Apple rejected app because it's transmitting MAC Address without user permission

我的未来我决定 提交于 2019-12-04 23:17:48

问题


We had a recently developed app rejected by Apple. Here is their explanation:

We found your app does not obtain user consent before collecting the user's personal data, as required by theApp Store Review Guidelines.

Specifically, your applications sends the device's MAC address without the user's permission. Your app also sends device Contact information without the user's permission.

To collect personal data with your app, you must make it clear to the user that their personal data will be uploaded to your server and you must obtain the user's consent before the data is uploaded.

iOS 6 includes new keys for specifying the reason the app will access the user's protected data. When the access prompt is displayed, the purpose specified in these keys is displayed in that dialog box. If your application will be transmitting protected user data, the usage string in your access request should clearly inform the user that their data will be uploaded to your server if they consent.

For more information on these keys, please see the Information Property List Key Reference.

We are using the RubyMotion toolchain, and not accessing the MAC address anywhere in our app. We think it may be one of the SDK's or gems we are using.

Gemfile:

source :rubygems

gem 'bubble-wrap', :git => 'https://github.com/rubymotion/BubbleWrap.git'
gem 'teacup' 
gem 'rake'
gem "cocoapods", "0.13.0"
gem 'motion-cocoapods', "1.1.0"
gem 'motion-testflight'
gem 'motion-table'
gem "Parsistence"
gem 'formotion'
gem "ProMotion"
gem "motion-addressbook"

The only external api calls are to Parse.com and to testflight, as we are using both of these SDK's.

Parse said that they do not collect the MAC address, and Testflight doesn't unless you specifically do so.

We are also using these Cocoa pods:

'NSData+MD5Digest'

'MBProgressHUD'

'ASIHTTPRequest'

'PHFRefreshControl'

'JSONKit'

Question: Do any of these gems or Cocoapods call for the MAC address?


回答1:


I'd imagine test flight or Parse could have the ability to retrieve the MAC address and even if they don't send it Apple is probably just seeing that they are accessing and sending something. I assume this because it would be really bad if any of these libraries are sending an unencrypted version of the MAC address over network so maybe Apple can just see the accessing of it. Are you by any chance using an advertising network in your app?




回答2:


Upgrade TestFlight to the latest SDK to fix this. From their Release Notes:

1.2.5 - May 1, 2013

Removed any access to mac address

Added AdSupport.framework requirement




回答3:


If you want to sniff traffic from your device to see what's being sent, try using Charles.



来源:https://stackoverflow.com/questions/13317801/apple-rejected-app-because-its-transmitting-mac-address-without-user-permission

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!