I recently updated an app for a client and it's now ready for submission to the App Store. But after a talk with my client they told me that the previous version (not developed or submitted by me) had a kind of "password protection" on the App Store. They explained it as anyone could find the app on App Store but when you click "download" the user would need to enter a password (not the Apple ID password, more of a predefined password specifically for this app) to continue the download process.
I am used to submitting apps to the App Store, both paid and free, but I have never done this and don't honestly know how. My closest guess is that we need to upgrade the plan to an enterprise account, but from my understanding (and please correct me if I'm wrong) this will remove the app from the App Store search and only allow download from a link or file?
What way would you guys recommend?
Thanks in advance!
There's no recommendation.
What you think and whatever is running in your mind is completely correct. There's no way to set custom download passwords. The only way to download using appstore is to use the apple id.
Point your client to the apple guidelines and documentation's. Hopefully they should understand.
Very nice concern from security point of view but unfortunately Apple has not provided any such feature yet...
An alternate solution to your query:
You can't block user from downloading your app but you can block user from using you app with the help of AppLock feature (One time password authentication - when user uses your app for first time).
Set a Passcode/Pattern protected lock screen as a first/main screen of your application (immediately after Splash Scree) and only users can unlock your app, to whom you've shared passcode. (Note: Integrate passcode verification using web service/server, so you can reset passcode any time from server)
I hope this may be helpful to you...
Update
Here is more option, if you want to allow/restrict your app usage for specific region/country (listed on Store).
Distribute iOS app for specific region/territory
Related
I am making a small app for my colleagues and myself that will contain some calculation tools some manuals and some drawings...
I would want them to be able to download the app from the apple store but since we do not want anyone to have access to the information in the app, I would like only the people with a password to be able to open it and use it.
I don't really want to go the adhoc way, some people are not particularly tech-savvy and I want to keep it as simple as possible...
Neither do I want to distribute the app through an enterprise account..
So is it possible to restrict the access of an app with a password stored locally?
Does Apple allow this?
Basically the first time the app opens, the user will be prompt a view with a password to enter, if he knows it then the app is somehow activated otherwise you can't open it....
I could recommend using TestFlight as a solution. I'm not sure if you're familiar with it but it is part of developer tools. You can give target people codes based on their iTunes account or their unique phone identifier.
If that helps at all let me know! :)
Although it is not clearly stated I think that your app could get rejected if people do not have a possibility to "create an account" and use your app.
An excerpt:
Also, remember that not everyone using your app has an account from
the start. Make sure you explain how to get one, or provide a simple
in-app way to sign up.
Here you can find some more information:
https://developer.apple.com/ios/human-interface-guidelines/interaction/authentication/
I would like to create an iOS App for a limited set of people.
It should be possible to download the app for free from App Store, but in order to use it
the idea is that you are required to be a member of the organization, which in this case is a local sports organization.
To solve the problem I thought of giving away activation keys to members that can be entered when they create an account, and therefore only members will be using the app.
Will the app be rejected by App Store? If so, is it possible to go around this in some away?
Thanks.
No you will not be rejected by the App Store.
During the review you will only need to give the access to demo account.
Your app will be available to anyone but you are free to give the credential to any person you want.
edit
Fyi I have such apps. The AppStore only block 'discriminating' app based on carrier or location (you can choose the countries anyway), but you are perfectly in the rules if you give access only to your clients...
edit edit
2.22 like I said is against arbitrary criterias, not linked to the login mechanism
for 11.1 and so on, I understand the point, but in my case (and I think yours) there is no problem if
you sell your service before, the app is just complimentary
you dont sell anything within the app
you dont charge for the app itself or anything within the app, you charge only the use of the server/back office/whatsoever
I guess that Apple dont care, they just don't want to bypass the applestore but I dont think that it is your case.
You should try Enterprise distribution for such purpose.
Yes your app may be rejected. Check the App Store Review Guidelines. In 2.2 it says
Apps that arbitrarily restrict which users may use the App, such as by location or carrier, may be rejected
There are different alternatives.
You can opt in for the Apple Developer Enterprise Program, this'll cost you 300$ a year and requires you to be a legal entity.
If you want to test it with a limited number of people (<1000) try looking into Testflight it was bought by Apple and is deeply integrated in the development process.
No, there will not. You need to to give some demo account info as test data to review while submitting to app store in the iTunes Connect portal.
Demo use case(worked for me): Implementation is like, there need some userid/unique pin to the registered account holders to start the application. At the time they input this pin, authenticate the user with our server and give the permission to let in to the app.
Otherwise you need to go for enterprise distribution. Find more about enterprise distribution here.
The B2B program Apple has isn't available in my country and in looking for another way to give my apps to a business privately so that only that business or the people in it can use the app. I was wondering , is Apple ok with me putting a password on my app so that anyone can download it but only someone who knows the password can use it?
You're not allowed to publish an app that targets only a certain group of users, says the Apple guidelines for publishing on the app store. With that password restriction you're against that rule.
Now, that being said, you could buy an entreprise developer account and simply use the Over-the-Air system, if you're aware of how it works.
If not, look at my brief description here : https://stackoverflow.com/a/26043004/3603502
My company is working on a dynamic mobile app that updates the look and appearance based on webcalls and we would like to be able to test that it would be able to get into the store okay. For the time being we have used the code to create an interal company app where the initial screen is a logon screen where the users log in with their company usernames and passwords. There are only about 20 people in the company that will be using this app for the beta release and the app logon is only available to members of the company.
We want to have this test release to first ensure that the app gets into the appstore and secondly to get a feel for the app review process. Would this type of app be allowed into the store? Or due to its limited user group, would they reject it? Also would apple need to be given a test username/pass to login to the company website itself to check how the app runs?
Any information regarding this issue would be very helpful!!
From the App Store Review Guidelines (developer account required):
If your App looks like it was cobbled together in a few days, or
you're trying to get your first practice App into the store to impress
your friends, please brace yourself for rejection. We have lots of
serious developers who don't want their quality Apps to be surrounded
by amateur hour.
and
2.9 Apps that are "beta", "demo", "trial", or "test" versions will be rejected
Finally, yes, you are required to provide a "demo account" if a login is required to use the entirety of your application.
Regarding your small user base, your application may not be accepted if it will only be used by 20 or so people (as stated in the comments). The iOS Enterprise Program is intended for in-house distribution (a small and limited user base).
2.22 Apps that arbitrarily restrict which users may use the app ... may be rejected
I have worked for a company that did release apps that were secured by a login screen. All you need to do to get it into the app store is provide Apple with a proper login so that they may test the functionality of the app themselves. When updating the metadata for your app in iTunes Connect, there is a section for testing notes, simply put your test username/password in there for apple to use.
One way they can reject an app is guideline 2.12: "We found that the features and/or content of your app were not useful or entertaining enough, or your app did not appeal to a broad enough audience, to be in compliance with the App Store Review Guidelines." If you're concerned about whether or not your app can get to the store, then there is no real problem in just submitting it. Just don't call it a beta test version because they will reject it. If you want, you can always change the release date of the app to a future date once it passes, and then the app will still not be available to all until that future date is reached. And yes you should provide them with a user name
I have a website which offers (FREE) account based services. Iam working on a iphone app for the site. Can somebody help me with these questions?
1) Registration: In my case, the app is meaningless without an account/registration (all free). There is a lot of chatter in the internet that apps that do not offer a "registration-free" experience will be rejected. (example : http://readitlaterlist.com/blog/2010/08/version-2-2-rejected-new-rejection-reason-from-apple-may-have-major-implications/) Thoughts?
2) Email Verification: On my website, a user has to "Verify his email" before he can login.
Basically, can I do this one time only thing in my app: (a) ask email -> register (b) ask user to copy verification token in email & paste in the app (c) Hit verify & let them inside the app upon success. Is this alright?
3) Is it against Apple's rules if the iphone app only supports existing users(who already signed up via website & have a user name password)? This way I need not worry about 1 & 2 for now & still have a full fledged app.
Please note that I have read the guidelines but still cannot come to a conclusion.
I am aware that "will Apple reject my app" - is a question nobody can answer
All I am looking for is your opinion based on your prior experiance & your interpretation of guidelines. Thanks much.
UPDATE: To all users who land here: Apple approved my app few weeks ago. All I did is explain(in review notes) that my app is truly account based & would be meaningless without an email. On my home screen, I have 2 buttons, "I have an account" & "Create an account". There is no registration free experience other than a series of graphics focused on "what is " & indirectly emphasizes that it is an account based appln. Apple seem to be convinced & approved the app the first go. Hope it helps.
I made an app that sounds very similar to yours. I host some websites that are basically forums (they require registration). So my app is an app that allows the user (once they have logged in) to read, post, edit profile etc. Without logging in they get nothing, they see a login screen/Signup button. Which takes them to a form to sign up, it then sends out an email and they approve it via the link it then allows them to login. So as you pointed out No one can really tell you if your app will be rejected or by apple, but my app was very similar to yours and made it through just fine. Also think about a service like Spotify, gmail, or facebook. They require the user to login/register before the app works at all. I believe these rejections dont come from the fact that they are requiring users to login, but they are making it difficult for them to login in or they did not have a website that this was tied to, they just want the user to login to use the app. Its a very fine line, and again apple will be the judge of this in the end.
*Apple very well could have changed this since I submitted my app, but this is just my experience.
In general this sounds fine. The most important piece of advice I can give you is to make sure that you create an account for the reviewers to use - use the 'review notes' box to give them a login and password so they can type it straight into the app. You'll probably get rejected if you don't do this (reviewers dont' have time to check out your site, sign up, wait for the email, click .. etc).
EDIT: Also you should ensure there's a link to the registration page on the web from the front-page of your app (or at least somewhere very obvious).
If your submitted iOS app requires email verification from within the app for the app to function, this sounds it could very likely be a strong reason for a rejection by Apple (apps are not allowed to require personal identifying information.)
If your app requires a pre-existing login/password, and you give Apple a pre-existing fully functional working login for review purposes, what any user has to do to get this login outside and before running your app may be outside Apple's purview (for instance, joining some club or professional organization, opening a bank account, etc.).
But the only way to know for sure is to submit an app for review by Apple.
Our empirical knowledge is that we had submitted a fully featured app with more then one reasen to get rejected. One of them was, of course, that we enclose a way to get balnce in the app without using the IAP (https://developer.apple.com/in-app-purchase/) from apple. That thing was a killer. I think, because of this feature, the reviewers told us even more reasons to get rejected. One was the signup button in the login screen. After we disabled the topup and the signup feature, the review was fine and we're happy and online. Since that rejection, over a year ago, we had never tried to enable signup and upload it again. Now, we'll do that and I will report here what is happaning...
Update #Ravi Jul 31 at 16:18
It's like what I said! We're now online with a singup button at the start screen of the app. Apple does not disallow it. FYI