App Store Review Skill

Stop getting rejected. Catch every issue before Apple does.

Quick Start  •  What It Catches  •  Report Preview  •  How It Works

---

A Claude Code skill that scans your actual Swift code and Xcode project for App Store rejection reasons — not a checklist you read, but an automated audit that reads your files, finds problems, and tells you exactly what to fix.

Why?

~40% of iOS apps get rejected on first submission. The top reasons are all preventable:

• Missing PrivacyInfo.xcprivacy (ITMS-91053) — the #1 rejection reason since 2024
• Vague privacy permission strings ("Camera access needed")
• No account deletion flow (required since 2022)
• Widget extensions missing their own privacy manifest
• Hardcoded API keys, placeholder text, missing app icons

These aren't hard problems. They're easy to miss, tedious to check manually, and painful to discover after waiting days for Apple's review.

This skill checks all of them in one pass. It reads your project.pbxproj, every Info.plist, all your Swift files, entitlements, and asset catalogs — then produces a report with the exact file, line number, and fix for each issue.

Quick Start

Requires: Claude Code (Anthropic's CLI for Claude)

1. Install the skill:

npx skills add JustinPerea/app-store-review-skill

Or with Claude Code directly:

/install-skill https://github.com/JustinPerea/app-store-review-skill

2. Open any Xcode project and say:

Review my app for the App Store

That's it. Full report in about 3–5 minutes.

What It Catches

53 Automated Checks

Every check scans your actual source code with specific regex patterns and validation rules. Issues are classified by severity:

Severity	Meaning
BLOCKER	Apple will reject your app. Must fix before submitting.
WARNING	Likely rejection or review delay. Should fix.
INFO	Best practice. Won't cause rejection but improves quality.

Privacy & Data — 7 checks

• Privacy usage descriptions in Info.plist
• PrivacyInfo.xcprivacy with Required Reason APIs
• AI/ML service disclosure
• Export compliance declaration
• Third-party SDK privacy manifests
• App Tracking Transparency consistency
• Sensitive data in UserDefaults vs Keychain

UI & Assets — 8 checks

• App icon (1024x1024, no alpha)
• Launch screen configuration
• iPad support and device family
• Permission string quality (specific, not vague)
• Minimum functionality (not just a WebView wrapper)
• Broken or placeholder links
• Hardcoded prices in UI strings
• Placeholder and debug content ("Lorem ipsum", TODO, test URLs)

Entitlements & Config — 8 checks

• Entitlements file consistency across targets
• App Transport Security exceptions
• Version and build numbers
• Deployment target and SDK version
• Extension, widget, and App Group requirements
• URL scheme conflicts
• TestFlight vs App Store differences
• Background mode justification (no silent audio abuse)

Features & Compliance — 10 checks

• Sign in with Apple (required if any social login)
• Account deletion flow
• In-app purchase configuration
• User-generated content moderation
• Subscription paywall requirements
• HealthKit special requirements
• Kids category / COPPA compliance
• Restore purchases button
• Loot box odds disclosure
• VPN API compliance (must use NEVPNManager)
• Medical and health disclaimers

Code Quality — 11 checks

• Crash-risk patterns (force unwrap, force try)
• Hardcoded IPv4 addresses
• Private API usage
• Hardcoded secrets and API keys
• Missing API availability checks
• Deprecated framework usage
• Dynamic code execution
• GPL license dependencies
• Resource abuse (aggressive polling, continuous location)
• Biometric auth API compliance (LocalAuthentication, not ARKit)
• On-device crypto mining detection

Third-Party & Metadata — 9 checks

• Feature flags and remote config
• Review notes checklist
• Platform reference violations ("Android", "Google Play")
• Apple trademark in bundle ID
• Common SDK configuration issues
• Binary size estimation
• Firebase / backend security rules
• Extension and widget ad prohibition
• Hardcoded prices

14 Recommendations

Beyond pass/fail checks, the report includes actionable recommendations:

• R1 Performance optimization (large images, synchronous network calls)
• R2 Accessibility (VoiceOver labels, Dynamic Type support)
• R3 Error handling and edge cases
• R4 App Store Connect metadata preparation
• R5 Data persistence and backup strategy
• R6 Concurrency and threading
• R7 Privacy nutrition label mapping (SDK → data types to declare)
• R8–R10 Security hardening, push notification setup, widget optimization
• R11–R12 Synchronous call detection, localization completeness
• R13 External verification checklist (Firebase, push certs, Universal Links)
• R14 Manual review items (content policy, IP, gambling — things code can't check)

What the Report Looks Like

Instant verdict

One glance tells you if you're ready to submit. The header shows your readiness status, blocker/warning/info counts, and the number of checks run.

Blockers — things Apple will reject

Each blocker cites the exact Apple guideline, the file and line where the problem lives, and a specific fix you can copy-paste. No guessing.

Warnings — likely rejections

Same format as blockers, but for issues that are likely (not guaranteed) to cause rejection. Fix these too.

Submission checklist

A quick pass/fail table across every category so you can see what's clean and what needs work.

Targeted recommendations

Not a generic list — only recommendations relevant to what was actually found in your code. Includes a draft of App Store review notes you can paste directly into App Store Connect.

Every issue includes the exact file path, line number where possible, the Apple guideline being violated, and a specific fix — not generic advice.

How It Works

The skill follows a 4-phase process:

1. Discover — Finds your .xcodeproj, enumerates all targets (main app, widgets, extensions), maps the project structure
2. Scan — Runs all 53 checks against your actual source files using regex patterns and validation rules
3. Report — Generates a structured report with severity tiers, a checklist summary, and draft review notes
4. Recommend — Adds targeted recommendations based on what it found (only relevant ones, not a generic list)

The skill reads reference files on-demand to stay efficient — the main instructions are ~185 lines, with detailed check definitions and recommendations loaded only when needed.

Project Structure

app-store-review/
├── SKILL.md                        # Main skill (phases, report format, behavioral notes)
├── references/
│   ├── checks.md                   # All 53 check definitions with search patterns
│   ├── recommendations.md          # 14 recommendation categories
│   ├── approval-guide.md           # First-submission approval guide
│   └── privacy-keys.md             # Info.plist privacy key reference
└── evals/
    ├── evals.json                  # Test case definitions with assertions
    └── trigger-eval.json           # Trigger accuracy test queries

Tested On

The skill has been validated against real-world iOS projects:

App	Type	Targets	Result
Multi-target app with widgets	Production SwiftUI + Firebase	2 targets	13/13 assertions pass
Metal shader physics app	SwiftUI + Metal + AudioKit	1 target	9/9 assertions pass
Simple SpriteKit game	Single-view game	1 target	7/7 assertions pass

100% pass rate across 29 assertions covering accuracy, false-positive avoidance, and report quality.

Contributing

Found a false positive? Know a rejection reason we're missing? Open an issue — include the Apple guideline number if you have it.

PRs welcome. If you're adding a new check, add it to references/checks.md following the existing format and include the regex pattern and severity level.

License

MIT — use it, fork it, ship your app.