Hi, I am very frustrated with having my app repeatedly rejected for issues I can't fix because they don't exist. So I'm trying to publish this app that offers some consumable iAP that is used to unlock a pairing app on a 3rd party platform. Originally the app did not have an account system, it was rejected by Apple on the grounds that the user may want to restore previously unlocked paired apps. We added a an optional(as the reviewer suggested) sign in with Apple support if the user wants to secure their unlocked installations. Then we got rejected for forcing account creation, data collection and no ability to delete the account. Forcing account creation is false but maybe the reviewer was confused therefore we put explicit explanation under the sign in with Apple button noting that this is optional, reduced the required profile details to 0 for sign in with Apple and added very simple account deletion UI that is displayed on the same screen where the user sign in with Apple. And yet we get another rejection about forcing the users to create account to be able to do iAP(factually false) and that we don't have account deletion feature(again factually false). How to handle that? I have no idea how to fix issues that don't exist. I also run out of space for explaining the reviewer how things work in the app and this is an extremely simple app that does have exactly 2 views, one to scan the devices to connect and one to do playback on those devices and purchase the full version of the app to remove limits on playback.

Hi, I previously posted about this but didn't provide specifics so decide to try this again: https://developer.apple.com/forums/thread/824212 The app is called Kino Controller, it is a client for the Kino app that runs on Smart TVs and allows users to upload videos to their TVs both to store(on the TVs internal storage and the USB storage they may attach to their TVs) and watch those videos(it has decent video player). In short, it turns their TVs into media servers. I personally use it to store videos that I film but I don't want to keep on my phone because of the disk usage. This is the app in question and you can give it a try with its macOS client that I published directly: https://appwared.com/apps/kino Now, I want to get the macOS and the iOS clients into the App Store and because I don't want to collect/sell user data and display advertisement I want to offer in-app Purchases that removes the free usage limit that is 10 videos stored in the TV at a time. I already offer this from the TV app and I want to offer the same option through the macOS and iOS apps, with having this on the client app that controls the TV app it's just better UX and I'm happy to bring business to Apple as well. However after multiple rejections from and fulfillments of the reviewers I have come to a point where I don't know how to proceed because the reviewers are rejecting the app about a features that We have already implemented. There are two things in particular, both under "Guideline 5.1.1(v) - Legal - Data Collection and Storage". We noticed that the app requires users to register with personal information to purchase and track In-App Purchase products that are not account based. Apps cannot require user registration prior to allowing access to app content and features that are not associated specifically to the user. User registration that requires the sharing of personal information must be optional or tied to account-specific functionality. The app supports account creation but does not include an option to initiate account deletion. Apps that support account creation must also offer account deletion to give users more control of the data they've shared while using an app.Follow these requirements when updating an app to support account deletion: Only offering to temporarily deactivate or disable an account is insufficient. If users need to visit a website to finish deleting their account, include a link directly to the website page where they can complete the process. Apps may include confirmation steps to prevent users from accidentally deleting their account. However, only apps in highly-regulated industries may require users to use customer service resources, such as making a phone call or sending an email, to complete account deletion. Now, we introduced the registration feature after the reviewers demanded having this in the 2. or 3. rejection or something like that. Initially we went with the "default" scope of the profile but on the latest build we change that to absolute minimum data collection, so in the server we don't receive any personal data about the user. Just some alphanumeric ids so we can associate the stored purchases with a signed in user. Also, using the sign-in with Apple is %100 optional, no feature or iAP require the user be signed in, it is solely to store unlocked TV devices so we can re-unlock those if the user resets the TV etc. I replied to the message clarifying this and also put it in the reviewer notes but for some reason the reviewer keeps believing that it's otherwise Then the reviewer keeps believing that we do not have account deletion feature. This is also factually false, the delete account button is right next to sign out button and both of those are one the same View where the sign in with Apple button is. Also, the app has exactly two screens: One to list the detected TVs and one to upload/play videos to the connected TV. When the app is launched, the TV list screen is displayed and that's where the sign in with Apple button as well as the delete account buttons are. I simply don't understand how it is possible that the reviewer is missing out this. It is a super simple app. This is the TVs screen with sign in with Apple button with clearly indicating that it is optional and what is it for. This is the same screen after sign in with Apple completed. The delete account button is right there This is what user sees after tapping delete account. Once they tap the "Delete", the account is deleted from our servers and the user is signed out. And this is a sample of the data we store when a user signs in with Apple: It is immediately deleted if the user deletes the account. What are we doing wrong here, how to fix this? Thank you

Hi, I made a macOS app that automatically sets the correct input/output devices depending on the connected speakers/microphones. The App is supposed to live in the background and act automatically, only allowing the users to change through settings which is accessible through the toolbar or through clicking on the toolbar icon to cycle between modes. However, my app was just rejected for not providing UI beyond this. Guideline 4 - Design "Menu items are not visible, except by right-clicking. Users should not have to right click to access menu items." I don't think that this app needs a UI beyond that for something which it is supposed to do automatically. I'm having a hard time to understand what's expected here, should I invent a UI to pass the review and give option to the user to disable that?

Hi, made an app which is managing the sound input/output for the user and I'm facing an unexpected behavior which can be replicated using the Apple's HALLab tool too. Initially the app is able to set the input/output AudioDevice and everything works as expected however if you switch from your Mac to your iPhone when using AirPods Pro and switch back again the app is no longer able to set the output device. There's no error, it simply switches back to AirPods immediately. You can replicate the issue on the HALLab(an app provided by Apple as "additional tools for Xcode"). How to: Open HALLab, put on your AirPods and play some media. Try out changing the input and output source and study the expected behavior Unlock your iPhone, play some media and wait for the AirPods Pro to switch to the iPhone. Go back to your Mac and play some media and wait for AirPods to switch to Mac Try changing the output source on HALLab, notice that the source immediately reverses back to AirPods, which is the unexpected behavior. Changing the source from the System Settings keeps working as expected. Any ideas on what's going on and how to handle that? I'm on MacOS 15.1 using the following code to set the device: private func setDevice(deviceID: AudioDeviceID, forType type: AudioDeviceType) throws { guard isDeviceAvailable(deviceID) else { throw AudioDeviceError.deviceNotAvailable } print("setting the device.") var propertyAddress = AudioObjectPropertyAddress( mSelector: type == .input ? kAudioHardwarePropertyDefaultInputDevice : kAudioHardwarePropertyDefaultOutputDevice, mScope: kAudioObjectPropertyScopeGlobal, mElement: kAudioObjectPropertyElementMain ) let dataSize = UInt32(MemoryLayout<AudioDeviceID>.size) var mutableDeviceID = deviceID // Create a mutable copy let status = AudioObjectSetPropertyData(AudioObjectID(kAudioObjectSystemObject), &propertyAddress, 0, nil, dataSize, &mutableDeviceID) guard status == noErr else { throw AudioDeviceError.deviceNotSet(status: status) } }

Hi, I'm trying to achieve the following OpenSSL workflow in Swift. I have this intermediate certificate from Let's encrypt and I want to extract the public key from it and then hash it with SHA-256 and finally encide it in base64. The OpenSSL commands that achieve this look like this: openssl x509 -in isrgrootx1.pem -pubkey -noout > publickey.pem openssl rsa -pubin -in publickey.pem -outform der | openssl dgst -sha256 -binary | openssl enc -base64 I've tried Security, CommonCrypto, CryptoKit frameworks with no success. I was able to get the public key out of the certificate but its PEM representation seems to slightly differ from what I get with OpenSSL. At the beginning of the public jet, the OpenSSL version has a string that is not present on what I get with Swift but the rest is the same. This is the Swift code to use: import Foundation import Security import CommonCrypto // Step 1: Extract public key from the certificate func extractPublicKey(from certificate: SecCertificate) -> SecKey? { // Extract public key from the certificate var publicKey: SecKey? if let publicKeyRef = SecCertificateCopyKey(certificate) { publicKey = publicKeyRef } return publicKey } // Step 2: Calculate SHA-256 hash of the public key func calculateSHA256(of data: Data) -> Data { var hash = [UInt8](repeating: 0, count: Int(CC_SHA256_DIGEST_LENGTH)) data.withUnsafeBytes { _ = CC_SHA256($0.baseAddress, CC_LONG(data.count), &hash) } return Data(hash) } // Step 3: Encode data as base64 func base64EncodedString(from data: Data) -> String { return data.base64EncodedString() } // Step 4: Main function to perform all steps func processCertificate(certificate: SecCertificate) { // Step 1: Extract public key guard let publicKey = extractPublicKey(from: certificate) else { return } // Step 2: Export public key as data guard let publicKeyData = SecKeyCopyExternalRepresentation(publicKey, nil) as Data? else { print("Failed to export public key data") return } // Step 3: Calculate SHA-256 hash of the public key let sha256Hash = calculateSHA256(of: publicKeyData) // Step 4: Encode SHA-256 hash as base64 let base64EncodedHash = base64EncodedString(from: sha256Hash) print("SHA-256 hash of public key (base64 encoded): \(base64EncodedHash)") } This is the Public Key I get with OpenSSL: -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAregkc/QUN/ObnitXKByHvty33ziQjG485legePd1wqL+9Wpu9gBPKNveaIZsRJO2sWP9FBJrvx/S6jGbIX7RMzy6SPXded+zuP8S8SGaS8GKhnFpSmZmbI9+PHC/rSkiBvPkwOaAruJLj7eZfpQDn9NHl3yZSCNT6DiuTwpvgy7RSVeMgHS22i/QOI17A3AhG3XyMDz6j67d2mOr6xZPwo4RS37PC+j/tXcu9LJ7SuBMEiUMcI0DKaDhUyTsE9nuGb8Qs0qMP4mjYVHerIcHlPRjcewu4m9bmIHhiVw0eWx27zuQYnnm26SaLybF0BDhDt7ZEI4W+7f3qPfH5QIHmI82CJXn4jeWDTZ1nvsOcrEdm7wD+UkF2IHdBbQq1kHprAF2lQoP2N/VvRIfNS8oF2zSmMGoCWR3bkc3us6sWV5onX9y1onFBkEpPlk+3Sb1JMkRp1qjTEAfRqGZtac6UW6GO559cqcSBXhZ7T5ReBULA4+N0C8Fsj57ShxLcwUS/Mbq4FATfEOTdLPKdOeOHwEI0DDUW3E2tAe6wTAwXEi3gjuYpn1giqKjKYLMur2DBBuigwNBodYF8RvCtvCofIY7RqhIKojcdpp2vx9qpT0Zj+s482TeyCsNCij/99viFULUItAnXeF5/hjncIitTubZizrG3SdRbv+8ZPUzQ08CAwEAAQ== -----END PUBLIC KEY----- and this is what I get with Swift: -----BEGIN PUBLIC KEY----- MIICCgKCAgEAregkc/QUN/ObnitXKByHvty33ziQjG485legePd1wqL+9Wpu9gBPKNveaIZsRJO2sWP9FBJrvx/S6jGbIX7RMzy6SPXded+zuP8S8SGaS8GKhnFpSmZmbI9+PHC/rSkiBvPkwOaAruJLj7eZfpQDn9NHl3yZSCNT6DiuTwpvgy7RSVeMgHS22i/QOI17A3AhG3XyMDz6j67d2mOr6xZPwo4RS37PC+j/tXcu9LJ7SuBMEiUMcI0DKaDhUyTsE9nuGb8Qs0qMP4mjYVHerIcHlPRjcewu4m9bmIHhiVw0eWx27zuQYnnm26SaLybF0BDhDt7ZEI4W+7f3qPfH5QIHmI82CJXn4jeWDTZ1nvsOcrEdm7wD+UkF2IHdBbQq1kHprAF2lQoP2N/VvRIfNS8oF2zSmMGoCWR3bkc3us6sWV5onX9y1onFBkEpPlk+3Sb1JMkRp1qjTEAfRqGZtac6UW6GO559cqcSBXhZ7T5ReBULA4+N0C8Fsj57ShxLcwUS/Mbq4FATfEOTdLPKdOeOHwEI0DDUW3E2tAe6wTAwXEi3gjuYpn1giqKjKYLMur2DBBuigwNBodYF8RvCtvCofIY7RqhIKojcdpp2vx9qpT0Zj+s482TeyCsNCij/99viFULUItAnXeF5/hjncIitTubZizrG3SdRbv+8ZPUzQ08CAwEAAQ== -----END PUBLIC KEY----- Interestingly, if I use the Swift version of the Public Key I get and then run the second command I still get the correct final result. Unfortunately in Swift I don't get the correct final result. I suspect it must be something about headers since I was able to get the correct output on OpenSSL with the public key I got using the Swift. Any ideas?