Mobile Store Compliance Auditor
by rayyer
Catch App Store and Google Play rejection causes before you submit — privacy manifest, permissions, billing, target SDK, ATT
- Audit an iOS app for Privacy Manifest and required-reason API gaps before upload
- Find missing Info.plist permission strings that crash the app on review
- Verify Google Play target SDK level and foreground service type declarations
$10
· or 50 creditsSecure checkout via Stripe
Included in download
- Audit an iOS app for Privacy Manifest and required-reason API gaps before upload
- Find missing Info.plist permission strings that crash the app on review
- file_write, file_read automation included
- Ready for Obj-C)
Media gallery
See it in action
You say
I'm about to submit my React Native app to the App Store and Google Play. Check it for anything that would get it rejected.
Your agent does
Detected: React Native 0.74 (bare). Targeting both App Store and Google Play. I scanned the native config and source.
Writing the full report to MOBILE_STORE_AUDIT.md.
Summary: 17 findings — 6 Blockers, 5 High, 4 Medium, 2 Low.
Most urgent: your iOS build will fail upload before review even starts. There's no PrivacyInfo.xcprivacy, but React Native and bundled pods call required-reason APIs — App Store Connect rejects this with ITMS-91053. Add the privacy manifest declaring each API with an approved reason.
Other Blockers:
- Background location requested with no "Always" usage string (iOS rejection).
- Pro subscription charged via Stripe inside the app — digital goods need StoreKit IAP / Play Billing in most regions.
- Foreground location service has no foregroundServiceType — crashes on Android 14+.
- Android targetSdk is 33; Play requires 35 (rising to 36 on Aug 31, 2026).
Verdict: Not ready — 6 Blockers. Fix the upload-blockers first (privacy manifest, location string, foreground type, target SDK), then decide the billing model. Full details with file:line and fixes in MOBILE_STORE_AUDIT.md.
Store policies shift and reviewers have discretion — verify volatile items (target API, billing) against current docs.
Mobile Store Compliance Auditor
by rayyer
Catch App Store and Google Play rejection causes before you submit — privacy manifest, permissions, billing, target SDK, ATT
$10
· or 50 creditsSecure checkout via Stripe
Also available in a bundle
Included in download
- Audit an iOS app for Privacy Manifest and required-reason API gaps before upload
- Find missing Info.plist permission strings that crash the app on review
- file_write, file_read automation included
- Ready for Obj-C)
- Instant install
Media gallery
See it in action
You say
I'm about to submit my React Native app to the App Store and Google Play. Check it for anything that would get it rejected.
Your agent does
Detected: React Native 0.74 (bare). Targeting both App Store and Google Play. I scanned the native config and source.
Writing the full report to MOBILE_STORE_AUDIT.md.
Summary: 17 findings — 6 Blockers, 5 High, 4 Medium, 2 Low.
Most urgent: your iOS build will fail upload before review even starts. There's no PrivacyInfo.xcprivacy, but React Native and bundled pods call required-reason APIs — App Store Connect rejects this with ITMS-91053. Add the privacy manifest declaring each API with an approved reason.
Other Blockers:
- Background location requested with no "Always" usage string (iOS rejection).
- Pro subscription charged via Stripe inside the app — digital goods need StoreKit IAP / Play Billing in most regions.
- Foreground location service has no foregroundServiceType — crashes on Android 14+.
- Android targetSdk is 33; Play requires 35 (rising to 36 on Aug 31, 2026).
Verdict: Not ready — 6 Blockers. Fix the upload-blockers first (privacy manifest, location string, foreground type, target SDK), then decide the billing model. Full details with file:line and fixes in MOBILE_STORE_AUDIT.md.
Store policies shift and reviewers have discretion — verify volatile items (target API, billing) against current docs.
About This Skill
What it checks
Apple App Store (16 checks)- Privacy Manifest (PrivacyInfo.xcprivacy) + required-reason APIs — the #1 binary rejection of 2024–2026
- Permission usage strings in Info.plist (missing or generic = rejection)
- App Tracking Transparency — including the 2025 requirement to name data recipients
- Account deletion (Guideline 5.1.1(v))
- In-app purchase vs external payment (Guideline 3.1.1), including the post-Epic US situation
- Sign in with Apple (Guideline 4.8), encryption compliance, background modes, AI consent disclosure, web-wrapper minimum functionality
- Target API level (35 now → 36 required Aug 31, 2026)
- Foreground service types (mandatory Android 14+, crashes without)
- Restricted permissions — QUERY_ALL_PACKAGES, background location, SMS/Call Log, All Files Access, Contacts (new Oct 2026 policy)
- Google Play Billing vs alternative billing (US changes Jan 2026, EEA DMA)
- Data Safety form alignment, account/data deletion, cleartext traffic, AAB + 64-bit, Families policy
Cross-platform
Knows where native config lives in React Native, Expo (managed + prebuild), Flutter, Capacitor/Ionic, NativeScript — and the framework-specific traps (the privacy-manifest gap, target-SDK indirection, plugins that add permissions silently)How it works
- Detects your framework and target stores from project files.
- Maps every config surface stores inspect — Info.plist, manifests, entitlements, build.gradle, Expo config, payment code.
- Runs the applicable checklists.
- Writes MOBILE_STORE_AUDIT.md graded by rejection risk: Blocker / High / Medium / Low. Each finding has the exact file/key location, the guideline cited, what's wrong, and a copy-pasteable fix. A "Verify in store console" section covers what lives outside the repo.
Why this skill
- Current as of 2026 — target SDK 35→36, post-Epic billing, ATT recipient disclosure, the 2026 Contacts policy. Most checklists out there are stale.
- Privacy Manifest focus — the most common modern binary rejection, easy to miss on cross-platform apps.
- Rejection-risk grading — Blocker means "you literally cannot ship," so you fix the right things first.
- Honest about volatile rules — for target API level, fees, and external-payment entitlements, it tells the agent to verify against current official docs instead of asserting a stale number.
- Agent-agnostic — Claude Code, Cursor, Codex CLI, Copilot, Gemini CLI.
Who it's for
- Indie devs and teams submitting to the stores for the first time
- Anyone who's been rejected and wants to know why before resubmitting
- Cross-platform devs (RN/Flutter/Expo) who keep hitting the privacy-manifest wall
- Studios shipping apps with ads, subscriptions, location, or AI features
Limitations
Static review of code and config only. It does not submit your app, doesn't touch App Store Connect / Play Console, doesn't check store-listing assets (those go in a "Verify in console" section), and doesn't guarantee approval — reviewers exercise discretion. Verify volatile requirements against current official docs.Use Cases
- Audit an iOS app for Privacy Manifest and required-reason API gaps before upload
- Find missing Info.plist permission strings that crash the app on review
- Verify Google Play target SDK level and foreground service type declarations
- Check in-app purchase vs external payment compliance on both stores
- Detect restricted Android permissions that need a Play Console declaration
- Confirm account deletion and ATT are implemented before submission
Known Limitations
Static analysis of code and config only — does not run the app or detect runtime-only issues. Does not submit the app or interact with App Store Connect / Play Console. Does not review store-listing assets (screenshots, descriptions, age-rating answers); those are flagged under "Verify in store console." Does not modify code or config — it only writes the audit report. Does not guarantee approval; reviewers exercise discretion. Volatile requirements (target API level, store fees, external-payment entitlements per country) are snapshotted as of early 2026; the skill instructs verification against current official docs rather than hardcoding values that go stale. Game-engine projects (Unity/Unreal) keep store config in engine player settings; the skill audits exported native config and lists engine-side items for manual verification.
How to install
Drop the file into your AI tool. Works with Claude, Cursor, ChatGPT, and 20+ more.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
File Scopes
Static analysis only. Reads native config (Info.plist, AndroidManifest.xml, entitlements, build.gradle, Expo/Capacitor config) and source code to detect permission usage, payment flows, tracking SDKs, and account/AI features. Writes a single file (MOBILE_STORE_AUDIT.md) at the repository root. No network calls, no shell commands, no environment reads. If the upload auto-detects "Network Access," it is a false positive — the skill references store API docs in its checklists but never invokes them.
No runtime dependencies. Works on native iOS (Swift/Obj-C), native Android (Kotlin/Java), React Native, Expo, Flutter, Capacitor/Ionic, and NativeScript projects. Compatible with any agent supporting the SKILL.md standard.
Creator
Also available in a bundle
Frequently Asked Questions
Learn More About AI Agent Skills
More Premium Skills
designing-hybrid-context-layers
Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.

Cinematic Landing Page Builder
Turn any business URL into a high-end animated landing page with 4K AI assets and GSAP animations via Cloudflare.
Bounty Security Pattern Master Library — 399 Vulnerability Patterns
A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.
ai-automation-qa-pack
Professional QA & UAT documentation generator for AI automation agencies and complex agent deployments.