Rejected App: 17.2: Apps that require users to share personal information

Question

Preface:

I know this issue has been raised here before on SO, but those posts are old and I believe not currently relevant to Apple's decision making.

Rejection reason:

17.2 Details

We noticed that your app uses Facebook login for authentication purposes but does not include account-based features offered by that site, which is not allowed on the App Store.

Next Steps

Please modify your app to include account-based features of that social network or use your own authentication mechanism.

My App:

My App implements Facebook authentication and grabs the user's first name and profile picture only and displays them at the user's discretion (when the user performs a certain function).

I stated this to Apple twice and they replied that this was not enough.

They kept parroting that I needed to add "account-based features" of Facebook. I asked them to elaborate and these were the examples I was given:

"It would be appropriate to implement friends lists, social graphs, and game scores when applicable. "

So these questions arise:

What if my app doesn't benefit from the above examples?

What's wrong with using Facebook as an authentication method and for grabbing basic data?

And the kicker - what are more examples of "account-based features" of Facebook that I could implement that would qualify for the privilege to use Facebook authentication?

I'm sure I won't get any straight answers from Apple, so I am appealing to the experts here to hopefully enlighten me.

Thanks in advance.

Answer 1

Based on my experience with the Apple Review Process, what bothers them most in this case is:

• If your app "forces" the user to login with Facebook and doesn't allow him/her to login any other way (or not login at all).
• If your app has no "account-based features" as they indicate in their rejection details (even if these features are not specifically related to Facebook.

Things you can do to pass the review process without damaging your app's user experience:

• If you don't already have an option to use the app annonymously or login with an email address or any other non-Facebook method of authentication, you should definitely add one. Not only will that increase your app's chances of being approved by Apple, it will also provide your users a way to try your app without providing you with their Facebook information. A lot of users need to gain trust in an app before logging in with their precious Facebook account, so this can actually help your on boarding process and is highly recommended.
• Add some account specific features to your app. It doesn't necessarily have to be Facebook specific data. It can be anything that will convince the review team that you're not just collecting data about your users, you are also providing them with some sort of benefit because they logged in. Examples for this can be game related features, like Apple suggested: score count, leader boards, friends list, invitations, rewards, chats, etc. It can also be non gaming related. Things like: content management (allowing the user to save data based on his/her account and accessing it later, "liking" certain elements in the app, saving app related content in one place, sharing content on Facebook, etc.
• The best thing you can do (if it works for your app) is just find some significance to a "user" in your app. Something that will give meaning to the user's having to login. If you have that, even if it's not necessarily Facebook related, you should be good to go.

An example that can be good for both the review team and your app's chances of going viral, which is relatively "cheap" to implement, would be to add the ability to invite friends to use the app. This would justify logging in with Facebook and give your users an extra value. However, I would highly recommend not forcing the user to login unless it's absolutely necessary. Let him/her learn about your app, learn to love it and then, when he/she trusts you and is willing to "commit", then you give them the option to login. When it comes from them and not because they had to, the chances of your user feeling good and safe about logging in to your app, is significantly higher.

I hope this helps, even a little. Good Luck!

Answer 2

I had the same problem and I told them about the UI experience and basically the issues you mentioned. They approved it shortly after I explained it. When did they approve it? About 8 hours ago. So while I do think Apple is still strict regarding these requirements, I do think they are understanding if you can explain yourself well.

The changes I made:

1. Added a HUGE "login anonymously" button, to make it clear you don't need to login to use the app.
2. The app was for "voting" for businesses, and I said that logging in with Facebook is the best way to accomplish this without killing the user experience.

This worked for me. Hope it helps. But I think the bottom line is, if you use Facebook connect for authentication and you are using it in a good and valid way, then Apple will most likely accept it.

Good luck!