Our app framework was set to a minimum of iOS 12 - however we have decided to up this to 13. I have managed to keep an iPhone 6s set to iOS 12 so we can test on our minimum supported, however would now like to update to iOS13 - but am only really seeing options to update to 15 (which we have another physical device on already). I have done some research and found some loose answers, none of which correctly paint the picture for me - hence why I am reaching our to the apple dev community. From what I can see I can get images for recent older iOS builds, but not older ones, but not 100% sure on this. I am downloading the iOS 13 simulator image to do some tests now, but would really prefer it to be on a physical device if this is possible. Any help or advice is appreciated

Hi all We have recently had an issue with using a single sign on login concept in a submission which was flagged under Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage and we are wondering what the development best practices were in this circumstance. The reason being was because if the user did not already have an account, we provided a button which then loaded the 3rd parties registration form in a web frame. However the system we are using requires the users address and phone number for various reasons, although our app does not use that data at all - therefore we were told we are breaking the guidelines. Our app is not collecting, or storing any of this information (or even has visibility to it), and it is all covered in both ours, and the third parties privacy policies, however it seems that we are still violating the clause. My question to other developers and Apple support - is how is this dealt with in other apps that use larger SSO systems such as iCloud, Google and Facebook? If you use one of those for login, they require various fields, and personal data, which is then may not be used within apps themselves, however they seem not to violate the same policy, or at least may not have been flagged to do so. Our system is in context of holiday park bookings and this is an outline of the two processes that may happen: User already has account User books holiday on holiday parks booking system (The SSO Controller) This process includes the registration process so user will have email and password Before, or during the users holiday they download our app, and use this same username and password to add their booking information to our app User does not already have an account User books holiday in person, or over the phone They do not have a web account - but want to still download and use our app If they wish to login with their booking they need to then create an account on the booking system (SSO) - which for CRM and payment reasons, requires the users address and phone numbers Our app provides a button to load the registration in a web frame, and once the user is registered can then login to the app This second circumstance is the issue we are having, and for now have had to remove this to comply. Only people who originally booked their holiday online now being able to login with their booking. There are potentially other avenues we can explore with the booking system, but before we roadmap more development time for these, I was hoping the community, or Apple themselves could point us towards best practices, or documentation for this, and how others have dealt with it