# App Store Submission Checklist # App Store Submission Checklist > **Project:** {{PROJECT_NAME}} > **Version:** {{APP_VERSION}} > **Build:** {{BUILD_NUMBER}} > **Date:** {{DATE}} > **Author:** {{AUTHOR}} > **Status:** Draft | In Review | Approved > **Reviewers:** {{REVIEWERS}} ## Document History | Version | Date | Author | Changes | |---------|------|--------|---------| | 0.1 | {{DATE}} | {{AUTHOR}} | Initial draft | --- ## Pre-Submission Requirements ### General Readiness - [ ] All P1 and P2 bugs resolved — issue tracker link: `{{URL}}` - [ ] QA sign-off obtained — sign-off document: `{{URL}}` - [ ] Legal sign-off obtained (privacy policy, terms) — `{{URL}}` - [ ] Release notes written and reviewed - [ ] Version number follows `{{SemVer: MAJOR.MINOR.PATCH}}` - [ ] Build number incremented (monotonically — never reused) - [ ] All environment variables set for production - [ ] Crash-free rate > 99.5% in staging (Sentry) - [ ] Analytics verified — events firing correctly in staging --- ## Apple App Store ### App Store Connect Setup - [ ] App record created in App Store Connect - [ ] App ID registered in Apple Developer Portal - [ ] Capabilities match Xcode project: `{{list capabilities used}}` - [ ] Provisioning profiles up to date (distribution profile) - [ ] Code signing certificate valid (not expiring within 30 days) - [ ] App Store Connect API key configured for CI/CD submission --- ### App Metadata - [ ] **App name:** `{{App name}}` (max 30 chars) - [ ] **Subtitle:** `{{Subtitle}}` (max 30 chars) — highlights key feature - [ ] **Description:** `{{Description}}` (max 4000 chars) — engaging, keyword-rich - [ ] **Keywords:** `{{keyword1, keyword2, ...}}` (max 100 chars total, comma-separated) - [ ] **Promotional text:** `{{Promo text}}` (max 170 chars) — can update without new build - [ ] **Support URL:** `{{https://support.domain.com}}` - [ ] **Marketing URL:** `{{https://domain.com}}` - [ ] **Privacy policy URL:** `{{https://domain.com/privacy}}` - [ ] **Age rating** completed (4+ / 12+ / 17+) - [ ] **Category:** Primary: `{{Category}}` | Secondary: `{{Category}}` - [ ] **Copyright:** `{{Year}} {{Company Name}}` --- ### Screenshots | Device | Dimensions | Required | Status | |--------|-----------|----------|--------| | iPhone 6.7" (15 Pro Max) | 1320×2868 | Required | `{{Done/TODO}}` | | iPhone 6.5" (11 Pro Max / 12 Pro Max) | 1242×2688 | Required | `{{Done/TODO}}` | | iPhone 5.5" (8 Plus) | 1242×2208 | Required | `{{Done/TODO}}` | | iPad Pro 12.9" (6th gen) | 2048×2732 | Required if iPad supported | `{{Done/TODO}}` | | iPad Pro 12.9" (2nd gen) | 2048×2732 | Required if iPad supported | `{{Done/TODO}}` | **Screenshot rules:** - [ ] Max 10 screenshots per device - [ ] First screenshot = most compelling (primary impression) - [ ] No device frames required (add if chosen) - [ ] No "Download on the App Store" badge in screenshots - [ ] Text overlays readable at thumbnail size - [ ] No third-party IP without permission **App Preview video** (optional): - [ ] Max 30 seconds, format MP4 or MOV - [ ] Actual app footage — no simulated/demo content --- ### App Privacy Details - [ ] **Data types collected** declared — mapped to usage purpose: | Data Type | Collected? | Linked to User? | Used for Tracking? | |-----------|-----------|-----------------|-------------------| | Name | `{{Yes/No}}` | `{{Yes/No}}` | `{{Yes/No}}` | | Email | `{{Yes/No}}` | `{{Yes/No}}` | `{{Yes/No}}` | | Phone | `{{Yes/No}}` | `{{Yes/No}}` | `{{Yes/No}}` | | Location (precise) | `{{Yes/No}}` | `{{Yes/No}}` | `{{Yes/No}}` | | Location (coarse) | `{{Yes/No}}` | `{{Yes/No}}` | `{{Yes/No}}` | | Usage data | `{{Yes/No}}` | `{{Yes/No}}` | `{{Yes/No}}` | | Crash data | `{{Yes/No}}` | `{{Yes/No}}` | `{{Yes/No}}` | | Identifiers (device ID) | `{{Yes/No}}` | `{{Yes/No}}` | `{{Yes/No}}` | - [ ] App Tracking Transparency (ATT) framework implemented if using IDFA - [ ] NSUserTrackingUsageDescription string provided in Info.plist --- ### Review Guidelines Compliance - [ ] No private API usage (review using `{{otool | MachOView}}`) - [ ] No undocumented device capabilities - [ ] In-app purchase implemented for digital goods (not bypassing IAP) - [ ] External payment links removed or comply with court order rules (US only) - [ ] Login options: if Sign in with Apple is available elsewhere, it MUST be offered - [ ] User account deletion implemented (required since June 2022) - [ ] App functions as described — demo account provided for review if needed **Demo account for App Review:** - Username: `{{review@domain.com}}` - Password: `{{vault reference}}` - Notes to reviewer: `{{special setup instructions}}` --- ### TestFlight Beta Testing - [ ] Internal testing completed (team members — up to 100) - [ ] External beta testing completed — testers: `{{N}}`, duration: `{{N days}}` - [ ] Crash rate < 1% in TestFlight - [ ] Beta feedback addressed - [ ] What's New in This Version: `{{Beta release notes}}` --- ### App Transport Security - [ ] All network connections use HTTPS - [ ] No `NSAllowsArbitraryLoads: true` (or justified with `NSExceptionDomains`) - [ ] Certificate pinning active for critical endpoints - [ ] ATS exceptions documented: `{{list any exceptions and justification}}` --- ### Common iOS Rejection Reasons — Prevention | Risk | Prevention | |------|-----------| | Crashes on launch | Test on physical device, clean install | | Misleading screenshots | Screenshots match actual app UI | | Login required without guest mode | Provide review demo account | | Missing privacy strings | All `NS*UsageDescription` keys populated | | IAP bypass | All digital content purchases go through IAP | | Placeholder content | Remove all Lorem Ipsum, test data | | Performance issues on older devices | Test on min supported device | --- ## Google Play Store ### Google Play Console Setup - [ ] App created in Google Play Console - [ ] Signing key configured (Play App Signing — recommended) - [ ] Service account configured for CI/CD API access - [ ] Developer account in good standing --- ### Store Listing - [ ] **App name:** `{{App name}}` (max 50 chars) - [ ] **Short description:** `{{Short desc}}` (max 80 chars) - [ ] **Full description:** `{{Full description}}` (max 4000 chars) - [ ] **App icon:** 512×512 PNG, no alpha, no rounded corners (Play adds them) - [ ] **Feature graphic:** 1024×500 JPG/PNG — shown at top of listing - [ ] **Screenshots:** min 2, max 8 per device type | Device | Min Dimensions | Status | |--------|----------------|--------| | Phone | 320×568 (min), 3840×3840 (max) | `{{Done/TODO}}` | | 7" tablet | Same constraints | `{{Done/TODO}}` | | 10" tablet | Same constraints | `{{Done/TODO}}` | --- ### Content Rating Questionnaire - [ ] IARC questionnaire completed in Play Console - [ ] Rating certificate generated and applied - [ ] Rating matches app content (honest answers — inaccurate rating = suspension) --- ### Data Safety Form - [ ] Data types collected declared - [ ] Data sharing disclosures complete - [ ] Security practices answered: - [ ] Data in transit encrypted: `{{Yes/No}}` - [ ] Data at rest encrypted: `{{Yes/No}}` - [ ] Users can request deletion: `{{Yes/No}}` --- ### Target Audience & Content - [ ] Target age group declared (under 13? — COPPA compliance required) - [ ] Ads configuration (if using ads) — appropriate ad formats for age group - [ ] Sensitive app permissions justified in declaration --- ### Testing Tracks | Track | Audience | Status | |-------|----------|--------| | Internal testing | Up to 100 internal testers | `{{Done/TODO}}` | | Closed testing (alpha) | Limited testers, feedback | `{{Done/TODO}}` | | Open testing (beta) | Public opt-in | `{{Done/TODO}}` | | Production | 100% rollout / staged | `{{Done/TODO}}` | **Staged rollout:** Start at `{{10%}}` → increase after `{{48 hours}}` → `{{100%}}` --- ### Common Android Rejection Reasons — Prevention | Risk | Prevention | |------|-----------| | Permission over-declaration | Request only necessary permissions | | Misleading app behavior | App does exactly what listing says | | Policy violations (ads) | No interstitials on back press, no deceptive ads | | Malware detection | Scan APK/AAB with VirusTotal before upload | | Crashes | Test on multiple API levels, both ARM architectures | | Data safety inaccurate | Audit all SDKs for data collection | --- ## Cross-Platform Checklist ### Version Naming | Field | iOS | Android | Value | |-------|-----|---------|-------| | Version string | `CFBundleShortVersionString` | `versionName` | `{{X.Y.Z}}` | | Build number | `CFBundleVersion` | `versionCode` | `{{N}}` (monotonic) | **Version naming convention:** `MAJOR.MINOR.PATCH` - MAJOR: Breaking change / major redesign - MINOR: New feature - PATCH: Bug fix / performance --- ### Release Notes Format ``` What's new in v{{X.Y.Z}}: • {{New feature 1}} • {{Bug fix 1}} • {{Improvement 1}} Questions or feedback? Contact us at support@{{domain.com}} ``` **Rules:** - Max 500 characters (App Store) / 500 characters (Play Store) - Translate for each supported locale - No marketing language — factual changes only - Reference to known issues if applicable --- ### Marketing Assets - [ ] App icon final (no placeholder) - [ ] Feature graphic final (Google Play) - [ ] Press kit updated: `{{URL}}` - [ ] App preview video (if applicable) - [ ] Social media announcement content prepared --- ### Legal Requirements - [ ] **Privacy Policy** URL: `{{URL}}` — covers all data collected - [ ] **Terms of Service** URL: `{{URL}}` - [ ] GDPR: Right to deletion implemented - [ ] CCPA: Do Not Sell link (if US users) - [ ] COPPA: Kids category compliance (if < 13) - [ ] In-app purchase terms linked --- ## Final Submission Sign-Off | Item | Status | Sign-Off | |------|--------|---------| | All checklist items complete | `{{Yes/No}}` | | | QA approval received | `{{Yes/No}}` | | | Legal approval received | `{{Yes/No}}` | | | Marketing assets ready | `{{Yes/No}}` | | | Support team briefed | `{{Yes/No}}` | | --- ## Approval | Role | Name | Date | Signature | |------|------|------|-----------| | Author | | | | | Mobile Lead | | | | | QA Lead | | | | | Product Manager | | | | | Legal | | | |