App Store Submission Checklist

Project: ~~{{PROJECT_NAME}}~~Drop — Fintech Payment App Version: ~~{{APP_VERSION}}~~1.0.0 Build: ~~{{BUILD_NUMBER}}~~1 Date: ~~{{DATE}}~~2026-02-23 Author: ~~{{AUTHOR}}~~John (AI Director, ALAI) Status: Draft |— ~~In Review | Approved~~Pre-Submission Reviewers: ~~{{REVIEWERS}}~~Alem Bašić (CEO)

Document History

Version	Date	Author	Changes
0.1	~~{{DATE}}~~2026-02-23	~~{{AUTHOR}}~~John	Initial draft from app-store-metadata.md + screenshot-texts.md

Pre-Submission Requirements

General Readiness

All P1 and P2 bugs resolved ~~— issue tracker link:~~ {{URL}}
QA sign-off obtained ~~— sign-off document:~~ {{URL}}
Legal sign-off obtained (privacy policy, ~~terms)~~terms, —angrerettloven, {{URL}}finansavtaleloven)
Release notes written and reviewed in Norwegian Bokmål
~~Version number follows~~Version: {{1.0.0 (SemVer: MAJOR.MINOR.~~PATCH}}~~PATCH)
Build ~~number~~number: ~~incremented~~1 (monotonically incrementing — never reused)
All production environment variables set ~~for~~(NEXT_PUBLIC_APP_ENV=production, ~~production~~EXPO_PUBLIC_API_URL)
Crash-free rate > 99.5% in staging ~~(Sentry)~~
Analytics verified ~~— events firing correctly~~ in staging

Apple App Store

App Store Connect Setup

App record created in App Store Connect
App ID no.getdrop.app registered in Apple Developer Portal
Capabilities ~~match~~configured: ~~Xcode~~
- {{listPush capabilitiesNotifications used}}(Phase 2 — when push implemented)
- Background Modes → Remote notifications (Phase 2)
Provisioning profiles up to date (distribution profile)
Code signing certificate valid (not expiring within 30 days)
App Store Connect API key configured for ~~CI/CD~~EAS ~~submission~~Submit

App Metadata

App name: {{AppDrop name}}— Send penger (~~max~~18 chars — under 30 ~~chars)~~char limit)
Subtitle: {{Subtitle}}Enklere betalinger for alle (~~max~~28 chars — under 30 ~~chars)~~char ~~— highlights key feature~~limit)
Description: {{Description}}See full description below (~~max~~source: ~~4000 chars) — engaging, keyword-rich~~project/store/app-store-metadata.md)
Keywords: {{keyword1, keyword2, ...}}betaling,penger,overføring,QR,remittance,utlandet,gebyr,BankID,vipps,wisе,internasjonalt,send (~~max~~under 100 ~~chars total, comma-separated)~~chars)
Promotional text: {{PromoSend text}}penger til utlandet med 0,5% gebyr. Betal i butikk med QR. Trygt med BankID. Regulert i Norge. (~~max~~97 chars — under 170 ~~chars)~~char ~~— can update without new build~~limit)
Support URL: {{https://support.domain.com}}getdrop.no/support
Marketing URL: {{https://domain.com}}getdrop.no
Privacy policy URL: {{https://domain.com/privacy}}getdrop.no/personvern
Age ~~rating~~rating: ~~completed~~17+ (4+financial /transactions ~~12+~~+ /BankID ~~17+)~~requirement — 18+ in practice)
~~Category:~~Primary category: ~~Primary:~~Finance

{{Category}}

|Secondary ~~Secondary:~~category: {{Category}}Utilities
Copyright: {{Year}}© {{Company2026 Name}}ALAI Holding AS

Full Description (Norwegian):

Drop — Enklere betalinger. Lavere gebyrer.

Drop er den nye standarden for internasjonale overføringer og daglige betalinger i Norge. Enten du skal sende penger til familie i utlandet eller betale for kebaben på hjørnet, gir Drop deg enklere og billigere løsninger enn bankene.

HVA ER DROP?

Drop er en betalingsapp som gjør to ting ekstremt godt:
1. Send penger internasjonalt med lavere gebyrer enn Wise, Vipps eller Western Union
2. Betal i butikk med QR-kode — raskere og billigere enn bankkort

HVORFOR VELGE DROP?

• 0,5% gebyr på internasjonale overføringer — Send 10 000 kr til familie i utlandet for 50 kr i gebyr, ikke 500 kr
• 1% gebyr for QR-betalinger — Billigere for butikken, enklere for deg
• Trygt med BankID — Norsk autentisering du stoler på
• Regulert i Norge — Vi følger alle norske regler for finansielle tjenester
• Pengene dine forblir i banken din — Drop bruker Open Banking (PSD2), så vi holder aldri pengene dine
• Rask overføring — Internasjonale betalinger tar minutter, ikke dager
• 30+ land — Send til Balkan, Pakistan, Tyrkia, Polen, Tyskland og mange flere

SIKKERHET OG TILLIT

• BankID-pålogging — Norsk standard for sikker autentisering
• Ingen mellomlagring — Pengene dine går direkte fra din bank til mottaker
• Regulert av Finanstilsynet — Vi følger alle norske regler
• Open Banking (PSD2) — Vi bruker samme sikkerhet som bankene
• Transparent prising — Du ser alltid nøyaktig hva du betaler

PRISER

• 0,5% gebyr på internasjonale overføringer (ingen skjulte kostnader)
• 1% gebyr på QR-betalinger i butikk
• Gratis å laste ned og opprette konto
• Ingen månedlig avgift

Drop er et produkt av ALAI Holding AS (org.nr 932 516 136), et norskregistrert selskap.

Screenshots

Required screenshots (Norwegian text overlays — from project/store/screenshot-texts.md):

#	Screen	Headline	Subtext	Device Required
1	Login / BankID	"Trygg pålogging"	"Verifiser deg med BankID på under 2 minutter"	All
2	Dashboard	"Alt på ett sted"	"Send penger, betal med QR, se saldo — enkelt"	All
3	Send Money	"0,5% gebyr"	"Send til 30+ land — billigere enn banken"	All
4	QR Payment	"Betal på sekunder"	"Skann QR-kode i butikk — raskere enn kort"	All
5	Transaction History	"Full kontroll"	"Se alle betalinger og overføringer"	All
6	Bank Accounts	"Koble banken din"	"Se saldo fra din bank med Open Banking"	Optional
7	Notifications	"Hold deg oppdatert"	"Varsler for hver betaling og overføring"	Optional
8	Profile	"Dine innstillinger"	"Administrer konto, sikkerhet og varsler"	Optional

Required device sizes:

Device	Dimensions	Required	Status
iPhone 6.7" (1516 Pro Max)	1320×2868	Required	`{{Done/TODO}}`TODO
iPhone 6.5" (11 Pro Max / 12 Pro Max)	1242×2688	Required	`{{Done/TODO}}`TODO
iPhone 5.5" (8 Plus)	1242×2208	Required	`{{Done/TODO}}`TODO
iPad Pro 12.9" (6th gen)	2048×2732	Required if iPad supported	`{{Done/TODO}}`
~~iPad Pro 12.9" (2nd gen)~~	~~2048×2732~~	~~Required if iPad supported~~	`{{Done/TODO}}`TODO

Screenshot rules:

Max 10 screenshots per device
First screenshot = most compelling (~~primary~~Login ~~impression)~~

with

BankID Notrust ~~device frames required (add if chosen)~~signal)
No "Download on the App Store" badge in screenshots
Text overlays ~~readable~~use atFraunces ~~thumbnail~~(headlines) ~~size~~+ DM Sans (subtext) — see brand guide
NoDrop ~~third-party~~branding: IPgreen ~~without~~#0B6E35, ~~permission~~gold accent #D4A017

Logo watermark in corner (48px height)

Final review by Alem (native Norwegian speaker)

App Preview ~~video~~video: ~~(optional):~~Not required for v1.0

~~Max 30 seconds, format MP4 or MOV~~

~~Actual app footage — no simulated/demo content~~

App Privacy Details

Data types ~~collected~~Drop collects: ~~declared — mapped to usage purpose:~~

Data Type	Collected?	Linked to User?	Used for Tracking?	Purpose
Name	`{{Yes/No}}`Yes	`{{Yes/No}}`Yes	`{{Yes/No}}`No	Identity verification (BankID), KYC/AML
Email	`{{Yes/No}}`Yes	`{{Yes/No}}`Yes	`{{Yes/No}}`No	Account communication, support
Phone	`{{Yes/No}}`Yes	`{{Yes/No}}`Yes	`{{Yes/No}}`No	Registration, verification
Financial info (bank accounts)	Yes	Yes	No	AISP — balance display only
Transaction history	Yes	Yes	No	Service delivery, legal retention
Location (precise)	`{{Yes/No}}`No	`{{Yes/No}}`—	`{{Yes/No}}`—	Not collected
Location (coarse)	`{{Yes/No}}`No	`{{Yes/No}}`—	`{{Yes/No}}`—	Not collected
Usage data	`{{Yes/No}}`Yes	`{{Yes/No}}`No	`{{Yes/No}}`No	Service improvement (anonymized)
Crash data	`{{Yes/No}}`Yes	`{{Yes/No}}`No	`{{Yes/No}}`No	Bug fixing (anonymized)
Device ID	No	—	—	Not collected
Identifiers (~~device~~Expo ~~ID)~~push token)	`{{Yes/No}}`Yes	`{{Yes/No}}`Yes	`{{Yes/No}}`No	Push notifications (Phase 2)

App Tracking Transparency (ATT) ~~framework~~— ~~implemented~~NOT ifrequired ~~using~~(no IDFA usage)
NSUserTrackingUsageDescription ~~string~~— ~~provided~~NOT ~~in Info.plist~~required

Data retention: Transaction and identity data retained minimum 5 years per hvitvaskingsloven.

Review Guidelines Compliance

No private API usage ~~(review using~~ {{otool | MachOView}})
No undocumented device capabilities
~~In-~~No in-app ~~purchase~~purchases ~~implemented~~(Drop ~~for~~is a payment service, not selling digital ~~goods (not bypassing IAP)~~goods)
~~External payment links removed or comply with court order rules (US only)~~

~~Login options: if~~No Sign in with Apple isrequired ~~available~~(Drop ~~elsewhere,~~uses itBankID ~~MUST~~— beNorwegian ~~offered~~regulatory requirement)
User account deletion implemented via support contact (~~required~~[email protected]) ~~since~~— ~~June~~pending: ~~2022)~~self-service deletion
App ~~functions~~works as described — demo account ~~provided~~ for ~~review~~App ifReview ~~needed~~(see below)

Demo account for App Review:

Username: {{[email protected]}}[email protected]
Password: {{TBD — vault reference}}reference
Notes to reviewer: {{special"This setupis instructions}}a Norwegian payment app. BankID (Norway's national ID system) is required for full verification. For App Review purposes, a pre-verified demo account is provided. Camera permission is requested for QR payment scanning — use 'Simuler skanning' button to test without physical QR code."

Language note for App Review team: "The app is in Norwegian (Bokmål) — Norway's primary language. App Review guidelines allow non-English apps when serving a specific geographic market."

TestFlight Beta Testing

Internal testing completed (ALAI team ~~members~~ — up to ~~100)~~100 testers)
External beta testing ~~completed~~ — testers: {{N}},TBD, duration: {{N days}}TBD
Crash rate < 1% in TestFlight
Beta feedback addressed
What's New in(v1.0 ~~This~~beta): ~~Version:~~"Første {{Betabetaversjon releaseav notes}}Drop — gi oss tilbakemeldinger!"

App Transport Security

All network connections use HTTPS (drop-app.vercel.app)
No NSAllowsArbitraryLoads: true ~~(or justified with~~ NSExceptionDomains)
Certificate pinning ~~active~~— ~~for~~TBD ~~critical~~(requires ~~endpoints~~implementation before production)
No ATS exceptions ~~documented:~~ {{list any exceptions and justification}}needed

Common iOS Rejection Reasons — Prevention

~~Risk~~	~~Prevention~~
~~Crashes on launch~~	~~Test on physical device, clean install~~
~~Misleading screenshots~~	~~Screenshots match actual app UI~~
~~Login required without guest mode~~	~~Provide review demo account~~
~~Missing privacy strings~~	~~All~~ `NS*UsageDescription` ~~keys populated~~
~~IAP bypass~~	~~All digital content purchases go through IAP~~
~~Placeholder content~~	~~Remove all Lorem Ipsum, test data~~
~~Performance issues on older devices~~	~~Test on min supported device~~

Google Play Store

Google Play Console Setup

App created in Google Play Console
Signing key configured (Play App Signing — recommended)
Service account ~~configured~~ for ~~CI/CD~~EAS ~~API~~Submit ~~access~~configured
Developer account in good standing (ALAI Holding AS)

Store Listing

App name: {{AppDrop name}}— Send penger (~~max~~18 chars — under 50 ~~chars)~~char limit)
Short description: {{ShortSend desc}}penger internasjonalt. Betal i butikk med QR. 0,5% gebyr. Trygt med BankID. (~~max~~ 80 ~~chars)~~chars exactly)
Full description: {{FullSame description}}Norwegian content as iOS (~~max~~ 4000 ~~chars)~~char limit)
App icon: 512×512 ~~PNG,~~PNG (no ~~alpha,~~alpha no— ~~rounded~~TODO: ~~corners~~export ~~(Play~~from ~~adds them)~~Figma)
Feature graphic: 1024×500 ~~JPG/~~PNG — ~~shown~~"drop" atwordmark ~~top~~on ofgreen ~~listing~~gradient (TODO)
Screenshots: min 2, max 8 per device type

Device	Min Dimensions	Status
Phone	~~320×568~~1080×1920 ~~(min), 3840×3840 (max)~~px	`{{Done/TODO}}`TODO
7" tablet	Same constraints	`{{Done/TODO}}`TODO
10" tablet	Same constraints	`{{Done/TODO}}`TODO

Content Rating Questionnaire

IARC questionnaire completed in Play Console
Expected rating: 17+ (financial transactions, real money)

Rating certificate generated and applied

~~Rating matches app content (honest answers — inaccurate rating = suspension)~~

Data Safety Form

Data types ~~collected~~declared ~~declared~~

(same

as ~~Data~~Apple ~~sharing~~Privacy ~~disclosures~~Details ~~complete~~above)
Security practices answered:
- Data in transit encrypted: {{Yes/No}}Yes (HTTPS/TLS 1.3)
- Data at rest encrypted: {{Yes/No}}TBD (server-side)
- Users can request deletion: {{Yes/No}}Yes (via support contact — pending self-service)

Target Audience & Content

Target age ~~group~~group: ~~declared~~18+ (~~under~~BankID ~~13?~~requires —18+, ~~COPPA~~Norwegian ~~compliance required)~~residents)
~~Ads~~No ~~configuration (if using ads)~~ads — ~~appropriate~~Drop addoes ~~formats~~not ~~for~~serve ~~age group~~advertisements
Sensitive ~~app~~permissions: ~~permissions~~Camera (QR scanning) — justified in ~~declaration~~listing

Testing Tracks

Track	Audience	Status
Internal testing	UpALAI team (up to ~~100 internal testers~~100)	`{{Done/TODO}}`TODO
Closed testing (alpha)	Limited ~~testers,~~Norwegian ~~feedback~~testers	`{{Done/TODO}}`TODO
Open testing (beta)	~~Public~~Optional public opt-in	`{{Done/TODO}}`TODO
Production	Staged 10% → 100% ~~rollout / staged~~	`{{Done/TODO}}`TODO

Staged rollout: Start at {{10%}} → increase to 25% after {{48 hours}}hours → {{100%}}

after

Common7 Android Rejection Reasons — Prevention

monitoring

~~Risk~~	~~Prevention~~
~~Permission over-declaration~~	~~Request only necessary permissions~~
~~Misleading app behavior~~	~~App does exactly what listing says~~
~~Policy violations~~days (~~ads)~~	Nocrash ~~interstitials on back press, no deceptive ads~~
~~Malware detection~~	~~Scan APK/AAB with VirusTotal before upload~~
~~Crashes~~	~~Test on multiple API levels, both ARM architectures~~
~~Data safety inaccurate~~	~~Audit all SDKs for data collection~~

rate).

Cross-Platform Checklist

Version Naming

Field	iOS	Android	Value
Version string	`CFBundleShortVersionString`	`versionName`	`{{X.Y.Z}}1.0.0`
Build number	`CFBundleVersion`	`versionCode`	`{{N}}1` (~~monotonic)~~monotonically increasing)

~~Version naming convention:~~ MAJOR.MINOR.PATCH

~~MAJOR: Breaking change / major redesign~~

~~MINOR: New feature~~

~~PATCH: Bug fix / performance~~

Release Notes Format(Norwegian)

What'sVelkommen newtil inDrop!

v{{X.Y.Z}}:Dette er den første versjonen av Drop — din nye app for enklere og billigere betalinger.

Hva kan du gjøre:
• {{NewSend featurepenger 1}}til utlandet med 0,5% gebyr
• {{BugBetal fixi 1}}butikk med QR-kode
• {{ImprovementVerifiser 1}}deg Questionstrygt ormed feedback?BankID
Contact• usSe atalle support@{{domain.com}}transaksjoner på ett sted

Kommer snart:
• Støtte for flere land
• Wallet og dagligbetalinger

Har du tilbakemeldinger? Send oss en e-post på [email protected] — vi leser alt!

~~Rules:~~

~~Max 500 characters (App Store) / 500 characters (Play Store)~~

~~Translate for each supported locale~~

~~No marketing language — factual changes only~~

~~Reference to known issues if applicable~~

Marketing Assets Checklist

App icon final — 1024×1024 (noiOS), ~~placeholder)~~512×512 (Android) — from Figma brand/ assets
Feature graphic final — 1024×500 PNG (Google Play)
~~Press~~Screenshots ~~kit~~with ~~updated:~~Norwegian {{URL}}text overlays — all device sizes
~~App~~Press ~~preview~~kit ~~video~~updated ~~(if~~at ~~applicable)~~https://getdrop.no/presse
Social media announcement ~~content~~in Norwegian prepared

Legal Requirements

Privacy Policy URL: ~~URL:~~ {{URL}}https://getdrop.no/personvern — GDPR-compliant, covers all data collected
Terms of Service URL: ~~URL:~~ {{URL}}https://getdrop.no/vilkar
GDPR: Right to deletion ~~implemented~~(via support, pending self-service portal)
~~CCPA:~~Angrerettloven: Do14-day ~~Not~~withdrawal ~~Sell~~right ~~link~~form ~~(if~~at US/withdrawal

~~users)~~

Finansavtaleloven §3-53: Complaint form at /complaints

Hvitvaskingsloven: 5-year AML data retention stated in privacy policy
COPPA: ~~Kids~~Not ~~category compliance~~applicable (if18+ <minimum ~~13)~~age, Norwegian residents only)

Drop-Specific Submission Notes

BankID requirement: Explicitly mention in App Review notes that BankID (Norwegian national digital ID system) is required. Provide pre-verified demo account.
Age ~~In-app~~restriction: ~~purchase~~17+ ~~terms~~(App ~~linked~~Store) due to financial transactions and real money. BankID legally requires 18+.
Permissions: Camera (QR scanning) — justified as core feature. Push notifications (Phase 2) — transaction alerts.

Regulatory compliance: ALAI Holding AS, Org.nr 932 516 136, Norway. Regulert av Finanstilsynet.

Pass-through model: Drop never holds user money. Emphasize in reviewer notes to avoid confusion with e-money apps that require different regulatory disclosure.

Norwegian language: All store content in Norwegian Bokmål — correct for geographic target market (Norway).

Target market: Norway only (Phase 1). Sverige, Danmark in Phase 2.

Final Submission Sign-Off

Item	Status	Sign-Off
All checklist items complete	`{{Yes/No}}`Not yet
QA approval received	`{{Yes/No}}`Not yet
Legal approval received	`{{Yes/No}}`Not yet
Marketing assets ready	`{{Yes/No}}`Not yet
Support team briefed ([email protected])	`{{Yes/No}}`Not yet
Alem final review	Not yet

Approval

Role	Name	Date
Author	John (AI Director)	2026-02-23
Mobile Lead
QA Lead
Product Manager	Alem Bašić
Legal