As standard login security if a user tries logging into our app with the wrong username/password too many times we lock their account. Very regularly (over half the time) we submit to Apple for review the app is rejected because they can't log in. So I check and see the account it locked. I always make sure it's unlocked before submitted. I have also started unlocking it again after submitting it.
It seems to me that either some automated part of the review process is failing to authenticate correctly or the reviewer is. Either way, the app is rejected, I unlock the account, resubmit, unlock again, and hope it works the next time.
The first time a user logs in they have to answer a challenge question. In the App Review Information section we have the User ID and Password in those fields and the challenge answer in the Notes. My hunch is there is something automated that users the user/password but doesn't know about the challenge in the Notes.
Has anyone had a similar problem? Is there a solution to prevent this?
Thank you!