Will my App be accepted if it talks to my API Yes. (Huh?)

You should never have been calling the verifyReceipt server endpoint directly from your app. Best practice for how to verify the app receipt is described here: https://developer.apple.com/documentation/storekit/in-app_purchase/original_api_for_in-app_purchase/choosing_a_receipt_validation_technique

The proceeds shown in App Store Connect are the amounts that you will actually receive.

Did you read the section "Today tab ads guidelines" at https://searchads.apple.com/help/ads/0086-create-today-tab-ads ? It says: "Your app icon, name, and subtitle can’t include content that’s ... sxeually explicit". So I would not expect an app that includes "adult content" to be accepted there. (Edited to mis-spell.)

The redacted company isn't even my company! Right, it sounds like they fucked up. You may be able to sort this out by contacting them, but I fear you will need to "please can you escalate this to someone with a clue?". Have you paid? If not, I'm sure some people would suggest starting again and seeing if you get better luck. I'm a pessimist though, and I fear that could just make things worse. FWIW I wasn't asked for any of that. (I have a UK limited company, but in my case I converted a personal account, so the process may have been a bit different. It was also a few years ago.) Did you do the DUNS thing successfully? I do not have an employee badge or business cards Fixing that is likely the easiest part.

It's mysterious, isn't it? To be safe, stop using NSUserDefaults and just use a regular file in the filesystem. (Apart from some minor ease-of-use features, what advantage does NSUserDefaults have?)

I don't know why this old thread has just popped up on "last updated", but I'm going to reply to this part anyway: URL(string: ) should contain allowance to correct for spaces No, you can't do that. You need to do appropriate escaping on the components before you construct the string. Once you've constructed the string by concatenating the components, you can't tell if (for example) an = is something that should be escaped to %3D or whether it's the separator between a key and a value that needs to remain as a literal =.

It seems logical to me that the select statement returns all matching rows No. does this work in some other manner? Yes; it find the matching items one at a time, one per call to step. Consider a simple query with one table and no indexes. The only state that it keeps is how far through the table it has already got. Each time you call step, it scans forward until it finds the next matching row, and returns that. (You might prefer to ask questions like this on the sqlite mailing list.)

I'll update here if I get a reply. I got a reply saying that my feedback "has been noted".

in order to submit the app for review it is required to submit a username and password No it isn't.

we use NSDateFormatter's stringFromDate to generate the time Easy fix then, replace that with something that Apple can’t break.

This has changed in the past; in 2013 it had a resolution of 5%. (Does it depend on the device?) I wasn't aware that it had changed to 1% at some point, but it does seem to be 1% on my current iOS 16 devices. I guess reducing it to 5% is another anti-fingerprinting measure. Back in 2013 I asked for the API to report what rounding it was applying. My requirement was to let the user choose a battery level at which the app would stop doing some background activity. If the user chooses e.g. 2% but the reported value jumps from 5% to 0%, that's not a great user experience. So I wanted to have my slider jump in the same resolution steps as the reported values. Of course the suggestion got zero replies from Apple, as usual.

is it possible to use device fingerprinting for fraud detection purposes? The new "reason required" API rules do not include fraud detection as a permitted reason. I think Apple's advice would be to use identifierForVendor and/or Device Check / App Attest. For example, a device used to create and access multiple fake accounts to engage in fraudulent activities should be able to be identified and blocked. If they don't delete and re-install the app between each fake user, you can detect that with identifierForVendor and/or just creating your own random token in the filesystem. If they do delete and re-install the app for each fake user, I think App Attest's Risk Metric may detect that.

Non-breaking space! Nice bit of debugging. You’ll be able to tell this story for years to come. Edited to add: It's actually a narrow non-breaking space. I bet you're not the only person with code that doesn't handle that. I'd be interested to know if there is a way to type it.

want to use IOKit framework to access such information as Battery Temperature and Battery Level. I believe that while IOKit itself is not private, using it for those purposes is not allowed.