App Store Review: Common Rejection Patterns and How to Prevent Them
This reference documents the App Store Review Guideline sections that generate the highest rejection volume for apps submitting in 2026, with specific test steps and remediation guidance for each. It is intended as a working reference for QA leads and release engineers, not as a replacement for reading the current App Store Review Guidelines directly.
Category 1: Privacy manifest and required reason APIs (Guideline 5.1.1)
Enforcement began April 2024 and applies to all new submissions and updates. Apps using any required reason API must include a valid reason code in PrivacyInfo.xcprivacy. Third-party SDKs that use required reason APIs must include their own privacy manifests, which Xcode merges into the final build.
- Required reason API categories: File timestamp APIs, System boot time APIs, Disk space APIs, Active keyboard APIs, User defaults APIs
- Test step: run 'xcodebuild -create-xcframework' privacy manifest audit and review the merged output
- Common failure: third-party analytics or crash SDKs include required reason API calls but their privacy manifests were not updated to include valid reason codes
- Remediation: update SDK to a version that includes a compliant privacy manifest; if no update is available, document the API usage with the closest valid reason code and be prepared to provide justification to App Review
Category 2: In-app purchase bypass (Guideline 3.1.1)
Apple enforces IAP requirements on all apps that offer digital goods or services. External payment links, reader app exemptions, and the court-mandated external link entitlement each have specific and narrow scopes.
- Any digital content, subscriptions, or virtual goods sold within the app must use Apple's IAP system
- Reader apps (streaming services, e-readers, news apps) may not include an in-app button or link to external purchase flows without the External Link Entitlement
- The External Link Entitlement (available in the US only) permits a single link out; the linked page must comply with Apple's external link guidelines
- Test step: complete a full purchase flow for every purchasable item in the app; verify each transaction completes via StoreKit
Category 3: App metadata accuracy (Guideline 2.3.7)
Metadata accuracy violations are commonly overlooked because they are not caught by automated testing. A redesign that is not reflected in screenshots, or a description that references features removed in the current release, will trigger a rejection.
- Screenshots must accurately reflect the current build being submitted
- Preview video (if present) must reflect the current UI and not show deprecated or removed features
- App description must not claim capabilities not present in the submitted build
- Test step: review all screenshots, preview video, and description against the final build before submission; update assets after any UI change
Category 4: App Privacy nutrition labels (Guideline 5.1.2)
App Privacy labels are attested declarations. Submitting inaccurate labels is a violation regardless of whether the inaccuracy was intentional. Labels must be reviewed every time the app's data collection behaviour changes.
- Review labels after any new SDK integration (analytics, advertising, crash monitoring, attribution)
- Third-party SDKs may collect data independently of the app's own code — the app is responsible for declaring all data collection including SDK-initiated collection
- Test step: cross-reference App Privacy declarations against the SDK integration documentation for each third-party SDK in the current build
- Common failure: adding a new marketing attribution SDK without updating the tracking declaration in App Privacy labels
Frequently asked questions
Apple updates the App Store Review Guidelines multiple times per year, typically aligned with major iOS releases (June/July for the beta, September/October for GA) and in response to regulatory developments. The most significant recent changes have been in the privacy manifest requirement (April 2024), the External Link Entitlement for US apps (2024), and the ongoing updates to data usage label requirements. The current guidelines are published at developer.apple.com/app-store/review/guidelines/.
Need more detail?
Our team can provide vertical-specific data, custom analysis, or a live walkthrough of any resource on this page.