5.1.1

We published an app for iOS which accidentally stores a ton of photos in Data & Documents. The app is live on the App Store, but currently the only way for a user to delete this bloat is to uninstall and re-install the app. Updating does not delete it. We fixed the bug, and put in a notice on the App Store page, but we'd rather take care of this on our end. The app was developed using Unreal Engine 5.1.1. The bloat is caused by Apple ARKit having had the should_write_camera_image_per_frame turned on (see https://docs.unrealengine.com/5.0/en-US/PythonAPI/class/AppleARKitSettings.html). The images are saved to Container/Documents/CameraImages. How can we make it so the next version we push to App Store will delete the contents of this folder upon launch?

We are trying to publish a peer to peer sharing app. Our T&C's require the users to be at least 18 years old since there is legality around the agreements between users. Apple keeps kicking this back and stating we should not ask them their age. How do we get around this? Here's what they keep referencing: Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage 5.1.1(v) Account Sign-In If your app doesn’t include significant account-based features, let people use it without a login. If your app supports account creation, you must also offer account deletion within the app. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. If your core app functionality is not related to a specific social network (e.g. Facebook, WeChat, Weibo, Twitter, etc.), you must provide access without a login or via another mechanism. Pulling basic profile information, sharing to the social network, or

Hi All,I recieved below feedback on my app.. I worked with a developer who cannot work right now and I need someone to help me with the feedback.. it is really small issues but because I don't have enough knowledge to fix in Xcode..Hello,Thank you for providing this information.Regarding 5.1.1, when collecting information from the user, that information needs to have a direct benefit to the user and contribute to your apps core functionality. Apps that request information that do not provide a direct benefit to the user when signing up are not compliant with the App Store Review Guidelines.Regarding 4.0, apps should be optimized to support the device screen size or resolution it is run on. Your app displayed text and buttons overlaid onto each other. To resolve this issue, it would be appropriate to revise your app.

I received the mail below. Starting June 30, 2022, apps submitted to the App Store that support account creation must also include an option to initiate account deletion. We noticed this app may support account creation. If it already offers account deletion or you’re working to implement it, we appreciate your efforts to follow the App Store Review Guidelines. Apps submitted after June 30 that do not comply with the account deletion requirements in guideline 5.1.1(v) will not pass review. https://appleid.apple.com/auth/revoke However, the revoke api is not working properly. Even if you throw an incorrect key value, 200 is always returned. Is the API working properly? What should I do?

Hi, we have built an App which aprroval has been rejected because we ask to enter some registration personal data that is neccesary for some material gathering during a social event. There is a data gathering agreement screen where the users accept that data gathering. It seems this is not valid for Apple because they say we break 5.1.1 policy about collecting non essential data for the core functionality... we are considering to just require the user to enter his email in order to log in and we would supply a link to an external registration web page so that the users register themselves in that website, outside the App. Is it possible to require to be registered in an external website to be able to use an App? would that be allowed by Apple policies? Has anybody any similar experience with this kind of issue? Thank you very much!

Hello, I have been stumped on this issue for a week and am looking for guidance on how to resolve it. I am aware of Guideline 5.1.1 Legal: Privacy - Data Collection and Storage and have read through it. The core functionality of our app is a Message Chatbot. This is the only feature we have, and we require user registration to limit the number of messages that can be sent on the free tier. However, despite explaining why we need user registration and pointing to a number of very similar apps that have the exact same registration system, we are not able to get approval from the App Reviewers. Their message is: To resolve this issue, please revise the app to let users freely access the app's features that are not account-based. The problem is that we do not have any other features in our app, so we are stuck. I was wondering if anyone else had similar issues and what they did to fix it? Thank you!

Hello all,I'm using SDK 8.0 and Swift, and my app compiles fine, but when its being sent for submission in iTunes Connect, I get a red-warning saying Apps and app updates submitted to the App Store must be built with Xcode 5.1.1 or later, and iOS 7 SDK.This is obviously a problem, because if I revert Xcodes SDK to 7.0, Xcode refuses to compile it saying iOS targets using Swift cannot be built against an SDK older than 8.0, but the effective SDK is 7.1. I should mention that this is an update to an existing application, not a new one, and I am using Xcode 6.4, not Xcode 7 (nor is it installed on my machine). I am, however, on El Capitan.Has anyone else run into this loop? Any fixes in the pipeline?Thankyou!

After review it was mentioned We need additional information about the app's highly regulated services and/or handling of sensitive user data. The guideline 5.1.1(ix) requirements give users confidence that apps operating in highly regulated fields or that require sensitive user information are qualified to provide these services and will responsibly manage their data. Which companies or institutions provide the services offered in the app? -What is the relationship between [Name of Developer Account] and the providers of these services? The application is being developed for the Karnataka State Government, and the development and management of the app have been assigned as part of an official project. While the developer account used for publishing the application was purchased individually, it is associated with the development and maintenance of this project. The account facilitates app deployment and management while ensuring compliance with government requirements and security protocols. So Guid

Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage We noticed that your app requires users to register or log in to access features that are not account based. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. For example, an e-commerce app should let users browse store offerings and other features that are not account based before being asked to register, or a restaurant app should allow users to explore the menu before placing an order. Registration must then only be required for account-specific features, such as saving items for future reference or placing an order. Next Steps To resolve this issue, please revise your app to let users freely access your app’s features that are not account based. Resources Watch a video from App Review with tips for doing more for users with less data. See guideline 5.1.1(v) - Account Sign-In to learn more about our requirements for apps

Hello , My app is already on the App Store, we are trying for version release this time but it got rejected during the last review. The reason from the review team is that - Guideline 1.4.1 - Safety - Physical Harm Guideline 2.1 - Information Needed In this version we have made only minor changes which are not related to our BLE devices. In this rejection cycle got first rejection because of apple review team not happy with the message which we have provided for NSBluetoothAlwaysUsageDescription, and it is rejected by below reason, Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage After this we modified our Bluetooth description message and submitted for review, then apple again rejected with below reason. Guideline 1.4.1 - Safety - Physical Harm Guideline 2.1 - Information Needed We do not understand where is the problem and why the app was approved multiple times before and now not. Could you please help us for this.

I work for a company that provides services implementing, maintaining, and publishing systems for municipalities. We have now developed an app for a municipality, but when trying to publish it, Apple is rejecting it, stating that we cannot publish on behalf of another company. On the first submission, they rejected it with: Guideline 4.1 - Design - Copycats The app or its metadata appears to contain potentially misleading content. Specifically, the app includes content that resembles Sistema da Prefeitura without the necessary authorization. Next Steps Please demonstrate your relationship with any third-party brand owners represented in the app. We obtained a digitally signed document from the municipality stating that we are responsible for their systems, authorizing everything, etc... We made a new submission for review. However, it was now rejected with: Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage The app must be published under a seller and company name that is associated with

Private relay emails are not being delivered, even though we've followed the guidance here, https://developer.apple.com/help/account/capabilities/configure-private-email-relay-service/ iCloud, gmail etc. get delivered fine but as soon as its a private relay email address they get bounced as unauthorized sender. We've tried a couple of domains but here I'll document test.x.domain.com We have registered domains (test.x.domain.com), also the sender communication emails just to be safe (noreply at test.x.domain.com). Passed SPF Authentication, DKIM Authentication. ESP account shows as all green checks in mailgun. Is there any way to track down what the actual rejection reason is? { @timestamp: 2025-08-20T14:30:59.801Z, account: { id: 6425b45fb2fd1e28f4e0110a }, delivery-status: { attempt-no: 1, bounce-type: soft, certificate-verified: true, code: 550, enhanced-code: 5.1.1, first-delivery-attempt-seconds: 0.014, message: 5.1.1 : unauthorized sender, mx-host: smtp3.privaterelay.appleid.com, sessio

Hi, I have received rejection from apple on my doctor booking app. apple requesting that I sign up with organizational not individual developer account means i lost my 99USD and must sign up with 299$ plus with a company the problem is that we paid every $ we have and we can't now establish a company its so expensive and we have at least a year to make a new company. We are from Iraq and trying our best to enhance the healthcare in our society and getting new technologies. i send an appeal to apple board telling them that we don't have any sensitive privacy issues. doctors will pay for registration so its a prepaid service on annual fees and patients will submit only name and phone number and register account through Facebook login to book for doctors they chose if anyone can help us with this situation. please find below the rejection. Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage We found in our review that your app does not meet all of our requirements for apps that offer highly

I’m building an iOS app that collects user PII (emails, names) and stores it in my backend database. I already use HTTPS for data transfer, but I’m unsure if Apple requires server-side encryption for stored data. For example: If a user’s email is stored in plain text on my server (but transmitted securely via HTTPS), will this violate App Store guidelines? Does Apple explicitly mandate encryption-at-rest for PII, or is it just a recommendation? Are there exceptions for non-sensitive data like usernames? I checked App Store Review Guidelines §5.1.1, which says data must be stored securely, but it’s unclear if this requires encryption. Context: The app targets U.S. users (no GDPR/CCPA concerns). No financial/health data is involved. Is plain-text server storage of emails/names acceptable, or will this risk rejection? Thanks for any clarity!

I am having issues getting an update released i have an app that has a button which links back to our 'Blog Page' and both rejections relates to an article on my website. First rejection states the following: Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage We found in our review that your app provides services or requires sensitive user information related to the COVID-19 pandemic. Since the COVID-19 pandemic is a public health crisis, services and information related to it are considered to be part of the healthcare industry. In addition, the seller and company names associated with your app are not from a recognized institution, such as a governmental entity, hospital, insurance company, non-governmental organization, or university. Per section 5.1.1 (ix) of the App Store Review Guidelines, apps that provide services or collect sensitive user information in highly-regulated fields, such as healthcare, should be submitted by a legal entity that provides these services, and n