I got following email from apple
1.0.1 Binary Rejected June 16, 2015
17.2 Details We noticed that your app uses Facebook login for authentication purposes but does not include account-based features
offered
I got following attachment
From Apple
17.2 - Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
17.2 Details
We noticed that your app uses Facebook login for authentication
purposes but does not include account-based features offered by that
site, which is not allowed on the App Store.
Next Steps
Please modify your app to include account-based features of that
social network or use your own authentication mechanism.
what is the reason behinds it.
I have study the following links
https://www.parse.com/questions/app-rejected-facebook-login-doesnt-complete
App got rejected because only using Facebook as login option?
Apple rejected app 10.6 because Facebook opens Safari to login
Apple review Guidelines says here
5.1.1 Data Collection and Storage
(ii) If your app doesn’t include significant account-based features,
let people use it without a log-in. Apps may not require users to
enter personal information to function, except when directly relevant
to the core functionality of the app or required by law. If your core
app functionality is not related to a specific social network (e.g.
Facebook, WeChat, Weibo, Twitter, etc.), you must provide access
without a login or via another mechanism. Pulling basic profile
information, sharing to the social network, or inviting friends to use
the app are not considered core app functionality.
I've a published app that has an optional login feature without any "account-based features".
I think providing a "continue as guest" option will fix the issue.
This means that your app didn't implement another feature of Facebook anywhere else in your application, if you're asking for explanation. If you make an app that just has Facebook's Log-in API, but nothing else, then your app will be rejected. Find another feature of Facebook (such as sharing or invites) that you can implement somewhere in your application, and try again.
A few possible steps you can take:
Ask App Store review people for clarification. Wait until you didn’t
get a response from them
You can make user registration optional or only prompt for it where
it actually requires
Try it.
Add note, while submitting app,the purpose of using Facebook login in resolution center without uploading new build it will be approve.
If still you face any issue then add some functionality of user login.
For Ex: Use of facebook login is for keeping all records of user in our database and also explain a bit about your app functionality why you use login feature.Hope it will help
Also check
iPhone app rejection 17.2: app requires users sign in with their Facebook accounts
Related
Apple Review team rejected the Application with the reason
"We noticed that your app uses a third-party login service but does not offer Sign in with Apple.
"
Even Application have normal Signup process as well with Email and Password.
Is it Mandatory to have Apple Signin in iOS 13 apps ?
Update 3 (March 04, 2020)
The App Store Review Guidelines have been updated to cover cases that use both third party and their own sign in services. Those apps are now required to offer Sign in with Apple. Therefore I'll be updating my apps to support Sign in with Apple and I recommend you do the same if you fall into this category.
Original Answer:
So my app just got rejected for the exact same reason. My app offers regular email and password authentication as well as Facebook and Google login. Here are a few interesting things that I found while reading the App Store Review Guidelines.
1. It says:
Apps that exclusively use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option.
But my app does NOT EXCLUSIVELY use a third-part or social login service. It also uses our own email/ password method. In fact the email and password method is on top and thus assumed to be the main method of authentication. So I feel like this rule does not apply to my app.
2. It also says:
Sign in with Apple is not required if:
Your app exclusively uses your company’s own account setup and sign-in systems...
3. The first 2 rules don't cover my app's case.
My app does NOT EXCLUSIVELY use third-party login services and does NOT EXCLUSIVELY use our own method. It uses both. So it's neither required to implement the Sign in with Apple nor exempt from implementing it.
4. I submitted 2 apps for review in the same day with the exact same authentication methods and only one of them got rejected.
Yesterday I submitted 2 apps for review that are part of the same project and have the exact same authentication methods with the exact same auth screen design. They both got in review at the same time. The first one got approved and the second one got rejected for not implementing Sign in with Apple. Funny, right?
So unless they update the Review Guidelines to cover a case where you use both methods of authentication I believe we are not violating any rule. I'm trying to argue with the review team that my rejected app does not violate the App Store Review Guidelines and they should not have rejected it.
I'll update my answer when this get's resolved but till then it might actually help if others who face the same issue point this out to the review team. We'll either win our case and get our apps approved or they'll update their Review Guidelines to cover our case. Either way it'll be helpful for others in the future.
Update 1
Apple kinda understood that this is not right and my app's status changed from Binary Rejected to In Review. Now I'm waiting to see what they decide.
Update 2
After about 40 hours of being "In Review" my app finally got approved and is now "Ready for Sale". I can't believe it, but it finally feels like someone listened and understood the arguments that I made.
If you use any third-party sign-in feature, e.g. Facebook, Twitter, Google etc, you must now provide Apple Sign In as an additional option.
It's important to remember if you use solely a custom login system (i.e. email and password) then you do not need to include Apple Sign In.
4.8 Sign in with Apple
Apps that exclusively use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option. A user’s primary account is the account they establish with your app for the purposes of identifying themselves, signing in, and accessing your features and associated services.
Sign in with Apple is not required if:
Your app exclusively uses your company’s own account setup and sign-in systems.
Your app is an education, enterprise, or business app that requires the user to sign in with an existing education or enterprise account.
Your app uses a government or industry-backed citizen identification system or electronic ID to authenticate users.
Your app is a client for a specific third-party service and users are required to sign in to their mail, social media, or other third-party account directly to access their content.
Further reading can be found here: https://developer.apple.com/app-store/review/guidelines/
Bad news: the word "exclusively" has been removed from the guidelines early March.
Apps that use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option
Basically, yes. New apps that use sign-in must provide sign-in with Apple as an option. Existing apps that use sign-in must provide sign-in with Apple by April 2020.
We’ve updated the App Store Review Guidelines to provide criteria for
when apps are required to use Sign in with Apple. Starting today [Sept
12, 2019], new apps submitted to the App Store must follow these
guidelines.
(Source: https://developer.apple.com/news/?id=09122019b)
App Store Review Guidelines
4.8 Sign in with Apple
Apps that exclusively use a third-party or social login service (such
as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with
LinkedIn, Login with Amazon, or WeChat Login) to set up or
authenticate the user’s primary account with the app must also offer
Sign in with Apple as an equivalent option. A user’s primary account
is the account they establish with your app for the purposes of
identifying themselves, signing in, and accessing your features and
associated services.
Sign in with Apple is not required if:
· Your app exclusively uses your company’s own account setup and
sign-in systems.
· Your app is an education, enterprise, or business app that requires
the user to sign in with an existing education or enterprise account.
· Your app uses a government or industry-backed citizen identification
system or electronic ID to authenticate users.
· Your app is a client for a specific third-party service and users
are required to sign in to their mail, social media, or other
third-party account directly to access their content.
(Source: https://developer.apple.com/app-store/review/guidelines)
Today morning my app also got rejected because of the same reason but I was not using any third party sign up.
After rejection, I realised that in side menu under login button, I have 5 social media buttons for their respective social media page links so I replied to Resolution Center that I am using regular email based register and login. Also, I shared the screenshot of both screens (Login & Register). After 7-8 hours the status changed to 'In Review' and after next 10 minutes Apple approved and it goes live.
I made an app using firebase and I have implemented Google account based logIn system to my app because I thought it would good and also helps me for Firebase Invites but my app got rejected by the apple app review team and they are telling that I have to implement "significant account-specific functionality from Google".
My app is like a social networking app something similar to Facebook. Users in the app can invite friends, share content with friends to achieve this I used the Firebase features like real-time database, Storage, Firebase Invites etc... I really don't know what else I should implement to eligible for "significant account-specific functionality from Google."
I have sent an email for help but they haven't responded yet.
Using firebase is perfectly fine in iOS.
1.1 LEGAL: PRIVACY - DATA COLLECTION AND STORAGE - significant account-based features
Read section ii) https://developer.apple.com/app-store/review/guidelines/#data-collection-and-storage
If your core app functionality is not related to a specific social
network (e.g. Facebook, WeChat, Weibo, Twitter, etc.), you must
provide access without a login or via another mechanism.
Since your app is not using any specific social network feature ( facebook,twitter - which demands a login ) you must allow users to provide functionality without login.
You might want to appeal to Appeal board with explanation why user must login in order to use the app ( give examples and screenshots of specific functionality which cannot be used without login ).
If your appeal is rejected you don't have any option but to redesign the app to follow what apple is suggesting. What we have done in past is provide a basic flow without login but once it reaches point where login is must we force user to login ( something like anonymous user).
After 3-4 rejections I found the solution for this problem. I have have implemented a feature called Firebase Invites and for that they must sign in with their Google Account.
According to Appstore guidelines we even can't use third party login for sending invitations. In that situation, I have convinced them that "with this Firebase Invites I can able to see my friends in my Google Account and send them invitations personally". With that answer (they called me by phone) it seems they have convinced and accepted my app.
I had the same rejection this week because I have a Facebook login.
My app was already live, and this is rejection for an update.
There is a change in their guideline. This is new on Sep 1, 2016:
If your core app functionality is not related to a specific social network (e.g. Facebook, WeChat, Weibo, Twitter, etc.), you must provide access without a login or via another mechanism. Pulling basic profile information, sharing to the social network, or inviting friends to use the app are not considered core app functionality.
In essence, they are killing many apps that simply use social networks for single sign on.
A solution right now is to implement your own login account mechanism.
During my app review I received the following:
"17.2: Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
Specifically, your app uses Facebook login for authentication purposes only, but does not include account-based features offered by that site, which is not allowed on the App Store.
In order for Facebook to be the only authentication mechanism available, your app must include significant account-specific functionality from Facebook. Pulling profile information, or sharing are not sufficient account-based features for Facebook to be the only authentication mechanism available.
It would be appropriate to implement your own authentication mechanism, or implement significant account-specific functionality from Facebook."
My Question:
What are some examples of "significant account-specific functionality from Facebook"?
Would allowing users to choose pictures from their Facebook for their profile, or displaying mutual friends using my app pass this requirement?
*Note: I'm building a dating app kind of like Tinder
Thanks!
There is certainly a bit of gray area here. But the question you need to ask yourself is, "how can I make my app useful to users who can't login via Facebook?"
If the answer really is "I can't" then your app does indeed require Facebook authentication. It's not useful to anyone who does not have a Facebook account. A contrived example of this could be, for example, "Facebook Group Finder", an app that scans your interests on Facebook and suggests Facebook groups for you to join. If you don't have a Facebook account, then this app can be of no use to you.
Clearly, Apple however believes that your app does not fall into that category of apps. It has useful functionality that should not require a Facebook account to use. According to Apple's review notes, it sounds like your app just requires Facebook credentials so that a user can log in, and does not use any Facebook APIs or information from Facebook beyond that point (or perhaps, it uses them, but using them is not crucial to its operation).
If this is the case, it sounds like you could replace the Facebook account requirement with a requirement for the user to create an account on your website (or whatever) instead, and not really have any loss of functionality compared to a Facebook login. Apple is asking you to add that as a login alternative.
Allowing users to choose pictures from their Facebook profile definitely wouldn't satisfy Apple, since Facebook is not by far the world's only source of pictures. Displaying mutual friends, this probably also wouldn't do it, but it's more of a gray area. It seems like you could just leave the "mutual friends" part out of your app for non-Facebook users.
If you are going to use Facebook log in, apple wants you to use significant account-specific functionality. This means that you should use things from Facebook like user interest or friend list. Using the user name profile pictures are not considered account specific functionality. Apple is saying if you are not using these information then you are not supposed to use Facebook authentication. You have 2 solutions here:
Use the significant account-specific functionality from Facebook ex. interests of friend list.
Apple will accept the use Facebook log in without significant account-specific functionality if you also add your own login and password.
Tender app is using only Facebook log in and it is not rejected because tinder uses your friends list and interest from Facebook. If you can point to apple how you are using information like this they will accept your app.
I am sure of this information because I got it from apple review team member today!
Other authentication means, provide features that user can be able to sign up using his email id. What I understood from above is you have used only fb authentication.
During my app review I received the following:
"17.2: Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
Specifically, your app uses Facebook login for authentication purposes only, but does not include account-based features offered by that site, which is not allowed on the App Store.
In order for Facebook to be the only authentication mechanism available, your app must include significant account-specific functionality from Facebook. Pulling profile information, or sharing are not sufficient account-based features for Facebook to be the only authentication mechanism available.
It would be appropriate to implement your own authentication mechanism, or implement significant account-specific functionality from Facebook."
My Question:
What are some examples of "significant account-specific functionality from Facebook"?
Would allowing users to choose pictures from their Facebook for their profile, or displaying mutual friends using my app pass this requirement?
*Note: I'm building a dating app kind of like Tinder
Thanks!
There is certainly a bit of gray area here. But the question you need to ask yourself is, "how can I make my app useful to users who can't login via Facebook?"
If the answer really is "I can't" then your app does indeed require Facebook authentication. It's not useful to anyone who does not have a Facebook account. A contrived example of this could be, for example, "Facebook Group Finder", an app that scans your interests on Facebook and suggests Facebook groups for you to join. If you don't have a Facebook account, then this app can be of no use to you.
Clearly, Apple however believes that your app does not fall into that category of apps. It has useful functionality that should not require a Facebook account to use. According to Apple's review notes, it sounds like your app just requires Facebook credentials so that a user can log in, and does not use any Facebook APIs or information from Facebook beyond that point (or perhaps, it uses them, but using them is not crucial to its operation).
If this is the case, it sounds like you could replace the Facebook account requirement with a requirement for the user to create an account on your website (or whatever) instead, and not really have any loss of functionality compared to a Facebook login. Apple is asking you to add that as a login alternative.
Allowing users to choose pictures from their Facebook profile definitely wouldn't satisfy Apple, since Facebook is not by far the world's only source of pictures. Displaying mutual friends, this probably also wouldn't do it, but it's more of a gray area. It seems like you could just leave the "mutual friends" part out of your app for non-Facebook users.
If you are going to use Facebook log in, apple wants you to use significant account-specific functionality. This means that you should use things from Facebook like user interest or friend list. Using the user name profile pictures are not considered account specific functionality. Apple is saying if you are not using these information then you are not supposed to use Facebook authentication. You have 2 solutions here:
Use the significant account-specific functionality from Facebook ex. interests of friend list.
Apple will accept the use Facebook log in without significant account-specific functionality if you also add your own login and password.
Tender app is using only Facebook log in and it is not rejected because tinder uses your friends list and interest from Facebook. If you can point to apple how you are using information like this they will accept your app.
I am sure of this information because I got it from apple review team member today!
Other authentication means, provide features that user can be able to sign up using his email id. What I understood from above is you have used only fb authentication.
My app is a photo-sharing app based on Facebook, and Facebook is the only option for register and login, but my app got rejected with following message:
17.2: Apps that require users to share personal information, such as email address and date of birth, in order to function will be
rejected:
We found that your app uses Facebook login for authentication purposes
only - but does not include any account-based features offered by that
site. This is not in compliance with the App Store Review Guidelines.
It would be appropriate to modify your app to include account-based
features of that social network - or use your own authentication
mechanism.
But clearly my app is based on Facebook and user could share photo to Facebook, and invite their Facebook friend to join, so I dont see our app is using Facebook login for "authentication purposes only".
Any help is appreciate!
Respond to the reviewer explaining that, providing steps on how to do it. It's possible that functionality was just overlooked.