App Store Submission Checklist

Project: ~~Drop — Fintech Payment App~~{{PROJECT_NAME}} Version: ~~1.0.0~~{{APP_VERSION}} Build: 1{{BUILD_NUMBER}} Date: ~~2026-02-23~~{{DATE}} Author: ~~John (AI Director, ALAI)~~{{AUTHOR}} Status: Draft —| ~~Pre-Submission~~In Review | Approved Reviewers: ~~Alem Bašić (CEO)~~{{REVIEWERS}}

Document History

Version	Date	Author	Changes
0.1	~~2026-02-23~~{{DATE}}	~~John~~{{AUTHOR}}	Initial draft ~~from app-store-metadata.md + screenshot-texts.md~~

Pre-Submission Requirements

General Readiness

All P1 and P2 bugs resolved — issue tracker link: {{URL}}
QA sign-off obtained — sign-off document: {{URL}}
Legal sign-off obtained (privacy policy, ~~terms,~~terms) ~~angrerettloven,~~— ~~finansavtaleloven)~~{{URL}}
Release notes written and reviewed ~~in Norwegian Bokmål~~
~~Version:~~Version number follows 1.0.0 ({{SemVer: MAJOR.MINOR.~~PATCH)~~PATCH}}
Build ~~number:~~number 1incremented (monotonically ~~incrementing~~ — never reused)
All ~~production~~ environment variables set (NEXT_PUBLIC_APP_ENV=for production, EXPO_PUBLIC_API_URL)
Crash-free rate > 99.5% in staging (Sentry)
Analytics verified — events firing correctly in staging

Apple App Store

App Store Connect Setup

App record created in App Store Connect
App ID no.getdrop.app registered in Apple Developer Portal
Capabilities ~~configured:~~match
- project: ~~Push~~{{list Notificationscapabilities (Phase 2 — when push implemented)
used}}
Provisioning profiles up to date (distribution profile)
Code signing certificate valid (not expiring within 30 days)
App Store Connect API key configured for ~~EAS~~CI/CD ~~Submit~~submission

App Metadata

~~Full Description (Norwegian):~~

Drop — Enklere betalinger. Lavere gebyrer.

Drop er den nye standarden for internasjonale overføringer og daglige betalinger i Norge. Enten du skal sende penger til familie i utlandet eller betale for kebaben på hjørnet, gir Drop deg enklere og billigere løsninger enn bankene.

HVA ER DROP?

Drop er en betalingsapp som gjør to ting ekstremt godt:
1. Send penger internasjonalt med lavere gebyrer enn Wise, Vipps eller Western Union
2. Betal i butikk med QR-kode — raskere og billigere enn bankkort

HVORFOR VELGE DROP?

• 0,5% gebyr på internasjonale overføringer — Send 10 000 kr til familie i utlandet for 50 kr i gebyr, ikke 500 kr
• 1% gebyr for QR-betalinger — Billigere for butikken, enklere for deg
• Trygt med BankID — Norsk autentisering du stoler på
• Regulert i Norge — Vi følger alle norske regler for finansielle tjenester
• Pengene dine forblir i banken din — Drop bruker Open Banking (PSD2), så vi holder aldri pengene dine
• Rask overføring — Internasjonale betalinger tar minutter, ikke dager
• 30+ land — Send til Balkan, Pakistan, Tyrkia, Polen, Tyskland og mange flere

SIKKERHET OG TILLIT

• BankID-pålogging — Norsk standard for sikker autentisering
• Ingen mellomlagring — Pengene dine går direkte fra din bank til mottaker
• Regulert av Finanstilsynet — Vi følger alle norske regler
• Open Banking (PSD2) — Vi bruker samme sikkerhet som bankene
• Transparent prising — Du ser alltid nøyaktig hva du betaler

PRISER

• 0,5% gebyr på internasjonale overføringer (ingen skjulte kostnader)
• 1% gebyr på QR-betalinger i butikk
• Gratis å laste ned og opprette konto
• Ingen månedlig avgift

Drop er et produkt av ALAI Holding AS (org.nr 932 516 136), et norskregistrert selskap.

Screenshots

~~Required screenshots (Norwegian text overlays — from~~ project/store/screenshot-texts.md):

#	~~Screen~~	~~Headline~~	~~Subtext~~	~~Device Required~~
1	~~Login / BankID~~	~~"Trygg pålogging"~~	~~"Verifiser deg med BankID på under 2 minutter"~~	~~All~~
2	~~Dashboard~~	~~"Alt på ett sted"~~	~~"Send penger, betal med QR, se saldo — enkelt"~~	~~All~~
3	~~Send Money~~	~~"0,5% gebyr"~~	~~"Send til 30+ land — billigere enn banken"~~	~~All~~
4	~~QR Payment~~	~~"Betal på sekunder"~~	~~"Skann QR-kode i butikk — raskere enn kort"~~	~~All~~
5	~~Transaction History~~	~~"Full kontroll"~~	~~"Se alle betalinger og overføringer"~~	~~All~~
6	~~Bank Accounts~~	~~"Koble banken din"~~	~~"Se saldo fra din bank med Open Banking"~~	~~Optional~~
7	~~Notifications~~	~~"Hold deg oppdatert"~~	~~"Varsler for hver betaling og overføring"~~	~~Optional~~
8	~~Profile~~	~~"Dine innstillinger"~~	~~"Administrer konto, sikkerhet og varsler"~~	~~Optional~~

~~Required device sizes:~~

Device	Dimensions	Required	Status
iPhone 6.7" (1615 Pro Max)	1320×2868	Required	~~TODO~~`{{Done/TODO}}`
iPhone 6.5" (11 Pro Max / 12 Pro Max)	1242×2688	Required	~~TODO~~`{{Done/TODO}}`
iPhone 5.5" (8 Plus)	1242×2208	Required	~~TODO~~`{{Done/TODO}}`
iPad Pro 12.9" (6th gen)	2048×2732	Required if iPad supported	~~TODO~~`{{Done/TODO}}`
iPad Pro 12.9" (2nd gen)	2048×2732	Required if iPad supported	`{{Done/TODO}}`

Screenshot rules:

Max 10 screenshots per device
First screenshot = most compelling (~~Login~~primary ~~with~~impression)

~~BankID~~

~~trust~~No ~~signal)~~device frames required (add if chosen)
No "Download on the App Store" badge in screenshots
Text overlays ~~use~~readable ~~Fraunces~~at ~~(headlines)~~thumbnail ~~+ DM Sans (subtext) — see brand guide~~size
~~Drop~~No ~~branding:~~third-party ~~green~~IP #0B6E35,without ~~gold accent~~ #D4A017

~~Logo watermark in corner (48px height)~~

~~Final review by Alem (native Norwegian speaker)~~permission

App Preview ~~video:~~video ~~Not~~(optional):

~~required~~

~~for~~

~~v1.0~~
Max 30 seconds, format MP4 or MOV

Actual app footage — no simulated/demo content

App Privacy Details

Data types ~~Drop~~collected ~~collects:~~
declared — mapped to usage purpose:

Data Type	Collected?	Linked to User?	Used for Tracking?	~~Purpose~~
Name	~~Yes~~`{{Yes/No}}`	~~Yes~~`{{Yes/No}}`	No	~~Identity verification (BankID), KYC/AML~~`{{Yes/No}}`
Email	~~Yes~~`{{Yes/No}}`	~~Yes~~`{{Yes/No}}`	No	~~Account communication, support~~`{{Yes/No}}`
Phone	~~Yes~~`{{Yes/No}}`	~~Yes~~`{{Yes/No}}`	No	~~Registration, verification~~
~~Financial info (bank accounts)~~	~~Yes~~	~~Yes~~	No	~~AISP — balance display only~~
~~Transaction history~~	~~Yes~~	~~Yes~~	No	~~Service delivery, legal retention~~`{{Yes/No}}`
Location (precise)	No`{{Yes/No}}`	—`{{Yes/No}}`	—	~~Not collected~~`{{Yes/No}}`
Location (coarse)	No`{{Yes/No}}`	—`{{Yes/No}}`	—	~~Not collected~~`{{Yes/No}}`
Usage data	~~Yes~~`{{Yes/No}}`	No`{{Yes/No}}`	No	~~Service improvement (anonymized)~~`{{Yes/No}}`
Crash data	~~Yes~~`{{Yes/No}}`	No`{{Yes/No}}`	No	~~Bug fixing (anonymized)~~
~~Device ID~~	No	—	—	~~Not collected~~`{{Yes/No}}`
Identifiers (~~Expo~~device ~~push token)~~ID)	~~Yes~~`{{Yes/No}}`	~~Yes~~`{{Yes/No}}`	No	~~Push notifications (Phase 2)~~`{{Yes/No}}`

App Tracking Transparency (ATT) —framework ~~NOT~~implemented ~~required~~if ~~(no~~using IDFA ~~usage)~~
NSUserTrackingUsageDescription —string ~~NOT~~provided ~~required~~in Info.plist

~~Data retention:~~ ~~Transaction and identity data retained minimum 5 years per hvitvaskingsloven.~~

Review Guidelines Compliance

No private API usage (review using {{otool | MachOView}})
No undocumented device capabilities
~~No in-~~In-app ~~purchases~~purchase ~~(Drop~~implemented ~~is a payment service, not selling~~for digital ~~goods)~~goods (not bypassing IAP)
NoExternal payment links removed or comply with court order rules (US only)

Login options: if Sign in with Apple ~~required~~is ~~(Drop~~available ~~uses~~elsewhere, ~~BankID~~it —MUST ~~Norwegian~~be ~~regulatory requirement)~~offered
User account deletion implemented ~~via~~(required ~~support~~since ~~contact~~June ([email protected]~~) — pending: self-service deletion~~2022)
App ~~works~~functions as described — demo account provided for ~~App~~review ~~Review~~if ~~(see below)~~needed

Demo account for App Review:

Username: [email protected]{{[email protected]}}
Password: ~~TBD —~~ {{vault referencereference}}
Notes to reviewer: ~~"This~~{{special issetup a Norwegian payment app. BankID (Norway's national ID system) is required for full verification. For App Review purposes, a pre-verified demo account is provided. Camera permission is requested for QR payment scanning — use 'Simuler skanning' button to test without physical QR code."instructions}}

~~Language note for App Review team:~~ ~~"The app is in Norwegian (Bokmål) — Norway's primary language. App Review guidelines allow non-English apps when serving a specific geographic market."~~

TestFlight Beta Testing

Internal testing completed (~~ALAI~~team ~~team~~members — up to ~~100 testers)~~100)
External beta testing completed — testers: ~~TBD,~~{{N}}, duration: ~~TBD~~{{N days}}
Crash rate < 1% in TestFlight
Beta feedback addressed
What's New ~~(v1.0~~in ~~beta):~~This ~~"Første~~Version: ~~betaversjon~~{{Beta avrelease Drop — gi oss tilbakemeldinger!"notes}}

App Transport Security

All network connections use HTTPS (drop-app.vercel.app)
No NSAllowsArbitraryLoads: true (or justified with NSExceptionDomains)
Certificate pinning —active ~~TBD~~for ~~(requires~~critical ~~implementation before production)~~endpoints
No ATS exceptions ~~needed~~documented: {{list any exceptions and justification}}

Common iOS Rejection Reasons — Prevention

Risk	Prevention
Crashes on launch	Test on physical device, clean install
Misleading screenshots	Screenshots match actual app UI
Login required without guest mode	Provide review demo account
Missing privacy strings	All `NS*UsageDescription` keys populated
IAP bypass	All digital content purchases go through IAP
Placeholder content	Remove all Lorem Ipsum, test data
Performance issues on older devices	Test on min supported device

Google Play Store

Google Play Console Setup

App created in Google Play Console
Signing key configured (Play App Signing — recommended)
Service account configured for ~~EAS~~CI/CD ~~Submit~~API ~~configured~~access
Developer account in good standing ~~(ALAI Holding AS)~~

Store Listing

App name: Drop{{App — Send pengername}} (~~18 chars — under~~max 50 ~~char limit)~~chars)
Short description: Send{{Short penger internasjonalt. Betal i butikk med QR. 0,5% gebyr. Trygt med BankID.desc}} (max 80 ~~chars exactly)~~chars)
Full description: ~~Same~~{{Full Norwegian content as iOSdescription}} (max 4000 ~~char limit)~~chars)
App icon: 512×512 ~~PNG~~PNG, no alpha, no rounded corners (noPlay ~~alpha~~adds ~~— TODO: export from Figma)~~them)
Feature graphic: 1024×500 JPG/PNG — ~~"drop"~~shown ~~wordmark~~at ontop ~~green~~of ~~gradient (TODO)~~listing
Screenshots: min 2, max 8 per device type

Device	Min Dimensions	Status
Phone	~~1080×1920~~320×568 px(min), 3840×3840 (max)	~~TODO~~`{{Done/TODO}}`
7" tablet	Same constraints	~~TODO~~`{{Done/TODO}}`
10" tablet	Same constraints	~~TODO~~`{{Done/TODO}}`

Content Rating Questionnaire

IARC questionnaire completed in Play Console
~~Expected rating:~~ ~~17+ (financial transactions, real money)~~

Rating certificate generated and applied

Rating matches app content (honest answers — inaccurate rating = suspension)

Data Safety Form

Data types collected declared

~~(same~~

asData ~~Apple~~sharing ~~Privacy~~disclosures ~~Details above)~~complete
Security practices answered:
- Data in transit encrypted: ~~Yes (HTTPS/TLS 1.3)~~{{Yes/No}}
- Data at rest encrypted: ~~TBD (server-side)~~{{Yes/No}}
- Users can request deletion: ~~Yes (via support contact — pending self-service)~~{{Yes/No}}

Target Audience & Content

Target age ~~group:~~group ~~18+~~declared (~~BankID~~under ~~requires~~13? ~~18+,~~— ~~Norwegian~~COPPA ~~residents)~~compliance required)
NoAds ~~ads~~configuration (if using ads) — ~~Drop~~appropriate ~~does~~ad ~~not~~formats ~~serve~~for ~~advertisements~~age group
Sensitive ~~permissions:~~app ~~Camera (QR scanning) —~~permissions justified in ~~listing~~declaration

Testing Tracks

Track	Audience	Status
Internal testing	~~ALAI team (up~~Up to ~~100)~~100 internal testers	~~TODO~~`{{Done/TODO}}`
Closed testing (alpha)	Limited ~~Norwegian~~testers, ~~testers~~feedback	~~TODO~~`{{Done/TODO}}`
Open testing (beta)	~~Optional public~~Public opt-in	~~TODO~~`{{Done/TODO}}`
Production	~~Staged~~100% ~~10%~~rollout →/ ~~100%~~staged	~~TODO~~`{{Done/TODO}}`

Staged rollout: Start at {{10%}} → increase ~~to 25%~~ after {{48 hourshours}} → {{100%}}

~~after~~

Common daysAndroid Rejection Reasons — Prevention

~~crash~~

Risk	Prevention
Permission over-declaration	Request only necessary permissions
Misleading app behavior	App does exactly what listing says
Policy violations (~~monitoring~~ads)	No ~~rate).~~ interstitials on back press, no deceptive ads
Malware detection	Scan APK/AAB with VirusTotal before upload
Crashes	Test on multiple API levels, both ARM architectures
Data safety inaccurate	Audit all SDKs for data collection

Cross-Platform Checklist

Version Naming

Field	iOS	Android	Value
Version string	`CFBundleShortVersionString`	`versionName`	`1.0.0{{X.Y.Z}}`
Build number	`CFBundleVersion`	`versionCode`	`1{{N}}` (~~monotonically increasing)~~monotonic)

Version naming convention: MAJOR.MINOR.PATCH

MAJOR: Breaking change / major redesign

MINOR: New feature

PATCH: Bug fix / performance

Release Notes (Norwegian)Format

VelkommenWhat's tilnew Drop!in Dettev{{X.Y.Z}}:

er• den{{New førstefeature versjonen1}}
av• Drop{{Bug fix 1}}
• {{Improvement 1}}

Questions or feedback? Contact us at support@{{domain.com}}

Rules:

Max 500 characters (App Store) / 500 characters (Play Store)

Translate for each supported locale

No marketing language — ~~din~~factual ~~nye~~changes ~~app~~only

~~for~~

Reference ~~enklere~~to ogknown ~~billigere~~issues ~~betalinger.~~if ~~Hva~~applicable

kan du gjøre: • Send penger til utlandet med 0,5% gebyr • Betal i butikk med QR-kode • Verifiser deg trygt med BankID • Se alle transaksjoner på ett sted Kommer snart: • Støtte for flere land • Wallet og dagligbetalinger Har du tilbakemeldinger? Send oss en e-post på [email protected] — vi leser alt!

Marketing Assets Checklist

App icon final —(no ~~1024×1024 (iOS), 512×512 (Android) — from Figma~~ brand/ ~~assets~~placeholder)
Feature graphic final ~~— 1024×500 PNG~~ (Google Play)
~~Screenshots~~Press ~~with~~kit ~~Norwegian~~updated: ~~text overlays — all device sizes~~{{URL}}
~~Press~~App ~~kit~~preview ~~updated~~video at(if https://getdrop.no/presseapplicable)
Social media announcement ~~in Norwegian~~content prepared

Legal Requirements

Privacy Policy URL: https://getdrop.no/personvern{{URL}} — ~~GDPR-compliant,~~ covers all data collected
Terms of Service URL: https://getdrop.no/vilkar{{URL}}
GDPR: Right to deletion ~~(via support, pending self-service portal)~~implemented
~~Angrerettloven:~~CCPA: ~~14-day~~Do ~~withdrawal~~Not ~~right~~Sell ~~form~~link at(if /withdrawal

~~Finansavtaleloven §3-53: Complaint form at~~ /complaints

~~Hvitvaskingsloven: 5-year AML data retention stated in privacy policy~~users)
COPPA: ~~Not~~Kids ~~applicable~~category compliance (~~18+~~if ~~minimum~~< ~~age,~~13)

~~Norwegian~~

~~residents~~In-app ~~only)~~purchase terms linked

Drop-Specific Submission Notes

~~BankID requirement:~~ ~~Explicitly mention in App Review notes that BankID (Norwegian national digital ID system) is required. Provide pre-verified demo account.~~

~~Age restriction:~~ ~~17+ (App Store) due to financial transactions and real money. BankID legally requires 18+.~~

~~Permissions:~~ ~~Camera (QR scanning) — justified as core feature. Push notifications (Phase 2) — transaction alerts.~~

~~Regulatory compliance:~~ ~~ALAI Holding AS, Org.nr 932 516 136, Norway. Regulert av Finanstilsynet.~~

~~Pass-through model:~~ ~~Drop never holds user money. Emphasize in reviewer notes to avoid confusion with e-money apps that require different regulatory disclosure.~~

~~Norwegian language:~~ ~~All store content in Norwegian Bokmål — correct for geographic target market (Norway).~~

~~Target market:~~ ~~Norway only (Phase 1). Sverige, Danmark in Phase 2.~~

Final Submission Sign-Off

Item	Status	Sign-Off
All checklist items complete	~~Not yet~~`{{Yes/No}}`
QA approval received	~~Not yet~~`{{Yes/No}}`
Legal approval received	~~Not yet~~`{{Yes/No}}`
Marketing assets ready	~~Not yet~~`{{Yes/No}}`
Support team briefed ~~([email protected])~~	~~Not yet~~
~~Alem final review~~	~~Not yet~~`{{Yes/No}}`

Approval

Role	Name	Date
Author	~~John (AI Director)~~	~~2026-02-23~~
Mobile Lead
QA Lead
Product Manager	~~Alem Bašić~~
Legal