Binary Rejected: Your app uses public APIs in an unapproved manner

Question

Apple has rejected the iOS application uploaded to the App Store. I have developed an application which installs the signed configuration profile (.mobileconfig) in the iOS device.

I am unable to figure out which public API I have used in an unapproved manner.

1. Is it the HTTP requests which downloads configuration profile from the server and then prompt the user to install it?

2. I am validating whether the profile has been installed in the iOS device or not using Security Framework (SecCertificate, SecPolicy, SecTrust etc.). I am not sure if this is the problem.

3. What else should I look for figure out that particular Public API?

Below is the Apple Response:

Guideline 2.5.1 - Performance - Software Requirements

Additionally, your app uses public APIs in an unapproved manner, which does not comply with guideline 2.5.1 of the App Store Review Guidelines.

Since there is no accurate way of predicting how an API may be modified and what effects those modifications may have, Apple does not permit unapproved uses of public APIs in App Store apps.

Next Steps

Please revise your app to ensure that documented APIs are used in the manner prescribed by Apple.

Answer 1

TL; DR

Using MDM/VPN for ad blocking or screen-time monitoring is not considered compliant with the App Store Review Guidelines. Also, Apple going to remove the existing app from the AppStore which using the same public APIs.

Update (Apr 28, 2019) - Apple release press update about the Parental Control Apps.

Complete Case

I got the same reason of app rejection from Apple.

From Apple
Your app uses public APIs in an unapproved manner, which does not comply with guideline 2.5.1 of the App Store Review Guidelines. Since there is no accurate way of predicting how an API may be modified and what effects those modifications may have, Apple does not permit unapproved uses of public APIs in App Store apps.

My app is a parental control app which uses the iOS MDM (Mobile Device Management) protocol to hide/unhide device application after a child time limit over. So, I send this reply to Apple review team

ME
Re 2.5.1, we believe our APIs are used in the manner prescribed by Apple. Could you kindly please provide us with one example of an APIs that is non-compliant, via this chat, so we can understand what to look for and what needs to be done?

After this, I sent them 3 follow up message but got nothing from Apple side. So, I submitted the app again with no changes. Apple review team again rejected the app with the same reason. Again, I sent the same message also a call request but got nothing from the Apple side.

So, after some days I again submitted the same app with no changes. App got rejected again. But this time they have accepted my call request.

ME
Could we please have a call to understand your concerns so we can address them appropriately? Thank you.

.

From Apple Hello,

Thank you again for your response.

If you would prefer to speak about this issue over the phone, we can arrange for an Apple Representative to call you within the next three to five business days to discuss your App Review issue.

To request a call, please reply to this message with the best phone number to reach you.

Best regards,

App Store Review

.

ME
Hi, please call +91XXXXXXXXXX. Thank you!

After this Apple Review team member called me. And said, using MDM/VPN for ad blocking or screen-time monitoring is not considered compliant with the App Store Review Guidelines. Also, they said me they are notifying other developers too about this. They are also going to remove the existing app from the AppStore which using the same public APIs.

From Apple
Hello Vineet,

Thanks for your time on the phone today.

As we discussed, upon further review, we continued to find the app to be out of compliance with the App Store Review Guidelines, such as guideline 2.5.1 - Performance.

It would be appropriate to ensure that all public APIs are being utilized for purposes the APIs were designed for. Using MDM/VPN for ad blocking or screen-time monitoring is not considered compliant with the App Store Review Guidelines.

We hope you will consider making the necessary changes to be in compliance with the App Store Review Guidelines and will resubmit your revised binary.

Please reply to this message via Resolution Center on App Store Connect or feel free to contact me at +1-XXX-XXX-XXXX during weekdays, between 11AM-6PM Pacific Time, if you need further clarification.

Best regards, App Store Review

This complete process took approx 1.5 months(20 Nov 2018 to 05 Jan 2019).

Hope this can save someone 1.5 months. :P