We've switched over to using the new App Store Server API on our server instead of the deprecated Apple verify receipt method. But we've noticed some differences between our purchase records approved by the App Store Server API and what's shown on the Apple iTunes dashboard for purchases made on May 7th, 2024. Just to clarify, the purchase dates are in UTC time and are taken from the Apple Store API transaction requests. Below are the purchase dates and the subscription names for the 7th. 2024-05-07 22:46:16 - monthly subscription 2024-05-07 22:31:53 - monthly subscription 2024-05-07 22:26:53 - six months subscription 2024-05-07 22:19:16 - monthly subscription 2024-05-07 22:01:04 - monthly subscription 2024-05-07 21:28:56 - six months subscription 2024-05-07 20:09:04 - six months subscription 2024-05-07 20:01:31 - six months subscription 2024-05-07 19:43:24 - monthly subscription 2024-05-07 19:12:30 - annual subscription 2024-05-07 18:30:36 - six months subscription 2024-05-07 00:43:33 - monthly subscription While our records indicate these transactions, the Apple iTunes dashboard only displays 3 monthly subscriptions for May 7th. May 6th and 5th is worse; almost 1 or 2 monthly subscriptions are showing. We think there's a problem that Apple engineers or developers need to look into. Before, when we used the verify receipt method in our API, purchases would show up on the iTunes dashboard the next day. But now that we've switched to the new transaction method, there's a delay in seeing these purchases on the dashboard. Have you migrated to the new App Store Server API and encountered a similar issue? What could be causing this delay?

Hello, For a short time before and just after we announce our app we would like to make it available by direct link only. We don't want it to be searchable on the app store. Can anyone tell me if this is possible and if so, what the best way to do this is? Thanks

There is at least one app in AppStore (Prisma: Photo Editor, Filters), that suggest 1 day of free trial, but if you accept it, your card will be charged next day for full price of year subscription, even if you already removed app from your device and canceled subscription during this free trial day. This looks like fraud. Developers refuse to take responsibility for this. Apple support chat confirms, that such situatioin is a kind of not ok, but they are not going to do anything about it at all. Is it a known issue of AppStore? Do you know other apps like this? Is there any chance for people that were forced to purchase such subscription to get a compensation? How to setup such trial and subscription settings for my app?

I just renewed my developer account (a little late) When will my app show up on Appstore again?

Hello, we recently switched to the V2 notifications and we are noticing some odd requests. In general all works as expected, except that we are receiving some empty notifications i.e. the body if blank. Has anyone experienced the same issue? Is this a normal behaviour and if so how should we handle it? Thank you in advance. Greetings, Ilian

Não estou conseguindo enviar meu App para revisão. Nunca apareceu essa mensagem antes e não foram alteradas informações da conta. A mensagem também não é clara sobre qual informação deve ser alterada/corrigida.

I am trying to disable the screenshot on iOS app but apple does not expose any api for this. Due to which I added a workaround when iPhone will try to take screenshot we have a textfield in secured way which will cover the whole screen and screenshot will be blank. Does anyone tried the same approach to avoid screenshot? if yes did apple act against those application or they reject if they find. It will be great help if Apple can provide us some insight on it.

Hello, my app was rejected because deep linking doesn't work as expected according to the reviewer. I have reinstalled the app and tested it on the same device and iOS version as the reviewer, but everything still works fine for me. I also asked a few friends (three people) to test it, and they all confirmed that the deep linking works as intended. Have you ever experienced a similar issue before, or do you have any insight into why this might be happening? Thank you in advance.

After spending a lot of time trying to automate my processes, particularly on checking the emails I have on my software, and after talking with people in the field, I looked for a complete solution that could check with great precision in my email lists. I then looked at https://mailtester.ninja/ which in addition to being very complete, offers an API. So my question is whether any of you have other tools, other methods? thank you

Hi, Can someone confirm if the "NSPrivacyTrackingDomains" key for the Privacy Manifest supports wildcard domains such as "*.example.com" or do domain string have to be explicitly defined like "test.example.com"? Thanks.

Hello, I call transaction information for several apps. And I don't have environment information. That's why I'm calling the sandbox environment as an official guide. Call the endpoint using the production URL. If the call succeeds, the transaction identifier belongs to the production environment. If you receive an error code 4040010 TransactionIdNotFoundError, call the endpoint using the sandbox environment. If the call succeeds, the transaction identifier belongs to the sandbox environment. If the call fails with the same error code, the transaction identifier isn’t present in either environment. However, unlike the official guide, certain apps sometimes use production URLs to call endpoints to receive 401 status codes and successfully call endpoints using the sandbox environment. Why does this difference occur unlike the official guide? I receive a 401 status code in response from a production environment endpoint, I want to know if this status code is a real error or if I have to call it into a sandbox environment. Can I check with the key 'x-apple-request-uuid' in the response header? Please let me know the solution.

My company has some private apps that are distributed via redemption codes (no ability to do MDM in this instance). If I try and open the app in the app store it shows a "Cannot Connect" error message. Similarly, if I try and link to the app programmatically through the app (https://apps.apple.com/app/id) I get "App Not Available" in the app store. Both of these seem to have the same cause, and they mean that I can't link to the app in the App Store when I detect that an update is available. Is there any alternative for this to allow my users to more easily update the app? Alternatively I think it would be good enough to link to App Store >> Account and have them scroll down to the Updates section, but my testing of it has shown that I can only link to the App Store, or App Store >> Account >> Subscriptions successfully. When I try to link to App Store >> Account it opens the bottom sheet but displays a "We've run into a problem. Please try again later." message. What would the best way for me to make the process of updating apps easy on my users given these hurdles?

So in looking over the app review guidelines, where it reads, "They may not auto-launch or have other code run automatically at startup or login without consent" We currently present a popup to inform the user if they want to connect to our server. My question is, are we able to provide the user with a way to turn off this startup prompt (thus improving speed of app startup) It would be located within our apps own settings page, upon which the user would have the choice to turn off or leave on this startup prompt. Or would this go against apple's policy in any way?

I'm trying to release my first app on the app store. It's an app that connects to an Internet of Things device over bluetooth. As such, I am unable to simulate the device to showcase the workflows. The only device I have access to is an iphone 15 pro. I received the feedback on my app submission: The 6.7-inch iPhone and 5.5-inch iPhone screenshots do not show the actual app in use in the majority of the screenshots. Upload new screenshots that accurately reflect the app in use on each of the supported devices. How can i get these screenshots ? Do i seriously have to buy these devices ? TIA, Ringo

I call transaction information for several apps. And I don't have environment information. So I'm calling the sandbox environment as an official guide. However, unlike the official guide, certain apps sometimes succeed by calling an endpoint using a production URL to receive an error code 401 and calling an endpoint using a sandbox environment. Why does this difference occur unlike the official guide? Because of this difference, sometimes it's a production environment and JWT hasn't expired, but I get a 401 error and call the sandbox environment. 2. Please let me know the solution.

Hello Apple Developer Community, I am encountering an issue with my iOS app submission on the App Store Connect platform. After testing the app extensively on various devices, including iPhones and iPads using Xcode, the app appeared to be functioning correctly with all screens visible. However, upon submission, Apple rejected the app, citing that it launched a blank page specifically on the iPad Air (5th generation) running iOS version 17.4.1. I have thoroughly reviewed the app's code and conducted additional testing, but have been unable to replicate the issue on my end. I am reaching out to the community for assistance in troubleshooting and resolving this issue. Has anyone encountered a similar problem before, or does anyone have suggestions on how to address this issue effectively? Any insights or advice would be greatly appreciated. Thank you in advance for your help.

App: "Nappkin" Apple ID: 639242085 Hi, We are getting several "Missing API declaration" warnings (see below) when submitting our iOS app to the AppStore. Our app doesn't not use the mentioned api's but apparently one or more of the libraries we use do. We have included a privacy manifest that states this fact (included below). Why are we still getting these warnings/errors when we have included a privacy manifest? If each framework used must have a manifest can you tell me which frameworks are in error? We have no influence on the contents of the frameworks used in our apps. How can we comply if a framework we use does not have a required manifest and is unable or unwilling to include it? Our app is a point-of-sale app used by 100's of professionals. We have been in the AppStore for more than 10 years. Our app is fully dependend on several frameworks and not being able to update our app will mean we have to close our business. Thanks! Willem Bison = Privacy manifest ==== <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>NSPrivacyAccessedAPITypes</key> <array> <dict> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategoryDiskSpace</string> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>Our app does not use this api directly but (apparently) an included framework does</string> </array> </dict> <dict> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategorySystemBootTime</string> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>Our app does not use this api directly but (apparently) an included framework does</string> </array> </dict> <dict> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>NSUserDefault is used to store and retrieve several user preferences</string> </array> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategoryUserDefaults</string> </dict> <dict> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>Our app does not use this api directly but (apparently) an included framework does</string> </array> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategoryFileTimestamp</string> </dict> </array> </dict> </plist> = Warnings ==== Hello, We noticed one or more issues with a recent submission for App Store review for the following app: Nappkin Version 179.0 Build 33854 Although submission for App Store review was successful, you may want to correct the following issues in your next submission for App Store review. Once you've corrected the issues, upload a new binary to App Store Connect. ITMS-91053: Missing API declaration - Your app’s code in the “Nappkin” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. ITMS-91053: Missing API declaration - Your app’s code in the “Nappkin” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryDiskSpace. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. ITMS-91053: Missing API declaration - Your app’s code in the “Nappkin” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategorySystemBootTime. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. ITMS-91053: Missing API declaration - Your app’s code in the “Nappkin” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. Apple Developer Relations ============

I want to include my server's default tls certificate in my macos app that I want to publish on app store , but the documentation is not clear for this . Is this allowed , or I cannot include the certificate file in my application package ?

Hi everyone, Has this every happened to you? If so, how did you resolve it? Submitting my app for review, I got the following rejection: Guideline 2.4.5(ii) - Performance The package currently available in App Store Connect cannot be installed and may be corrupted. Next Steps Please rebuild your application and upload a new version. If this issue continues, please contact Apple Developer Technical Support for help investigating the issue. DTS referred me back to app review: We are unable to help you resolve this matter. Please circle back with the App Review team for assistance. I'm building the .pkg with productbuild: xcrun productbuild --product WFH\ Phone\ Webcam.app/Contents/Info.plist --component WFH\ Phone\ Webcam.app /Applications --sign "3rd Party Mac Developer Installer: Mansour Moufid (42A2D88R9U)" --timestamp WFH\ Phone\ Webcam.pkg and uploading it with altool: xcrun altool --username "..." --password "..." --validate-app --file WFH\ Phone\ Webcam.pkg --type osx xcrun altool --username "..." --password "..." --upload-app --file WFH\ Phone\ Webcam.pkg --type osx The .pkg signature looks fine: xcrun pkgutil --check-signature WFH\ Phone\ Webcam.pkg Package "WFH Phone Webcam.pkg": Status: signed by a developer certificate issued by Apple (Development) Signed with a trusted timestamp on: 2024-04-29 14:11:27 +0000 Certificate Chain: 1. 3rd Party Mac Developer Installer: Mansour Moufid (42A2D88R9U) Expires: 2025-03-13 20:11:55 +0000 SHA256 Fingerprint: CB 8A 12 1D 4D 16 29 27 08 30 07 1C 6C F6 1C F4 85 6E AE F1 B1 34 68 F7 81 6D C3 3B 1B 8C 5D 32 ------------------------------------------------------------------------ 2. Apple Worldwide Developer Relations Certification Authority Expires: 2030-02-20 00:00:00 +0000 SHA256 Fingerprint: DC F2 18 78 C7 7F 41 98 E4 B4 61 4F 03 D6 96 D8 9C 66 C6 60 08 D4 24 4E 1B 99 16 1A AC 91 60 1F ------------------------------------------------------------------------ 3. Apple Root CA Expires: 2035-02-09 21:40:36 +0000 SHA256 Fingerprint: B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C 68 C5 BE 91 B5 A1 10 01 F0 24 The app's signature also checks out: codesign --strict --deep --verbose --verify WFH\ Phone\ Webcam.app WFH Phone Webcam.app: valid on disk WFH Phone Webcam.app: satisfies its Designated Requirement I have no idea what "cannot be installed and may be corrupted" means and app review is not responding to my request for more information...

Hello everyone, I'm currently working on implementing a vaccine tracker and reminder feature for an application. As part of this feature, I plan to collect basic information about babies from their parents, such as name, gender, and date of birth, in order to create personalized profile cards and assist in tracking vaccinations. My question is regarding the gender field: Is it acceptable to ask for only 'male' or 'female' as options, or should I include other gender options as well to ensure inclusivity? Additionally, considering that I'll be asking for gender and date of birth, I'm concerned about potential rejection of the app build by Apple. Can anyone provide insight into whether this could be an issue? Thank you for your help and guidance!