We have a newly developed application rejected by Apple. Here is their explanation:
We found that your application does not obtain user consent before collecting user personal data, in accordance with the requirements of the App Store Review Guide.
In particular, your applications send the MAC address of the device without user permission. Your application also sends the device Contact information without user permission.
In order to collect personal data with your application, you must clearly indicate that their personal data is uploaded to your server, and you must obtain user consent before the data is downloaded.
iOS 6 contains new keys to indicate why the application will have access to user-protected data. When an access request is displayed, the destination indicated in these keys is displayed in this dialog box. If your application will transmit protected user data, the use of the line in your access request should clearly inform the user that their data will be uploaded to your server if they agree.
For more information about these keys, see the Property List Reference Information.
We use the RubyMotion toolchain and do not access the MAC address anywhere in our application. We believe this may be one of the SDKs or gems we use.
Gemfile:
source :rubygems gem 'bubble-wrap', :git => 'https://github.com/rubymotion/BubbleWrap.git' gem 'teacup' gem 'rake' gem "cocoapods", "0.13.0" gem 'motion-cocoapods', "1.1.0" gem 'motion-testflight' gem 'motion-table' gem "Parsistence" gem 'formotion' gem "ProMotion" gem "motion-addressbook"
Only external api calls apply to Parse.com and testflight, as we use both of these SDKs.
Parse said they do not collect the MAC address, and Testflight does not do this unless you specifically do this.
We also use these Cocoa pods:
'NSData + MD5Digest'
'MBProgressHUD'
'ASIHTTPRequest'
'PHFRefreshControl'
'Jsonkit'
Question: Does any of these stones or Cocoapod cause a MAC address?