App Store Rejection for Authentication


App Store Rejection for Authentication

I recently submitted a new build of the Auto Care Kit app for review on the iOS App Store and it was rejected. This was a little surprising to me because I hadn’t made that many changes. It was rejected because it didn’t comply with third-party login service criteria from the App Store guidelines.

The app supports 2 methods of authentication: email and Google account. Neither of these met the criteria, but also these have been in the app for years. I’m surprised that now it’s not good enough and fails to meet the requirements.

Here is the actual text from the rejection:

The app uses a third-party login service, but does not appear to offer an equivalent login option with the following features:

  • The login option limits data collection to the user’s name and email address.
  • The login option allows users to keep their email address private as part of setting up their account.
  • The login option does not collect interactions with the app for advertising purposes without consent.

I decided to use this opportunity to improve the way a user can sign into the cloud and sync their garage data. I am rewriting all of the authentication code in the app and upgrading the use of Firebase Authentication. In the end, it should not only satisfy the App Store review team, but also add more ways to authenticate and sync to the cloud.

Larry Aasen
Written by Larry Aasen Lead mobile engineer at Car IQ. Author of the apps Auto Care Kit and US Debt Now, and the Flutter package upgrader.