My Passbook-related app was recently rejected based on guideline 23.3:
23.3: Passes must be signed by the entity that will be distributing the pass under its own name, trademark, or brand or the app will be rejected and Passbook credentials may be revoked
I had a few questions and got on the phone with someone at Apple. They told me that to remedy my problem I could create a sign-up form in my application. This sign-up form could then be used to create a certificate and pass type ID for the user based on their credentials. However, I've been combing through the documentation and I've not found anything that allows people to create Pass Type IDs or Certificates without at paid developer membership. Is this correct, would my users need a paid developer membership to create their own Pass Type IDs?
If they don't, is it even possible to create a PassType ID at runtime? For example, using the information in the sign-up form I might make an API request with PassKit / some kind of Passbook server to create a Pass Type ID:
PassID *ID = [PassKit createIDWithName:#"USER_INFO"];
Is there anything like that or was the Apple technician talking about something else?
would my users need a paid developer membership to create their own
Pass Type IDs
As crazy as this sounds - yes! The only way of fully satisfying this guideline is to pay the Apple Tax and sign up as a Developer. There are several long threads in the Apple Developer Forums talking about the reasoning and implications of this. While it is not popular, the majority of us concede there are very good reasons for this, that in the long term, will protect the integrity of the platform (as well as keep the Apple lawyers happy in the short term).
The main reasoning is because in most jurisdictions; coupons, tickets, travel documents and other typical Passbook content create a binding obligation upon the issuer. Legally, in the event of non-fulfilment, the pass issuer is liable to the consumer. In order to protect themselves, Apple needs to ensure that under no circumstances, could they be deemed as the issuer of any Passbook pass.
The Apple Developer programme registration validates the identity of any individual or corporation who is accepted. It also forces Developers to sign the terms of the Developer Agreement which has an entire attachment dedicated to what you can and cannot do with Passbook and with your PassID certificate. This provides Apple with enough legal protection against any claims for unfulfilled goods or services relating to any Passbook pass.
While there has been a lot of pushback and calls for a faster, less US centric process (you would not believe how difficult it is to get a DUNS number for an small entity outside of the US), I don't expect this to change any time soon.
As for auto provisioning. Myself and the creators of the other major Passbook platforms have been calling for this since before iOS6 was launched. I have an open radar dated 7th August requesting a simple API to issue and revoke Pass Type ID certificates. I'm intrigued as to what your Apple Technician was referring to since as far as I am aware, there is no such service.
// rant
What is frustrating about this is that there are a number of approved Apps that allow full pass customisation but issue the passes under the App developer's certificate.
Apple also seem to turning a blind eye to certain services that issue passes under their own certificate that bear the logo and trademark of major brands (and then have the audacity to call on these brands to 'claim their passes').
Even Passtools (now Urban Airship) claim to offer a 'Unique Apple Developer Certificate from PassTools', which technically would be in violation of the Apple Developer Agreement.
So the bottom line is that on this occasion, you may have just been unlucky.
// end rant
I'm not sure what the technician was talking about, but 23.3 refers to a server (likely yours) going through a signing process with the pass before sending the pkpass file to a device.
For high level information, review the "signing and compressing the pass" section of the passbook programming guide.
Related
Google said Intellectual Property is very important. But for example, if I search "Among Us" there are like Among Us wallpaper, Among Us chatting (1m downloads), Among Us Tic Tac Toe and so on. I don't think none of them get the permission from Among Us company. How come Google play approved those apps?
I read many developers got experience of being closed their accounts for different reasons including against IP. So first they approved easily, and then randomly they close people's accounts that were against IP? or Google Play will stop these apps when Among Us claims?
when it comes to intellectual property google doesn't take any action regarding your apps , unless the rightful owner files a copyright claim. that's why the app gets accepted and after a while it might get suspended if the owner files a copyright claim against your app and the right resources to prove his case, you might be contacted by playstore with an email of app removal and the cause of it. so if a i create an app called "Facebook profile pictures" i can easily upload it and it stays live on the store in case Facebook didn't take actions against my app
Under "Scopes" the API documentation says "...the Create/Modify Surveys scope is available to Free (Basic) plans", but later contradicts that in the table showing "Platinum/Enterprise" as the minimum plan for the Create/Modify Surveys scope.
I am developing an application for a client that I believe has a Platinum account. However, I myself only have a Basic account and am reluctant to invest in a Platinum account for this small development project.
The client requires the creation a tool that generates surveys via the API, which seems pretty straightforward, except that I am unable to do so with my account. Is there some way my client can allow my account to access a development app on their account so I can test survey creation? Or could I do so myself with a Basic or Select account?
The Create/Modify Surveys scope will be moved down to the SELECT plan. Also, we will be providing developers time-limited full access to all the endpoints (except feature endpoints like benchmarks which requires the user to have bought the benchmark) when accessing their own account.
This should be available within a week or two. Check back at your app and the docs at https://developer.surveymonkey.com/ soon to see when the changes have been released.
Let us know if you have any more questions!
I am developing an app for iOS. I am planning to publish this app in app-store as free app. I would like to authorize app users via outside RESTful webservice. Is this practice against any Apple official guidelines and can be not approved by Apple app review?
The Apple Review Guidelines 11.1 states:
Apps that unlock or enable additional features or functionality with
mechanisms other than the App Store will be rejected.
It sounds clear, but I believe it is open to interpretation on behalf of their reviewers. My company has produced an app exactly as you describe and it not only passed but has been versioned up very recently. Like yours, this app consumes a web service and while the launch screen is public facing, the user must immediately authenticate on the screen after that to go any further.
Our app was not a good candidate for the enterprise store model, since the intention is to distribute to customers, not employees.
Also, and perhaps most telling, when you prepare to upload your binary the iTunes Connect portal has a place for you to enter demo account credentials for the testers to access protected content in your app. So I think you're OK. Screencap below taken from iTunes Connect.
UPDATE
Apparently, when submitting your app you can provide demo account information (#erikr98), implying that an app like yours could be tested by Apple and be approved in the store. I've seen apps like this and worked on them before, but was under the impression that you also had to provide some sort of functionality in the app outside of your "pay wall."
....
I think the answer is maybe. It sounds like you're hovering the line between a public app and an enterprise app. I'm going to assume your question could be rephrased like this:
"I make money from my customers through an existing process (probably on the web) and I want to allow them to use that functionality on iOS without giving 1/3 of that money to Apple via a paid-app or through In-App Purchase. If I build a free app and provide my current customers access to its content via their existing accounts (and through a login process) will Apple reject it?"
Apple's App Store Review Guidelines, Section 11, clearly states that if you allow users to upgrade the content, unlock features or abilities, or purchase content through your application, that purchase must be done through In-App Purchase.
However, in my experience I have found that Apple will not reject an application if it provides value to everyone, not just those with an account. If you provide some sort of benefit for someone without an account you stand a much better chance. In my case we had, 5 features available to the people without an account, and 10 features available for those that could login. Our app was approved and released to the App Store. This was last year.
Also, think about this from a reviewer's perspective at Apple: When you sit down to review an app, its probably not a good sign that you can't access any part of the app without a user name and password.
Look at the model that the newspapers use. Washington Post, for example, has a free app with a $15 In-App purchase that provides you access to their content. You get a limited number of free articles, first, though. See, they provide content for everyone even if on a limited basis. You can also sign into the application, which unlocks all content, if you already have a paying account.
I am implementing a simple server-side verification for Windows 8 IAPs and I'm slightly baffled on how to handle this. Basically what I do know is I verify the receipt using the code that was included in the example
http://msdn.microsoft.com/en-ie/library/windows/apps/jj649137.aspx
In the example, there is a AppReceipt and ProductReceipt. If I understood it correctly, having a simple IAP to buy, for example, gold in the game, I am only interested in the ProductReceipt. However, I don't understand why "AppReceipt" is included here at all. Is the initial app purchase always included in the receipt or is it an optional field?
So an unified way of making sure the user cannot "cash in" the same receipt twice would simply to save the ProductReceipt ID in the back end database? And that this would be a valid approach for both durables and consumables, of which the latter is not yet implemented?
AppReceipt is just an example that you can ignore. In most cases game will send you receipt (ProductReceipt XML) and you will have to verify it on server side.
If you look at: http://social.msdn.microsoft.com/Forums/windowsapps/en-US/8b3cf68d-897d-4a47-ace0-2c42355bf688/protecting-your-windows-store-app-from-unauthorized-use?forum=windowsstore
You will notice:
The ID of each receipt element is unique per user (and device) and you can validate it on your server to confirm that the transaction is legitimate for that user and not a fraudulent transaction. This is especially valuable when your app has its own authentication mechanism because it allows you to validate that each user that appears to have purchased your app is, in fact, a unique customer.
So if you want to, you can extract IDs from this XML.
I am developing an application where I have a section only for paid users where they purchase for the section using the in-app purhcase system in iOS. I know that I need to keep track of the purchase history myself, and this is where the problem begins. I have a database and I am capable of storing users in my database, with a web service interface. How can I create a system where a URL is pinged only when a user has made the purchase.
As an example, I have the URL:
http://example.com/registerUserPremium/userid=123456
How can I get this to be called only when a purchase is made? The most elegant way seems like Apple pinging the URL with a special user ID upon purchase, but I can't find a way of doing it. It is obviously not a solution to make the user call that URL within the app, as it can be cracked/pirated. What is a good way of providing such a mechanism that is piracy-proof. My service is web-based, so if I can get this part done, the rest relies on my server-side mechanism (the user will just send a special key that is stored in its keychain, to the server) so I'll be able to finish the project. In short, I need a way to call a URL only when a purchase is made. What are some possible solutions?
Thanks,
Can.
I see two solutions:
"Server product model" (doc): the appstore contact your servers every time a user makes a purchase. In this case you have all of the information right away.
"Builtin product model" (same doc) in which the application gets the receipt from the appstore. In this latter case you can contact your server special URL, providing the receipt information, and the server can verify that the receipt has not been tampered with asking the app store to verify (it's a simple post, see here).