A
App Review Checker
App Store & Google Play pre-submit audit

The most common App Store rejection reasons

Most iOS rejections aren't mysterious — they cluster around a handful of recurring issues. Here are the ones we see most, and exactly what to check before you submit.

1. Guideline 2.1 — App completeness & crashes

The single most common rejection. Reviewers open your app on a real device and it crashes, shows placeholder content, has broken links, or requires a login they can't complete. Fix it by testing every flow end to end on physical hardware, removing any "beta / demo / coming soon" content, and providing a working demo account in App Review notes.

2. Missing or empty permission purpose strings

If your app requests the camera, microphone, location, photos, contacts or tracking and the matching NS…UsageDescriptionkey is missing or empty, the build is rejected automatically. Every requested capability needs a clear, specific purpose string that explains the user benefit — not just "needed for the app to work."

3. Privacy manifest & required-reason APIs

Since 2024 Apple requires a PrivacyInfo.xcprivacy privacy manifest for apps and many SDKs that use required-reason APIs (file timestamps, user defaults, disk space, system boot time). Missing or incomplete declarations now trigger rejections at upload. Audit your third-party SDKs too — they are a frequent source.

4. In-app purchase & payment violations (3.1.1)

  • Selling digital content or subscriptions without Apple In-App Purchase.
  • Linking out to an external website to pay for digital content.
  • Missing a Restore Purchases button for non-consumables.
  • Unclear subscription pricing, terms, or cancellation info.

5. Account deletion (5.1.1)

If users can create an account, they must be able to delete it — and all associated data — from within the app. The option must be easy to find and must actually delete, not just deactivate.

6. Minimum functionality & web wrappers (4.2)

Apps that are essentially a repackaged website, a thin WKWebView, or a template with little native value get rejected. Make sure your app does something a mobile web page can't.

7. App Transport Security disabled (2.5.1)

Setting NSAllowsArbitraryLoads = YES with no exceptions disables HTTPS enforcement entirely and draws scrutiny. Scope exceptions to specific domains and justify each one.

How App Review Checker helps

Upload your .ipaand we automatically check the privacy manifest, permission strings, ATS configuration, encryption declaration, icons, launch storyboard and more — then walk you through the manual items (IAP, account deletion, ATT, metadata accuracy) a binary can't detect.

Check your build before you submit

Run your .ipa or .apk through App Review Checker and catch these issues in seconds.

Check an app