not right and my app's status changed from Binary Rejected to In Review. Now I'm waiting to see what they decide.
Update 2
After about 40 hours of being "In Review" my app finally got approved and is now "Ready for Sale". I can't believe it, but it finally feels like someone listened and understood the arguments that I made.
If you use any third-party sign-in feature, e.g. Facebook, Twitter, Google etc, you must now provide Apple Sign In as an additional option.
It's important to remember if you use solely a custom login system (i.e. email and password) then you do not need to include Apple Sign In.
4.8 Sign in with Apple
Apps that exclusively use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option. A user’s primary account is the account they establish with your app for the purposes of identifying themselves, signing in, and accessing your features and associated services.
Sign in with Apple is not required if:
Your app exclusively uses your company’s own account setup and sign-in systems.
Your app is an education, enterprise, or business app that requires the user to sign in with an existing education or enterprise account.
Your app uses a government or industry-backed citizen identification system or electronic ID to authenticate users.
Your app is a client for a specific third-party service and users are required to sign in to their mail, social media, or other third-party account directly to access their content.
Further reading can be found here: https://developer.apple.com/app-store/review/guidelines/
Bad news: the word "exclusively" has been removed from the guidelines early March.
Apps that use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option
Basically, yes. New apps that use sign-in must provide sign-in with Apple as an option. Existing apps that use sign-in must provide sign-in with Apple by April 2020.
We’ve updated the App Store Review Guidelines to provide criteria for
when apps are required to use Sign in with Apple. Starting today [Sept
12, 2019], new apps submitted to the App Store must follow these
guidelines.
(Source: https://developer.apple.com/news/?id=09122019b)
App Store Review Guidelines
4.8 Sign in with Apple
Apps that exclusively use a third-party or social login service (such
as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with
LinkedIn, Login with Amazon, or WeChat Login) to set up or
authenticate the user’s primary account with the app must also offer
Sign in with Apple as an equivalent option. A user’s primary account
is the account they establish with your app for the purposes of
identifying themselves, signing in, and accessing your features and
associated services.
Sign in with Apple is not required if:
· Your app exclusively uses your company’s own account setup and
sign-in systems.
· Your app is an education, enterprise, or business app that requires
the user to sign in with an existing education or enterprise account.
· Your app uses a government or industry-backed citizen identification
system or electronic ID to authenticate users.
· Your app is a client for a specific third-party service and users
are required to sign in to their mail, social media, or other
third-party account directly to access their content.
(Source: https://developer.apple.com/app-store/review/guidelines)
Today morning my app also got rejected because of the same reason but I was not using any third party sign up.
After rejection, I realised that in side menu under login button, I have 5 social media buttons for their respective social media page links so I replied to Resolution Center that I am using regular email based register and login. Also, I shared the screenshot of both screens (Login & Register). After 7-8 hours the status changed to 'In Review' and after next 10 minutes Apple approved and it goes live.
I'm using this package for Facebook OAuth:
https://www.npmjs.com/package/react-native-facebook-login
If I use FBLoginManager.LoginBehaviors.SystemAccount, when the user taps the Facebook login button, iOS will pop up a dialog asking if they want to grant access to the app. While this is convenient, the only drawback I've noticed is that I can ask for a dozen different permissions and the user has no clue what my app is requesting, nor can they selectively choose what to share.
Is there some way to give them this choice using the native iOS Facebook account? Or should I just use FBLoginManager.LoginBehaviors.Native which pops up an in-app browser for them to authenticate. (I was under the impression, according to the documentation, that it would switch to the Facebook app, but that doesn't happen)
The native iOS implementation (the one built by Apple) does not support the granular permission dialog you will see when doing login through the native Facebook app or the Safari View Controller flow so your only option is to fallback to any login method that does not involve the native OS implementation.
I got following email from apple
1.0.1 Binary Rejected June 16, 2015
17.2 Details We noticed that your app uses Facebook login for authentication purposes but does not include account-based features
offered
I got following attachment
From Apple
17.2 - Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
17.2 Details
We noticed that your app uses Facebook login for authentication
purposes but does not include account-based features offered by that
site, which is not allowed on the App Store.
Next Steps
Please modify your app to include account-based features of that
social network or use your own authentication mechanism.
what is the reason behinds it.
I have study the following links
https://www.parse.com/questions/app-rejected-facebook-login-doesnt-complete
App got rejected because only using Facebook as login option?
Apple rejected app 10.6 because Facebook opens Safari to login
Apple review Guidelines says here
5.1.1 Data Collection and Storage
(ii) If your app doesn’t include significant account-based features,
let people use it without a log-in. Apps may not require users to
enter personal information to function, except when directly relevant
to the core functionality of the app or required by law. If your core
app functionality is not related to a specific social network (e.g.
Facebook, WeChat, Weibo, Twitter, etc.), you must provide access
without a login or via another mechanism. Pulling basic profile
information, sharing to the social network, or inviting friends to use
the app are not considered core app functionality.
I've a published app that has an optional login feature without any "account-based features".
I think providing a "continue as guest" option will fix the issue.
This means that your app didn't implement another feature of Facebook anywhere else in your application, if you're asking for explanation. If you make an app that just has Facebook's Log-in API, but nothing else, then your app will be rejected. Find another feature of Facebook (such as sharing or invites) that you can implement somewhere in your application, and try again.
A few possible steps you can take:
Ask App Store review people for clarification. Wait until you didn’t
get a response from them
You can make user registration optional or only prompt for it where
it actually requires
Try it.
Add note, while submitting app,the purpose of using Facebook login in resolution center without uploading new build it will be approve.
If still you face any issue then add some functionality of user login.
For Ex: Use of facebook login is for keeping all records of user in our database and also explain a bit about your app functionality why you use login feature.Hope it will help
Also check
iPhone app rejection 17.2: app requires users sign in with their Facebook accounts
I've a simple application, that requires facebook signup/login built in Rails 3 that works exactly as I want it to.
Meanwhile, I had several requests to make it behave like an API, the web app is a social media tool where people publish content to their own social networks. i'm converting the system to provide a solution for the following problem:
3rd party website having their own login system
They want to make a button - publish through X service - and as soon as the user presses the button he will be shown the Facebook Permissions' dialog for my own fb app, as soon as he authorizes it the content will be published
So far, while the webapp was a standalone website, this was really easy to do - they would go to my webapp, login with facebook and published whatever they wanted to, however, I'm finding it hard to come up with a solution that doesn't present any security issues. Here's what I was thinking:
I provide a JS SDK which:
the 3rd party install in their website -> a special method is associated with a button
Once the button is pressed, the user is redirected to FB (sets de redirect_ui to be the current page)
catches the params whenever FB redirects back (as soon as the user gives the permissions)
Push the content through Facebook and so on
the 3rd party provides a callback that will run as soon as the content is published (I send them the FB_ID and access token)
The 3rd party can now make calls to all my API given they will send the FB_ID and access token which I sent as soon as I had the permissions
Will this work ? Can I easily catch back the FB redirect ? Are there any security issues ?
Thanks in advance,
Ze
My system does something quite similar. I provide API to 3rd party sites and make calls to Facebook on behalf of their users.
The approach I took was to implement my system as an oauth provider. This way, when the user logs in on the 3rd party site, he's presented with my login page, which on click or by redirection, redirects him to Facebook oauth flow.
3rd party-->my site--> Facebook
However, this might be a bit of an overkill in your case.