Hi there, I hope you managed to fix this issue and submit your app for validation. If I may, I would avoid disabling MFA flows in production, as it might pose a security issue. I'd recommend using a platform like GetMyMFA to provide Apple with instructions for the App Review process. Cheers!

Hello @Jose_Ignacio, We simply have created an actual production user account in our application, and linked to it a virtual phone number from the GetMyMFA platform. We then shared with apple the login information to the GetMyMFA platform in the Application description for review purposes, and whenever they try to connect, they are able to access the MFA code through the GetMyMFA platform. Let me know shall you need any additional information. All the best.

Hello, Sorry for the late reply. We have had similar issues with this topic with an SMS-based Multi-Factor Authentication System. As we didn't want to bypass our production security mechanisms or re-develop a demonstration mode, we have used a platform allowing to assign temporary virtual phone numbers to users in our apps. The platform is called GetMyMFA (get.mymfa.io) and it allows us to review and approve our app within 24 hours. To use it we simply created a user in our production application with a virtual phone number attached which we can enable and disable in real time for the App Store review process. That way Apple simply needs to log in to the platform (with a specific and private username/password) and the SMS MFA login code is displayed in the website. By using this platform we have been able to: Avoid spending time in a security "bypass" (and all the security issues that often come with it) Avoid building a "demonstration" mode exclusively for Apple Avoid using public websites with public phone numbers accessible to anyone. Our App gets approved within 24h with this system and the user can be easily and safely disabled after the review process is completed.

We have had similar issues with this topic with an SMS-based Multi-Factor Authentication System. As we didn't want to bypass our production security mechanisms or re-develop a demonstration mode, we have used a platform allowing to assign temporary virtual phone numbers to users in our apps. The platform is called GetMyMFA (get.mymfa.io) and it allows us to review and approve our app within 24 hours. To use it we simply created a user in our production application with a virtual phone number attached which we can enable and disable in real time for the App Store review process. That way Apple simply needs to log in to the platform (with a specific and private username/password) and the SMS MFA login code is displayed in the website. By using this platform we have been able to: Avoid spending time in a security "bypass" (and all the security issues that often come with it) Avoid building a "demonstration" mode exclusively for Apple Avoid using public websites with public phone numbers accessible to anyone. Our App gets approved within 24h with this system and the user can be easily and safely disabled after the review process is completed.