Small knowledge, big challenge! This paper is participating in theEssentials for programmers”Creative activities
This article also participated in the “Digitalstar Project” to win a creative gift package and creative incentive money
A few days ago, the company called integrated Baidu mobile statistics, then also wrote an article is to say that the integration encountered problems, well, this week questioned, found in the 5.1.2 problem, god pit. 5.1.2 was rejected before because it did not ask users for permission to track them. This time apple reviewers directly stated that this would not solve the problem. Ok
Attached is the previous link: juejin.cn/post/700466…
Ok, so let’s see, what’s the problem this time
1. Error content is reported
Guideline 5.1.2 – Legal – Privacy – Data Use and Sharing
We found in our review that your app includes fingerprinting functionality that is designed to identify the user or device.
Specifically, your app aggregates user and device data to track the user, either directly or indirectly using probabilistic methods. This functionality is found in services or code included in your app, such as CAID, Bugly, Zhugeio, and OpenUDID.
Apps that fingerprint users or devices are not appropriate for the App Store. Per section 3.3.9 of the Apple Developer Program License Agreement, neither you nor your app may derive data from a device in order to uniquely identify it.
Next Steps
Follow these steps to resolve this issue:
1. Identify the fingerprinting functionality in your app. Some or all of this functionality may be provided by third-party SDKs. If you have questions about these SDKs, contact the SDK provider.
2. Remove any functionality from your app that uses algorithmically converted device and usage data to identify the user or device. You should remove any related code or implemented SDKs that support fingerprinting. Since fingerprinting is never allowed on the App Store, requesting the user’s permission to track them will not resolve this issue.
Attempting to hide or obfuscate code designed to fingerprint the user’s device, or otherwise evade the review process, may result in the termination of your Apple Developer Program account. Review the Terms & Conditions of the Apple Developer Program to learn more about our policies regarding termination.
Resources
– If your app utilizes fingerprinting for anti-fraud or security purposes, consider using DeviceCheck to reduce fraudulent use of your services.
– Learn more about our requirements for apps that track users with deterministic identifiers, such as IDFA, IDFV, or the user’s email address.
2. Google translate
Guideline 5.1.2 – Law – Privacy – Data Use and sharing
During our review, we found that your application includes fingerprint recognition features designed to identify users or devices.
Specifically, your application uses probabilistic methods to directly or indirectly aggregate user and device data to track users. This functionality can be found in services or code included in your application, such as CAID, Bugly, Zugeio, and OpenUDID.
Apps that fingerprint users or devices are not suitable for the App Store. In accordance with Section 3.3.9 of the Apple Developer Program License Agreement, neither you nor your applications may obtain data from the device to uniquely identify it.
The next step
To resolve the problem, perform the following steps: 1. Identify the fingerprint identification function of the application. Some or all of this functionality may be provided by third-party SDKS. If you have any questions about any of these SDKS, please contact the SDK provider.
2. Remove from your application any features that use algorithmically transformed devices and use data to identify users or devices. You should remove any code or SDK that supports fingerprint recognition. Since the App Store doesn’t allow fingerprints, asking users for permission to track them doesn’t solve the problem.
Attempts to hide or obfuscate code intended to fingerprint a user’s device, or otherwise evade the audit process, may result in the termination of your Apple Developer Program account. Check the Terms and conditions of the Apple Developer Program for more information about the termination policy.
resources
– If your application uses fingerprint identification for anti-fraud or security purposes, consider using DeviceCheck to reduce fraudulent use of your service. – Learn more about our requirements for tracking users’ applications with deterministic identifiers such as IDFA, IDFV, or a user’s email address.
3. Solve problems
From the above rejected information, it can be seen that the use of algorithmically transformed devices and the use of data to identify users or devices are not allowed. CAID, Bugly, Zugeio, OpenUDID are listed here.
I use the terminal command directly on the project:
grep -r openudid .
Sure enough, it was found in the imported third-party library BaiduMobStatCodeless, and CAID is also the BDPCAID. Framework of Baidu Mobile statistics. This is not god pit, afraid, can only be deleted first (what good solution please leave a message).
Bugly, my version is an older version of 2.5.0, so I thought I’d check it out on the official website
I also found that the latest 2.5.9 of this year has written to delete the field potentially related to privacy. I do not understand that this calls me to update. Sure enough, updated to the latest version.
I also wanted to see the version history of Zugeio, but I couldn’t find it, so I immediately contacted the customer service, who asked me to update the latest SDK. The latest SDK has removed IDFA and uses IDFV to collect data, so I updated the SDK of Zugeio again.
It was brought up yesterday and finally approved today.