iOS Question App Store Contact Question

[Alex_197]

Hi all and Merry XMass

I'm creating a record in App Store for my app and now I have a problem. My app requires username and password to login.

All the users already registered with a company web site and all of them have their accounts - this is home attendants visit verification app.

The first my app checks if the user is already registered and if not shows registration page where the user enters his ID (this is ID from his badge), his username which is his email associated with his account on the company web site, his password and company ID. If it successfully went trough user sees a message that registration is successfully finished and his mobile profile must be authorized by the company - kind of 2 steps verification. It works fine. Once the mobile profile is authorized - user receives an email that his account is ready and only after this - user can login with his username / password.

Email will be sent to the email provided by the user which is his email already registered with a company web site.

Now when I started to create a record in App Sore I see this

App Review Information

Sign-In Information


Provide a user name and password so we can sign in to your app. We’ll need this to complete your app review.
Sign-in required

Here is a problem because we don't have a profile associated with someone who will do the app review. I can create a fictionally home attendant profile and fictionally client's profile. It's not a problem - the problem is the username. How the reviewer will know that his account is authorized? And I need to know this reviewer's email to register it first with a fictionally home attendant profile.

Has anyone here ever been in this situation? Can I skip it?

Thanks.

 

[JordiCP]

Is it correct to assume that the email is only needed for registration purposes?

If this is the case, the same device can be used to login different already created user accounts. You can send one of them (user/pwd) to the reviewer team.
They will be able to test everything except the registration process itself. This was the case with an app I made for a company some months ago, and it was approved with no problems

 

[Alex_197]

Is it correct to assume that the email is only needed for registration purposes?

If this is the case, the same device can be used to login different already created user accounts. You can send one of them (user/pwd) to the reviewer team.
They will be able to test everything except the registration process itself. This was the case with an app I made for a company some months ago, and it was approved with no problems

There is nothing to test without username / password..

The first page before registration is Privacy Statement that must to be accepted, then registration screen appears.

When we register the device it sends to the server the username (email), password, badge ID, company ID and device ID. These parameters we need to create mobile account and this mobile account will be linked to the main home attendant account on the web site. But it's not enough to login. Mobile account must be authorized by the company admin.

 

[jahswant]

You will need to bring an authentication mecanisn for them to review the app. They don't like to create account as the accounts may require some some local params like phone number etc.

 

[JordiCP]

This is indeed a problem.

One possible solution is that you create the fictional account, and send it to the review team. Once they apply for registering with their own mail address, just detect this special case it in the server so that it will respond to the address sent by them instead of the one you generated in the fictional profile.

However, unless there is a specific reason why a registered user can only use his profile with a specific device, why don't you also add the option to login after the Privacy Statement? This would also solve the problem that will appear if a user changes his mobile device: should he expect to be able to login with a different device ?

 

[Alex_197]

You will need to bring an authentication mecanisn for them to review the app. They don't like to create account as the accounts may require some some local params like phone number etc.

It's impossible because for creating account I need device ID. The only thing I can skip is mobile account authorization, I can do it on fly since I already know badge ID and let them to login bypassing authorization. Yes, it might work.

 

[jahswant]

It's impossible because for creating account I need device ID. The only thing I can skip is mobile account authorization, I can do it on fly since I already know badge ID and let them to login bypassing authorization. Yes, it might work.

Try to explain clearly what to do on registration and you may also if you can provide some test data and also a video for the process, else the will not review.

 

[Alex_197]

This is indeed a problem.

One possible solution is that you create the fictional account, and send it to the review team. Once they apply for registering with their own mail address, just detect this special case it in the server so that it will respond to the address sent by them instead of the one you generated in the fictional profile.

However, unless there is a specific reason why a registered user can only use his profile with a specific device, why don't you also add the option to login after the Privacy Statement? This would also solve the problem that will appear if a user changes his mobile device: should he expect to be able to login with a different device ?

HEEPAA requirements (Department Of Health) . I need to follow. You need to send a ticket with every request to the server and the ticket is encrypted deviceID. Server takes this ticket, decrypted it and validate it against the database and if it matches checks badge ID we have in the database and if badge ID frim the request matches to badge id in the database request accepted. It's 2 steps verification process with every request.

 

[Alex_197]

Try to explain clearly what to do on registration and you may also if you can provide some test data and also a video for the process, else the will not review.

Ok, I will.

 

[Alex_197]

This is indeed a problem.

One possible solution is that you create the fictional account, and send it to the review team. Once they apply for registering with their own mail address, just detect this special case it in the server so that it will respond to the address sent by them instead of the one you generated in the fictional profile.

However, unless there is a specific reason why a registered user can only use his profile with a specific device, why don't you also add the option to login after the Privacy Statement? This would also solve the problem that will appear if a user changes his mobile device: should he expect to be able to login with a different device ?

Good idea, but I can make it differently.

What I can do, I can send them badge id, username, password and company id they have to use for registration and because I already know badge id and I know this is Apple - I can authorize this account on fly and let them login right after registration.