How GetMyMFA Became the Key Tool for improving App Reviews with 2FA

Jonathan Bernales
Jonathan Bernales
Founder

In today's digital landscape, security is paramount. This is why many developers choose to implement Two-Factor Authentication (2FA) in their applications, ensuring that only verified users can access their platforms. However, this added layer of security can become a hurdle when submitting apps for review on major platforms like Apple’s App Store or Google Play. Both platforms require the reviewers to log in to the app and validate that everything is working smoothly. If your app enforces 2FA for regulatory purposes, Apple or Google might reject your app submission as they will not configure or receive MFA codes via SMS. You are then faced with two choices:

  1. Disable 2FA security for Apple’s or Google’s reviewer account: This represents a security issue as you are providing them with an unsecured production account. It can also be a challenge as your policies might dictate that all production accounts should have 2FA enforced.
  2. Develop a “demonstration mode” of your app: This mode would mock production calls, which is costly for very little added value (used exclusively for app review purposes).

GetMyMFA was built to simplify the app submission process for teams and developers dealing with 2FA applications without compromising security. By offering virtual phone numbers specifically for SMS-based authentication, GetMyMFA has become an essential tool for developers to ensure their apps get approved quickly and securely.

Why 2FA Poses Challenges for App Submission

When developers submit an app that uses 2FA, Apple and Google reviewers must authenticate using the same methods as end users. Typically, this requires a phone number to receive a verification SMS. Apple and Google will not provide you with a phone number that will receive 2FA SMS codes, and therefore might end up rejecting your app, stating that you haven’t provided a valid login method. To bypass these issues, developers often consider developing a demonstration mode or disabling MFA, which are costly and potentially insecure solutions.

Developing a demonstration mode means duplicating much of the app's logic and mocking calls, which is costly and might cause issues with your production app. On the other hand, implementing an MFA bypass for the review process can compromise the app’s security, making it a less than ideal option, or it could even be forbidden by your policies for production accounts.

How GetMyMFA Solves the Problem

GetMyMFA provides a simple, secure, and effective solution to this problem. Here’s how it works:

  1. Purchase a Virtual Phone Number: Developers can easily purchase a virtual phone number through the GetMyMFA platform. This number is used solely for the purpose of receiving SMS messages needed for 2FA during the app review process.
  2. Create a Reviewer Account: Once a virtual number is obtained, developers create a user account specifically for Apple or Google reviewers. This account is set up using the virtual number provided by GetMyMFA, ensuring that all 2FA verification codes are routed through the secure virtual number.
  3. Provide Login Details to Reviewers: Developers then provide these login credentials in the app submission form. Reviewers use the credentials to log in, and when prompted for 2FA on the mobile app, the verification code is sent to the virtual number and displayed in the GetMyMFA web app, allowing reviewers to complete the login process easily. See the illustration below:
MFA Web interface illustration

By following these simple steps, developers can ensure that their apps are reviewed without compromising security or spending excessive resources on unnecessary development.

Real-World Impact: Faster Approvals, Less Hassle

More than 250 subscribers have already experienced the benefits of using GetMyMFA for their app submissions. Most of our customers are financial organizations that struggled to get their apps approved due to this 2FA barrier. After switching to GetMyMFA, they streamlined the review process, enabling Apple and Google reviewers to quickly access their apps without bypassing security or needing to develop a full demonstration mode. As a result, their apps are now approved in record time, allowing them to focus on scaling and improving their product rather than dealing with administrative setbacks.

Why GetMyMFA is Essential for Modern App Development

With the growing emphasis on security and user authentication, having a reliable solution for managing 2FA during app reviews is essential. GetMyMFA not only solves the immediate problem of how to handle 2FA login in the review process but also provides peace of mind to our customers, knowing that there aren’t any “exceptions” on production accounts.

Whether you're an established company or a budding startup, using GetMyMFA can save you time, money, and the headache of navigating unnecessarily complex app review requirements.

So, if you're looking to streamline your app submission process and ensure your 2FA-enabled apps are approved without a hitch, GetMyMFA is the tool you need.