Apple Rejection For Third Party Sign Up

Question

Apple Review team rejected the Application with the reason

\"We noticed that your app uses a third-party login service but does not offer Sign in with Apple.

Answer 1

Today morning my app also got rejected because of the same reason but I was not using any third party sign up.

After rejection, I realised that in side menu under login button, I have 5 social media buttons for their respective social media page links so I replied to Resolution Center that I am using regular email based register and login. Also, I shared the screenshot of both screens (Login & Register). After 7-8 hours the status changed to 'In Review' and after next 10 minutes Apple approved and it goes live.

Answer 2

If you use any third-party sign-in feature, e.g. Facebook, Twitter, Google etc, you must now provide Apple Sign In as an additional option.

It's important to remember if you use solely a custom login system (i.e. email and password) then you do not need to include Apple Sign In.

4.8 Sign in with Apple

Apps that exclusively use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option. A user’s primary account is the account they establish with your app for the purposes of identifying themselves, signing in, and accessing your features and associated services.

Sign in with Apple is not required if:

Your app exclusively uses your company’s own account setup and sign-in systems. Your app is an education, enterprise, or business app that requires the user to sign in with an existing education or enterprise account. Your app uses a government or industry-backed citizen identification system or electronic ID to authenticate users. Your app is a client for a specific third-party service and users are required to sign in to their mail, social media, or other third-party account directly to access their content.

Further reading can be found here: https://developer.apple.com/app-store/review/guidelines/

Answer 3

Basically, yes. New apps that use sign-in must provide sign-in with Apple as an option. Existing apps that use sign-in must provide sign-in with Apple by April 2020.

We’ve updated the App Store Review Guidelines to provide criteria for when apps are required to use Sign in with Apple. Starting today [Sept 12, 2019], new apps submitted to the App Store must follow these guidelines.

(Source: https://developer.apple.com/news/?id=09122019b)

App Store Review Guidelines

4.8 Sign in with Apple

Apps that exclusively use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option. A user’s primary account is the account they establish with your app for the purposes of identifying themselves, signing in, and accessing your features and associated services.

Sign in with Apple is not required if:

· Your app exclusively uses your company’s own account setup and sign-in systems.

· Your app is an education, enterprise, or business app that requires the user to sign in with an existing education or enterprise account.

· Your app uses a government or industry-backed citizen identification system or electronic ID to authenticate users.

· Your app is a client for a specific third-party service and users are required to sign in to their mail, social media, or other third-party account directly to access their content.

(Source: https://developer.apple.com/app-store/review/guidelines)

Answer 4

Bad news: the word "exclusively" has been removed from the guidelines early March.

Apps that use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option

Answer 5

Update 3 (March 04, 2020)

The App Store Review Guidelines have been updated to cover cases that use both third party and their own sign in services. Those apps are now required to offer Sign in with Apple. Therefore I'll be updating my apps to support Sign in with Apple and I recommend you do the same if you fall into this category.

Original Answer:

So my app just got rejected for the exact same reason. My app offers regular email and password authentication as well as Facebook and Google login. Here are a few interesting things that I found while reading the App Store Review Guidelines.

1. It says:

Apps that exclusively use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option.

But my app does NOT EXCLUSIVELY use a third-part or social login service. It also uses our own email/ password method. In fact the email and password method is on top and thus assumed to be the main method of authentication. So I feel like this rule does not apply to my app.

2. It also says:

Sign in with Apple is not required if:

Your app exclusively uses your company’s own account setup and sign-in systems...

3. The first 2 rules don't cover my app's case.

My app does NOT EXCLUSIVELY use third-party login services and does NOT EXCLUSIVELY use our own method. It uses both. So it's neither required to implement the Sign in with Apple nor exempt from implementing it.

4. I submitted 2 apps for review in the same day with the exact same authentication methods and only one of them got rejected.

Yesterday I submitted 2 apps for review that are part of the same project and have the exact same authentication methods with the exact same auth screen design. They both got in review at the same time. The first one got approved and the second one got rejected for not implementing Sign in with Apple. Funny, right?

So unless they update the Review Guidelines to cover a case where you use both methods of authentication I believe we are not violating any rule. I'm trying to argue with the review team that my rejected app does not violate the App Store Review Guidelines and they should not have rejected it.

I'll update my answer when this get's resolved but till then it might actually help if others who face the same issue point this out to the review team. We'll either win our case and get our apps approved or they'll update their Review Guidelines to cover our case. Either way it'll be helpful for others in the future.

Update 1

Apple kinda understood that this is not right and my app's status changed from Binary Rejected to In Review. Now I'm waiting to see what they decide.

Update 2

After about 40 hours of being "In Review" my app finally got approved and is now "Ready for Sale". I can't believe it, but it finally feels like someone listened and understood the arguments that I made.