Most publishing checklists are either too generic to be useful or so exhaustive that nothing gets prioritised. This one is different.
It's organised around the four things that determine whether your app goes through review cleanly — the four pillars that reviewers actually check, in the order they check them.
The Most Important Reframe
Reviewers are not testing your app the way your users test it. They're testing it the way a quality-and-policy checker would. They're asking: is this listing honest? Is this first experience stable? Are these declarations accurate? Is this payment flow legitimate?
That reframe changes what you prioritise. Architectural elegance doesn't help you here. A clean first session and an accurate listing do.
Pillar 1: Build Quality
Run through these checks from a clean install on a real device — not your development device with existing sessions, cached data, or test accounts already set up.
- Install the app fresh on a device that has never had it installed. Complete the entire new-user flow without shortcuts.
- Test under a slow network connection (3G or throttled WiFi). Every loading state should be visible. No blank screens where content should appear.
- Test with the network fully off. The app should handle this gracefully — an error message, not a crash.
- All debug flags, test mode switches, and console logging are off in the release build.
- No test accounts, placeholder data, or developer-only screens are accessible in the build.
- The app works on at least one device model and OS version other than your primary development device.
Pillar 2: Listing Accuracy
Every element of the listing must describe the app that exists in the submitted build — not a planned version, not an earlier prototype.
- Screenshots taken from the final, locked build. No mockups, no earlier UI versions.
- App description describes features that exist and are accessible in the submitted build.
- App name and subtitle contain no misleading keyword stuffing or false capability claims.
- Support URL loads correctly from an incognito browser window without any redirect or login.
- Privacy policy URL loads correctly, publicly, with no placeholder text.
- Category and age rating match the actual app content — not aspirationally, actually.
Pillar 3: Compliance
- Every permission in the manifest is actively used by a feature in the app. Remove any inherited from templates or inactive SDKs.
- Each permission has a clear, user-facing justification in the system permission dialog — not "app requires this permission" but what the user gets from granting it.
- Data Safety form (Google) and Privacy Nutrition Label (Apple) reflect every SDK in the build, including analytics, crash reporting, and AI integrations.
- Privacy policy accurately describes all data collected, all third-party services used, and how to request deletion.
- Age rating questionnaire answered honestly based on actual content — not minimum-to-avoid-restriction.
- For apps targeting EU users: GDPR consent mechanism in place. For apps that could reach under-13s: COPPA compliance verified.
Pillar 4: Business Model
Only relevant if your app has paid features, subscriptions, or in-app purchases. Skip if the app is fully free.
- All digital content and feature purchases use Apple's StoreKit or Google Play Billing — no external payment links for in-app digital goods.
- Price, billing period, and subscription terms are clearly displayed on the screen before the user confirms a purchase.
- Free trial terms — duration, post-trial price, cancellation method — are all visible before the user opts in.
- Restore Purchases button exists and works correctly (iOS requirement for any app with IAP).
- Subscription management option is accessible from within the app.
- All in-app purchase products are configured in App Store Connect / Play Console with accurate descriptions before submission.
- At least one meaningful free feature is available before a paywall is reached.
Final Pre-Submission Check
| Check | Done? |
|---|---|
| Clean install tested on real device | ☐ |
| Tested on slow/no network | ☐ |
| All listing URLs tested in incognito | ☐ |
| Screenshots match submitted build exactly | ☐ |
| Data Safety / Privacy Label updated for this build | ☐ |
| All permissions justified in manifest | ☐ |
| Privacy policy live and accurate | ☐ |
| Payment flows tested end-to-end (if applicable) | ☐ |
| Age rating reflects actual content | ☐ |
| No placeholder text in any visible field | ☐ |
If every box is checked, your submission is materially better prepared than the majority of apps in the review queue on any given day. The checklist doesn't guarantee approval — but it eliminates the predictable, avoidable reasons for rejection.
