Adding Guest and Apple Sign-in to Needy Delivery

This is the second part of our Needy Delivery story. Read the first part here.

Apple is known to have very strict guidelines to be approved for the App Store. These guidelines hopefully are there to ensure iPhone users have the best experience when installing apps from the App Store.

So our first submission to App Store Connect for NeedyDelivery was rejected. Not a huge surprise. There were two reasons:

1. Sign in with Apple
2. Data Collection and Storage

Sign in With Apple

Apps that use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option Our app offered Facebook login, which means Apple Sign-in must also be included. The solution was straightforward but we did run into some issues.

The first time Apple Sign-in is used, the name and email of the user are returned.

Subsequent logins do not return this information. So the user’s name and email are stored locally in the iOS Keychain. This works fine unless the user decides to delete the app, which also removes their local Keychain. If the user reinstalls the app and uses Apple Sign-in again, an error is shown to the user.

The user has to go into their settings and remove “Needy Delivery” from “Apps using Apple ID”, then the user’s name and email can be stored on their local Keychain again.

Working with Apple Sign-in can be a bit of a hassle, but I do appreciate how Apple takes extra precautions for their users’ information. For example, a user can decide not to share their email address and Apple will provide a dummy email address that forwards emails to their actual email.

Storing the user’s name and email on the backend server would have been another alternative since the data can persist there, even if the app was deleted on a user’s iPhone. But this turned out to be another problem. The backend server uses social-app-django to convert tokens from third-party login services to its own token. This worked fine with Facebook, but the user’s name and email would be removed each time, after the first login attempt. So the user’s name and email have to be updated from the iOS Keychain after each login. Fixing this could require our own custom implementation with the social-app-django.

Data Collection and Storage

If your app doesn’t include significant account-based features, let people use it without a log-in. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. If your core app functionality is not related to a specific social network (e.g. Facebook, WeChat, Weibo, Twitter, etc.), you must provide access without a login or via another mechanism.

This issue was not as straight-forward as simply implementing Apple Sign-in. We needed to provide a way for users to freely browse restaurants and meal items without having to log in with an account first. Our first thought was to follow Amazon’s app, which is extremely popular and successful.

Users can immediately start browsing but are encouraged to log in.

But this required more changes to the app than we wanted to. Our storyboard had several view controllers with segues that went in a certain order. Moving them around can easily become a headache.

Then we looked at Etsy’s design which was more suitable.

Here, users first see a login screen, similar to our own login screen but there is a “continue as guest” button. This allows a user to start browsing without having to create an account first. The user is only prompted to create an account at checkout.

On our second submission with these changes, our app was approved!

You can now find our app here: https://apps.apple.com/us/app/needy-delivery/id1542680063