two factor authentication for app review?

Question

Zomerzondag OP

Created Nov ’17

Replies 1

Boosts 0

Views 2.8k

Participants 2

Dear fellow developers,

We'll be sending in an app for review shortly, which is using two factor authentication for users to log in. (This is necessary for a part of the app only - the other part is available for everyone, without account.) I was wondering how we could let the Apple review team discover the app, when it's set up with two factor authentication? (The second factor after using accountname/password is a confirmation code, obtained through text on iPhone, e-mail or TOTP-app on the device).

Thanks for clearing this up!

Boost

Answer 1

Frajedo OP

Oct ’21

Hello,

Sorry for the late reply.

We have had similar issues with this topic with an SMS-based Multi-Factor Authentication System.

As we didn't want to bypass our production security mechanisms or re-develop a demonstration mode, we have used a platform allowing to assign temporary virtual phone numbers to users in our apps. The platform is called GetMyMFA (get.mymfa.io) and it allows us to review and approve our app within 24 hours.

To use it we simply created a user in our production application with a virtual phone number attached which we can enable and disable in real time for the App Store review process. That way Apple simply needs to log in to the platform (with a specific and private username/password) and the SMS MFA login code is displayed in the website.

By using this platform we have been able to:

Avoid spending time in a security "bypass" (and all the security issues that often come with it)
Avoid building a "demonstration" mode exclusively for Apple
Avoid using public websites with public phone numbers accessible to anyone.

Our App gets approved within 24h with this system and the user can be easily and safely disabled after the review process is completed.

1