App Store Upload rejection about guideline 4.8, third party logins

Question

I received the message from app store, and I can't understand it correctly

As for the guideline 4.8, your in app login is fine but your “third party logins” like google and Facebook logins do not follow all the three points listed below:

• The login service limits data collection to the user’s name and email address.
• The login service allows users to keep their email address private as part of setting up their account.
• The login service does not track users as they interact with your app.

I have a question to each point.

• What does ‘the login service limits data collection to the user’s name and email address’ means? I already use only those two data.
• What does ‘the login service allows users to keep their email address private’ means? My app don’t show users’ email address in public.
• Does ‘the login service does not track users as they interact with your app.’ means I have to ask users about option not to track them when they’re signing up?

I have sent a same message to app store, what do you mean I have to do. But they repeat the same answer, not answering to my question.

Answer 1

The problem was caused by not having Privacy Policy and Terms of Service when doing social login. I added and they passed.

Answer 2

1. "The login service limits data collection to the user’s name and email address": This means that your app should only collect and store the user's name and email address when they log in via third-party services such as Google or Facebook. If you already only collect these two pieces of information, you probably fulfil this requirement.

2. "The login service allows users to keep their email address private when setting up their account." This means that users should be able to choose to keep their email address private when setting up their account through third-party sign-in services. It's about giving users control over their privacy settings. If your app already respects users' preferences about sharing their email address publicly, you probably fulfil this requirement.

3. "The login service does not track users' interactions with your app": This means that the third-party sign-in service is not allowed to track users' interactions within your app for advertising or other purposes. It is about ensuring that users' interactions with your app are not used for tracking or profiling purposes without their consent. If you use third-party sign-in services that respect users' privacy and do not track interactions within your app, you are likely to fulfil this requirement.

Please make sure if you are using Sign in with Apple If you are using social login in your application as apple login is necessary in social login's case.