App failing apple review process because of user identifying code that is not complient with apple

[salah-ghanim]

Hello Adyen team, We're suspecting that your SDK is causing the following issue with our app review

your app uses algorithmically converted device and usage data to create a unique identifier in order to track the user. The device information collected by your app may include some of the following: attributesOfItemAtPath:error:, NSLocaleLanguageCode, NSHomeDirectory, NSLocaleCurrencyCode, and getifaddrs.

please help

[mohammedDehairy]

Hi @salah-ghanim ,

The SDK collects a fingerprint of the shopper device as required by EMVCo specification for 3DS2 strong customer authentication in order for the card issuers to fight fraudulent transactions.

You can reply to apple reviewer and refer to the EMVCo specs link above.

[salah-ghanim]

@mohammedDehairy apple is still refusing to let the app pass the review / give an exception

Hello, Thank you for your message and for your efforts to resolve this issue.

We continue to find that your app collects user and device information to create a unique identifier for the user's device. Your app may be using some of the following API to create a unique identifier for the user's device: deviceName, deviceType, cpuSubtype, injectInstallReceipt:, and countryCode.

We hope this additional information helps you resolve this issue. You will need to remove any functionality that collects user and device information in order to create a unique identifier for the user's device before we can approve your submission.

For more information on fingerprinting, see the Frequently Asked Questions on User Privacy and Data Use. Refer to section 3.3.9 of the Apple Developer Program License Agreement to learn more about our policies for apps that fingerprint devices.

We look forward to reviewing your app once the appropriate changes have been made.

Best regards,

App Store Review

we need an alternative from adyen here since PSDII is a requirement and we can't force apple to change their policy.

[mohammedDehairy]

@salah-ghanim ,

We'll contact apple for this issue, and get back to you as soon as possible.

This guid line might be a new one, because we never faced this issue before.

But we can't fix it, because fingerprint collection is an integral part of the 3DS 2 protocol, without it the SDK won't work, so we'll contact apple and try to sort this issue.

Mohamed

[salah-ghanim]

@mohammedDehairy turns out it's not adyen instead Adjust is the problematic SDK. our apps are published successfully now.

see: https://www.forbes.com/sites/johnkoetsier/2021/04/01/apple-rejecting-apps-with-fingerprinting-enabled-as-ios-14-privacy-enforcement-starts/