Rejected from App Store for Stripe payments integration...but I don't use Stripe


#1

Hi all,
I have an app that I’ve been happily building for a few months with Expo and I’ve really enjoyed the developer experience. Lately, though, I’ve been rejected from the Apple App Store for Stripe payment integration. The strange thing is I don’t use or reference the Stripe API anywhere in my code. After a few back-and-forths with an Apple reviewer this is what they’re seeing:

the app still contains API calls to api.stripe.com/v1 in its STPAPIClient class as well as Stripe support in its EXTPSStripeManager, STPBankAccount, STPPaymentConfiguration and EXTPSStripeManager, among others.

Here are the relevant details of my app:

  • built with vanilla Expo (i.e. not detached using expo-kit)
  • SDK v31.0.0 (latest as of writing)
  • no reference anywhere in JS code to the Expo Stripe API
  • native builds use Expo’s excellent build service via the Expo CLI
  • I’ve successfully submitted to and passed App Review for this app with previous builds

The main change between the last version of my app that passed App Review and the first one that failed due to Stripe integration: I started using the Branch API. A few questions:

  1. Could an import of Branch (which also lives in the DangerZone namespace) in my JS code somehow (accidentally) signal to the Expo build service that the Stripe SDK should be bundled into the binary?
  2. Is there a way to tell whether or not my *.ipa built with the Expo CLI includes the Stripe SDK calls that Apple is finding? I’ve tried unzipping and sifting through the .ipa package but grepping EXTPSStripeManager etc reveals nothing.
  • I do see a Stripe.bundle file included in the native build, but if I start a new Expo project from scratch (expo init) and build via the Expo CLI without any changes it also includes Stripe.bundle.
  • I see a ~50MB difference in file size between the rejected build .ipa and one where the only change was removing references to DangerZone and Branch. I still see Stripe.bundle in the new binary, but could the 50MB account for the removal of Stripe integration? Is there any way to know for sure (decompile?)

Some other relevant points that I’ve read up on:

  • As of the SDK v21 announcement the Stripe SDK should no longer be included in binaries built with the Expo standalone builder.
  • Apparently the Expo builder service used to include support for the past 6 SDK versions by default but according to James Ide’s blog post newer builds only include the latest SDK. My app binaries have definitely been built since this change was put into place so we can rule this out as a possibility.

Has anyone else experienced this problem? Are there any other relevant details I can provide to help diagnose my problems? Thanks in advance for any and all help.

Cheers,
Eric


closed #2

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.