We had a recently developed app rejected by Apple. Here is their explanation:

We found your app does not obtain user consent before collecting the
user’s personal data, as required by theApp Store Review Guidelines.

Specifically, your applications sends the device’s MAC address without
the user’s permission. Your app also sends device Contact information
without the user’s permission.

To collect personal data with your app, you must make it clear to the
user that their personal data will be uploaded to your server and you
must obtain the user’s consent before the data is uploaded.

iOS 6 includes new keys for specifying the reason the app will access
the user’s protected data. When the access prompt is displayed, the
purpose specified in these keys is displayed in that dialog box. If
your application will be transmitting protected user data, the usage
string in your access request should clearly inform the user that
their data will be uploaded to your server if they consent.

For more information on these keys, please see the Information
Property List Key Reference.

We are using the RubyMotion toolchain, and not accessing the MAC address anywhere in our app. We think it may be one of the SDK’s or gems we are using.

Gemfile:

source :rubygems

gem 'bubble-wrap', :git => 'https://github.com/rubymotion/BubbleWrap.git'
gem 'teacup' 
gem 'rake'
gem "cocoapods", "0.13.0"
gem 'motion-cocoapods', "1.1.0"
gem 'motion-testflight'
gem 'motion-table'
gem "Parsistence"
gem 'formotion'
gem "ProMotion"
gem "motion-addressbook"

The only external api calls are to Parse.com and to testflight, as we are using both of these SDK’s.

Parse said that they do not collect the MAC address, and Testflight doesn’t unless you specifically do so.

We are also using these Cocoa pods:

‘NSData+MD5Digest’

‘MBProgressHUD’

‘ASIHTTPRequest’

‘PHFRefreshControl’

‘JSONKit’

Question: Do any of these gems or Cocoapods call for the MAC address?