I am developing a Safari browser extension related to our Saas product. In our Saas product we have many 2 Factor Authentification options and Google Authentification option.
To make it simpler to the user, and because some Google Auth and 2FA using a hardware key is not working on extension. When logging in to the extension we ask him to connect to the Saas solution(redirect him), and we detect the email connected there and connect in the extension.
As well as in the Saas solution we have all functionalities, including the payment settings, however the extension offers a limited functionalities, just basic ones.
Now, i am trying to deploy my Safari browser extension but getting rejected by apple developers, for the below reasons:
Guideline 3.1.1 - Business - Payments - In-App Purchase
We still found in our review that your app or its metadata provides access to mechanisms other than in-app purchase for purchases or subscriptions to be used in the app, which does not comply with the App Review Guidelines. Specifically:
- Your app's Safari extension includes the following call-to-action and/or URL that directs users to external mechanisms for purchases or subscriptions to be used in the app: "+" on main Safari extension UI window > Website > Plan Settings > Payment Options.
Next Steps
To resolve this issue, please remove features, account registration links, and any other links to your site that could indirectly provide access to external purchase mechanisms.
If you have any additional information to provide regarding the digital content and services in your app and how the guidelines apply to them, please reply to this message in App Store Connect and let us know. If there is information you'd like us to consider in our review of future submissions, please feel free to include it in the App Review Information section of App Store Connect.
Guideline 4.8 - Design - Login Services
The app still uses a third-party login service, but does not appear to offer an equivalent login option with the following features:
-
The login option limits data collection to the user’s name and email address.
-
The login option allows users to keep their email address private as part of setting up their account.
-
The login option does not collect interactions with the app for advertising purposes without consent.
Next Steps
Revise the app to offer an equivalent login option that meets all of the above requirements.
If the app already includes a login option that meets the above requirements, reply to App Review in App Store Connect, identify which login option meets the requirements, and explain why it meets the requirements.
Note that Sign in with Apple meets the requirements specified in guideline 4.8.
Can you please tell me what should i do to resolve this ?