Apple store rejected our app because of Networking

Our App approved by app store several times, but the latest update failed to Apple audit.


But App store rejected our app because of Networking, maybe IPV6 network has problem.


So we go into detail, we reviewed the server's log, we found that the http connection success, But the socket connection failed.

Our server received user's connection request, but our server can't receive user's data!!!!

It means that, the socket connection is established, but socket server failed to receive data!!


What's wrong??

Any information will be appreciated!!

Thanks in advance!

Replies

Let’s see if I understand your correctly. Please confirm the following:

  • Your app makes two different types of network connections:

    • HTTP[S] requests to your web server

    • “Socket” connections to some other server

  • Your server logs indicate that the former are successful but you never see any evidence of the latter.

Is that right?

If so, what protocol are these socket connections using? WebSockets? Some other well-defined protocol? Or a custom protocol over TCP?

Also, what port number is your other server listening on?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

First thanks for your reply!

I think you understand correctly.

Our protocol use http connection and socket connection(not web socket).

The http connection are successful, but the socket connection failed!

In the enviroment of Apple audit, the socket connection established successfully, but it can't receive data!! It is very strange!

Our socket server listens on port 10001.

Please help me !

Best wishes for you!

I think you understand correctly.

Thanks for confirming that.

Our socket server listens on port 10001.

I can’t think of any reason that such a connection would be blocked by the Apple firewall.

the socket connection established successfully, but it can't receive data!!

And that’s certainly not how the Apple firewall works. If it blocks an outgoing connection, it’s completely blocked. The server will never see the connection established.

I see two possibilities here:

  • Your app has a bug (A).

  • You have network infrastructure problems (B).

With regards B, it’s possible the data is being blocked by some sort of regional firewall or by something on your network when it originates from an unexpected region. You can rule both of these out by having someone based in the US test your app to make sure that they can connect. App Review is, as you might expected, based in the US (-:

With regards A, make sure you do your testing with exactly the same build used by App Review. This means creating an archive for your Release build and then using that archive to upload to the store, and for your ad hoc test builds, and to upload to TestFlight. I’ve seen a lot of problems like this caused by folks not testing exactly the same build that they submitted, which is why App Review has problems but normal testing does not.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks for your help. We will make a try as you say.


If we are making progress, I will post here.


Best wishes for you!

Have you resolved the problem? We have the same issue, and have no idea what's going on...

We've tested our app in our NAT64 environment due to Apple's guide using macos to simulate and it worked fine.

But when reviewed, we found out our server cannot send handshake data to the app with tcpdump to capture the package, and it caused tcp retransmission, finnally tcp connection is closed by the server.Our server port is 8080,and the tcp 3 handshake is finished.But app can't receivied the application's handshake protocol, not sure if the Apple audit network environment has some problem.

In our own test, we found out the ipv6 address is 2001:2:0:1baa::d38:e349, but the review team resolved ipv6 is 64:ff9e::d38:e349. Can this make the issue ?Any help will be appreciated.

We have a very similar issue when testflight beta reviewing(publish reviewing haven't been tried).

Like what yr200602 said. When our app have being reviewing, it can connect to our socket server. Three step tcp handshake passed, means tcp connection have established. So our app start an application's handshake, but our target server has no data received! We use a custom protocol over tcp, listen on port 8000(we have being rejected two times.In the version of first time, port is 43000.).

I'am pretty sure about that our server works well, and our client works well too. Because server hosted in US, and i have invited my friends who live in US to test our app by adding them to testflight's App Store Connect user use the same version we submited. No networking problems they have met. I amoust lost my mind for this problem. We have tested MacNAT64 IPv6 environment step by step with apple's guide and passed. For now, i think that apple's firewall may be the culprit. If it capturing and analyzing data's protocol, our protocol is obviously not on the whitelist, or may be just have the same feature like a protocol on the blacklist.

Make some corrections. Our socket socket server could receive data, but the socket client can't receive server's data.

What's wrong?

Your problem is the same as ours.

Our socket socket server could receive data, but the socket client can't receive server's data.

Make some corrections. After added more log on our server, we found that our socket socket server could receive data, but the socket client can't receive server's data.

What's wrong? Please help me!

In my last reply i've mentioned that we use a customer ptotocol over TCP.

I spent these days to migrate our network connection layer to socket.io based, so handshake packet and data packets are transporting over websocket protocol. Server addresses and ports are not changed. No change about server logic either.

Then i submited a new version to testflight. We got pass! New user footprints are found in the same time( what means they actually runing our game).

Now i'am 99.9999% sure about what my conclusion in my last reply. Apple's firewall is sniffing datas. And data packets of a customer protocol may be droped when they going out or comming in.

You can't change Apple's firewall right? So obediently change your protocol to a well-known one, if you still want to sell your app to iOS users.

😂😂😂

First, congratulations!

You said that you spent these days to migrate your network connection to socket.io based, can you go into detail?

Which language do you use to program? We use java to program.

Thanks in advance!

Our ipv6 address is 2400:3200:1600::53, but the review team resolved ipv6 is 64:ff9d::2ffe:58fa.

Our server's log shows that the review team's ip is 17.200.11.44. So it is very strange!!! Maybe the review team accessed with NAT64, but our server has ipv6 address which can be accessed in real IPV6 enviroment.

Can you make a explain for me? I am completely confused.

Thanks in advance!

Apple's firewall is sniffing datas.

I’m not sure what’s going on with your app but I’m quite sure that Apple’s firewall is not making firewall decisions based on the content of your connections.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I'am coding server with node.js, so socket.io is a good choice. It's a library base on a well-known protocol names websocket.

Just abandon your tcp sockets, change them to websocket based connections will solve the problem.

Or you can try any other well-known application connection protocol. But websocket is confirmed by me.

Thanks for your reply. I am coding server with Netty library, we can't change the netty becasue the workload is too big.

I will change the handshake data and update the Netty library.

God bless me!!!