I am using Firebase Authentication with invitation links for sign up using either email/password, google or apple signup. Using PWA I managed to create a webview application on android play store with no issues.
The current issue I am facing is apple rejecting my application on basis protocol #2.1.0 (App Completeness) where it describes an error of apple sign in flow that redirects them to login screen. Apple review to Uploaded App
Such error does not occur on all my test flight applications on both iphones and ipads when using the "given test account apple id and password".
The question is whether apple requires all applications to be sign in with no restrictions to user (without invitation links), or such situation is a misunderstanding from the Apple app reviewer.
Any Help would be appreciated, and Hope you have a wonderful day.
The question is whether apple requires all applications to be sign in with no restrictions to user (without invitation links)
Yes, this is usually the case
you can make a Sign in screen that when the user sign in using Apple this message appears you should have an invitation to Sign in
And also provide Apple with another way to access the app as testers.
Apple Review team rejected the Application with the reason
"We noticed that your app uses a third-party login service but does not offer Sign in with Apple.
"
Even Application have normal Signup process as well with Email and Password.
Is it Mandatory to have Apple Signin in iOS 13 apps ?
Update 3 (March 04, 2020)
The App Store Review Guidelines have been updated to cover cases that use both third party and their own sign in services. Those apps are now required to offer Sign in with Apple. Therefore I'll be updating my apps to support Sign in with Apple and I recommend you do the same if you fall into this category.
Original Answer:
So my app just got rejected for the exact same reason. My app offers regular email and password authentication as well as Facebook and Google login. Here are a few interesting things that I found while reading the App Store Review Guidelines.
1. It says:
Apps that exclusively use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option.
But my app does NOT EXCLUSIVELY use a third-part or social login service. It also uses our own email/ password method. In fact the email and password method is on top and thus assumed to be the main method of authentication. So I feel like this rule does not apply to my app.
2. It also says:
Sign in with Apple is not required if:
Your app exclusively uses your company’s own account setup and sign-in systems...
3. The first 2 rules don't cover my app's case.
My app does NOT EXCLUSIVELY use third-party login services and does NOT EXCLUSIVELY use our own method. It uses both. So it's neither required to implement the Sign in with Apple nor exempt from implementing it.
4. I submitted 2 apps for review in the same day with the exact same authentication methods and only one of them got rejected.
Yesterday I submitted 2 apps for review that are part of the same project and have the exact same authentication methods with the exact same auth screen design. They both got in review at the same time. The first one got approved and the second one got rejected for not implementing Sign in with Apple. Funny, right?
So unless they update the Review Guidelines to cover a case where you use both methods of authentication I believe we are not violating any rule. I'm trying to argue with the review team that my rejected app does not violate the App Store Review Guidelines and they should not have rejected it.
I'll update my answer when this get's resolved but till then it might actually help if others who face the same issue point this out to the review team. We'll either win our case and get our apps approved or they'll update their Review Guidelines to cover our case. Either way it'll be helpful for others in the future.
Update 1
Apple kinda understood that this is not right and my app's status changed from Binary Rejected to In Review. Now I'm waiting to see what they decide.
Update 2
After about 40 hours of being "In Review" my app finally got approved and is now "Ready for Sale". I can't believe it, but it finally feels like someone listened and understood the arguments that I made.
If you use any third-party sign-in feature, e.g. Facebook, Twitter, Google etc, you must now provide Apple Sign In as an additional option.
It's important to remember if you use solely a custom login system (i.e. email and password) then you do not need to include Apple Sign In.
4.8 Sign in with Apple
Apps that exclusively use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option. A user’s primary account is the account they establish with your app for the purposes of identifying themselves, signing in, and accessing your features and associated services.
Sign in with Apple is not required if:
Your app exclusively uses your company’s own account setup and sign-in systems.
Your app is an education, enterprise, or business app that requires the user to sign in with an existing education or enterprise account.
Your app uses a government or industry-backed citizen identification system or electronic ID to authenticate users.
Your app is a client for a specific third-party service and users are required to sign in to their mail, social media, or other third-party account directly to access their content.
Further reading can be found here: https://developer.apple.com/app-store/review/guidelines/
Bad news: the word "exclusively" has been removed from the guidelines early March.
Apps that use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option
Basically, yes. New apps that use sign-in must provide sign-in with Apple as an option. Existing apps that use sign-in must provide sign-in with Apple by April 2020.
We’ve updated the App Store Review Guidelines to provide criteria for
when apps are required to use Sign in with Apple. Starting today [Sept
12, 2019], new apps submitted to the App Store must follow these
guidelines.
(Source: https://developer.apple.com/news/?id=09122019b)
App Store Review Guidelines
4.8 Sign in with Apple
Apps that exclusively use a third-party or social login service (such
as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with
LinkedIn, Login with Amazon, or WeChat Login) to set up or
authenticate the user’s primary account with the app must also offer
Sign in with Apple as an equivalent option. A user’s primary account
is the account they establish with your app for the purposes of
identifying themselves, signing in, and accessing your features and
associated services.
Sign in with Apple is not required if:
· Your app exclusively uses your company’s own account setup and
sign-in systems.
· Your app is an education, enterprise, or business app that requires
the user to sign in with an existing education or enterprise account.
· Your app uses a government or industry-backed citizen identification
system or electronic ID to authenticate users.
· Your app is a client for a specific third-party service and users
are required to sign in to their mail, social media, or other
third-party account directly to access their content.
(Source: https://developer.apple.com/app-store/review/guidelines)
Today morning my app also got rejected because of the same reason but I was not using any third party sign up.
After rejection, I realised that in side menu under login button, I have 5 social media buttons for their respective social media page links so I replied to Resolution Center that I am using regular email based register and login. Also, I shared the screenshot of both screens (Login & Register). After 7-8 hours the status changed to 'In Review' and after next 10 minutes Apple approved and it goes live.
I have uploaded an app for review in iTunes Connect. The apps login procedure is as follows:
User enters his/her mobile number. If the mobile number is new and not in the database, an One Time Password(OTP) is sent as an SMS over the phone to the user and he/she may login.
If the number is already in the database, the user gets directly logged in.
My question is that what should I mention in the dummy account details?
I have mentioned a mobile number that is already in the database so that the reviewer may login and browse my app.
Should I mention the details about an entirely new user as sending OTP to US won't be possible?
Kindly guide.
here is an solution, if apple reviewer can't send OTP then just use this simple trick.
if app reviewer has a login ID/PASS but the OTP is required any of case then just create account for apple reviewer and set Static OTP on this particular account.
tell them ID/PASS and OTP. just simple
I think if you add some registered phone number in "username" section of submit for review form, it will be approved for that procedure.
I am submitting an app that integrates with another system. In order to use the app you need to have a system login which Apple would not have.
What are the guidelines for sumbmitting an app of this nature? I assume there could be some issues if the only screen that the Apple test team can see is the login screen.
Thanks,
Joe
I created a couple of apps similar to this. We provided Apple with more or less dummy accounts that could get past the login screen, and view the basic functionality of the app, but didn't release any secret information we didn't want out
You should provide a test account for Apple reviewers and specify the login credentials when submitting the app.
I need to add log in screen and registration forum to my application, such that the user register or log in to the application,
is it legal issue or my application will be rejected
You can have a log in screen. Many apps have them.
But Apple has been rejecting apps with a login registration screen, or even a registration web site URL within the app, depending on the exact conditions for that registration. You may have to get users to register for your app outside your app and/or before running your app. Make sure to preregister Apple with a demo account for use during app review.
It also helps greatly if your app has some general usefulness even without registering (e.g. banking apps may have a map to the nearest branch even for users who don't have customer account logins, or some public info about interest rates, etc.).
There are plenty of apps that also live on the web and so require some sort of login, e.g. Foursquare, Facebook
There are no issues at all with creating a login screen for your application. When you submit your app to the App Store, you will be asked to provide login credentials for the testing team to login and test your app. I wouldn't force them to go through the account creation process as it may delay your app getting approved.