My app got rejected because I do not use App Tracking Transparency to request the user's permission before collecting data used to track.
They also attached a screenshot which shows the problem occurs during login. The app uses Google Sign-In login process, which is managed by Google and connects to a Firebase backend.
Should I appeal or implement ATT even thought it is a third-party library?
Here is the screenshot.
Hello.
According to App Store Review Guidelines 5.1.2 it says
You must receive explicit permission from users via the App Tracking Transparency APIs to track their activity.
I therefore suggest you to implement ATT. Even it is a third party library that collects data, it collects data on your behalf; therefore you as the app developer are responsible for the collection from the customers point of view. The other option is to disable the library and use something else that does not track the user.
Also note guideline 4.8 says
Apps that use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option.
It is unclear if you offer Sign in with Apple, but if you offer sign in with Google then you also have to offer sign in with Apple. Your app may be rejected for this reason in the future. There are exceptions for this rule, see the guideline if you are covered by an exception.
All the best.
decrypt
