My experiences with the App Review Process

Getting an app onto the App Store is an exciting yet nerve-wracking experience. My app Whippo failed five times before finally getting onto the App Store. As Apple cleans out the App Store, I have included tips from my experience for future developers on how to get their apps either back in or get a new one to replace the old app.

  1. Explain the registration process of the app. Apple hates not knowing why you ask them things. Data like name, email, phone, and username are simple enough, but gender and birth date are not. If you ask for something like gender and birth date, put in why and explain your reasoning. Age limits or restrictions? Does the app work differently based on gender, such as a health app? Also, when a person undergoes the registration process, make sure that they clearly see that they are accepting the Terms & Conditions and Privacy Policy. When they press Continue or Submit or Signup, there should be text saying that they accept it right next to it, preferably right below or above it.
  2. Explain the things you ask permission for. The one permission you don’t have to talk about is Push Notifications. Anything else, contacts, locations, etc. needs to be explained out. If you use locations, explain what you do with the locations. Do you track the user? Do you not? Do you do something else? Explain how you take user privacy seriously. Apple wants to see you put in a serious effort to monitor and protect user privacy.
  3. Explain how interactions between users will be monitored. If users can post content to other users or post content that other users can see, make sure that the users can block the other user or report that content if it is offensive, etc. If it isn’t like that, either Apple will not let your app through or force your app with a higher rating than the one that you would like to have.
  4. Make sure that your app can run only on IPv6. I have another article about this, but this is now required starting from this year. Some providers (cough cough) AWS, Azure, Google Cloud (cough cough) don’t provide this yet or choose not to. If you use one of these services, add an extra DigitalOcean server or Vultr server for an extra $5 a month. It’s not the best, but it’s not the worst thing in the world.
  5. The most common rejection is Metadata rejection or rejection for lack of complete information in the App Review Notes or in the App Description. For example, if your app uses GPS location, you need to include in the App Description that there might be increased battery usage due to your app because of prolonged GPS usage. Put anything that you can think Apple would ask regarding privacy into the App Review Notes. User information, location information, contacts information, health information, anything that you get from the user, put it in there and explain why.
  6. Your Info.plist is important. Make sure that you have the necessary privacy statements in there for push notifications, contacts, locations, and anything else you ask permission for.
  7. (Optional) Link to a video that explains the app out. I did not do this, but I can see where this would be extremely helpful.

With these tips, I hope that you’ll have a much easier time navigating the muddy waters of the review process than I did.


Where’s IPv6?

First off, I would like to say that the rule that Apple created the IPv6 rule with good intentions but requiring it on app developers is frustrating, to say the least. The fact is that most home and work IP networks still do not support IPv6. Home with AT&T: nothing. Maybe at Ole Miss: nope. I understand that Apple is pushing for the world to move forward, but this might be something which Apple has no control over.

But, my main point, is the frustration that app developers now have to face with the possibility of denial from Apple, yet facing increased costs by having to go somewhere else for their IPv6 compatibility. I currently use DigitalOcean and Vultr, and I love their simplicity of service and price, but the fact is that just increases costs for me.

When I use RDS or DynamoDB from Amazon, Datastore or Cloud SQL from Google, DocumentDB or Azure SQL from Microsoft, there’s no reason to have to go to elsewhere for VMs. The reason why most go to Amazon or Google or Microsoft is that it’s a one-stop shop for everything. Everything from managed databases, file storage, content-delivery networks, servers, and services like natural language processing and vision are why they come to the Big Three.
Now, app startups have to maintain separate systems for the backend with at least two or more cloud providers, which is just not feasible for many startups. And there’s also other costs as well. Building out systems to manage the systems as one grows bigger means relying on different APIs for different solutions. A good chunk of my consumers now in the wild use IPv6, especially if they’re accessing it on a cellular network, and I can’t overload just one server to handle all my IPv6 requests. Which means rather than using EC2 or Compute Engine, I have to use Vultr or DigitalOcean, adding complexity and time.

Let me make one thing clear; I don’t hate Vultr or DigitalOcean. I love their simplicity and ease-of-use. They’re a great resource when you don’t want to worry about bandwidth, 1TB minimum, and a great way to do simple testing, coding, and back-end development. They’re also an excellent way to host WordPress sites, static websites, and maybe even research for scientists and engineers. But, they’re not designed for the large, complex integrated systems that can be the next Snapchat or Instagram. And, when start-ups are trying to accomplish their goals, they don’t need the additional headaches placed upon them by the Big Three for lack of technology. When they use systems like SES, Pub/Sub, SNS, Google Cloud Natural Language, etc., doesn’t it make sense that they also get their servers that will access these services to be Apple-compliant? They’re announcing new regions, new data centers, and more servers, yet they don’t have a timeline to put in IPv6. Amazon heralded it as an achievement that S3 gained IPv6 earlier this year. It’s not an achievement when it’s been made necessary by Apple. It’s a necessity.

So, to all the cloud providers like Amazon, Microsoft, Google, and anyone else who doesn’t use IPv6, get onboard. When companies like Softlayer by IBM, DigitalOcean, Vultr, Rackspace, and others have, there’re no excuses. Even if it is only at those new data centers that you are building, that would be okay. Especially to Microsoft and Google, if you want to overtake Amazon, this might be the essential push that you need to get you into being even with Amazon. And that could be the difference between winning and losing this cloud war.