2

    Mobile Store Compliance Auditor

    by rayyer

    Catch App Store and Google Play rejection causes before you submit — privacy manifest, permissions, billing, target SDK, ATT

    Updated Jul 2026
    79 views
    Security scanned

    $10

    · or 50 credits

    30-day refund guarantee

    Secure checkout via Stripe

    Also available in a bundle

    Included in download

    • Audit an iOS app for Privacy Manifest and required-reason API gaps before upload
    • Find missing Info.plist permission strings that crash the app on review
    • file_write, file_read automation included
    • Ready for Obj-C)
    • Instant install

    Media gallery

    See it in action

    You say

    I'm about to submit my React Native app to the App Store and Google Play. Check it for anything that would get it rejected.

    Your agent does

    Detected: React Native 0.74 (bare). Targeting both App Store and Google Play. I scanned the native config and source.

    Writing the full report to MOBILE_STORE_AUDIT.md.

    Summary: 17 findings — 6 Blockers, 5 High, 4 Medium, 2 Low.

    Most urgent: your iOS build will fail upload before review even starts. There's no PrivacyInfo.xcprivacy, but React Native and bundled pods call required-reason APIs — App Store Connect rejects this with ITMS-91053. Add the privacy manifest declaring each API with an approved reason.

    Other Blockers:

    • Background location requested with no "Always" usage string (iOS rejection).
    • Pro subscription charged via Stripe inside the app — digital goods need StoreKit IAP / Play Billing in most regions.
    • Foreground location service has no foregroundServiceType — crashes on Android 14+.
    • Android targetSdk is 33; Play requires 35 (rising to 36 on Aug 31, 2026).

    Verdict: Not ready — 6 Blockers. Fix the upload-blockers first (privacy manifest, location string, foreground type, target SDK), then decide the billing model. Full details with file:line and fixes in MOBILE_STORE_AUDIT.md.

    Store policies shift and reviewers have discretion — verify volatile items (target API, billing) against current docs.

    About This Skill

    Stop getting rejected. Apple rejects ~25% of submissions and Google blocked 1.75M apps in 2025. This skill audits your app for the concrete reasons reviewers reject, before you hit submit — like a pre-review checklist run by someone who reads the guidelines so you don't have to.

    What it checks

    Apple App Store (16 checks)
    • Privacy Manifest (PrivacyInfo.xcprivacy) + required-reason APIs — the #1 binary rejection of 2024–2026
    • Permission usage strings in Info.plist (missing or generic = rejection)
    • App Tracking Transparency — including the 2025 requirement to name data recipients
    • Account deletion (Guideline 5.1.1(v))
    • In-app purchase vs external payment (Guideline 3.1.1), including the post-Epic US situation
    • Sign in with Apple (Guideline 4.8), encryption compliance, background modes, AI consent disclosure, web-wrapper minimum functionality
    Google Play (15 checks)
    • Target API level (35 now → 36 required Aug 31, 2026)
    • Foreground service types (mandatory Android 14+, crashes without)
    • Restricted permissions — QUERY_ALL_PACKAGES, background location, SMS/Call Log, All Files Access, Contacts (new Oct 2026 policy)
    • Google Play Billing vs alternative billing (US changes Jan 2026, EEA DMA)
    • Data Safety form alignment, account/data deletion, cleartext traffic, AAB + 64-bit, Families policy

    Cross-platform

    Knows where native config lives in React Native, Expo (managed + prebuild), Flutter, Capacitor/Ionic, NativeScript — and the framework-specific traps (the privacy-manifest gap, target-SDK indirection, plugins that add permissions silently)

    How it works

    1. Detects your framework and target stores from project files.
    2. Maps every config surface stores inspect — Info.plist, manifests, entitlements, build.gradle, Expo config, payment code.
    3. Runs the applicable checklists.
    4. Writes MOBILE_STORE_AUDIT.md graded by rejection risk: Blocker / High / Medium / Low. Each finding has the exact file/key location, the guideline cited, what's wrong, and a copy-pasteable fix. A "Verify in store console" section covers what lives outside the repo.

    Why this skill

    • Current as of 2026 — target SDK 35→36, post-Epic billing, ATT recipient disclosure, the 2026 Contacts policy. Most checklists out there are stale.
    • Privacy Manifest focus — the most common modern binary rejection, easy to miss on cross-platform apps.
    • Rejection-risk grading — Blocker means "you literally cannot ship," so you fix the right things first.
    • Honest about volatile rules — for target API level, fees, and external-payment entitlements, it tells the agent to verify against current official docs instead of asserting a stale number.
    • Agent-agnostic — Claude Code, Cursor, Codex CLI, Copilot, Gemini CLI.

    Who it's for

    • Indie devs and teams submitting to the stores for the first time
    • Anyone who's been rejected and wants to know why before resubmitting
    • Cross-platform devs (RN/Flutter/Expo) who keep hitting the privacy-manifest wall
    • Studios shipping apps with ads, subscriptions, location, or AI features

    Limitations

    Static review of code and config only. It does not submit your app, doesn't touch App Store Connect / Play Console, doesn't check store-listing assets (those go in a "Verify in console" section), and doesn't guarantee approval — reviewers exercise discretion. Verify volatile requirements against current official docs.

    How to install

    Drop the file into your AI tool. Works with Claude, Cursor, ChatGPT, and 20+ more.

    Reviews

    No reviews yet - be the first to share your experience.

    Only users who have downloaded or purchased this skill can leave a review.

    Security Scanned

    Passed automated security review

    Permissions

    Write Files
    Read Files

    File Scopes

    **/Info.plist
    **/PrivacyInfo.xcprivacy
    **/*.entitlements
    **/AndroidManifest.xml
    **/build.gradle
    **/build.gradle.kts
    **/app.json
    **/app.config.{js
    ts}
    **/capacitor.config.{ts
    json}
    **/pubspec.yaml
    **/package.json
    **/*.{swift
    m
    mm
    kt
    java
    ts
    tsx
    js
    jsx
    dart}
    **/res/xml/**
    MOBILE_STORE_AUDIT.md

    Static analysis only. Reads native config (Info.plist, AndroidManifest.xml, entitlements, build.gradle, Expo/Capacitor config) and source code to detect permission usage, payment flows, tracking SDKs, and account/AI features. Writes a single file (MOBILE_STORE_AUDIT.md) at the repository root. No network calls, no shell commands, no environment reads. If the upload auto-detects "Network Access," it is a false positive — the skill references store API docs in its checklists but never invokes them.

    No runtime dependencies. Works on native iOS (Swift/Obj-C), native Android (Kotlin/Java), React Native, Expo, Flutter, Capacitor/Ionic, and NativeScript projects. Compatible with any agent supporting the SKILL.md standard.

    Creator

    Frequently Asked Questions

    More Premium Skills

    $10