September 8, 2020

Denied by Apple & Google

Himanshu Dwivedi
By Himanshu Dwivedi

Data Theorem

The following is a true example. A Data Theorem customer was notified of an issue that would not pass Apple’s App Store submission process, known as a “App Store Blocker”. The App Store blocker was identified in the customer’s pre-production app on July 3rd. The issue was not critical at all, as it was simply a requirement to have “Sign-In with Apple” as a login option if Google and Facebook logins were leveraged by the app. Near the end of the release cycle, the developer chose to ignore the Data Theorem finding and submitted the app to Apple (as shown in the first comment below); however, eight days later the app was rejected by Apple due to the App Store blocker (as shown in the second comment below).

Not a security issue, but app is in violation of apple guidelines.

Moral of the Story

While Apple & Google both inconsistently enforce their acceptance criteria for security & privacy issues, they both do reject apps. It is better to address the App/Play Store blockers identified by Data Theorem within 30 days rather than risk your app being delayed or even rejected at a moment’s notice. 

  • As shown above, the customer could have addressed this issue from July 3 to Aug 3 using Data Theorem’s Secure Code; however they were consequently delayed until Sept 4 when the App Store Blocker was resolved and the app was resubmitted to Apple.  

It should be noted that your app may not be rejected during the App Store submission process even though it has an an App Store blocker; however, Apple will not promote your app on search queries and iTunes marketing pages.

App store blockers

Security for DevOps: Enterprise Survey Report

ESG Analyst Report

ESG surveyed 371 IT and cybersecurity professionals with responsibility for cloud programs to weigh in on security.