Stop getting rejected. Apple rejects ~25% of submissions and Google blocked 1.75M apps in 2025. This skill audits your app for the concrete reasons reviewers reject, before you hit submit — like a pre-review checklist run by someone who reads the guidelines so you don't have to.

What it checks

Apple App Store (16 checks)

• Privacy Manifest (PrivacyInfo.xcprivacy) + required-reason APIs — the #1 binary rejection of 2024–2026
• Permission usage strings in Info.plist (missing or generic = rejection)
• App Tracking Transparency — including the 2025 requirement to name data recipients
• Account deletion (Guideline 5.1.1(v))
• In-app purchase vs external payment (Guideline 3.1.1), including the post-Epic US situation
• Sign in with Apple (Guideline 4.8), encryption compliance, background modes, AI consent disclosure, web-wrapper minimum functionality

Google Play (15 checks)

• Target API level (35 now → 36 required Aug 31, 2026)
• Foreground service types (mandatory Android 14+, crashes without)
• Restricted permissions — QUERY_ALL_PACKAGES, background location, SMS/Call Log, All Files Access, Contacts (new Oct 2026 policy)
• Google Play Billing vs alternative billing (US changes Jan 2026, EEA DMA)
• Data Safety form alignment, account/data deletion, cleartext traffic, AAB + 64-bit, Families policy

Cross-platform

Knows where native config lives in React Native, Expo (managed + prebuild), Flutter, Capacitor/Ionic, NativeScript — and the framework-specific traps (the privacy-manifest gap, target-SDK indirection, plugins that add permissions silently)

How it works

1. Detects your framework and target stores from project files.
2. Maps every config surface stores inspect — Info.plist, manifests, entitlements, build.gradle, Expo config, payment code.
3. Runs the applicable checklists.
4. Writes MOBILE_STORE_AUDIT.md graded by rejection risk: Blocker / High / Medium / Low. Each finding has the exact file/key location, the guideline cited, what's wrong, and a copy-pasteable fix. A "Verify in store console" section covers what lives outside the repo.

Why this skill

• Current as of 2026 — target SDK 35→36, post-Epic billing, ATT recipient disclosure, the 2026 Contacts policy. Most checklists out there are stale.
• Privacy Manifest focus — the most common modern binary rejection, easy to miss on cross-platform apps.
• Rejection-risk grading — Blocker means "you literally cannot ship," so you fix the right things first.
• Honest about volatile rules — for target API level, fees, and external-payment entitlements, it tells the agent to verify against current official docs instead of asserting a stale number.
• Agent-agnostic — Claude Code, Cursor, Codex CLI, Copilot, Gemini CLI.

Who it's for

• Indie devs and teams submitting to the stores for the first time
• Anyone who's been rejected and wants to know why before resubmitting
• Cross-platform devs (RN/Flutter/Expo) who keep hitting the privacy-manifest wall
• Studios shipping apps with ads, subscriptions, location, or AI features

Limitations

Static review of code and config only. It does not submit your app, doesn't touch App Store Connect / Play Console, doesn't check store-listing assets (those go in a "Verify in console" section), and doesn't guarantee approval — reviewers exercise discretion. Verify volatile requirements against current official docs.