Guideline 5.4 - VPN rejection based on data collection

Hi

We currently have an app being rejected due to Guideline 5.4 (VPN apps). The answer from App Review was a vague reference to the app not providing enough information to the user about data collection.

About 6 months ago we added a modal sheet that requires agreement from the user before the app will attempt to create a VPN profile via NEVPNManager APIs. This was in response to a prior rejection, and our app was subsequently approved.

Following our latest rejected update we tried to clarify if our modal was being observed and after some back and forth, the latest rejection from Apple Review states that:

we still found that your app does not sufficiently explain how the app or VPN service is using data collected from users in the purpose string of VPN Configurations prompt.

I have scoured the documentation and gone through all the Plist options within Xcode and can find no reference to a custom purpose/privacy string on the VPN configurations prompt. My understanding is that the content of that alert is fully controlled by the system.

Has anyone else encountered this, or aware of any changes to the way VPN apps should create new connection profiles?

Many thanks

Thank you for your post. We're investigating and will contact you in App Store Connect.

In the future, if you disagree with the outcome of our review, you may consider submitting an appeal to the App Review Board.When filing your appeal, make sure to:

  • Provide specific reasons why you believe your app complies with the App Store Review Guidelines.

  • Submit only one appeal per rejection.

  • Respond to any requests for additional information before submitting an appeal.

The App Review Board will contact you directly as soon as they've completed their investigation.

Guideline 5.4 - VPN rejection based on data collection
 
 
Q