Our app uses Firebase phone auth. The App Store review has rejected the app due to pushes being required:
Guideline 4.5.4 - Design - Apple Sites and Services
We noticed that your app requires push notifications in order to function.
Specifically, we noticed if the Push Notifications setting was not enabled on our device, we encountered an error message after entering our phone number within the app.
Next Steps
Push notifications must be optional and must obtain the user's consent to be used within the app.
And they've also attached the screenshot that depicts Firebase error "Remote notifications and background fetching need to be set up for the app [...]"
Firebase documentation states that APNs notifications are absolutely required for phone auth to function:
https://firebase.google.com/docs/auth/ios/phone-auth
To use phone number authentication, your app must be able to receive APNs notifications from Firebase. When you sign in a user with their phone number for the first time on a device, Firebase Authentication sends a silent push notification to the device to verify that the phone number sign-in request comes from your app. (For this reason, phone number sign-in cannot be used on a simulator.)
However App Store review guidelines state that Push Notifications must not be required in order for the app to function: https://developer.apple.com/app-store/review/guidelines/
4.5.4 Push Notifications must not be required for the app to function, and should not be used for advertising, promotions, or direct marketing purposes or to send sensitive personal or confidential information.
Users need to sign in before they can use the app (the app is about sending digital GIF invitations to your guests and sharing photos), which is why Push Notifications are basically required for the app to function, if the sign in method is Firebase phone auth.
We have tested the app a lot, and the authentication works without a problem when push notifications are enabled (on real devices, both in distribution Ad Hoc builds with production environment and development builds with sandbox environment).
Come to think of it, how did App Review team even disable Push Notifications? The notification center setting does not stop actual pushes, it just doesn't display them. We have tested with this setting off, and firebase phone auth works fine, pushes are still coming through as expected.
I am very surprised with this issue, as Firebase is a huge service provider. Did anyone else encounter this issue? Are there plans to remove APNs requirement for phone auth? Is there maybe some other way to use Firebase phone auth without pushes?
To avoid rejection, make sure that your privacy policy is easily accessible both within your app and app page in the App Store. It should explain how you use the specific data that you collect: how it's stored, and whether or not you share it with other third-party entities.
Unfortunately, some apps do get rejected straight out the gate. It's not always easy to find out what you need to do in order to avoid app store rejection. According to Apple, 88% of those rejections occur because of the most common faux pas.
Go to your Firebase "Project Settings" by clicking the gear icon in the top left and scroll down to the "Your Apps" subsection. Click the pencil icon next to "App Store ID" and "Team ID" and change them to appropriate values. Under App Store ID, use 292922029.
Metadata rejected This means that the review has only just been interrupted and can be resumed once you provide the missing information.
Firebaser here. We have released an updated Firebase Auth SDK, 4.2.0, as Leetmory mentioned, which should hopefully resolve these issues going forward.
The issue was caused by the fact that the Firebase Auth SDK using APNs to validate the request - this is to minimize the risk of SMS spam abuse or similar. The validation uses a silent APNs notification, so doesn't require explicit user consent for iOS 8 and above. However, this still failed if APNs was completely disabled, as in this review case.
The 4.2.0 release introduced the facility to use a reCAPTCHA prompt inside an SFSafariViewController (or webview for older iOS) to prevent abuse if APNs isn't available. We don't expect this to happen very much, but it accounts for the unusual state encountered here. It also enables support for testing Firebase Phone Auth on the simulator!
You'll notice there is a new uiDelegate
parameter on the verifyPhoneNumber
method. In most cases you wont need to use this, but it is part of the fallback verification.
What you will need to do, if you haven't already, is add the REVERSED_CLIENT_ID
(from the GoogleService-Info.plist
) as a custom URL scheme. This will allow the reCAPTCHA view to return validation to your app.
There is a gotchas to be aware of in the current version though:
verifyPhoneNumber
you'll need to redispatch to the main thread, using DispatchQueue.main.async {}
- this will be fixed in the next version of Firebase Auth! Other than that, things should work as normal! We definitely recommend supporting silent push where ever possible to ensure the best user experience.
For a full walk through, see the full Phone Auth developer guide.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With