Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 5 years ago.
Improve this question
I am If I add encryption to an iPhone app (basically to encrypt a username/password when sending to the server), I will need to answer "Yes" to the question in iTunes connect of if I have added encryption to the app. I know that there are many laws about exporting encryption software outside of the US, which is why Apple makes us answer this question. How does adding encryption to an iPhone app affect approval times, in your experience, and are there any reasons why adding encryption to an app would make Apple reject it?
There are several of those encryption questions and if it is for storing passwords, then you probably are OK (although I don't remember exactly).
If you encrypt any kind of network traffic, however (even if it is just getting a page via HTTPS), then you'll need to register your app with the US government (if you are in the US). While you are obtaining that registration, Apple may let you sell your app in the US-only store.
Check this out:
Using SSL in an iPhone App - Export Compliance
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
For security and privacy reasons of our app, we enforce two factor authentication. After the user logs in for the first time, we ask them set up two factor authentication. App shows them a QR code which can be scanned on any free/paid Authenticator App (e.g. Google Authenticator).
Do you think this should cause trouble for getting app reviewed/approved in App Store Review process.
Replying a little bit late as the solution we actively use doesn't appear to be listed.
We have had similar issues with this topic (although our Multi-Factor Authentication System was SMS based).
As we didn't want to bypass our production security mechanisms or re-develop a demonstration mode, we have used a platform allowing to assign temporary virtual phone numbers to users in our apps. The platform is called GetMyMFA.io and it allows us to review and approve our app within 24 hours.
To use it we simply created a user in our production application with a virtual phone number attached which we can enable and disable in real time for the App Store review process. That way Apple simply needs to log in to the platform (with a specific and private username/password) and the SMS MFA login code is displayed in the website.
The objectives of building this platform have been:
Avoid spending time in a security "bypass" (and all the security issues that often come with it)
Avoid building a "demonstration" mode exclusively for Apple
Avoid using public websites with public phone numbers accessible to anyone.
Our App gets approved within 24h with this system and the user can be easily and safely disabled.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 5 years ago.
Improve this question
I need to develop an App in which the user can pick files from their Dropbox account and initiate a transfer a Public / Crowd sourced server.
This is not a migration of cloud storage, but manually selecting files and transferring them to a server. I have seen apps which help in migration of cloud storage through an automated script. As this is not a migration, the user may not understand what he is actually doing, or the implications of it.
My question is:
Will Apple reject the app when uploaded to the App Store for such an operation?
Will this be violating User privacy, as the user might unintentionally transfer sensitive information to a public cloud / server?
Diagrammatic representation of the operation:
As per Apple's guidelines
17.1 Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to
information about how and where the data will be used
So basically, to answer your question
You should provide proper message to the user of what exactly your app intends to do. Lets say in the form of a cancellable alert.
Without this apple will surely reject your app.
Secondly, this
should not be the necessary condition for your app to work. Meaning
that your app should work even if the user denies to share his
images and stuff from dropbox.
Prior to sharing / uploading user should get a view of what is being shared. Without this the application will be rejected. (This is even applicable even in the simple facebook share)
You always have a quick look on the Apple's privacy policies here
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 9 years ago.
Improve this question
There's a service without free registration or something like that. Clients of this service have login and password. This service wants to develop an iOS app and distribute it in the App Store. This app won't be useful for regular users. Is it possible to submit this app in the App Store?
I understand that there are options like enterprise developer account, but for some reasons the developer wants to use regular account and regular app store.
I've read App Review Guidelines and didn't find any restrictions which require application be useful to anyone.
Of course test login will be provided for reviewer.
It is possible, look at concur & office 365 as examples
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
My App is rejected by the reason :
"We found your app inappropriately unlocks or enables additional functionality with mechanisms other than the App Store, which is not in compliance with the App Store Review Guidelines"
"It may be appropriate to revise your app to use the In App Purchase API to provide content purchasing functionality. "
What I have done is as below:
As this app is for my specific customer companies to use, I only want the companies who get the Invitation Code from me to use my app. There is no charge. I don not know is it necessary to use the In App Purchase API instead? if it is true , can you give me some tips?
Your application cannot be used by members of the general public, and thus does not belong in the App Store.
If you only intend your application to be made available to a few specific people, you should use Ad-Hoc Distribution to make it available to them.
Explain the purpose to the review team, sometimes they listen.
Also, maybe have that message as a "login page" instead. Have a username and password rather than a verification code. The verification code message may look more like you are selling the app behind the AppStore. Also provide the review team with an access code / login details if you haven't already so they can actually review the app.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I developed an app for the company who sells professional e-books by their website. In order to keep the content in sync with web data, app enforce login/registration and without that doesn't provide any functionality.
This is the reason why it has been rejected for Review Guidelines 17.2 Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
My question is: is there a way to convince Apple to accept an app?
It is directed to the very specific proffessionals.
In the future the company want to add the possibility to sync books available on their website.
Also the books bought by in app purchase would be available on their website for the user account.
Isn't that enough reasons for Apple to accept this app? My client strongly want to have an account based app, the whole system was designed for that.
There is possibility to track user by udid but still it is not good solution because it is deprecated and Apple rejects apps using UDID for tracking reasons.
Does anyone have similar situation recently?
You say:
"app enforces login/registration and without that doesn't provide any
functionality."
Apple says:
"Apps that require users to share personal information in order to
function will be rejected"
So the answer is kinda obvious.
The app should provide (at least) some basic functionality without sharing personal data.
Maybe some book previews? 1 or 2 free books? App info? Why not apple's-bookstore? Does the website (before seeing anything) force you to signup too? Otherwise just make a web-app.