New Apple app review guidelines: "An app may not store credentials or tokens to social networks off of the device and may only use such credentials or tokens to directly connect to the social network from the app itself while the app is in use."
3
18
49
Guess you can't schedule a tweet, get analytics, digests, etc. from a 3rd party client, and many other things. This is the original point of OAuth, after all. Does this kill Google Drive tools b/c Google Sign In also covers YouTube? Is email a 'social network'? Why or why not?
3
2
7
This also bans the OAuth code flow where a server side app secret is used to issue a token for more security. Since apps can't be remotely attested as being on iOS, this makes all apps less secure.
1
7
Replying to @hillbrad
Somewhere along the way, Apple decide privacy was far more important than security.

Jun 13, 2018 · 10:56 PM UTC