App Store Submission Checklist

Project: {{PROJECT_NAME}} Version: {{APP_VERSION}} Build: {{BUILD_NUMBER}} Date: {{DATE}} Author: {{AUTHOR}} Status: Draft | In Review | Approved Reviewers: {{REVIEWERS}}

Document History

Version	Date	Author	Changes
0.1	{{DATE}}	{{AUTHOR}}	Initial draft

Pre-Submission Requirements

General Readiness

All P1 and P2 bugs resolved — issue tracker link: {{URL}}
QA sign-off obtained — sign-off document: {{URL}}
Legal sign-off obtained (privacy policy, terms) — {{URL}}
Release notes written and reviewed
Version number follows {{SemVer: MAJOR.MINOR.PATCH}}
Build number incremented (monotonically — never reused)
All environment variables set for production
Crash-free rate > 99.5% in staging (Sentry)
Analytics verified — events firing correctly in staging

Apple App Store

App Store Connect Setup

App record created in App Store Connect
App ID registered in Apple Developer Portal
Capabilities match Xcode project: {{list capabilities used}}
Provisioning profiles up to date (distribution profile)
Code signing certificate valid (not expiring within 30 days)
App Store Connect API key configured for CI/CD submission

App Metadata

Screenshots

Device	Dimensions	Required	Status
iPhone 6.7" (15 Pro Max)	1320×2868	Required	`{{Done/TODO}}`
iPhone 6.5" (11 Pro Max / 12 Pro Max)	1242×2688	Required	`{{Done/TODO}}`
iPhone 5.5" (8 Plus)	1242×2208	Required	`{{Done/TODO}}`
iPad Pro 12.9" (6th gen)	2048×2732	Required if iPad supported	`{{Done/TODO}}`
iPad Pro 12.9" (2nd gen)	2048×2732	Required if iPad supported	`{{Done/TODO}}`

Screenshot rules:

Max 10 screenshots per device
First screenshot = most compelling (primary impression)
No device frames required (add if chosen)
No "Download on the App Store" badge in screenshots
Text overlays readable at thumbnail size
No third-party IP without permission

App Preview video (optional):

Max 30 seconds, format MP4 or MOV
Actual app footage — no simulated/demo content

App Privacy Details

Data types collected declared — mapped to usage purpose:

Data Type	Collected?	Linked to User?	Used for Tracking?
Name	`{{Yes/No}}`	`{{Yes/No}}`	`{{Yes/No}}`
Email	`{{Yes/No}}`	`{{Yes/No}}`	`{{Yes/No}}`
Phone	`{{Yes/No}}`	`{{Yes/No}}`	`{{Yes/No}}`
Location (precise)	`{{Yes/No}}`	`{{Yes/No}}`	`{{Yes/No}}`
Location (coarse)	`{{Yes/No}}`	`{{Yes/No}}`	`{{Yes/No}}`
Usage data	`{{Yes/No}}`	`{{Yes/No}}`	`{{Yes/No}}`
Crash data	`{{Yes/No}}`	`{{Yes/No}}`	`{{Yes/No}}`
Identifiers (device ID)	`{{Yes/No}}`	`{{Yes/No}}`	`{{Yes/No}}`

App Tracking Transparency (ATT) framework implemented if using IDFA
NSUserTrackingUsageDescription string provided in Info.plist

Review Guidelines Compliance

No private API usage (review using {{otool | MachOView}})
No undocumented device capabilities
In-app purchase implemented for digital goods (not bypassing IAP)
External payment links removed or comply with court order rules (US only)
Login options: if Sign in with Apple is available elsewhere, it MUST be offered
User account deletion implemented (required since June 2022)
App functions as described — demo account provided for review if needed

Demo account for App Review:

Username: {{[email protected]}}
Password: {{vault reference}}
Notes to reviewer: {{special setup instructions}}

TestFlight Beta Testing

Internal testing completed (team members — up to 100)
External beta testing completed — testers: {{N}}, duration: {{N days}}
Crash rate < 1% in TestFlight
Beta feedback addressed
What's New in This Version: {{Beta release notes}}

App Transport Security

All network connections use HTTPS
No NSAllowsArbitraryLoads: true (or justified with NSExceptionDomains)
Certificate pinning active for critical endpoints
ATS exceptions documented: {{list any exceptions and justification}}

Common iOS Rejection Reasons — Prevention

Risk	Prevention
Crashes on launch	Test on physical device, clean install
Misleading screenshots	Screenshots match actual app UI
Login required without guest mode	Provide review demo account
Missing privacy strings	All `NS*UsageDescription` keys populated
IAP bypass	All digital content purchases go through IAP
Placeholder content	Remove all Lorem Ipsum, test data
Performance issues on older devices	Test on min supported device

Google Play Store

Google Play Console Setup

App created in Google Play Console
Signing key configured (Play App Signing — recommended)
Service account configured for CI/CD API access
Developer account in good standing

Store Listing

App name: {{App name}} (max 50 chars)
Short description: {{Short desc}} (max 80 chars)
Full description: {{Full description}} (max 4000 chars)
App icon: 512×512 PNG, no alpha, no rounded corners (Play adds them)
Feature graphic: 1024×500 JPG/PNG — shown at top of listing
Screenshots: min 2, max 8 per device type

Device	Min Dimensions	Status
Phone	320×568 (min), 3840×3840 (max)	`{{Done/TODO}}`
7" tablet	Same constraints	`{{Done/TODO}}`
10" tablet	Same constraints	`{{Done/TODO}}`

Content Rating Questionnaire

IARC questionnaire completed in Play Console
Rating certificate generated and applied
Rating matches app content (honest answers — inaccurate rating = suspension)

Data Safety Form

Data types collected declared
Data sharing disclosures complete
Security practices answered:
- Data in transit encrypted: {{Yes/No}}
- Data at rest encrypted: {{Yes/No}}
- Users can request deletion: {{Yes/No}}

Target Audience & Content

Target age group declared (under 13? — COPPA compliance required)
Ads configuration (if using ads) — appropriate ad formats for age group
Sensitive app permissions justified in declaration

Testing Tracks

Track	Audience	Status
Internal testing	Up to 100 internal testers	`{{Done/TODO}}`
Closed testing (alpha)	Limited testers, feedback	`{{Done/TODO}}`
Open testing (beta)	Public opt-in	`{{Done/TODO}}`
Production	100% rollout / staged	`{{Done/TODO}}`

Staged rollout: Start at {{10%}} → increase after {{48 hours}} → {{100%}}

Common Android Rejection Reasons — Prevention

Risk	Prevention
Permission over-declaration	Request only necessary permissions
Misleading app behavior	App does exactly what listing says
Policy violations (ads)	No interstitials on back press, no deceptive ads
Malware detection	Scan APK/AAB with VirusTotal before upload
Crashes	Test on multiple API levels, both ARM architectures
Data safety inaccurate	Audit all SDKs for data collection

Cross-Platform Checklist

Version Naming

Field	iOS	Android	Value
Version string	`CFBundleShortVersionString`	`versionName`	`{{X.Y.Z}}`
Build number	`CFBundleVersion`	`versionCode`	`{{N}}` (monotonic)

Version naming convention: MAJOR.MINOR.PATCH

MAJOR: Breaking change / major redesign
MINOR: New feature
PATCH: Bug fix / performance

Release Notes Format

What's new in v{{X.Y.Z}}:

• {{New feature 1}}
• {{Bug fix 1}}
• {{Improvement 1}}

Questions or feedback? Contact us at support@{{domain.com}}

Rules:

Max 500 characters (App Store) / 500 characters (Play Store)
Translate for each supported locale
No marketing language — factual changes only
Reference to known issues if applicable

Marketing Assets

App icon final (no placeholder)
Feature graphic final (Google Play)
Press kit updated: {{URL}}
App preview video (if applicable)
Social media announcement content prepared

Legal Requirements

Privacy Policy URL: {{URL}} — covers all data collected
Terms of Service URL: {{URL}}
GDPR: Right to deletion implemented
CCPA: Do Not Sell link (if US users)
COPPA: Kids category compliance (if < 13)
In-app purchase terms linked

Final Submission Sign-Off

Item	Status	Sign-Off
All checklist items complete	`{{Yes/No}}`
QA approval received	`{{Yes/No}}`
Legal approval received	`{{Yes/No}}`
Marketing assets ready	`{{Yes/No}}`
Support team briefed	`{{Yes/No}}`

Approval

Role	Name	Date	Signature
Author
Mobile Lead
QA Lead
Product Manager
Legal