The Ultimate App Store Submission Checklist for 2026

Team Fload

Founders

Feb 25, 2026

You've built your app. You've polished the UI, fixed the bugs, and you're ready to ship. But between you and your users stands one final gatekeeper: the app store review process.

If you've ever had an app rejected, you know the pain. Days of waiting, only to receive a cryptic rejection message citing “Guideline 2.1” or “Data Safety form incomplete.” You fix what you think is the problem, resubmit, and wait another week. Meanwhile, your launch date slips, your stakeholders are asking questions, and your competitors are shipping.

This guide exists to save you from that nightmare. It's based on real-world rejection data, Apple and Google's latest 2026 requirements, and hard-won lessons from developers who've been through the trenches. This isn't generic advice — these are the specific, actionable details developers actually need.

Let's get your app approved on the first try.

Why App Store Rejections Happen (And How to Avoid Them)

According to research by Adapty, 88% of app rejections come from a handful of preventable issues. The most common culprits:

1. App crashes or bugs (Guideline 2.1) — over 40% of rejections
2. Privacy policy violations — missing or incomplete privacy disclosures
3. Metadata inaccuracies — screenshots don't match actual app
4. In-app purchase violations — using external payment for digital goods
5. Missing demo credentials — reviewer can't test your app

The good news? All of these are preventable. The key is systematic preparation before you hit “Submit for Review.”

Part 1: Pre-Submission Prep (The Stuff That Seems Boring But Will Save Your Launch)

Your App's Identity: Metadata That Matters

Think of your app's metadata as its resume. Get it wrong, and you won't get past the first impression.

App Name & Branding

Your app name has strict limits:

• iOS: 30 characters maximum
• Android: 50 characters maximum

But here's the catch: your name can't be confusingly similar to existing apps, and it definitely can't violate trademarks. Naming your app “SuperChat for WhatsApp” is a fast track to rejection.

Pro tip: Check the App Store and Google Play for similar names before you design your icon and branding. Rebranding after rejection is expensive.

Keywords: The Hidden Battleground

iOS gives you exactly 100 characters to tell the algorithm what your app does. Here's how to use them:

• Separate with commas, no spaces: “productivity,task,manager” not “productivity, task, manager” (those spaces count!)
• Don't repeat words: If “photo” appears in your app name, don't waste characters repeating it
• No competitor names: “Better than [Competitor]” will get rejected
• High-intent keywords only: Focus on what people actually search when they want your type of app

The URLs Nobody Checks (Until Rejection)

You need three URLs before you can submit:

1. Privacy Policy — Must be publicly accessible HTTPS. No exceptions.
2. Support URL — Must actually work. Reviewers will check.
3. Terms of Service (if your app requires accounts or subscriptions)

Pro move: Before submitting, open these URLs in an incognito browser. If they don't load, neither will your approval.

Part 2: Screenshots That Convert (And Don't Get Rejected)

Let's talk about the elephant in the room: screenshot requirements changed in 2024-2026, and if you're still using old sizes, you're going to have problems.

iOS Screenshot Sizes (2026 Edition)

Apple now primarily requires two sizes:

iPhone:

• 6.9" Display: 1320 x 2868 pixels (portrait)
  • Covers: iPhone 16 Pro Max, 16 Plus, 15 Pro Max, 15 Plus, 14 Pro Max
  • Alternative sizes: 1290 x 2796px or 1260 x 2736px

iPad:

• 13" Display: 2064 x 2752 pixels (portrait)
  • Covers: iPad Pro (M4/M5), iPad Air (M2/M3)

If you don't provide 6.9" iPhone screenshots, you must provide 6.5" Display screenshots (1284 x 2778px or 1242 x 2688px). Otherwise, your submission will be rejected.

The Screenshot Sins That Get Apps Rejected

1. Showing features that don't exist — Reviewers will test your app against your screenshots. If your screenshot shows “AI-powered recommendations” but the app doesn't actually have it, rejection.
2. Using device mockups — Don't put your screenshots inside a phone frame. Apple wants the actual UI, no embellishments.
3. Placeholder content — “Lorem ipsum” text, broken images, or “Coming Soon” screens visible in screenshots = instant rejection.
4. Personal data — Don't use real user names, emails, or photos. Use obviously fake/anonymized data.

Google Play Screenshots

Android is more forgiving on sizes but stricter on quantity:

• Phone: Minimum 1080 x 1920px (2 to 8 screenshots required)
• Tablet: Minimum 1200 x 1920px (if your app supports tablets)
• Format: PNG or JPEG, max 32,768px per dimension

App Preview Videos (iOS)

If you're including video (optional but effective for conversion):

• Length: 15-30 seconds (30 second maximum)
• File size: 500MB max
• Critical rule: Must be actual device screen recording. No simulated UI, no After Effects mockups. Capture it from the device or simulator, or don't include it.

What you can't show in videos:

• Calls to action to download the app
• Hands holding phones (screen recording only)
• Features that aren't in the submitted build

Part 3: The Technical Gauntlet (iOS)

This is where most “Guideline 2.1 - Performance” rejections happen. Apple's reviewers are ruthless about technical issues.

Before You Even Archive Your Build

✅ Build Settings Checklist:

• Target iOS 17+ minimum (as of April 2026 requirement)
• Bitcode disabled (Apple deprecated this)
• Build for Distribution, not Debug
• Valid Bundle Identifier matching App Store Connect

Privacy Manifest: The 2024 Requirement Nobody Warned You About

Since May 1, 2024, Apple requires a Privacy Manifest (PrivacyInfo.xcprivacy) if your app uses certain “Required Reason APIs.”

These APIs include seemingly innocent things like:

• UserDefaults
• File timestamp APIs
• System boot time
• Disk space APIs

If you use any of these without declaring why (with an approved reason code), your submission will be rejected.

How to add a Privacy Manifest:

1. Add PrivacyInfo.xcprivacy to your Xcode project
2. Declare all Required Reason APIs you use
3. Select an approved reason code for each

Example:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" 
  "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>NSPrivacyAccessedAPITypes</key>
    <array>
        <dict>
            <key>NSPrivacyAccessedAPIType</key>
            <string>NSPrivacyAccessedAPICategoryUserDefaults</string>
            <key>NSPrivacyAccessedAPITypeReasons</key>
            <array>
                <string>CA92.1</string>
            </array>
        </dict>
    </array>
</dict>
</plist>

Permission Purpose Strings That Actually Work

Every permission (camera, location, photos, etc.) needs a purpose string. But not all purpose strings are created equal.

❌ Bad (will get rejected):

NSCameraUsageDescription: "Camera access"
NSLocationWhenInUseUsageDescription: "Location needed"

✅ Good (clear and specific):

NSCameraUsageDescription: "We need camera access to let you scan QR codes 
  and add items to your cart."
NSLocationWhenInUseUsageDescription: "We use your location to show nearby 
  restaurants and display accurate delivery times."
NSPhotoLibraryUsageDescription: "We need photo access so you can upload 
  profile pictures and share images in posts."

Reviewers want to see why your app needs the permission, not just what the permission is.

TestFlight: Your Secret Weapon

Here's a secret: you can submit to TestFlight beta review before full App Store submission. TestFlight review is:

• Faster (usually under 24 hours)
• Less strict (focused on major violations, not edge cases)
• A chance to catch crashes before they cause App Store rejection

TestFlight workflow:

1. Upload build to TestFlight
2. Add internal testers (your team — no Apple review required)
3. Fix obvious bugs
4. Enable external testing (triggers Apple beta review)
5. Get real user feedback
6. Fix remaining issues
7. Submit to App Store with confidence

If you skip TestFlight and go straight to App Store submission, you're gambling with your launch timeline.

Part 4: Google Play's Secret Requirements

Google Play is generally more forgiving than Apple, but they have their own landmines.

The Data Safety Form: Google's Privacy Gauntlet

Since July 20, 2022, every app must complete the Data Safety form in Play Console. This is non-negotiable.

What you need to declare:

• Every type of data your app collects (location, personal info, financial, photos, etc.)
• What you do with that data (app functionality, analytics, advertising, fraud prevention)
• Whether data is shared with third parties
• Your security practices (encryption in transit and at rest)

The catch: You also need to declare data collected by third-party SDKs.

Using Firebase? Facebook SDK? Adjust analytics? Each of those collects data, and you're responsible for declaring it.

Target API Level: The Rolling Requirement

Google requires apps to target the latest Android API within one year of release.

As of August 31, 2025:

• New apps and updates must target API Level 35 (Android 15) or higher
• Exception: Wear OS, Android TV, and Android Automotive can target API 34

How to update:

In build.gradle:

android {
    compileSdk 35
    defaultConfig {
        targetSdkVersion 35
    }
}

But wait—don't blindly bump the version. Higher API levels introduce behavior changes:

• New runtime permissions
• Background location restrictions
• Storage access changes

Test thoroughly on Android 15 devices/emulator after updating.

Content Rating: The Questionnaire Nobody Wants to Fill Out

Google uses the IARC (International Age Rating Coalition) system for content ratings. You must complete a questionnaire about:

• Violence
• Sexual content
• Language
• Controlled substances
• Gambling
• User-generated content

Answer honestly. If your app has user-generated content (chat, forums, social features), you must disclose it. Reviewers will check.

Part 5: The Top 10 Rejection Reasons (And Exact Fixes)

Let's talk about the greatest hits of app rejection, with specific solutions for each.

1. App Crashes (Guideline 2.1)

Why it happens:
The #1 rejection reason. Over 40% of rejections. Reviewers run your app through a script, and if it crashes even once, rejection.

How to fix it:

• Test on physical devices, not just simulator
• Use crash reporting (Firebase Crashlytics, Sentry)
• Test on your minimum supported OS version (old devices have less memory, slower performance)
• Test edge cases: no internet, interrupted downloads, background/foreground switching

2. Incomplete App / Placeholder Content

Why it happens:
Your app has “Lorem ipsum” text, “Coming Soon” features, broken images, or incomplete screens.

How to fix it:

• Search your entire codebase for “Lorem,” “ipsum,” “TODO,” “Coming Soon”
• Test every button — does it actually do something, or just show a toast?
• Hide unfinished features with feature flags (don't show them in the submitted build)

3. Privacy Policy Missing or Non-Compliant

Why it happens:
No privacy policy URL, or the policy doesn't actually cover what your app does.

How to fix it:

• Add a privacy policy that explicitly covers:
  • What data you collect
  • Why you collect it
  • Who you share it with (including analytics and ad SDKs)
  • User rights (data deletion, access requests, etc.)
• Host it at a public HTTPS URL
• Link it in App Store Connect, Google Play Console, and inside your app (Settings or Legal page)

4. Missing or Vague Permission Descriptions

Why it happens:
Your purpose strings are generic (“App needs camera”) or missing entirely.

How to fix it:
Write purpose strings that answer: “Why does this app need this permission to deliver its core functionality?”

5. In-App Purchase Violations (Guideline 3.1.1)

Why it happens:
You're using Stripe, PayPal, or external checkout for digital goods.

Apple's rule: Digital goods (subscriptions, premium features, in-app content, virtual currency) must use In-App Purchase (StoreKit). No exceptions.

How to fix it:

• Use StoreKit (iOS) or Google Play Billing Library (Android)
• Remove links to external payment pages
• Clearly disclose subscription terms: price, duration, auto-renewal terms, cancellation policy
• Add “Restore Purchases” button for users who reinstall

Exception: Physical goods/services (Uber rides, food delivery, hotel bookings) can use external payment.

6. Metadata Doesn't Match App (Guideline 2.3)

Why it happens:
Your screenshots show features that don't exist, or your description oversells what the app actually does.

How to fix it:

• Screenshot audit: Open each screenshot and find the exact screen in your app. If you can't, remove the screenshot.
• Description audit: Read every feature claim in your description, then test it in your app
• Don't promise “AI-powered” anything unless you actually have AI

7. App is Just a Website Wrapper (Guideline 4.2)

Why it happens:
Your app is a WebView showing your website with no native functionality.

How to fix it:

• Add native UI elements (tab bars, navigation, native buttons)
• Implement offline functionality (cache content locally)
• Use device capabilities: camera, push notifications, biometric auth, location
• Or: Just direct users to your responsive website. Don't waste time on a WebView wrapper Apple will reject anyway.

8. No Demo Account Provided

Why it happens:
Your app requires login, but you didn't provide test credentials in App Review Information.

How to fix it:

• Create a dedicated demo account with full feature access
• Add credentials in App Store Connect: App Information > App Review Information
• Test the credentials immediately before submission (don't let them expire)
• If your app requires special setup (enterprise access, invitation codes), include instructions

9. Age Rating Mismatch

Why it happens:
Your app contains mature content (violence, gambling, sexual themes, profanity), but you marked it as age 4+.

How to fix it:

• Complete the age rating questionnaire accurately
• If your app has user-generated content, disclose it (this typically raises rating to 12+ or 17+)
• If you want a lower age rating, remove mature content
• Implement age gates if needed

10. Using Required Reason APIs Without Declaration (iOS)

Why it happens:
You're using APIs like UserDefaults, file timestamp APIs, or system boot time without declaring why in your Privacy Manifest.

How to fix it:

1. Audit your code for Required Reason APIs
2. Add PrivacyInfo.xcprivacy to your Xcode project
3. Declare each API with an approved reason code

Part 6: After You Hit Submit (What to Expect and How to Respond)

Review Timelines (2026)

iOS:

• Average: 24-48 hours
• Can extend to 7 days during major OS releases (iOS 18, etc.)
• TestFlight beta review: Usually under 24 hours

Google Play:

• Average: 3-7 days
• Can be faster for established developers with good track record
• First submission for new developer accounts can take longer

When (and How) to Respond to Rejections

You got the rejection email. Now what?

1. Read the entire rejection message carefully. Apple and Google provide specific guideline citations and (usually) helpful details. Don't skim — read every word.
2. Check Resolution Center. Sometimes there are screenshots or additional details not included in the email.
3. Fix the root cause, not just the symptom. If you're rejected for “app crashes,” don't just fix the one crash they mention — audit for all potential crashes.
4. Reply in Resolution Center if you need clarification. You can ask reviewers for specifics. Be polite and professional.
5. Resubmit only after you've actually fixed the issue. Resubmitting without changes wastes everyone's time and can flag you as a problem developer.

Part 7: The Final Pre-Submission Checklist

Before you click “Submit for Review,” run through this one last time:

Technical

• ☐ Tested on physical devices (not just simulator/emulator)
• ☐ No crashes in any user flow
• ☐ All buttons and features functional
• ☐ No placeholder content (“Lorem ipsum,” “Coming Soon,” broken images)
• ☐ Privacy Manifest included with all Required Reason APIs declared (iOS)
• ☐ Target API level meets requirements (Android: API 35+)
• ☐ Build signed with Distribution certificate (iOS) or release keystore (Android)

Privacy & Permissions

• ☐ All permission purpose strings are specific and user-friendly
• ☐ Privacy Policy URL is live and comprehensive
• ☐ Data Safety form completed and accurate (Google Play)
• ☐ Content rating questionnaire completed (Google Play)
• ☐ App Tracking Transparency implemented if tracking users (iOS)

Metadata

• ☐ Screenshots accurately represent actual app
• ☐ Description matches real functionality (no false promises)
• ☐ App name/subtitle don't violate trademarks
• ☐ Keywords are relevant and non-spammy (iOS)
• ☐ All required URLs (privacy policy, support) are accessible

Testing & Review Prep

• ☐ Demo account credentials provided and tested (if app requires login)
• ☐ TestFlight beta testing completed with no critical issues (iOS, highly recommended)
• ☐ All in-app purchases tested in Sandbox (iOS) or with test accounts (Android)
• ☐ Third-party SDKs updated to latest versions with Privacy Manifests (iOS)

Business Rules

• ☐ Digital goods use In-App Purchase or Google Play Billing (not external payment)
• ☐ Subscription terms clearly disclosed
• ☐ “Restore Purchases” button present (if applicable)
• ☐ Age rating accurately reflects content

If you can check every box, you're ready. Hit submit.

The Real Secret to App Store Approval

Here's the truth nobody tells you: app store approval isn't about perfection. It's about showing respect for the platform's rules and the reviewer's time.

Apple and Google aren't trying to make your life harder. They're protecting their ecosystems from scams, malware, and poor-quality apps. If you approach the review process with this mindset — “How can I prove my app is safe, functional, and honest?” — approval becomes straightforward.

The checklists above are your insurance policy. Follow them systematically, fix issues before submission (not after rejection), and you'll join the minority of developers who get approved on the first try.

What's Next?

You've submitted your app. While you wait for review, here's what you should be doing:

1. Monitor crash reports (set up Crashlytics, Sentry, etc. if you haven't)
2. Prepare your launch plan (app store optimization, marketing, press outreach)
3. Line up user feedback channels (support email, in-app feedback, social media)
4. Plan your first update (feature improvements, bug fixes based on early user feedback)

About This Guide
This checklist is maintained by the Fload team and updated regularly with the latest App Store and Google Play requirements. Last updated: February 2026.

Bookmark this page. You'll need it for every submission. 🚀

Team Fload

Founders

Share𝕏in