Hello!
In our app we let users authenticate with Facebook, Google and our company’s own account. So, we've our custom authentication (email and password).
with this scenario, is it mandatory to add Sign In with Apple in our application?
thanks for your time
The guidelines have been update recently for this point :
4.8 Sign in with Apple
Apps that exclusively use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option. A user’s primary account is the account they establish with your app for the purposes of identifying themselves, signing in, and accessing your features and associated services.
Sign in with Apple is not required if:
Before this guidelines revision, I would answer yes to your question, but with the changement in the first line (exclusively use a third-party or social login service), I'm not so sure with the answer ...
By the way, Sign In With Apple is very conveniant for an iOS app and should have a good success.
Existing apps must follow this guidelines before April 2020.
At my work we just had an app successfully reviewed without giving Apple Sign In as an option. We're providing two options for sign-in/-up: email/password combo and Google.
We had a couple of attempts with Apple Sign In rejected and after it came to our attention that Apple had eased the requirements to when Apple Sign In is required (as pointed out by @Mukizium) we decided to give it a try without Apple Sign In which eventually was a success.
However, I recognize the convenience of Apple Sign In and as a user I will definatly be using it but as a developer I find the way of verifying domains to verify ownership and for email sending a bit cumbersome. For example sending emails to users registered with an @privaterelay.appleid.com email address from a third party email provider is currently not possible, since it is being blocked by Apple if the sending domain hasn't been verified.
Further info on the last topic: https://developer.apple.com/documentation/signinwithapplejs/communicating_using_the_private_email_relay_service
You're getting away with it now because it is not mandatory at this time. Come 2020 it will be mandatory if you use your own + Google.
From the updated guidelines its not clear what is the mandate policy for apps that use custom registration and authentication along with third party services.
Guidelines talks about apps exclusively using third party services and apps exclusive using its own custom registration/authentication.
It seems your interpretation for the apps which are in neither category as a yes. What is the basis for that?
I think at this stage (3 months after https://developer.apple.com/news/?id=09122019b was posted) we have to assume that the Apple did not make a mistake by including 'exclusively' in:
"Apps that exclusively use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option."
The most sensible interpretation I can see is that Apple have deliberately left a 'grey' area in the middle, where apps that make non-exclusive use of third-party/social login may have to implement Sign In with Apple at a future not yet announced date.
My app had a phone number authentication + Facebook auth and it got rejected because it didn't have Sign in with Apple. Apple seriously need to re-write the guidelines to better convey whatever rules they now have.
I guess this a new app? Can you share the rejection message? Did you appeal the rejection quoting the rule?
I just rejected by Apple as well base on this rule. They said I am using third-party login and they are asking for Apple Login as well. So the only way I can do now is to hide the third-party login until we implemented Apple Login.
I guess this a new app?
Can you share the rejection message?
Did you appeal the rejection quoting the rule, i.e. that it says the requires is for "Apps that exclusively use a third-party or social login service"?
Just got the same rejection, message was simply
We noticed that your app uses a third-party login service but does not offer Sign in with Apple.Any update? Did you appeal the rejection?
Any update? Did you try appealing the rejection?
FYI - this has changed and they removed the exclusive wording.
Thanks jm_ba - they have indeed; it's crystal clear now that if you offer social login you must offer sign in with Apple, and for existing apps this kicks in on 30th April:
My company has a B2B/B2G product that's accessible only by enterprise/business/government customers. They can sign in by creating their own account via their email address or Sign up With Google.
Reading the exeptions, it looks like my company would not be required to do Sign in With Apple. What do you think? Thanks in advance.
