5.1.1

Hi, I am in need of your help with publishing my game. I got the following explanation for the negative review of my app/game. Issue Description One or more purpose strings in the app do not sufficiently explain the use of protected resources. Purpose strings must clearly and completely describe the app's use of data and, in most cases, provide an example of how the data will be used. Next Steps Update the local network information purpose string to explain how the app will use the requested information and provide a specific example of how the data will be used. See the attached screenshot. Resources Purpose strings must clearly describe how an app uses the ability, data, or resource. The following are hypothetical examples of unclear purpose strings that would not pass review: App would like to access your Contacts App needs microphone access See examples of helpful, informative purpose strings. The problem is that they say my app asks to allow my app to find devices on local networks. And that this needs m

Hi there. I work for a company that develops a SaaS service. Users have to register before using the SaaS as all the data they save in the application must be linked to their account. Why that? Because it is a multi-platform SaaS currently running on web and Android, so, the user must have access to his/her contents on every platform he/she intends to use. Also, some features depend on our back-end system to process the data and return an analysis based on them. That said, Apple is rejecting our app claiming that we should not require the user to register an account before purchasing a subscription. The problem is: how can the user store their data in our servers without an account? We do offer a free tier account, but the users must be logged in to have access to their data and have the analysis performed by the back-end service. Does anybody have gone through a similar issue? I need clarifications on how to solve this. Thanks in advance.

I’ve officially given up trying to release my app on iOS. Apple’s latest rejection quotes: • Guideline 5.1.5 – Location Services “The app uses location data for features that are not relevant to a user’s location. Specifically, the app is not functional when Location Services are disabled. To resolve this issue, please revise the app so that the app is fully functional without requiring the user to enable Location Services.” • Guideline 5.1.1 – Data Collection and Storage Complaining that the app “encourages or directs” users to go to Settings to enable location. My app is literally built around live location. The entire point is: you walk the circuit, see telemetry synced with where you are. No location, no app. That is the product. Apple wants the app to be “fully functional” without the one thing it needs to exist. That’s like rejecting a camera app because it doesn’t “fully function” with no camera permission. What makes this worse is the complete lack of consistency. Every time I fix what they a

Pls any idea or guide on how i can go about to resolve this, an app review feedback. Review Environment Submission ID: 43e31418-c37f-4b26-9bec-f88d749a70be Review date: November 27, 2025 Version reviewed: 1.0 Guideline 4.3(a) - Design - Spam This app duplicates the content and functionality of other apps on the App Store, which is considered a form of spam. Specifically, this app appears to be identical to apps already submitted to the App Store from other developers. Apps that duplicate content or functionality create clutter, diminish the overall experience for the end user, and reduce the ability of developers to market their apps. Next Steps It would be appropriate to revise your app to provide a unique experience or submit a new app that does not duplicate the content and functionality of other apps on the App Store. Resources Some factors that contribute to a spam rejection may include: Submitting an app with the same source code or assets as other apps already submitted to the App Store Creating and su

Goal I want to reply to feedback from customers who signed up using a private.relay account. Problem I am getting this error when sending an email: Reporting-MTA: dns; mailfout.stl.internal X-Postfix-Queue-ID: B87481D0015B X-Postfix-Sender: rfc822; hello@mydomain.com Arrival-Date: Fri, 7 Nov 2025 03:37:29 -0500 (EST) Final-Recipient: rfc822; xxxx@privaterelay.appleid.com Original-Recipient: rfc822;xxxx@privaterelay.appleid.com Action: failed Status: 5.1.1 Remote-MTA: dns; smtp3.privaterelay.appleid.com Diagnostic-Code: smtp; 550 5.1.1 : unauthorized sender What have I done? I have configured mydomain.com in the Email Configuration Service inside of apple, as well as the email hello@mydomain.com. Using https://www.mail-tester.com/, I could confirm that the - [SPF] Your server 202.12.124.158 is authorized to use hello@mydomain.com - Your DKIM signature is valid - Your message passed the DMARC test My hunch This app was transferred and the previous owner did not have the email configuration set

Hi, I recently submitted an app to the App Store, but it was rejected for the following reason: Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage Issue Description The app requires users to register or log in to access features that are not account based. Specifically, the app requires users to register before browsing products. Registration can only be required for account-based features like adding to cart or checking out. Next Steps Revise the app to let users freely access the app's features that are not account based. The app may still require registration for other features that are account based. Resources Learn more about requirements for apps with account-based content and features in guideline 5.1.1(v) - Account Sign-In. After receiving this, I updated the app to allow guest users. Now guest users can use the app freely and choose to login if they want to access their account and account features. However, I'm still receiving the same rejection for the same reason. Wh

Hi, I developed an app and submitted it to the App Store, but it was rejected for the following reason: Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage Issue Description: The app requires users to register or log in to access features that are not account-based. Specifically, the app requires users to sign up before accessing the app. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. Next Steps: Revise the app to allow users to freely access features that are not account-based. The app may still require registration for features that are account-based. Resources: You can learn more about the requirements for apps with account-based content and features in guideline 5.1.1(v) - Account Sign-In. After receiving this, I updated my app and added a Continue as Guest button on the login screen. With this button, users can navigate the app without signing up. Only commenting, up

Hello everyone, Our app, NumberBox, was rejected due to Guideline 5.1.1, with the review team saying it “collects information from public sources to build individual profiles.” We want to clarify: All data is 100% user-reported. Users voluntarily submit phone numbers (spam, scam, or telemarketing) and assign tags through the “Add Tag” feature. No data is collected from public sources or user contacts. No profiles are built automatically. All user submissions are reviewed by our support team before being displayed. The sole purpose of NumberBox is to help users avoid unwanted or scam calls, not to collect personal data. Our updated Privacy Policy is here: https://numberbox.app/privacypolicy Has anyone encountered a similar issue with Guideline 5.1.1? Any guidance on how to clearly communicate this to App Review would be greatly appreciated. Thanks in advance!

Hi everyone, I’m working on the JOOD Mobile App, which is an employee/partner-privileged app (not public) for Qatar Foundation (QF) and its partner entities. The app uses corporate domain login / Microsoft login, no public sign up. Apple Review rejected the app, pointing out violations under: Guideline 3.2 – Business — App intended for use by a specific organization(s), but distribution selected as public. Guideline 4.0 / 4.8 – Design / Login Services — The user is forced to leave the app to log in via default browser; no in-app flow or “Safari View Controller” type embedded browsing. Also, uses third-party login, but doesn’t offer an equivalent login option that limits data collection to just name + email, allows email privacy, etc. Guideline 5.1.1(v) – Data Collection and Storage — App allows account creation but there is no user-initiated delete account option. I want to fix these rejections and resubmit. Below are the questions / ideas I have, and I would really appreciate feedback / suggestions

Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage The app does not meet all requirements for apps that offer highly regulated services or handle sensitive user data. Specifically: The account that submits the app must be enrolled in the Apple Developer Program as an organization, and not as an individual. The guideline 5.1.1(ix) requirements give users confidence that apps operating in highly regulated fields or that require sensitive user information are qualified to provide these services and will responsibly manage their data. Next Steps To resolve this issue, it would be appropriate to take the following steps: The app must be submitted through an Apple Developer Program account enrolled as an organization. You may either enroll in a new Apple Developer Program account as an organization, or request that your individual account be converted to an organization account by contacting Apple Developer Support. Please note that you cannot resolve this issue with documentation sho

Our app's core product is deep level aggregation of events that are otherwise available online through various websites, forums and FB pages. In short, the convenience of a centralized app to find this data IS the core value/utility of the app and is what we want behind the paywall. There are other features regarding calendar, favorites, maps etc. to improve UX however, this is not the subscription motivation in our eyes. How do we overcome the 5.1.1 rejection? See below... App Review Hello, Thank you for your response. Regarding 5.1.1, the app still requires users to register or log in to access features that are not account based. Specifically, the app requires users to register before browsing events. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. To resolve this issue, revise the app to let users freely access the app's features that are not account based. The app may still requi

Private relay emails are not being delivered, even though we've followed the guidance here, https://developer.apple.com/help/account/capabilities/configure-private-email-relay-service/ iCloud, gmail etc. get delivered fine but as soon as its a private relay email address they get bounced as unauthorized sender. We've tried a couple of domains but here I'll document test.x.domain.com We have registered domains (test.x.domain.com), also the sender communication emails just to be safe (noreply at test.x.domain.com). Passed SPF Authentication, DKIM Authentication. ESP account shows as all green checks in mailgun. Is there any way to track down what the actual rejection reason is? { @timestamp: 2025-08-20T14:30:59.801Z, account: { id: 6425b45fb2fd1e28f4e0110a }, delivery-status: { attempt-no: 1, bounce-type: soft, certificate-verified: true, code: 550, enhanced-code: 5.1.1, first-delivery-attempt-seconds: 0.014, message: 5.1.1 : unauthorized sender, mx-host: smtp3.privaterelay.appleid.com, sessio

Hi, I want to consult about this: This is regarding [Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage] My client is asking if we can remove the new account registration through the iOS App, so we won't need to ask for mobile and birthdate. For iOS App users, new users will register through the website (or through a non-Apple related app). After registering through the website, they can access the iOS App using the credentials created through another method. Will that be a problem with Apple policies? My client said they need the Mobile number and birthdate for verification. Thanks in advance for the help and guidance. Best regards, Sophia

Hi there. I’m building a digital-well-being app for iOS 17.x that relies on the Screen Time API (FamilyControls / DeviceActivity.framework). Before we implement the server side, we’d like to confirm that the architecture below complies with current App Store Review Guidelines. Planned flow FamilyActivityPicker User selects an app set. we receive only opaque ApplicationTokens, no bundle IDs. DeviceActivityMonitorExtension Whenever usage of any selected app crosses a threshold, we increment a running daily total (integer minutes) stored in UserDefaults for our App Group. Server sync If the user completes a two-step opt-in (Settings toggle + confirmation dialog), we would POST only the aggregated daily total—never bundle IDs or app names—over HTTPS to our server, enabling cross-device dashboards and weekly reports. MonitorExtension currently allows URLSession / HTTPS; DeviceActivityReportExtension does not, per Apple’s sandbox docs. Users can disable sync or request deletion of their server data at any time. Que

Hello Apple Developer Community, We’re running into a challenge with App Review related to Guideline 5.1.1 (Data Collection and Storage), and are hoping to get insights from others who may have encountered something similar. Our app is built entirely around account-specific functionality. Each user is issued a unique QR code tied to their account, which enables and disables core functionality. This QR code is not generic - it’s unique to the user and is securely stored in our Firebase backend to support cross-device use and persistent access. App Review has flagged that requiring login violates Guideline 5.1.1, despite the fact that we have already moved the login step to occur after the user completes an in-app purchase, as per their previous guidance. Login is not used to gate purchasing, but it is critical for generating and linking the unique QR code to the user’s account. Beyond the QR code, our product roadmap includes multiple account-dependent features like usage tracking, goal setti