Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage We found in our review that your app does not meet all of our requirements for apps that offer highly regulated services or handle sensitive user data. Specifically: The account that submits the app must be enrolled in the Apple Developer Program as an organization, and not as an individual. The guideline 5.1.1(ix) requirements give App Store users confidence that apps operating in highly regulated fields or that require sensitive user information are qualified to provide these services and will responsibly manage their data. Next Steps To resolve this issue, it would be appropriate to take the following steps: Your app must be submitted through an Apple Developer Program account enrolled as an organization. You may either enroll in a new Apple Developer Program account as an organization, or request that your individual account be converted to an organization account by contacting Apple Developer Support. Please note that you c
Search results for
5.1.1
400 results found
Selecting any option will automatically load the page
Post
Replies
Boosts
Views
Activity
Apple has a recent policy [5.1.1(ix)] requiring medical apps like mine to be submitted by healthcare organizations, not individual physician programmers like me. I have an app I worked on for a couple months, loaded it to AppStoreConnect, sent it out on Test Flight, good feedback, ready to release. But cannot release as individual physician. So went to my employer healthcare organization. They'd be happy to publish my app. I now have credentials within their developers account. When I try to upload my same app (rebuilt with new certificates and identifiers for organization), I can't get it to upload because Apple flags my upload as copying someone else's material -- I suspect my own material! It sees that Cardiovascular Risk app submitted under my healthcare organization is just like my cardiovascular Risk app submitted also by me under my personal developers account! If the app were already approved at least once, I could transfer it. But since never approved for the App Store, I cannot use the Tran
Topic:
App Store Distribution & Marketing
SubTopic:
App Store Connect
Tags:
App ID
iPad
App Store Connect
I would like to clarify the scope of section 5.1.1 (ix) of the app privacy policy, related to account sign-in. If your app supports account creation, you must also offer account deletion within the app. I understand that this will take effect from January 2022 https://developer.apple.com/news/?id=mdkbobfo Is there an exception for financial apps that include account creation / registration (e.g. banking apps)? The objective of the policy change seems to be to offer users a convenient and transparent option of unregistering from a service and deleting any related data. However, deleting a login for a banking app has more implications than just de-registering from the service (e.g. what to do with account balance, regulatory requirements may apply). Therefore direct interaction between the app user and the financial institution is likely to occur irrespective of any in-app options. Would either of these options be sufficient to comply with the iOS App Privacy Policy? Option 1 - include within the app a
Dear Apple, I have an inquiry about your new guideline section of 5.1.1, which states the following: 5.1.1(v): Apps supporting account creation must also offer account deletion. Does this apply to applications which do not have direct in-app registration, but contains a URL which redirects the user to a webpage where the registration process takes place? Thank you for your answer in advance, Kovács Balázs
I also do not save the token obtained with apple Sign in on my app. I could start saving it and revoke it when the user wants to delete the account, the issue is I always get invalid_client error no matter what client ID I use in the request. This is the last part in the Apple reminder email. If your app offers Sign in with Apple, use the Sign in with Apple REST API to revoke user tokens. https://developer.apple.com/documentation/sign_in_with_apple/revoke_tokens#discussion Is this really necessary to pass the app review? The token as a validity of 1 day, and users are not going to create and delete an account in the same day I guess. It seems that this API isto be used when using sign in with apple on the web. Can someone at Apple provide some explanations? Upcoming Requirement Reminder Note: This is a support message regarding upcoming requirements that may be relevant for your app. Starting June 30, 2022, apps submitted to the App Store that support account creation must also include an option to initiate a
Topic:
App & System Services
SubTopic:
General
Tags:
The newly updated App Store Review Guideline 5.1.1(v) states that: ... If your app supports account creation, you must also offer account deletion within the app. ... The guideline leaves two important questions open: What does it mean to offer the account deletion? Is it enough to point the user to the website, email, ... or does the deletion need to be completed within the app? Does Apple expect a simple account deletion (in the sense of inactivation) or a full delete-all-my-data request? Is there a statement from Apple which specifies these details or has someone already receive an app rejection for it?
Has anyone else experienced users being unable to reply to communications with them? If so, was there a solution? tldr; Email from our domain to users ####@privaterelay.appleid.com email works correctly. User replies to myemail_at_mydomain_com_####_8800cbcb@privaterelay.appleid.com fail. I have emails properly being sent and received to my Sign in with Apple users via the methods described here: https://help.apple.com/developer-account/?lang=en#/devf822fb8fc The issue is if a user replies to the email. They get an immediate notice that the email was undeliverable. According to the chart available within the docs, it seems like I should not have to configure the ability to receive replies. This should be handled by the relay server. https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/communicating_using_the_private_email_relay_service Here's the failure email for reference (with private emails redacted of course) This is a system-generated message to inform you that your email co
I have verified my domain and also registered my email address on same domain via developer portal. However I'm still not able to send emails through Apple's private email relay service.I get the following error:550 5.1.1 Relay not allowed for <xxxxxx@privaterelay.appleid.com> from domain: <xxx.com>I'm aware of this thread https://forums.developer.apple.com/thread/122270#380406.I tried sending on Gmail web (my registered email address with same domain). I also tried SendGrid. Both are unsuccessful. What did I possibly miss?
We recently added the ability for a user to delete their account as per the 5.1.1 guidelines. Our app was later rejected because the account we provide for logging in was deleted by an Apple reviewer. We can create a new account that reviewers can use to sign in, but how do we prevent this from happening again? I understand the desire to verify account deletion, but if reviewers are constantly deleting the account used for approval, we'll be in an endless cycle of rejections. What should we do?
Here is the exact reason given for the rejection: We discovered one or more bugs in your app. Specifically, when attempting to login using the email address provided an error appears on the screen. Seeing an error on the screen in this case is expected because in a previous review, they deleted the account we provided them with. Now they cannot log in with that account anymore. Yes, we have already confirmed they have deleted the account. We did not explain to them not to delete their account, but maybe this is what we need to do to prevent them from testing this part of the app? Since there is not much documentation on how 5.1.1 is supposed to be tested by Apple reviewers, I don't really understand what we're expected to provide them (new credentials every time we submit in case they test to delete?). I'm just not really sure how other developers will be solving this problem. It seems like everyone will be in the same boat as soon as they add this functionality to their app by June 30. When we asked
Topic:
Privacy & Security
SubTopic:
General
Tags:
My app has started experiencing intermittent crashes for ios15 devices only. From the logs, the suspected region of crash involves realm threads for write or read or update and TableView reload. But Since the issue is pretty intermittent we are not able to pinpoint the cause of the crash? Does anyone have any suggestion to pinpoint the cause of the crash or what new update in ios15 would have led to this issue.? Below is the Crash Log. From the Crash Analytics. Fatal Exception: NSInvalidArgumentException 0 CoreFoundation 0x9904c __exceptionPreprocess 1 libobjc.A.dylib 0x15f54 objc_exception_throw 2 CoreFoundation 0x176014 +[NSObject(NSObject) _copyDescription] 3 UIKitCore 0xf695a0 -[UIResponder doesNotRecognizeSelector:] 4 CoreFoundation 0x2e474 ___forwarding___ 5 CoreFoundation 0x2d5b0 _CF_forwarding_prep_0 6 UIKitCore 0x3eee54 -[UIUndoGestureInteraction didMoveToView:] 7 UIKitCore 0x194d8c _setInteractionView 8 UIKitCore 0x2f91e4 -[UIView(Dragging) addInteraction:] 9 UIKitCore 0x4a1444 -[UIEditingOverlayVie
Hi everyone, in an email that came to me directly from apple, which refers to the aforementioned guidelines, the following is shown in the figure: Now in my app, the login is done directly on a third IdP, so I wanted to understand if the issue of user cancellation falls into this case or not, since as I said it is a user on a third IdP (ex Google, Microsoft, Private IdP etc.), and therefore the rule only applies to those apps that allow registration directly within it and not on an external IdP. I hope I was clear. Thank you
The newly updated App Store Review Guideline 5.1.1(v) states that: If your app supports account creation, you must also offer account deletion within the app. The guideline leaves two important questions open: What does it mean to offer the account deletion? Is it enough to point the user to the website, email, or does the deletion need to be completed within the app? Does Apple expect a simple account deletion (in the sense of inactivation) or a full delete-all-my-data request? Is there a statement from Apple which specifies these details or has someone already receive an app rejection for it?
The latest updated App Store Review Guideline 5.1.1(v) states that: Apps supporting account creation must also offer account deletion. I would like to know: Do I need to fully delete all data on our server related to this user? Can I just provide a contact information for account deletion offline? Is it requested for user to re-create a clean account with the same user identifier? e.g. email address Is account termination is good enough for account deletion requirement? Is it required to be able to retrieve user data after account deletion? Any help is appreciated.
I have questions around this policy why are all the apps in the App Store related to COVID-19 not allowed in the store? Also what is defined as governmental entity, hospital, insurance company, non-governmental organization, or university. These are not defined Also user information in highly-regulated fields, such as healthcare, should be submitted by a legal entity that provides these services, and not by an individual developer. I'm reaching out to see if other App developers experienced the same situation or how anyone for that matter can publish anything on the COVID-19 to assist users? Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage We found in our review that your app provides services or requires sensitive user information related to the COVID-19 pandemic. Since the COVID-19 pandemic is a public health crisis, services and information related to it are considered to be part of the healthcare industry. In addition, the seller and company names associated with your app are not