app-store-review

App Store Review Guidelines Checker

Comprehensive guide for evaluating iOS, macOS, tvOS, watchOS, and visionOS app code against Apple's App Store Review Guidelines. This skill covers EVERY guideline point to identify potential rejection issues before submission.

Supports: Swift, Objective-C, React Native, and Expo apps

When to Apply

Use this skill when:

• Preparing an app for App Store submission
• Reviewing code for compliance issues
• Implementing features that may trigger review concerns
• Auditing existing apps for guideline violations
• Building features involving payments, user data, or sensitive content

Guideline Sections

Read individual rule files for detailed explanations, checklists, and code examples:

Section	File	Key Topics
1. Safety	rules/1-safety.md	Objectionable content, UGC moderation, Kids Category, physical harm, data security
2. Performance	rules/2-performance.md	App completeness, metadata accuracy, hardware compatibility, software requirements
3. Business	rules/3-business.md	In-app purchase, subscriptions, cryptocurrencies, other business models
4. Design	rules/4-design.md	Copycats, minimum functionality, spam, extensions, Apple services, login
5. Legal	rules/5-legal.md	Privacy, data collection, intellectual property, gambling, VPN, MDM

Risk Levels by Category

Risk Level	Category	Section	Common Rejection Reasons
CRITICAL	Privacy & Data	5.1	Missing privacy policy, unauthorized data collection
CRITICAL	Payments	3.1	Bypassing in-app purchase, unclear pricing
HIGH	Safety	1.x	Objectionable content, inadequate UGC moderation
HIGH	Performance	2.x	Crashes, incomplete features, deprecated APIs
MEDIUM	Design	4.x	Copycat apps, minimum functionality issues
MEDIUM	Legal	5.x	IP violations, gambling without license

---

Quick Reference: High-Risk Rejection Patterns

Critical Issues (Immediate Rejection)

Swift:

// 🔴 Private API usage
let selector = NSSelectorFromString("_privateMethod")

// 🔴 Hardcoded secrets
let apiKey = "sk_live_xxxxx"

// 🔴 External payment for digital goods
func purchaseDigitalContent() {
    openStripeCheckout() // Use StoreKit instead
}

React Native / Expo:

// 🔴 Hardcoded secrets in JS bundle
const API_KEY = 'sk_live_xxxxx'; // REJECTION

// 🔴 External payment for digital goods
Linking.openURL('https://stripe.com/checkout'); // Use react-native-iap

// 🔴 Dynamic code execution
eval(downloadedCode); // REJECTION

// 🔴 Major feature changes via CodePush/expo-updates
// OTA updates for bug fixes only, not new features!

High-Risk Issues

Swift:

// 🟡 Missing ATT when using ad SDKs
import FacebookAds // Without ATTrackingManager

// 🟡 Account creation without deletion
func createAccount() { } // But no deleteAccount()

React Native / Expo:

// 🟡 Missing ATT (use expo-tracking-transparency)
import analytics from '@react-native-firebase/analytics';
analytics().logEvent('event'); // Without ATT prompt = REJECTION

// 🟡 Account deletion via website only
Linking.openURL('https://example.com/delete'); // Must be in-app!

// 🟡 Social login without Sign in with Apple
<GoogleSigninButton /> // Must also offer Apple login!

Medium-Risk Issues

// 🟠 Vague purpose strings in Info.plist
"This app needs camera access" // Be specific!

// 🟠 WebView-only app (insufficient native functionality)
const App = () => <WebView source={{ uri: 'https://site.com' }} />;

// 🟠 References to Android in iOS app
const text = "Also available on Android"; // REJECTION

// 🟠 console.log in production
console.log('debug'); // Remove or wrap in __DEV__

---

Pre-Submission Checklist

Privacy (Section 5.1)

• Privacy policy link in App Store Connect
• Privacy policy link accessible within app
• All purpose strings are specific and accurate
• App Privacy details completed in App Store Connect
• ATT implemented if tracking users
• Account deletion available if accounts exist
• Data minimization - only requesting necessary permissions
• User consent obtained before data collection

Payments (Section 3.1)

• StoreKit used for all digital purchases
• Restore purchases implemented
• Subscription terms clearly displayed
• Loot box odds disclosed if applicable
• No external payment for digital goods (unless entitled)
• Credits/currencies don't expire

Safety (Section 1.x)

• No objectionable content
• UGC moderation implemented (filter, report, block, contact)
• Parental gates for Kids Category apps
• No false information or prank features
• Medical disclaimers if applicable
• No substance promotion

Performance (Section 2.x)

• No crashes or bugs
• All features complete and functional
• No placeholder content
• IPv6 tested and functional
• Demo account provided if needed
• Using only public APIs
• No deprecated APIs
• Proper background mode usage

Design (Section 4.x)

• Sufficient native functionality (not just web wrapper)
• No copycat concerns
• Original app name and branding
• Extensions comply with guidelines
• Login alternatives if using social login
• Not monetizing built-in capabilities

Legal (Section 5.x)

• No unlicensed third-party content
• Proper Apple trademark usage
• Gambling license if applicable
• VPN uses NEVPNManager API
• COPPA/GDPR compliance for kids

---

References

• App Store Review Guidelines
• Human Interface Guidelines
• App Store Connect Help
• Apple Developer Documentation