GitHub - safaiyeh/app-store-review-skill: Skill to validate your codebase against Apple App Review

3 min read Original article ↗

App Store Review Guidelines Skill

An AI agent skill that exhaustively evaluates iOS, macOS, tvOS, watchOS, and visionOS app code against every point in Apple's App Store Review Guidelines.

Supports: Swift, Objective-C, React Native, and Expo apps

Installation

Claude Code Plugin Marketplace

/plugin marketplace add safaiyeh/app-store-review-skill
/plugin install app-store-review@app-store-review

skills.sh

npx skills add safaiyeh/app-store-review-skill

Setup

Supported AI Agents

This skill works with any AI coding agent that supports the skills.sh standard:

How It Works

  1. Install the skill in your project using the command above
  2. Start your AI agent in the project directory
  3. Ask for an App Store review - the agent will automatically load relevant guidelines
  4. Review the findings - the agent identifies potential rejection issues with code references

Example Prompts

"Review this app for App Store compliance"
"Check if my IAP implementation follows Apple's guidelines"
"Audit the privacy and data collection in this React Native app"
"What App Store issues might block my submission?"

Telemetry

The skills CLI collects anonymous usage telemetry. To opt out:

SKILLS_NO_TELEMETRY=1 npx skills add safaiyeh/app-store-review-skill

Structure

app-store-review-skill/
├── SKILL.md                    # Index with quick reference & checklist
└── rules/
    ├── 1-safety.md             # Section 1: Safety guidelines
    ├── 2-performance.md        # Section 2: Performance guidelines
    ├── 3-business.md           # Section 3: Business guidelines
    ├── 4-design.md             # Section 4: Design guidelines
    └── 5-legal.md              # Section 5: Legal guidelines

Coverage

This skill covers ALL 5 major sections with EVERY guideline point:

1. Safety

  • 1.1 Objectionable Content (1.1.1-1.1.7)
  • 1.2 User-Generated Content & Creator Content
  • 1.3 Kids Category (parental gates, privacy, analytics)
  • 1.4 Physical Harm (medical apps, drug dosage, substances)
  • 1.5 Developer Information
  • 1.6 Data Security
  • 1.7 Reporting Criminal Activity

2. Performance

  • 2.1 App Completeness (final versions, IAP)
  • 2.2 Beta Testing
  • 2.3 Accurate Metadata (2.3.1-2.3.13)
  • 2.4 Hardware Compatibility (2.4.1-2.4.5)
  • 2.5 Software Requirements (2.5.1-2.5.18)

3. Business

  • 3.1 Payments (IAP, subscriptions, external links, crypto)
  • 3.1.1-3.1.5 In-App Purchase rules
  • 3.2 Other Business Models (acceptable/unacceptable)

4. Design

  • 4.1 Copycats
  • 4.2 Minimum Functionality
  • 4.3 Spam
  • 4.4 Extensions (keyboard, Safari)
  • 4.5 Apple Sites and Services
  • 4.7 Mini Apps, Chatbots, Game Emulators
  • 4.8 Login Services
  • 4.9 Apple Pay
  • 4.10 Monetizing Built-In Capabilities

5. Legal

  • 5.1 Privacy (data collection, use, sharing, health, kids, location)
  • 5.2 Intellectual Property
  • 5.3 Gaming, Gambling, Lotteries
  • 5.4 VPN Apps
  • 5.5 Mobile Device Management

Features

  • Modular structure - Agent loads only relevant sections
  • 2000+ lines of comprehensive guidelines
  • Checklists for every guideline point
  • Code patterns for Swift AND React Native/Expo
  • Package references for both Expo and bare React Native
  • Quick reference for high-risk rejection patterns
  • Pre-submission checklist in main SKILL.md

React Native / Expo Support

Each rule file includes:

  • TypeScript/JavaScript code patterns to flag
  • Expo package recommendations (preferred)
  • Bare React Native package alternatives
  • React Native-specific checklists

Key packages covered:

  • expo-tracking-transparency / react-native-tracking-transparency
  • expo-in-app-purchases / react-native-iap
  • expo-secure-store / react-native-keychain
  • expo-apple-authentication / @invertase/react-native-apple-authentication
  • expo-local-authentication / react-native-biometrics

What It Checks

Critical Issues (Immediate Rejection)

  • Private API usage
  • Hardcoded secrets/credentials
  • External payment for digital goods
  • On-device cryptocurrency mining
  • Dynamic code execution

High-Risk Issues

  • Missing App Tracking Transparency
  • Account creation without deletion
  • IAP without restore purchases
  • UGC without moderation
  • Kids apps without parental gates

Medium-Risk Issues

  • Vague purpose strings
  • Over-requesting permissions
  • Unjustified background modes
  • References to other platforms

When It Triggers

The skill activates when working on:

  • App Store submission preparation
  • Code compliance review
  • Payment/StoreKit implementation
  • Privacy and data handling
  • User-generated content features
  • Kids Category apps
  • Health/medical apps
  • VPN/MDM apps
  • Gambling/lottery apps

License

MIT