We are developing a web app Application and planning to use Push Notification to send "One Time Password". But as per Apple Guidelines, "Apps that send sensitive personal or confidential information using Push Notifications will be rejected". Please suggest.
The answer is in the body of the question, isn't it?
I think sending a password in plain text via push notification is problematic. Any tool could catch it in mid-transfer.
Perhaps you should at the least send it encrypted and de-crypt it on the client-side.