We all started somewhere! Share your experience on the Get Advice: Let's Get Started Sweepstakes thread and be entered to win a $100 credit on your Constant Contact account.

My App Got Rejected by the App Store for using the Constant Contact OAUTH2 Api

andreww91
Regular Participant

My App Got Rejected by the App Store for using the Constant Contact OAUTH2 Api

Hi All:
My app (ProspectSnap) uses MailChimp OAUTH2 and it got rejected by the App Store.
The reason for this is because of a new rule related to opening links inside your app that could lead to the user signing up for 3rd party services.
Please see these links on the App Store's 11.13 rule and how DropBox api developers have been affected:

 

Basically, my app and any other app using Constant Contact's OAUTH login screen will get rejected unless the following are removed:

 

  • Login with Facebook
  • Login with Yahoo
  • Forgot Password link
  • Any link that could go anywhere else

I spoke to Steve Rea from Apple's Developer relations and he explained it all in a lot of detail and I can forward his email replies to anybody at Constant Contact that wants to see proof.

 

Is it possible to get a new version of the login page that only has a login form in order to meet Apple's requirements?
17 REPLIES 17
Mark-C
Member

Hello,

 

Thank you for bringing this to our attention. I also got your email sent to our webservices email address. We are looking into this, and will provide an update when we have more information. 

Mark Coleman
Support Engineer
andreww91
Regular Participant

Thx Mark

Thanks for reporting this.  We've investigated it on our end and we are indeed in violation of rule 11.13.  We are looking into how we need to change our OAuth/Login flow to comply with this rule.  While the intention of your use of our OAuth is certainly not to allow selling of our application and selling our application is in no way related to your applications function with OAuth, Apple has recently become far more strict in their enforcement of rule 11.13 and we are now in violation of that rule. 

 

Once we have additional information about how and when we will have a fix for this, we will be sure to get that out to our developer ecosystem.  We are working with our rep at Apple to ensure we have a complete understanding of everything needed to be in compliance and will make sure that we are in no way an impediment to your app being approved in the future.

Dave Berard
Senior Product Manager, Constant Contact
andreww91
Regular Participant

Thx Dave!

andreww91
Regular Participant

Hi Dave:

 

Was hoping you could please give an update on how things are going. Any estimate on when the fix can get pushed out?

We have identified everything we need to fix and are currently planning to release the fix during our next scheduled code release, which is currently set for Thurs morning of his week.  It's worth mentioning that one of the problems is with the Yahoo! login page, not Constant Contact, so while we are working with Yahoo! to address this issue on their side, we are likely going to have to remove them as a login option until they have fixed the issue on their end as well.  This should have minimal impact to most Constant Contact customers since this is a very new way to sign up for Constant Contact but we do apologize for this inconvenience. 

Dave Berard
Senior Product Manager, Constant Contact
andreww91
Regular Participant

Thx for the update Dave!

andreww91
Regular Participant

Hi Dave:

 

Just following up... I noticed that the login form did not get updated yesterday. Was it able to make the build?

I was informed that the fix was live and the releas is out there, however I am still able to replicate the Yahoo! login problems as well.  Will work with our engineering staff to check on this. 

Dave Berard
Senior Product Manager, Constant Contact
andreww91
Regular Participant

thx Dave

andreww91
Regular Participant

Hi Dave:

 

Just checking in with you to see what happened with the login page from last week's deployment. 

 

Thanks

After speaking with my product team, they are working with Yahoo! to resolve the issues on the Yahoo! page.  I unfortunately do not have any ETA on this being resolved since it does involve a 3rd party doing work.

Dave Berard
Senior Product Manager, Constant Contact
andreww91
Regular Participant

So are you guys going to leave both the Facebook and Yahoo buttons on there? apple told me that those two buttons were reasons why my app got rejected.

 

is there any way to have a temporary login page up that hides those links until Yahoo fixes their end?

 

 

In working with Apple, the violations with rulle 11.13 were not the inclusion of those links but what was available to an end user on some of those final pages.  Rule 11.13 specifies that an appliction can not link to a website in a web client which allows for signup outside of the Apple billing system.  The facebook login flow does not allow a user to sign up, only to log into an existing account and is not subject to that rule. 

 

Our forgot password page was subject to that rule since we incorrectly included a "Sign up" button on that page (which we have removed).  Now our OAuth page only allows users to log into an existing Constant Conact account, not create a new one.

 

The Yahoo! login page has a link in their header which directs a user to their main page, which does allow a signup outside of the Apple billing system.  This is the only remaining 11.13 violation in our OAuth page.  That is the item we are working with them to resolve, which we are in active discussions to work through.

 

I'll continue to pass on your feedback to our product team and will update if I have any additional information from them.  As of this time, we still don't have an ETA. 

Dave Berard
Senior Product Manager, Constant Contact
andreww91
Regular Participant

Hi Dave:

 

Thx for the feedback. I might have to go to a backup plan and use basic authentication temporarily until the problem is resolved with yahoo

andreww91
Regular Participant

Hi Dave:

 

So, I got accepted on the App Store using basic authentication. I know that's being deprecated and I assume it can go away at any time...

 

Any update on when a new login page will get deployed? I see there's a new page at login.constantcontact.com but it still has a Sign Up For Free button that will cause any developer to get rejected by the App Store (I'm an expert on getting rejected for this :) )

We made some modifications to the OAuth login page in late July that eliminated eliminated the option to create a new Constant Contact account from our forgot password page, and have also now removed the Yahoo! login option, so I believe our OAuth login page should no longer cause App Store rejection.

 

Cheers,

Mark Coleman
Support Engineer
Developer Portal

View API documentation, code samples, get your API key.

Visit Page