Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage We found in our review that your app does not meet all of our requirements for apps that offer highly regulated services or handle sensitive user data. Specifically: The account that submits the app must be enrolled in the Apple Developer Program as an organization, and not as an individual. The guideline 5.1.1(ix) requirements give App Store users confidence that apps operating in highly regulated fields or that require sensitive user information are qualified to provide these services and will responsibly manage their data. Next Steps To resolve this issue, it would be appropriate to take the following steps: Your app must be submitted through an Apple Developer Program account enrolled as an organization. You may either enroll in a new Apple Developer Program account as an organization, or request that your individual account be converted to an organization account by contacting Apple Developer Support. Please note that you c
Search results for
5.1.1
410 results found
Selecting any option will automatically load the page
Post
Replies
Boosts
Views
Activity
Apple has a recent policy [5.1.1(ix)] requiring medical apps like mine to be submitted by healthcare organizations, not individual physician programmers like me. I have an app I worked on for a couple months, loaded it to AppStoreConnect, sent it out on Test Flight, good feedback, ready to release. But cannot release as individual physician. So went to my employer healthcare organization. They'd be happy to publish my app. I now have credentials within their developers account. When I try to upload my same app (rebuilt with new certificates and identifiers for organization), I can't get it to upload because Apple flags my upload as copying someone else's material -- I suspect my own material! It sees that Cardiovascular Risk app submitted under my healthcare organization is just like my cardiovascular Risk app submitted also by me under my personal developers account! If the app were already approved at least once, I could transfer it. But since never approved for the App Store, I cannot use the Tran
Topic:
App Store Distribution & Marketing
SubTopic:
App Store Connect
Tags:
App ID
iPad
App Store Connect
I received the mail below. Starting June 30, 2022, apps submitted to the App Store that support account creation must also include an option to initiate account deletion. We noticed this app may support account creation. If it already offers account deletion or you’re working to implement it, we appreciate your efforts to follow the App Store Review Guidelines. Apps submitted after June 30 that do not comply with the account deletion requirements in guideline 5.1.1(v) will not pass review. https://appleid.apple.com/auth/revoke However, the revoke api is not working properly. Even if you throw an incorrect key value, 200 is always returned. Is the API working properly? What should I do?
Hello, I have an application that's been in the works, and I came across App Store Review Guideline 5.1.1(v), and I had some questions as it seems like many people do in this forum. I think my biggest questions is ow will Apple review the actual deletion of a user? Developers can implement soft deletes where the data cannot be accessed by anyone outside of those that have access to the database. This obviously isn't sufficient, but Apple wouldn't be able to tell the difference, at least from the api.
I also do not save the token obtained with apple Sign in on my app. I could start saving it and revoke it when the user wants to delete the account, the issue is I always get invalid_client error no matter what client ID I use in the request. This is the last part in the Apple reminder email. If your app offers Sign in with Apple, use the Sign in with Apple REST API to revoke user tokens. https://developer.apple.com/documentation/sign_in_with_apple/revoke_tokens#discussion Is this really necessary to pass the app review? The token as a validity of 1 day, and users are not going to create and delete an account in the same day I guess. It seems that this API isto be used when using sign in with apple on the web. Can someone at Apple provide some explanations? Upcoming Requirement Reminder Note: This is a support message regarding upcoming requirements that may be relevant for your app. Starting June 30, 2022, apps submitted to the App Store that support account creation must also include an option to initiate a
Topic:
App & System Services
SubTopic:
General
Tags:
Here is the exact reason given for the rejection: We discovered one or more bugs in your app. Specifically, when attempting to login using the email address provided an error appears on the screen. Seeing an error on the screen in this case is expected because in a previous review, they deleted the account we provided them with. Now they cannot log in with that account anymore. Yes, we have already confirmed they have deleted the account. We did not explain to them not to delete their account, but maybe this is what we need to do to prevent them from testing this part of the app? Since there is not much documentation on how 5.1.1 is supposed to be tested by Apple reviewers, I don't really understand what we're expected to provide them (new credentials every time we submit in case they test to delete?). I'm just not really sure how other developers will be solving this problem. It seems like everyone will be in the same boat as soon as they add this functionality to their app by June 30. When we asked
Topic:
Privacy & Security
SubTopic:
General
Tags:
We recently added the ability for a user to delete their account as per the 5.1.1 guidelines. Our app was later rejected because the account we provide for logging in was deleted by an Apple reviewer. We can create a new account that reviewers can use to sign in, but how do we prevent this from happening again? I understand the desire to verify account deletion, but if reviewers are constantly deleting the account used for approval, we'll be in an endless cycle of rejections. What should we do?
Hi all We have recently had an issue with using a single sign on login concept in a submission which was flagged under Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage and we are wondering what the development best practices were in this circumstance. The reason being was because if the user did not already have an account, we provided a button which then loaded the 3rd parties registration form in a web frame. However the system we are using requires the users address and phone number for various reasons, although our app does not use that data at all - therefore we were told we are breaking the guidelines. Our app is not collecting, or storing any of this information (or even has visibility to it), and it is all covered in both ours, and the third parties privacy policies, however it seems that we are still violating the clause. My question to other developers and Apple support - is how is this dealt with in other apps that use larger SSO systems such as iCloud, Google and Facebook?
Hi there, I got my recent app rejected and they sent me this: We found in our review that your app does not meet all of our requirements for apps that offer highly regulated services or handle sensitive user data. Specifically: The account that submits the app must be enrolled in the Apple Developer Program as an organization, and not as an individual. The guideline 5.1.1(ix) requirements give App Store users confidence that apps operating in highly regulated fields or that require sensitive user information are qualified to provide these services and will responsibly manage their data. Next steps, To resolve this issue, it would be appropriate to take the >following steps: Your app must be submitted through an Apple Developer Program account enrolled as an organization. You may either enroll in a new Apple Developer Program account as an organization, or request that your individual account be converted to an organization account by contacting Apple Developer Support. Please note that you cannot
Hello Apple Devs We've been trying for a couple of weeks to get a clear answer on the following two questions related to the 5.1.1 Guideline indicating Account Deletion must now be possible to initiate from within the App, in case we allow for Account Creation from the same app: Can a soft delete be considered Account Deletion”? What if all the User's data is anonymized, leaving only a UserID for referential integrity? In the case of Authentication and User information delegated to a 3rd-party system (see above), could it suffice for us to delete the UUID linking the User to their original ERP/SSO account? Is it valid if we just initiate the deletion process (async confirmation)? Would it be valid for us to initiate the process by requesting the user for their contact information, then explaining that we will process the request through the Customer Support team, and get back to them with a confirmation (e.g. via email) within a given period of time? Thanks in advance for your help! Carlos
App Store Review Guideline 5.1.1 it required to implement delete account for app that provide access without a login e.g. Facebook? In app already provide option to unlink social account is that enough? Thank you .
Based on Apple's guideline 5.1.1 (https://developer.apple.com/app-store/review/guidelines/#5.1.1), apps that allow account creation must allow account deletion. Our app only requires a specific ID and birthdate for in-app registration or account activation. But the actual account creation does not happen in-app. Does our app also need account deletion functionality as well? Thanks in advance.
I have been finished install Tensorflow env step by step from https://developer.apple.com/metal/tensorflow-plugin/ https://developer.apple.com/metal/Tensorflow-plugin/ Tf is working! but when i import sklearn package, have an error message like this: ImportError: dlopen(/Users/mecilmeng/miniforge3/envs/tf/lib/python3.9/site-packages/scipy/spatial/qhull.cpython-39-darwin.so, 0x0002): Library not loaded: @rpath/liblapack.3.dylib Referenced from: /Users/mecilmeng/miniforge3/envs/tf/lib/python3.9/site-packages/scipy/spatial/qhull.cpython-39-darwin.so Reason: tried: '/Users/mecilmeng/miniforge3/envs/tf/lib/liblapack.3.dylib' (no such file), '/Users/mecilmeng/miniforge3/envs/tf/lib/liblapack.3.dylib' (no such file), '/Users/mecilmeng/miniforge3/envs/tf/lib/python3.9/site-packages/scipy/spatial/../../../../liblapack.3.dylib' (no such file), '/Users/mecilmeng/miniforge3/envs/tf/lib/liblapack.3.dylib' (no such file), '/Users/mecilmeng/miniforge3/envs/tf/lib/liblapack.3.dylib' (no such file), '/Users/mecilmeng/miniforg
As per policy mention in Apple Store guideline in section 5.1.1 related to Data Collection and Storage, it is mentioned to have Delete functionality within app if account creation option is present. I am facing challenge for one of my enterprise app developed for the client, where account creation and sign in feature is present, but that login credentials are 'inter-link' to multiple other client's websites/tools/applications. In this case if user delete the app, it will unconditionally delete from all others too, without knowing that to user. Is there any way that we can get clarity on below points: If we implement with delete option only setting up a flag in app that user won't access with same ID login? Like a 'soft delete'? If user not creating account from app but still able to login with existing account with client ID, still delete feature would required? What are more expectation and details which Apple will going to check for Account Delete feature? Thanks in advance.
Hi everyone, in an email that came to me directly from apple, which refers to the aforementioned guidelines, the following is shown in the figure: Now in my app, the login is done directly on a third IdP, so I wanted to understand if the issue of user cancellation falls into this case or not, since as I said it is a user on a third IdP (ex Google, Microsoft, Private IdP etc.), and therefore the rule only applies to those apps that allow registration directly within it and not on an external IdP. I hope I was clear. Thank you