Need advice

App Review is saying that you require the username/password even for those who don't intend to copy the subscription to other devices. App Review is saying that you should defer the login stuff until a user actually wants to make a copy. Does that work for you?

>IF ONLY they want to use their content on other devices OR restore their purchases ?

This.

Do you require an email address, or just any old user generated username?

It's the "personal information" aspect that App Review normally cares about. If you let users register with made up usernames then I don't think there's any issue. Requiring a valid email address is where the trouble starts.

No Junkpile, This is the interesting point !

I do NOT require any personal info like email,birthdate,or anything ! I just want my users to create a username and password to store their data it. I need this feature because of cross-platform issues.I want a user who bought a subscription from ios can also reach the content from my website for example.

Another more interesting point is: Same app, with different language only ( international version) is accepted after my appeal from resolution center. I said that i do not require ANY personal info according to rejection by rule 17.2, next day i got an response from resolution center saying that "Consider rule17.2 rejection is resolved and we will continue with review".

For the Turkish language version, which is the reason I opened this topic, I replied to resolution center with the same response i gave to International version and also added the information that , same app-just a different language, is accepted after my appeal and i got an response next day that he/she understands me but it is still needed to take action and i must change the system !. ( btw , also same reviewer who first rejected my app also noted in the resoultion center at the very first msg that my consumable in app purchase needed a restore button. I replied to it and said that according to apple guidelines a consumable product which gives ability a customer to view a one time content only CAN NOT be restored. in later responses this never been mentioned again as rejection reason but only the rule 17.2)

Now , while the rule 17.2 states very clearly that :"Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected" .

1) my app DOES NOT require any personal info just a madeup username and password

2) my app do not require registration in order to function. Because without registration or subscription anybody can see historical info or can use inapp purchase to reach content what a registered and subscribed user can see. So it is not %100 mandatory.

Now, please understand me that international verison is approved and on the market and i have active subscribers but my turkish version is constantly being ignored and rejected is not on the store. 2 apps are using the same server and ame system.. Please tell me , WHY do i have to change the system of a working version which is on the store and have active subscribers ? I am not breaking any rule. I am not requiring any personal info. AND i am not forcing anybody to register to my app in order to function. My app name is tahminhane which is not being approved. At last I did not reply to resolution center and appealed to board directly yesterday. I dont know the average times for responding to a appeal by review board.

Please note that what you write in your first post differs from what you wrote above... "....If i make the subscriptions available without user registration and put an option to register IF ONLY they want to use their content on other devices" And "...I need this feature because of cross platform issues" Perhaps App Review is confused as to whether this log in is just to copy the subscription to their devices (optional) or whether it is 'needed' (why is it needed).

Dear PBK,

Our plan was first to make the registration optional. But later as i said for cross platform issues , we coded it just to enter a username / password before buying a subscription. This doesn't make anybody to provide me a personal info. It is just a username and password For the sake of the customer so if he/she wants , she can use it on other devices. I dont understand why this is a big deal . YES , If I had wanted a personal info like birthday, email or anything else , you are right. this means that i am forcing people to enter private info to make the app function. But it is not true. I just make them create a username and password to use the app anywhere they want. This is not against rule 17.2 because i am not rquesting any special info. Other than this , without subscription, there is an inapp purchase for users to reach subscription content, so EVEN if they dont want to register, they can use the option. Please correct me if i am wrong at any of this ?. BTW, i couldnt get an answer from the appeal board for 2 days. I am not sure if board is working today or not. Appeal board accepts the same app with different language but reviewer is not accepting altough I described everything more detailed than this.

Why can't you make the sign in optional?

Because

1) as i said , for our customers. We want everyone to reach their content from ios devices or web or any other device as they like.

2) sometimes, for our unsucscribed users, we want to give them access to premium content as a gift. for example on christmas or some holidays etc.

I am not asking too much from the review team . Maybe you can say: "you can implement above systems if you want" yes but WHY ? I am waiting for more than 14 days now talking with review team. Coding it again for a d ifferent system means many work also means to change the other app too which has active members , subscriptions etc.
How can i make harm to anyone or damage their privacy with just requesting a user and password . The rule they link the rejection is privacy section of guideline and this is nothing to do with privacy.

>we coded it just to enter a username / password before buying a subscription

Sounds like a messy way of not knowing who you're trying to service. They can use anything and share with anyone. It provides nothing over a walk-in scheme that doesn't use a username/pwd.

A proper login is assumed to be tied to more than just those two items. And if it was tied to a purchase, you clearly harvest more details, which would normally contain additional/legitimate personal info on someone.

What is your status in the appeal process now?

Item 1 can be optional. Item 2 is a violation of guideline 11.1. Note that item 2 in this post was never mentioned in your original post. This hidden intent may be recognized by App Review. They may fear, I am sure incorrectly, that you will be charging for the IAP rights through your website and providing them without IAP. So now the question is - how do you get them to trust that you won't do that? Especially when log in is required to use the app?

Dear PBK,

I did not say that we did or we will do something like it. We don't have a website yet these are all future plans and when i learn that this is forbidedn, I wont do stg like this. But the ule says : "Apps utilizing a system other than the In-App Purchase API (IAP) to purchase content, functionality, or services in an App will be rejected". I did not say i will use other system to make people purchase i just said i can make the content free for 1 day for all usrs with a single mysql command in my database. Anybody can do this who uses an registration system So you can go and ask everybody who have registration in their app : "Are you going to trick Apple and make customers purchase from your site and unlock in ios ?" . We are not stupid to violate a very strict rule and we are not stupid to think to fool Apple. We have more than 10 apps . Why would I risk all my apps for a stupid reason ? I DON'T have to convince anyone that i wont do something like that. If I do and someone catches this , I hereby accept that they can ban me close my account and fine me any ammount of dollars.. And do not accept anything from me in the future. Is it enough to convince you ? Sorry but what you write here is to convict someone without knowing anything. I am trying to get what i deserve here.

Please recall that I wrote "...They may fear, I am sure incorrectly, that you will be charging for the IAP rights". The length of your response supports the idea that the fear is certainly incorrect. But you are nevertheless asking Apple to trust that you will not try to get around IAP. And requiring the log in is more consistent with an ill intent then not. By the way - you can have the app test a website and unlock code as a Christmas present without requiring a log in. So again, why are you requiring the log in?

Dear PBK,

yes it is another way of doing it but I choosed to do like this and coded all the app upon this system. Rule 17.2 is very clear that we must not request personal info in order the app to funciton and asking for a username and password does not cover or break this rule. Assigning a username and password to every user also makes us possible to follow app stats more efficiently like conversion ratio of paying users to all users, I have my reasons like this example and included a system that does not violate any rule. It is obvious that everybody can make any harm with a system even apple has approved. Like my other app which is %100 same with this rejected app, approved by Apple after the appeal. That app covers 145 countries while this app just covers Turkey. If my aim was to trick Apple you can be sure that i wouldnt write here but do what i want with the other app. Rule 17.2 does not reflect the reason for rejecting this app.

Btw i have a question. I dont want to lose more time. While i am waiting for the result of appeal can i upload a new binary ? Or if i upload a new binary does my appeal is not considered ? So while waiting for the result of appeal if a negative outcome comes i would not wait for 1 week more . I dont kniw if it is possible of course ?

You can't have two reviews going at the same time, for different versions, if that's what you're asking.

If you're in a hurry, you should consider requesting an expedited review, instead.