Use when adding new error messages to React, or seeing "unknown error code" warnings.
app-store-review
17
0
# Install this skill:
npx skills add safaiyeh/app-store-review-skill
Or install specific skill: npx add-skill https://github.com/safaiyeh/app-store-review-skill
# Description
Evaluates code against Apple's App Store Review Guidelines. Use this skill when reviewing iOS, macOS, tvOS, watchOS, or visionOS app code (Swift, Objective-C, React Native, or Expo) to identify potential App Store rejection issues before submission. Triggers on tasks involving app review preparation, compliance checking, or App Store submission readiness.
# SKILL.md
name: app-store-review
description: Evaluates code against Apple's App Store Review Guidelines. Use this skill when reviewing iOS, macOS, tvOS, watchOS, or visionOS app code (Swift, Objective-C, React Native, or Expo) to identify potential App Store rejection issues before submission. Triggers on tasks involving app review preparation, compliance checking, or App Store submission readiness.
license: MIT
metadata:
author: safaiyeh
version: "1.0.0"
App Store Review Guidelines Checker
Comprehensive guide for evaluating iOS, macOS, tvOS, watchOS, and visionOS app code against Apple's App Store Review Guidelines. This skill covers EVERY guideline point to identify potential rejection issues before submission.
Supports: Swift, Objective-C, React Native, and Expo apps
When to Apply
Use this skill when:
- Preparing an app for App Store submission
- Reviewing code for compliance issues
- Implementing features that may trigger review concerns
- Auditing existing apps for guideline violations
- Building features involving payments, user data, or sensitive content
Guideline Sections
Read individual rule files for detailed explanations, checklists, and code examples:
| Section | File | Key Topics |
|---|---|---|
| 1. Safety | rules/1-safety.md | Objectionable content, UGC moderation, Kids Category, physical harm, data security |
| 2. Performance | rules/2-performance.md | App completeness, metadata accuracy, hardware compatibility, software requirements |
| 3. Business | rules/3-business.md | In-app purchase, subscriptions, cryptocurrencies, other business models |
| 4. Design | rules/4-design.md | Copycats, minimum functionality, spam, extensions, Apple services, login |
| 5. Legal | rules/5-legal.md | Privacy, data collection, intellectual property, gambling, VPN, MDM |
Risk Levels by Category
| Risk Level | Category | Section | Common Rejection Reasons |
|---|---|---|---|
| CRITICAL | Privacy & Data | 5.1 | Missing privacy policy, unauthorized data collection |
| CRITICAL | Payments | 3.1 | Bypassing in-app purchase, unclear pricing |
| HIGH | Safety | 1.x | Objectionable content, inadequate UGC moderation |
| HIGH | Performance | 2.x | Crashes, incomplete features, deprecated APIs |
| MEDIUM | Design | 4.x | Copycat apps, minimum functionality issues |
| MEDIUM | Legal | 5.x | IP violations, gambling without license |
Quick Reference: High-Risk Rejection Patterns
Critical Issues (Immediate Rejection)
Swift:
// π΄ Private API usage
let selector = NSSelectorFromString("_privateMethod")
// π΄ Hardcoded secrets
let apiKey = "sk_live_xxxxx"
// π΄ External payment for digital goods
func purchaseDigitalContent() {
openStripeCheckout() // Use StoreKit instead
}
React Native / Expo:
// π΄ Hardcoded secrets in JS bundle
const API_KEY = 'sk_live_xxxxx'; // REJECTION
// π΄ External payment for digital goods
Linking.openURL('https://stripe.com/checkout'); // Use react-native-iap
// π΄ Dynamic code execution
eval(downloadedCode); // REJECTION
// π΄ Major feature changes via CodePush/expo-updates
// OTA updates for bug fixes only, not new features!
High-Risk Issues
Swift:
// π‘ Missing ATT when using ad SDKs
import FacebookAds // Without ATTrackingManager
// π‘ Account creation without deletion
func createAccount() { } // But no deleteAccount()
React Native / Expo:
// π‘ Missing ATT (use expo-tracking-transparency)
import analytics from '@react-native-firebase/analytics';
analytics().logEvent('event'); // Without ATT prompt = REJECTION
// π‘ Account deletion via website only
Linking.openURL('https://example.com/delete'); // Must be in-app!
// π‘ Social login without Sign in with Apple
<GoogleSigninButton /> // Must also offer Apple login!
Medium-Risk Issues
// π Vague purpose strings in Info.plist
"This app needs camera access" // Be specific!
// π WebView-only app (insufficient native functionality)
const App = () => <WebView source={{ uri: 'https://site.com' }} />;
// π References to Android in iOS app
const text = "Also available on Android"; // REJECTION
// π console.log in production
console.log('debug'); // Remove or wrap in __DEV__
Pre-Submission Checklist
Privacy (Section 5.1)
- [ ] Privacy policy link in App Store Connect
- [ ] Privacy policy link accessible within app
- [ ] All purpose strings are specific and accurate
- [ ] App Privacy details completed in App Store Connect
- [ ] ATT implemented if tracking users
- [ ] Account deletion available if accounts exist
- [ ] Data minimization - only requesting necessary permissions
- [ ] User consent obtained before data collection
Payments (Section 3.1)
- [ ] StoreKit used for all digital purchases
- [ ] Restore purchases implemented
- [ ] Subscription terms clearly displayed
- [ ] Loot box odds disclosed if applicable
- [ ] No external payment for digital goods (unless entitled)
- [ ] Credits/currencies don't expire
Safety (Section 1.x)
- [ ] No objectionable content
- [ ] UGC moderation implemented (filter, report, block, contact)
- [ ] Parental gates for Kids Category apps
- [ ] No false information or prank features
- [ ] Medical disclaimers if applicable
- [ ] No substance promotion
Performance (Section 2.x)
- [ ] No crashes or bugs
- [ ] All features complete and functional
- [ ] No placeholder content
- [ ] IPv6 tested and functional
- [ ] Demo account provided if needed
- [ ] Using only public APIs
- [ ] No deprecated APIs
- [ ] Proper background mode usage
Design (Section 4.x)
- [ ] Sufficient native functionality (not just web wrapper)
- [ ] No copycat concerns
- [ ] Original app name and branding
- [ ] Extensions comply with guidelines
- [ ] Login alternatives if using social login
- [ ] Not monetizing built-in capabilities
Legal (Section 5.x)
- [ ] No unlicensed third-party content
- [ ] Proper Apple trademark usage
- [ ] Gambling license if applicable
- [ ] VPN uses NEVPNManager API
- [ ] COPPA/GDPR compliance for kids
References
# README.md
App Store Review Guidelines Skill
An AI agent skill that exhaustively evaluates iOS, macOS, tvOS, watchOS, and visionOS app code against every point in Apple's App Store Review Guidelines.
Supports: Swift, Objective-C, React Native, and Expo apps
Installation
Claude Code Plugin Marketplace
/plugin marketplace add safaiyeh/app-store-review-skill
/plugin install app-store-review@app-store-review
skills.sh
npx skills add safaiyeh/app-store-review-skill
Setup
Supported AI Agents
This skill works with any AI coding agent that supports the skills.sh standard:
- Claude Code
- Cursor
- Windsurf
- And other compatible agents
How It Works
- Install the skill in your project using the command above
- Start your AI agent in the project directory
- Ask for an App Store review - the agent will automatically load relevant guidelines
- Review the findings - the agent identifies potential rejection issues with code references
Example Prompts
"Review this app for App Store compliance"
"Check if my IAP implementation follows Apple's guidelines"
"Audit the privacy and data collection in this React Native app"
"What App Store issues might block my submission?"
Telemetry
The skills CLI collects anonymous usage telemetry. To opt out:
SKILLS_NO_TELEMETRY=1 npx skills add safaiyeh/app-store-review-skill
Structure
app-store-review-skill/
βββ SKILL.md # Index with quick reference & checklist
βββ rules/
βββ 1-safety.md # Section 1: Safety guidelines
βββ 2-performance.md # Section 2: Performance guidelines
βββ 3-business.md # Section 3: Business guidelines
βββ 4-design.md # Section 4: Design guidelines
βββ 5-legal.md # Section 5: Legal guidelines
Coverage
This skill covers ALL 5 major sections with EVERY guideline point:
1. Safety
- 1.1 Objectionable Content (1.1.1-1.1.7)
- 1.2 User-Generated Content & Creator Content
- 1.3 Kids Category (parental gates, privacy, analytics)
- 1.4 Physical Harm (medical apps, drug dosage, substances)
- 1.5 Developer Information
- 1.6 Data Security
- 1.7 Reporting Criminal Activity
2. Performance
- 2.1 App Completeness (final versions, IAP)
- 2.2 Beta Testing
- 2.3 Accurate Metadata (2.3.1-2.3.13)
- 2.4 Hardware Compatibility (2.4.1-2.4.5)
- 2.5 Software Requirements (2.5.1-2.5.18)
3. Business
- 3.1 Payments (IAP, subscriptions, external links, crypto)
- 3.1.1-3.1.5 In-App Purchase rules
- 3.2 Other Business Models (acceptable/unacceptable)
4. Design
- 4.1 Copycats
- 4.2 Minimum Functionality
- 4.3 Spam
- 4.4 Extensions (keyboard, Safari)
- 4.5 Apple Sites and Services
- 4.7 Mini Apps, Chatbots, Game Emulators
- 4.8 Login Services
- 4.9 Apple Pay
- 4.10 Monetizing Built-In Capabilities
5. Legal
- 5.1 Privacy (data collection, use, sharing, health, kids, location)
- 5.2 Intellectual Property
- 5.3 Gaming, Gambling, Lotteries
- 5.4 VPN Apps
- 5.5 Mobile Device Management
Features
- Modular structure - Agent loads only relevant sections
- 2000+ lines of comprehensive guidelines
- Checklists for every guideline point
- Code patterns for Swift AND React Native/Expo
- Package references for both Expo and bare React Native
- Quick reference for high-risk rejection patterns
- Pre-submission checklist in main SKILL.md
React Native / Expo Support
Each rule file includes:
- TypeScript/JavaScript code patterns to flag
- Expo package recommendations (preferred)
- Bare React Native package alternatives
- React Native-specific checklists
Key packages covered:
- expo-tracking-transparency / react-native-tracking-transparency
- expo-in-app-purchases / react-native-iap
- expo-secure-store / react-native-keychain
- expo-apple-authentication / @invertase/react-native-apple-authentication
- expo-local-authentication / react-native-biometrics
What It Checks
Critical Issues (Immediate Rejection)
- Private API usage
- Hardcoded secrets/credentials
- External payment for digital goods
- On-device cryptocurrency mining
- Dynamic code execution
High-Risk Issues
- Missing App Tracking Transparency
- Account creation without deletion
- IAP without restore purchases
- UGC without moderation
- Kids apps without parental gates
Medium-Risk Issues
- Vague purpose strings
- Over-requesting permissions
- Unjustified background modes
- References to other platforms
When It Triggers
The skill activates when working on:
- App Store submission preparation
- Code compliance review
- Payment/StoreKit implementation
- Privacy and data handling
- User-generated content features
- Kids Category apps
- Health/medical apps
- VPN/MDM apps
- Gambling/lottery apps
License
MIT
# Related Skills
Use when feature flag tests fail, flags need updating, understanding @gate pragmas, debugging...
Use when you have lint errors, formatting issues, or before committing code to ensure it passes CI.
Use when you need to check feature flag states, compare channels, or debug why a feature behaves...
# Supported AI Coding Agents
This skill is compatible with the SKILL.md standard and works with all major AI coding agents:
Amp
Antigravity
Claude Code
Clawdbot
Codex
Cursor
Droid
Gemini CLI
GitHub Copilot
Goose
Kilo Code
Kiro CLI
OpenCode
Roo Code
Trae
Windsurf
Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.