AppKit/Mac Catalyst apps are being rejected by App Review for launching default web browser for login

New versions of AppKit/Mac Catalyst apps that use Google's Sign In framework are being rejected by App Store Review for the past two weeks.

Reason shared was:

The user is taken to the default web browser to sign in or register for an account, which provides a poor user experience.

And also citing: Data Collection & Storage guidelines -> https://developer.apple.com/app-store/review/guidelines/#data-collection-and-storage

Opening macOS' default web browser has been a native behavior of Mac apps when using SFSafariViewController with ASWebAuthenticationSession, which is required, since iOS 13, for securely/privately logging in users.

As far as I could investigate, there hasn't been any updates to the guidelines that would indicate any required changes to developers in regards to how login works for macOS apps.

Are there any steps developers need to take to get updates approved while still providing users with Google's Sign in?

As reference, there is an on-going discussion on GoogleSignIn repo about this issue affecting multiple developers and apps: https://github.com/google/GoogleSignIn-iOS/issues/388

Post not yet marked as solved Up vote post of LucasFrazao Down vote post of LucasFrazao
267 views
Posted by
LucasFrazao
Reply
Add a Comment

Replies

If you disagree with the outcome of our review, you may consider submitting an appeal to the App Review Board.

When filing your appeal, make sure to:

  • Provide specific reasons why you believe your app complies with the App Store Review Guidelines.
  • Submit only one appeal per rejection.
  • Respond to any requests for additional information before submitting an appeal.

The App Review Board will contact you directly as soon as they've completed their investigation.

Posted by
BusterBrown17
Post not yet marked as solved Up vote reply of BusterBrown17 Down vote reply of BusterBrown17
Add a Comment

It's not just a GoogleSignIn issue: they just rejected my app for using completely standard OAuth 2 web authentication, for precisely this reason.

It's incredibly frustrating: if they don't like it they should be complaining to the Apple team who develop ASWebAuthentication. It's not like we app developers can do anything about it - we are just caught in the middle.

I've raised an appeal to App Review but I have no idea what the "Plan B" is if they reject my appeal.

Posted by
dutton
Post not yet marked as solved Up vote reply of dutton Down vote reply of dutton
Add a Comment