Silpho Logo
SILPHOAI Product Launch Studio
app-store-submissionapp-store-rejectionaso

App Store submission checklist 2026: 47 things that trip founders up

Every Apple App Store rejection trigger that actually happens in 2026, plus the fix for each. Save weeks of rejection cycles by checking these before submission.

Paweł Karniej·April 9, 2026·7 min read

The full punch list before you click submit.

TL;DR

The average first-time iOS submission gets rejected once or twice. Most rejections are predictable. This 47-item checklist covers the rejection triggers, metadata gotchas, design violations, IAP rules, privacy requirements, and the post-submission steps founders forget. Run through this before clicking "Submit for Review" and you'll cut your rejection cycles from 2 to 4 down to 0 to 1. The full checklist is in scope on every Silpho Launch sprint; this article gives it to you for free.

Key facts at a glance

  • 30 to 50 percent of first-time iOS submissions get rejected. The number drops to under 10 percent after a few launches because the rejections become predictable.

  • Apple review time averaged 2 to 7 days in 2026, up from 24 hours in 2022 to 2024.

  • Privacy manifest (PrivacyInfo.xcprivacy) is mandatory and the most common rejection trigger for new apps.

  • Account deletion is mandatory for any app with account creation. Skipping it is an automatic rejection.

  • Most metadata-related rejections are fixable in under an hour.

Pre-submission checklist (47 items)

Account and signing

  1. Apple Developer Program enrollment is current ($99 a year)

  2. Bundle ID matches between Xcode, App Store Connect, and any push certificates

  3. Distribution certificate is valid and not expiring within 30 days

  4. App Store Connect role: you have appropriate access to submit

  5. Provisioning profiles are fresh

Privacy and legal

  1. Privacy manifest (PrivacyInfo.xcprivacy) declares all required APIs and reasons

  2. App Transport Security (ATS) is configured (HTTPS-only or specific exceptions documented)

  3. Privacy policy URL is live and reachable

  4. Terms of service URL is live and reachable

  5. App Tracking Transparency (ATT) prompt appears if you collect IDFA-related data

  6. NSUserTrackingUsageDescription strings are written for each prompt

  7. Account deletion flow exists in-app (mandatory if you have account creation)

  8. Data Safety Form (Play Store) is filled if you're cross-platform

  9. App Privacy Details in App Store Connect match what your code actually does

App functionality

  1. Core feature works on first launch without configuration the user shouldn't have to do

  2. App doesn't crash on launch on any test device

  3. Sign-in with Apple is implemented if you offer third-party social sign-in (Apple's parity rule)

  4. Push notification opt-in prompt appears with a clear justification

  5. Network failure states show clear errors, not blank screens

  6. Loading states exist for any operation taking more than 200 ms

  7. Empty states exist for lists, search results, and primary screens

Subscriptions and IAP

  1. Subscription terms are clearly disclosed before purchase (price, period, auto-renewal)

  2. Restore purchases button is visible and functional in settings or paywall

  3. Auto-renewable subscription terms link to Apple's standard EULA or your own

  4. The "free trial" disclosure mentions when billing starts

  5. RevenueCat or Stripe webhook is wired to your backend if you grant entitlements server-side

  6. Receipt validation is implemented (server-side preferred)

  7. Sandbox testing was completed across at least 3 test purchase scenarios

Design and UX

  1. App icon meets Apple's spec (1024x1024, no transparency, no rounded corners on the source)

  2. App icon doesn't include the word "App" or competitor names

  3. Touch targets are at least 44x44 points

  4. Color contrast meets accessibility minimums (use Xcode's Accessibility Inspector)

  5. Dynamic type is supported (text scales with system font size)

  6. Dark mode is functional or explicitly opted out

  7. VoiceOver labels exist for important interactive elements

  8. App handles device rotation if it doesn't lock orientation

Metadata and store assets

  1. App name (30 characters max) doesn't claim trademarked terms you don't own

  2. Subtitle (30 characters max) is benefit-focused, not keyword-stuffed

  3. Description's first 3 lines lead with the value prop (the rest doesn't show without "more")

  4. Keywords (100 characters) are comma-separated, no spaces wasted

  5. Screenshots: 3 to 5 per device size, optimized for App Store conversion

  6. App preview video is 15 to 30 seconds, shows the magical moment

  7. Age rating questionnaire matches actual app content

  8. Category and subcategory match what users would search for

Final pre-submit

  1. TestFlight build was tested by at least one external user (not the dev who built it)

  2. Crash reports from TestFlight are reviewed and fixed

  3. The "Notes for Reviewer" field in App Store Connect explains any non-obvious feature or test account

The 7 most common rejections in 2026

1. Privacy manifest missing or incomplete

The fix: add PrivacyInfo.xcprivacy declaring every required API your app or its SDKs use. Apple publishes the list of "required reason APIs." Match each to a justified reason.

Time to fix: 1 to 4 hours.

2. Account deletion missing

The fix: implement an in-app flow that deletes the user's account and data. Even if it's just an email-based request, a flow must exist.

Time to fix: 4 to 8 hours.

3. Subscription terms unclear

The fix: the screen showing the price must also show the period, auto-renewal disclosure, and a link to terms. The default RevenueCat paywall template handles this; custom paywalls often don't.

Time to fix: 2 to 4 hours.

4. Sign-in with Apple missing

The fix: if you offer social sign-in via Google, Facebook, or anything else, you must also offer Sign in with Apple. Add it.

Time to fix: 1 to 2 days.

5. App functionality broken or unclear

The fix: review the rejection screenshot, find the broken flow, fix it. Common: the reviewer can't get past onboarding because the app needs an account that requires phone verification.

Time to fix: variable, often 4 to 16 hours.

6. Metadata or screenshot violations

The fix: re-read the App Store Review Guidelines section 2.3 (accurate metadata) and 5 (legal). Remove competitor names, trademarked claims, or anything that misrepresents the app.

Time to fix: 1 to 4 hours.

7. IAP outside the App Store payment system

The fix: digital goods sold inside an iOS app must use Apple IAP. Stripe is fine for physical goods, services consumed outside the app, or B2B reader apps. If you violated this, reroute the payment flow to RevenueCat or Apple IAP.

Time to fix: 2 to 5 days depending on backend depth.

After you submit

  1. Review submission notes in App Store Connect daily for the first 7 days

  2. If rejected, read the citation closely; rejections always cite a specific guideline section

  3. Reply via Resolution Center with the fix or with a clarification if you think the rejection is in error

  4. Resubmit promptly; app review queues you again from the back

Apple review time averaged 2 to 7 days in 2026. Your launch plan should buffer this.

What about Google Play

Google Play submission is generally less strict than Apple but has its own gotchas:

  • Data Safety Form is mandatory (similar to Apple's privacy details)

  • Sensitive permissions (SMS, call log) require declaration with justification

  • Closed testing track is required for new apps before production rollout

  • Privacy policy URL is mandatory

Most Apple-compliant apps clear Google Play submission with minor metadata adjustments.

How Silpho handles this for clients

The full 47-item checklist runs on every Silpho Launch sprint by default. The boilerplate (Ship React Native) ships with privacy manifest, account deletion, ATT prompts, and Sign in with Apple already wired. The launch kit (in the Launch tier at $1,999) covers metadata, screenshots, copy, and the actual submission to Apple and Google.

In 25+ launches we've cleared most submissions on the first review.

FAQ

How long does the average review take in 2026?

2 to 7 days for healthy submissions. Up to 14 days during peak seasons (holiday period in November and December).

Can I expedite a review?

Yes, in limited cases via App Store Connect's Expedited Review request. Apple grants it for critical bug fixes, time-sensitive launches, or media moments. Don't abuse it; repeated requests get denied.

What if I keep getting rejected?

Read the rejection emails closely. Each cites a guideline. Map your fix to the cited guideline. If you've been rejected 3+ times, book a call with a React Native consultant or upgrade to a Silpho Launch sprint.

Do I need a separate Apple Developer Program account for a company?

Apple Developer Program (Individual) is fine for solo founders. Apple Developer Program (Organization) is required if you want a company name on the listing or D-U-N-S verification. Org enrollment takes 1 to 4 weeks.

What's the difference between TestFlight and a real submission?

TestFlight is for internal/beta testing with up to 10,000 users. Production submission is the public release on the App Store. TestFlight reviews are usually faster but separate from the production review.

Does the privacy manifest also apply to Google Play?

No, that's an Apple requirement. Google Play has its own Data Safety Form which serves a similar disclosure purpose.

Can I use App Store Connect API to automate?

Yes. fastlane or Apple's official API can automate metadata, screenshots, and TestFlight builds. Most production teams (and the Ship React Native boilerplate) use EAS Submit for this.

What about Apple's review for in-app updates?

Apple requires every binary update to go through review. Code-only updates (no metadata changes) usually clear in under 24 hours. EAS Update (OTA) doesn't require Apple review for JS-only changes.

Next steps:

Related deep dives: