5.1.1

Hello Apple Developer Community, We are experiencing a significant challenge during the App Store review process regarding the account requirement for our app's core chat functionality. Our app provides a personalized chat experience where users interact with out services. This interaction involves sending and receiving messages within a dedicated chat interface. The App Store Review team has cited Guideline 5.1.1 Legal: Privacy - Data Collection and Storage, stating that the app requires users to register before accessing the chat feature. We are struggling to understand how a chat feature, which inherently involves communication between distinct participants, can function without user accounts. By definition, chat is a dialogue between individuals. How can a system deliver personalized replies and maintain conversation history without identifying the user? We are unaware of any app on the App Store that offers a chat-like experience without requiring user login. To ensure user safety and provide a

App Rejected stating Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage Issue Description One or more purpose strings in the app do not sufficiently explain the use of protected resources. Purpose strings must clearly and completely describe the app's use of data and, in most cases, provide an example of how the data will be used. My App is simple using MusicKit. My app has only two buttons and the user just taps them. ・search button : Search for Apple Music with auto-generated text and play previews. ・listen button : Listen to searched songs on Apple Music. NSAppleMusicUsageDescription key is the app requires Apple Music access to search for songs and to play the searched songs. I don't know how to fix it. Please let me know some advice.

Hello to all, I’m developing an app with expo.dev and I have a problem that I need help. I’m not using xcode but I’m publishing with eas cli, so I don’t generate the plist file. My app locates the device in real time to provide the weather situation at home and navigation route using google maps in a webview. Apple has rejected the app with this communication: One or more purpose strings in the app do not sufficiently explain the use of protected resources. Purpose strings must clearly and completely describe the app's use of data and, in most cases, provide an example of how the data will be used. (Below the screen) My app use location for show to home the weather icon and for use route navigation in google maps inside a webview. With expo I have add string in app.json but is not enough. Someone can helpme? This is a part of code ios: { supportsTablet: true, bundleIdentifier: com.ikawalieridiakashi.it, googleServicesFile: ./assets/GoogleService-Info.plist, infoPlist: { ITSAppUsesNonExemptEncryption: false, N

Hi everyone, I recently received a Pending Termination Notice for my very first iOS application, and I’m extremely worried about losing my developer account. My app submission was initially rejected due to: The app may contain hidden features, functionality, or content. Specifically, the app may contain financial transactions without the necessary authorization. Apps that provide financial transactions without the necessary authorization do not comply with guidelines 3.2.2 and 5.1.1(ix). Users should never be misled about the apps they download. Attempting to hide features, functionality, or content in the app may lead to removal from the Apple Developer Program. I sent an appeal immediately, but after 13 days (March 14 – March 27), I received a Pending Termination Notice stating that my app violated section 3.2(f) of the Apple Developer Program License Agreement due to dishonest or fraudulent activity. I was shocked because my app is a simple Objective and Key Results (OKR) tracking application. Aft

I have an iPad 1 running iOS 5.1.1, I want to downgrade it to iPhone OS 3.2 Does anybody have a way to downgrade unsigned .ipsw's or do I have to sign it myself?

我们提交的APP，始终无法通过审核； Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage Issue Description The app requires users to provide personal information that is not directly relevant to the app's core functionality. Apps should only require users to provide information that is necessary for the app to function. If information is useful for a non-essential feature, apps may request the information but make it optional. Examples of app concepts and inappropriate required information: A general shopping app that requires the user's marital status A rideshare app that requires the user's gender Next Steps Update the app to not require users to provide the following personal information: National ID number Age Gender Resources 是不允许在注册阶段收集身份证号吗？

I want to clarify why both email and phone number are mandatory at registration, while still allowing users to log in with either method if one fails. Email Address (Collected at Registration) Account Creation & Verification: We use email to establish a unique, verifiable account for each user. This prevents duplicate or fraudulent profiles. Primary Communications: All booking confirmations, trip updates, support requests, and in-app chat messages between care seekers and carers are sent via email. This ensures users have a reliable record of every transaction and message. Phone Number (Collected at Registration) OTP-Based Security: We send a one-time password (OTP) via SMS during registration and login. This SMS-OTP step is critical to confirm that the user owns the provided phone number and to safeguard against unauthorized account access. Critical Trip Notifications: During a booked trip, carers and care seekers must receive time-sensitive alerts (e.g., gate changes, flight delays, check-in reminders)

Hello Experts, I am in need of your help with this feedback from the App Reviewer. Issue Description: One or more purpose strings in the app do not sufficiently explain the use of protected resources. Purpose strings must clearly and completely describe the app's use of data and, in most cases, provide an example of how the data will be used. Next Steps: Update the location purpose string to explain how the app will use the requested information and provide a specific example of how the data will be used. See the attached screenshot. Resources: Purpose strings must clearly describe how an app uses the ability, data, or resource. The following are hypothetical examples of unclear purpose strings that would not pass review: App would like to access your Contacts App needs microphone access Feedback #2 Regarding 5.1.1, we understand why your app needs access to location. However, the permission request alert does not sufficiently explain this to your users before accessing the location. To resolve this

Issue Description One or more purpose strings in the app do not sufficiently explain the use of protected resources. Purpose strings must clearly and completely describe the app's use of data and, in most cases, provide an example of how the data will be used. Next Steps Update the camera and photo library purpose string to explain how the app will use the requested information and provide a specific example of how the data will be used. See the attached screenshot. Resources Purpose strings must clearly describe how an app uses the ability, data, or resource. The following are hypothetical examples of unclear purpose strings that would not pass review: App would like to access your Contacts App needs microphone access See examples of helpful, informative purpose strings. I submitted my app to review, and got this review message. When you clcik on you profile picture, you can view it, or change it. When you decide to change it, the app need permission for camera or galler (depending on which one you select) F

We are trying to post a local news app. We want it to be a customized version of our news website, displaying news, agenda, local shop offers etc filtered by the towns and interests the user selects. The user needs to register first so that we can create a profile with their interests and filter the content accordingly. We've tried to explain this in several different ways, but the answer is always the same: We understand that you provide customized news to your customers. However, they should still be able to access the news articles prior to registration and only prompted to register once they decide to customize their news feed. The app's specific purpose is offering customized content, and we need the users to register for that customization. If we can't offer the customized filtering, the app has no sense for us. Anyone in a similar situation or any tip on h ow to explain this to App Review? Thanks in advance!

Hello Apple Developer Community, We’re running into a challenge with App Review related to Guideline 5.1.1 (Data Collection and Storage), and are hoping to get insights from others who may have encountered something similar. Our app is built entirely around account-specific functionality. Each user is issued a unique QR code tied to their account, which enables and disables core functionality. This QR code is not generic - it’s unique to the user and is securely stored in our Firebase backend to support cross-device use and persistent access. App Review has flagged that requiring login violates Guideline 5.1.1, despite the fact that we have already moved the login step to occur after the user completes an in-app purchase, as per their previous guidance. Login is not used to gate purchasing, but it is critical for generating and linking the unique QR code to the user’s account. Beyond the QR code, our product roadmap includes multiple account-dependent features like usage tracking, goal setti

Hi there. I’m building a digital-well-being app for iOS 17.x that relies on the Screen Time API (FamilyControls / DeviceActivity.framework). Before we implement the server side, we’d like to confirm that the architecture below complies with current App Store Review Guidelines. Planned flow FamilyActivityPicker User selects an app set. we receive only opaque ApplicationTokens, no bundle IDs. DeviceActivityMonitorExtension Whenever usage of any selected app crosses a threshold, we increment a running daily total (integer minutes) stored in UserDefaults for our App Group. Server sync If the user completes a two-step opt-in (Settings toggle + confirmation dialog), we would POST only the aggregated daily total—never bundle IDs or app names—over HTTPS to our server, enabling cross-device dashboards and weekly reports. MonitorExtension currently allows URLSession / HTTPS; DeviceActivityReportExtension does not, per Apple’s sandbox docs. Users can disable sync or request deletion of their server data at any time. Que

Hi, I want to consult about this: This is regarding [Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage] My client is asking if we can remove the new account registration through the iOS App, so we won't need to ask for mobile and birthdate. For iOS App users, new users will register through the website (or through a non-Apple related app). After registering through the website, they can access the iOS App using the credentials created through another method. Will that be a problem with Apple policies? My client said they need the Mobile number and birthdate for verification. Thanks in advance for the help and guidance. Best regards, Sophia

Private relay emails are not being delivered, even though we've followed the guidance here, https://developer.apple.com/help/account/capabilities/configure-private-email-relay-service/ iCloud, gmail etc. get delivered fine but as soon as its a private relay email address they get bounced as unauthorized sender. We've tried a couple of domains but here I'll document test.x.domain.com We have registered domains (test.x.domain.com), also the sender communication emails just to be safe (noreply at test.x.domain.com). Passed SPF Authentication, DKIM Authentication. ESP account shows as all green checks in mailgun. Is there any way to track down what the actual rejection reason is? { @timestamp: 2025-08-20T14:30:59.801Z, account: { id: 6425b45fb2fd1e28f4e0110a }, delivery-status: { attempt-no: 1, bounce-type: soft, certificate-verified: true, code: 550, enhanced-code: 5.1.1, first-delivery-attempt-seconds: 0.014, message: 5.1.1 : unauthorized sender, mx-host: smtp3.privaterelay.appleid.com, sessio

Our app's core product is deep level aggregation of events that are otherwise available online through various websites, forums and FB pages. In short, the convenience of a centralized app to find this data IS the core value/utility of the app and is what we want behind the paywall. There are other features regarding calendar, favorites, maps etc. to improve UX however, this is not the subscription motivation in our eyes. How do we overcome the 5.1.1 rejection? See below... App Review Hello, Thank you for your response. Regarding 5.1.1, the app still requires users to register or log in to access features that are not account based. Specifically, the app requires users to register before browsing events. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. To resolve this issue, revise the app to let users freely access the app's features that are not account based. The app may still requi