Hi, we are preparing to launch an app soon that will allow users to login via their apple or google accounts.
We were reviewing the app review guidelines and had some questions about Login Services.
- Do we need to support username/email + password alongside social logins?
- If yes, can we support passkeys to get around this restriction? passkeys do not require any information so we think this should apply
Apps that use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer as an equivalent option another login service with the following features:
- the login service limits data collection to the user’s name and email address;
- the login service allows users to keep their email address private as part of setting up their account; and
- the login service does not collect interactions with your app for advertising purposes without consent.
A user’s primary account is the account they establish with your app for the purposes of identifying themselves, signing in, and accessing your features and associated services.
