Apple rejected app because it's transmitting MAC Address without user permission

We had a recently developed app rejected by Apple. Here is their explanation:

We found your app does not obtain user consent before collecting the
user’s personal data, as required by theApp Store Review Guidelines.

  • Force view controller to portrait only
  • Detect whether browser has keyboard/arrow keys in web page
  • iOS Tweet Uncompressed Image with Transparency
  • Facebook iOS SDK to return a signed request object upon login
  • wrong position of tile map when i convert to retina display
  • Crop UIImage to center square
  • Specifically, your applications sends the device’s MAC address without
    the user’s permission. Your app also sends device Contact information
    without the user’s permission.

    To collect personal data with your app, you must make it clear to the
    user that their personal data will be uploaded to your server and you
    must obtain the user’s consent before the data is uploaded.

    iOS 6 includes new keys for specifying the reason the app will access
    the user’s protected data. When the access prompt is displayed, the
    purpose specified in these keys is displayed in that dialog box. If
    your application will be transmitting protected user data, the usage
    string in your access request should clearly inform the user that
    their data will be uploaded to your server if they consent.

    For more information on these keys, please see the Information
    Property List Key Reference.

    We are using the RubyMotion toolchain, and not accessing the MAC address anywhere in our app. We think it may be one of the SDK’s or gems we are using.

    Gemfile:

    source :rubygems
    
    gem 'bubble-wrap', :git => 'https://github.com/rubymotion/BubbleWrap.git'
    gem 'teacup' 
    gem 'rake'
    gem "cocoapods", "0.13.0"
    gem 'motion-cocoapods', "1.1.0"
    gem 'motion-testflight'
    gem 'motion-table'
    gem "Parsistence"
    gem 'formotion'
    gem "ProMotion"
    gem "motion-addressbook"
    

    The only external api calls are to Parse.com and to testflight, as we are using both of these SDK’s.

    Parse said that they do not collect the MAC address, and Testflight doesn’t unless you specifically do so.

    We are also using these Cocoa pods:

    ‘NSData+MD5Digest’

    ‘MBProgressHUD’

    ‘ASIHTTPRequest’

    ‘PHFRefreshControl’

    ‘JSONKit’

    Question: Do any of these gems or Cocoapods call for the MAC address?

    3 Solutions Collect From Internet About “Apple rejected app because it's transmitting MAC Address without user permission”

    I’d imagine test flight or Parse could have the ability to retrieve the MAC address and even if they don’t send it Apple is probably just seeing that they are accessing and sending something. I assume this because it would be really bad if any of these libraries are sending an unencrypted version of the MAC address over network so maybe Apple can just see the accessing of it. Are you by any chance using an advertising network in your app?

    Upgrade TestFlight to the latest SDK to fix this. From their Release Notes:

    1.2.5 – May 1, 2013

    Removed any access to mac address

    Added AdSupport.framework requirement

    If you want to sniff traffic from your device to see what’s being sent, try using Charles.