I have submitted a feedback through Feedback Assistant, but I want to share my experience here in case any other developers suffer the same experience we did:
Please describe the issue:
We implemented Receipt Validation through SKReceiptRefreshRequest according to https://developer.apple.com/documentation/storekit/in-app_purchase/choosing_a_receipt_validation_technique?language=objc When beta tester and App Store Connect Review team download our app for the first time from TestFlight or the Review team internal channel, and when the app calls SKReceiptRefreshRequest, the user will be prompted to manually enter their Apple ID and Password.
The App Store Connect Review team would reject the submission because they deem the behavior described above as violations of "5. 1.1 Legal: Privacy - Data Collection and Storage" for attempting to collect user data or "Guideline 2.1 - Performance - App Completeness" when they refuse to enter the AppleID credentials and fail the validation. The App Store Review team rejects the submission and insists that we must change the app. We had to go through a 3 week back and forth appeal to get on the phone with a representative to eventually pass the review.
Desired Solution:
If the manual Apple ID credential entry behavior is intended, the App Store Connect Review team should be informed to not reject app submissions that exhibit that behavior. If the behavior is not intended, the SKReceiptRefreshRequest method should not prompt behavior to trigger, and the documentation on Receipt Validation should be revised to reflect that. Otherwise, developers who follow the documentation will find submissions rejected, waste time on debugging, or even undo the implementation to pass the review.
Please list the steps you took to reproduce the issue:
You can observe the manual Apple ID credential entry behavior in any app that implemets SKReceiptRefreshRequest:
0. Ensure that the test device is not signed in with a sandbox account in Settings -> App Store -> Sandbox Account Ensure you have access to a build in TestFlight
Download the app
Trigger the function call SKReceiptRefreshRequest
Observe the prompt
To replicate this behavior in an Xcode project:
0. Ensure that the test device is not signed in with a sandbox account in Settings -> App Store -> Sandbox Account Use XCode to create a new Single View App project for iOS app with Objective C as language
Change the Bundle Identifier to an allowed identifier and add this code to main.m line 19
SKReceiptRefreshRequest *refresh =[[SKReceiptRefreshRequest alloc] initWithReceiptProperties:nil];
[refresh start];
3. Run the project on the test iOS device
4. Observe the prompt