App rejected for Mac Catalyst due to opening external browser during Sign-In #388
Comments
startechm
added
bug
|
The quote from the app store review above is confusing to me. Moreover, neither GSI nor AppAuth use Can you confirm the versions of GSI and AppAuth you see in your app? One thing I noticed is that the SignInSample app doesn't declare a Mac Catalyst run destination. Can you verify that you have one for your app? I modified the SignInSample app and you should see something like the below: 
Another thing: can you set a breakpoint in |
|
+1. The same here. I've been rejected with this reason too.
|
|
They report seeing this pop-up window.
|
I don't think it's Catalyst related. It's macOS related. There is the same popup on the Mac destination in the Sample app. 
|
|
@ostatnicky are you able to inquire with the reviewer to understand what they want the macOS app to do instead? GSI (via AppAuth) uses "In macOS, the system opens the user’s default browser if it supports web authentication sessions, or Safari otherwise." https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession |
|
@mdmathias Ok, I’ll try to ask them. |
@mdmathias I am not creating my own I tried this with GSI version Here is a screenshot of what I have after putting a breakpoint at the location you provided. Please let me know if there is any particular field you are interested in? (It is painfully slow / I can try to give you more information tomorrow if that works) 
One more thing, I saw that another user posted the screenshot that Apple provided showing the reason why the app was rejected: I had the exact same screenshot (with a different app name though). |
|
@startechm thanks for following up. It does look like you're getting the I suggest reaching out to the reviewer to ask why your app is getting rejected on macOS for using Link to the class for your convenience: https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession |
|
@mdmathias Yes, I'm waiting for a response from Apple reviewer... |
|
@mdmathias Ok, I've got the response from the Apple reviewer: But from what I understand, you're using |
|
@mdmathias When I read the documentation it looks that https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession |
|
Thanks for the reply @ostatnicky. I appreciate it, and I'm sure that this is frustrating for you. The answer you received seems to repeat the same information. I still don't understand it, as it implies that Good find regarding the deprecation of -[ASWebAuthenticationSession initWithURL:callbackURLScheme:completionHandler:]. I will point out that OIDExternalUserAgentIOS also uses this method, and it appears that iOS apps are not getting rejected for this reason. This leads me to think the deprecation is not the cause of this rejection, and gives me reason to suspect that the rejection is an error. I'm not sure what I can do to help on my side, but I will reach out to colleagues and see if they have any ideas. On your side, perhaps you can ask for clarification on whether or not the reviewer is saying that I will follow up here if I learn anything. |
|
@mdmathias I've asked the reviewer about if |
|
It's funny, I have a screen in my app that use |
|
@startechm Did you resolve it somehow? |
|
@ostatnicky Unfortunately, I do not personally have the ability to directly connect with anyone at Apple on this. I have talked with colleagues internally and everyone is just as perplexed as we are. I still believe this rejection is a mistake. That said, perhaps your next step is to schedule a meeting with Apple Developer Technical Support as the reviewer suggests. I imagine that person will look at the situation as we do. |
I was not able the resolve the issue on my end so I asked for an exemption (because I told them that the previous version worked like this and I will try to fix it in the next version) and they granted it to me but they said that I cannot submit a future version until this is fixed. It appears that the issue is the fact that it should open a ViewController (so it looks like it is running within the app) instead of opening an external app. For iOS/iPhone it seems to be working as they expect. Would it be hard to fix the behavior so it opens a ViewController instead of an external app? If you try to use for example "Firefox" as your default browser, it becomes more obvious that it is opening an external app (browser). Not sure what can be done at this point. It is very difficult to contact Apple and get a good answer. |
|
@mdmathias @startechm I’ve sent a request for a technical meeting. We will see if they can give us some advice. |
|
We've received the same rejection reason for the last couple of versions. Our macOS app, not a Catalyst one, doesn't allow control over where the Google SDK redirects users for authentication. Any advice on convincing the Apple review team? No success yet. |
|
Thanks @mattisssa for the note. I will share this will my colleagues internally. For you and others on this thread, I'm doing what I can to get clarification and resolution. I will be sure to follow up here when I have something to share. |
|
Hi @ostatnicky @startechm @mattisssa. We are engaging with Apple to try to better understand this issue. Are you able to share your app name(s)? Please share them here if so. If you're not comfortable sharing on this thread, then please let me know if you'd be able to share if we found a more private mechanism. I can figure something out there. |
|
Hi @mdmathias. We have the same issue for macOS, our app name is "Reflection Journal & Prompts". Here is a screenshot, if they will need the submission ID:
|
@mdmathias our app name is LogDT - get things done & more. We have a version on the Mac App Store that has this issue (version |
|
@mdmathias Sure, our app is Done! – Happy Productivity. The current version in the AppStore already has the "poor experience flow" in the Sign In/Up, so you can try it. It weird that there is no issue similar like this for the Facebook iOS SDK. But they have exactly the same flow. |
|
@mdmathias Unfortunately, no one has yet replied to my request for the technical support from Apple. |
|
Thanks @startechm @ostatnicky and @isaacadariku. I will share these names with my colleagues and let you know what I hear. |
|
@mdmathias Oops, I missed the discussion. We passed the review a few times, compelling Apple to approve the submission due to critical bug fixes. |
|
@mdmathias Our app (Done!) was approved accidentaly without any further interaction. If this was due to you, thank you very much! |
|
Ok, I noticed that Apple Developer Technical Support answered me on Saturday. I wrote them: […] This is out of our control and is by Apple's design. Additionally, ASWebAuthenticationSession is Apple's recommended solution for authentication; so, I'm pretty confused by the rejection per the terms mentioned above. "In macOS, the system opens the user’s default browser if it supports web authentication sessions, or Safari otherwise." https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession Can you give us some advice on how to solve this problem? [...] The answer: I've escalated this to the App Review Board to take a further look. The behavior described for ASWebAuthenticationSession is expected on macOS and Mac Catalyst. I'll follow up once I learn more about their results. And the reviewer approved our app with a note: Thank you for confirming that you will address the remaining issues in your next submission. We’re happy to help you deliver bug fixes to your users and will approve this submission at this time. So Apple Technical team understands that, unfortunately I'm worried about whether the Review team does too. |
|
This issue is critical. All mac catalyst apps are rejected now. |
|
@tigernghk I'm doing what I can by raising this issue with colleagues internally who are able to reach out to Apple. Otherwise, @ostatnicky posted here that engaging with Apple Developer Technical Support helped to resolve the rejection. I will be sure to post here if I receive any update. |
|
My mac catalyst app update was just rejected for this same reason, but I am given the opportunity to have the released approved this time due to bug fixes. I definitely agree this is critical if Apple is really going to reject any future updates that use Google Sign In calling the default browser. I do plan to write to the review team to explain that the issue needs to be taken up directly with Apple and Google, and not every developer that uses Google Sign In for a macCatalyst app....we'll see how that goes. |
@ghb101, we've gone through 5-7 releases with the same rejection, and each time, we've tried to explain the issue to Apple. However, this has been utterly futile, as they've insisted that we "fix" the problem. Passing the review every time by citing "critical bug fixes" is incredibly frustrating and time-consuming. |
|
We are doing our best to consult with counterparts at Apple. In the meantime, I think this message from ostatnicky indicates that working with Apple Developer Technical Support (ADTS) will result in an approved submission. Perhaps if more apps reach out to ADTS, then app store review process will be updated more quickly? |
|
Google Sign In SDK depends on AppAuth SDK. I have changed code in AppAuth SDK to use WKWebView as embedded browser instead of ASWebAuthenticationSession for quick and dirty way to solve the problem. Specifically, I only have changed the file "OIDExternalUserAgentCatalyst.m". My app is approved eventually. |
|
@tigernghk Could you share the "dirty" code with us? |
|
FYI. Here is my modified code in OIDExternalUserAgentCatalyst.m: https://github.com/tigernghk/AppAuth_WKWebView/blob/main/OIDExternalUserAgentCatalyst.m |
|
@tigernghk You shouldn't be using a |
|
Thanks. I hope you can find better solution. |
|
@tigernghk Unfortunately, this is not a problem we can solve in GSI or AppAuth. I am of the position that these rejections are an error in app submission review process. The "fix" will come from there. In any case, using a web view for authorization will likely lead to a 403 - disallowed_useragent error when using Sign in with Google. I highly recommend that you change using a web view for sign ins. |
|
We had the same issue. Thanks to this thread I managed to get approved with the following response to the Review team:
Feel free to copy this text for your review rejection. |
|
My Mac game Open Space was also rejected on Testflight. I don't understand why Apple cares. With password managers I prefer external safari anyway. I don't think it makes it any better to handle links in an embedded browser. |
|
I sent this to [email protected] - If anyone agrees please email them Apple rejecting mac apps that use Google Sign in external browser sign in. I think its anti trust valid cause they're coming out with their own password manager |
|
omg, this issue is still open?.. |
|
This should not be occurring any longer. Please let me know if you have an app that was recently rejected for this reason. I will reopen the issue. |
|
do we need to update pod files? or resubmit? my mac build was last rejected on Apr 12, 2024 I just sent another version in for approval. |
Describe the bug
A clear and concise description of what the bug is.
My app was rejected and I received the following message from Apple:
<<
The user is taken to the default web browser to sign in or register for an account, which provides a poor user experience.
We advise to update to the latest Google SDK and use “SFSafariViewController” instead of “UIWebView”.
This will ensure that the app correctly implements an account authentication mechanism that does not link users out to Safari.
I am using the latest version as of March 31st 2024.
Even after using the example app inside GoogleSignIn-iOS, this is still opening an external browser.
This seems to only happen in Mac Catalyst.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
An in-app browser should be opened instead so that Apple doesn't reject apps.
Screenshots
If applicable, add screenshots to help explain your problem.
Environment
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: