I have developed an iOS app that allows users to login via their Google Account using OAuth.
It was rejected by Apple for allegedly violating 11.13 of the App Store Review Guidelines:
11.13 Apps that link to external mechanisms for purchases or subscriptions to be used in the app, such as a “buy" button that goes to a web site to purchase a digital book, will be rejected
Upon asking for more information, Apple said:
To clarify, your app has been rejected for including means for users to acquire new Google accounts. Linking customers to a page where users may sign up or register new accounts, and then use those accounts to purchase service/server space to be used within the app, is not appropriate and must be removed before resubmitting your app.
Here's a screenshot of the infringing functionality:
The Gmail iOS app has the same screen and I can't find any other app that connects to Google by OAuth so I'm at a loss on how to fix this.
Any ideas?
Many thanks!
EDIT: Here's a screenshot of same offending screen in Gmail
OAuth2 lets users grant third-party apps access to their web resources, without sharing their passwords, through a security object known as an access token. OAuth2 works with the following four actors: authorization server: responsible for authentication and authorization; provides the access token.
Google's documentation for "Mobile and Desktop apps" does direct developers to use a PKCE Authorization Code flow. Clients using Google Android, iOS or windows store credential types with PKCE may omit the client_secret (see the note on the refresh token parameter table - and confirmed by Cristiano).
Step 1: Go to Google Developers Console. If you have a Google account, login, else Create an Account. Step 2: On the dashboard, click on the Project dropdown menu. Step 3: Select an existing project or create a New Project.
Google has finally added a native library that performs in-app sign in. You can find it here https://developers.google.com/identity/sign-in/ios/start
This has happened to several users and unfortunately Google are still "working" on a solution.
I would strongly recommend that anyone facing this issue please comment in the official forum. The more attention it gets the higher the chance something will be done about it. Here's what one of the employees at Google had to say:
Hi all -- at Google, we aim to make our services available to as many users and developers as possible. We have heard a very small number of reports of problems of this type, but those app developers appear to have eventually gotten approval to launch by working through Apple’s standard process.
Meantime, we're continuing to work on improved mechanisms for login. I do agree with Daniel that direct use of GTMOauth2ViewControllerTouch, or the equivalent UIWebView trickery, is not recommended.
Right now the solution I used was to remove Sign In from the Launch Screen and move it to the menu inside our app.
Place a link mentioned below instead of SignUP button:
https://accounts.google.com/SignUp?service=mail&continue=https%3A%2F%2Fmail.google.com%2Fmail%2Fca%2F<mpl=default&hl=en
This link should be open in iOS Safari browser.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With