App Store Requirements & Compliance (iOS + Android)
Before publishing, your app must meet compliance standards across privacy, performance, UX, login flows, permissions, content guidelines and applicable legal requirements.
Privacy & Data Collection
Privacy compliance is the most common reason apps are rejected or removed from both stores. Both Apple and Google have significantly tightened their privacy requirements in recent years.
Privacy Nutrition Labels
You must declare every type of data your app collects in App Store Connect โ what it is, why you collect it, and whether it's linked to the user's identity. Apple shows this on your listing.
App Tracking Transparency (ATT)
If your app accesses the IDFA or tracks users across apps/websites, you must show the ATT prompt and request permission. Doing this without user consent leads to immediate rejection.
Data Safety Section
In Play Console you must complete a Data Safety form declaring what data is collected, shared, and whether users can request deletion. Inaccurate declarations violate policy.
Privacy Policy
A publicly accessible, specific privacy policy URL is required. Generic policies or broken links cause rejection. Your policy must cover every data type your app actually uses.
Performance Standards
Both stores require apps to meet minimum performance standards. Unstable or slow apps reflect badly on the store and lead to rejections or removal.
No Crashes on Launch
An app that crashes on startup is an instant rejection. Test on real devices across multiple OS versions before submitting.
ANR Rate (Android)
If your app's ANR (App Not Responding) rate exceeds Google's threshold, your Play Store visibility is reduced automatically.
Crash-Free Rate
Google monitors crash rates post-launch. Sustained high crash rates trigger warnings and potential removal from the Play Store.
iOS Stability
Apple reviewers test on real devices. If the app crashes or hangs during review, it will be rejected with a note to fix stability issues.
UX & Design Guidelines
Apple and Google both have Human Interface Guidelines (HIG) and Material Design guidelines. While you don't need to follow them exactly, gross violations will cause rejection.
Support All Screen Sizes
Your app must work correctly on all modern screen sizes for the platforms you target. Broken layouts on large screens or notched displays are rejection reasons.
Accessibility
Apps must not actively block accessibility features. Screen reader support (VoiceOver / TalkBack) and dynamic text sizing should work correctly in your core flows.
No Dark Patterns
Both stores reject apps that use deceptive UI โ hidden charges, fake countdown timers, misleading subscription flows, or buttons that obscure cancel/decline actions.
No Broken Links or Placeholder Content
Remove any Lorem Ipsum text, test data, broken navigation, or placeholder images before submitting. Reviewers check thoroughly.
Login & Account Requirements
How your app handles accounts and login is a frequent source of rejection โ especially on iOS where Apple's own identity services must be considered.
Sign in with Apple Required
If your app supports third-party or social login (Google, Facebook, Twitter), you must also offer Sign in with Apple as an option. No exceptions.
Account Deletion
Apps that allow account creation must also provide a way to delete the account from within the app. This is now a hard requirement on both platforms.
Guest / Browse Mode
Apps that force account creation before showing any content may be rejected. Where appropriate, offer a guest mode that lets users explore the app's value before signing up.
Permissions
Only request permissions your app genuinely needs. Over-requesting permissions is a major red flag for both reviewers and users โ and a direct policy violation.
๐ Location
Only request 'Always' location access if your core feature requires it (e.g. navigation). 'When in Use' is sufficient for most apps.
๐ท Camera & Photos
Explain the purpose clearly. iOS requires a usage description string in Info.plist. Photo library access should request 'limited' when full access isn't needed.
๐ฌ Notifications
Don't request notification permission immediately on launch. Present a value proposition first. Aggressive notification prompts lead to permission denials and poor reviews.
๐ Contacts
Access to the full contact list is increasingly restricted. If you only need to look up specific contacts, use the limited picker API instead.
๐ค Microphone & Speech
If your app includes speech recognition, you must declare this in your privacy labels and usage descriptions. Apple is particularly strict about audio capture.
๐ถ Background Activity
Background modes (location, audio, fetch) require justification. Unnecessary background activity drains battery and will be flagged during review.
Content Guidelines
Both stores have strict content policies. Some content types are prohibited entirely; others are allowed only with age ratings and content warnings.
Generally Allowed
E-commerce, productivity, entertainment, fitness, food ordering, social networking (with appropriate moderation), educational content, games (with correct age rating).
Requires Extra Compliance
Health & medical apps (medical claims must be evidence-based), financial apps (may require regulatory licences), apps targeting children (strict child privacy compliance required), gambling apps (jurisdiction-specific licensing).
Not Allowed
Hate speech, content exploiting minors (zero tolerance), malware or spyware, apps designed to facilitate illegal activity, apps that clone or impersonate other apps, apps with only web content (thin wrappers rejected).
Legal Requirements
App stores require your app to meet certain legal standards before it can be published. The specific obligations vary depending on where your customers are located and what your app does.
Consent Management
You must obtain appropriate consent before collecting or processing personal data. Ensure your consent flows are clear, specific, and not bundled with other agreements.
User Data Rights
Depending on your customers' locations, they may have the right to access, correct, or delete their data. Make sure your app and backend can support these requests.
Data Handling
Be mindful of where user data is stored and processed. Ensure any third-party tools and SDKs you use handle data responsibly and in line with your privacy policy.
Terms of Service & Privacy Policy
A clear Terms of Service and Privacy Policy are required by both app stores. Both must be accessible from within the app, not just on a website.