Apple App Store Review Guidelines: Developer Reference 2026
The 10 most enforced guidelines, with real rejection examples, exact fixes, and insider tips from developers who went through the review process.
Apple reviewed over 1.7 million apps in 2025, rejecting approximately 17% on first submission. The majority of those rejections were preventable: they came from the same set of guidelines, applied inconsistently by developers who had not read them carefully. Here is the practical version: what each guideline actually means, what triggers rejection, and exactly how to fix it.
Objectionable Content
Apple will reject apps containing content that many people will find objectionable. This includes hate speech based on race, religion, or sexual orientation; glorification of violence; or content that demeans specific individuals.
Real rejection trigger
A meme generator app that allows users to overlay text on images: if those images can be used to generate hateful content, it will be rejected even if the developer did not intend it.
How to fix it
Implement content moderation for user-generated content. Add a reporting mechanism. Define a clear content policy and enforce it. Rate the app appropriately.
Insider tip
Apple requires apps with UGC to have built-in moderation. Even if you rely on community reports, you must demonstrate that reported content is acted upon within 24 hours.
App Completeness
Apps must be complete and ready for release at the time of submission. Beta, prototype, trial, and demo versions are not accepted.
Real rejection trigger
An app submitted with placeholder 'Coming Soon' screens, non-functional buttons, or Lorem Ipsum text: this is one of the most common reasons for first-time rejections.
How to fix it
Every screen, button, and flow must be functional. Remove all debug-only screens. Complete all onboarding flows. Test every entry point an Apple reviewer might access.
Insider tip
Apple reviewers specifically try edge cases: no internet, empty states, and unfilled form fields. These must all be handled gracefully.
Accurate Metadata
Your app's name, description, screenshots, and keywords must accurately represent its functionality. Misleading metadata is one of the fastest ways to get rejected: or removed post-launch.
Real rejection trigger
An app description that says 'edit and share videos' when the app only provides a link to a website where users can upload videos elsewhere.
How to fix it
Every feature mentioned in your description must be demonstrably present in the submitted build. Screenshots must match the actual UI, not a design mockup.
Insider tip
Apple has increasingly begun removing apps post-launch when metadata is found misleading after a review cycle. Keep descriptions accurate with every update.
No Keyword Stuffing
App names and subtitles cannot include terms irrelevant to the app's functionality, competitor brand names, or excessive keyword strings designed to game search ranking.
Real rejection trigger
App name: 'Photo Editor Pro: Best Filter Instagram Clone'. The terms 'Instagram' and 'Best' violate this guideline.
How to fix it
App name should be the actual product name. Use the 100-character keyword field for additional terms. Keep subtitle (30 chars) descriptive of the core value, not a keyword list.
Insider tip
Apple's metadata review is getting stricter. Using a competitor's trademarked name in any metadata field risks both rejection and legal action.
In-App Purchase
All digital goods and services purchased within an iOS app must use Apple's In-App Purchase system. This includes subscriptions, premium features, virtual currency, and digital content.
Real rejection trigger
A fitness app that links to its website for premium plan purchases, bypassing StoreKit entirely. Even a CTA like 'Sign up at example.com for $9.99/month' can trigger rejection.
How to fix it
Use StoreKit 2 for all in-app digital purchases. Physical goods (e.g., merchandise), real-world services (e.g., Uber), and business-to-business software are exempt.
Insider tip
The App Store Small Business Program reduces commission to 15% for developers earning under $1M annually: often making StoreKit more viable than it seems.
Subscription Terms Disclosure
Subscription pricing, trial duration, and renewal terms must be clearly disclosed before the user commits to a purchase. Hidden or obscured pricing is grounds for immediate rejection.
Real rejection trigger
A 'Try Free' button that starts a 3-day trial and then auto-charges $49.99/month, where the renewal price is buried in fine print below the fold.
How to fix it
Show trial length, price after trial, and renewal frequency prominently on the purchase screen. Use Apple's native subscription sheet. Link to subscription management in settings.
Insider tip
Apple reviewers specifically test the subscription flow. They will read the fine print. Make sure all price information is in plain view without scrolling.
Minimum Functionality
Apps must justify their existence on the App Store. Extremely simple apps, single-function web view wrappers, and apps that duplicate free iOS functionality will be rejected.
Real rejection trigger
A 'flashlight' app, a calculator that does only basic math, or a pure web view wrapper for a responsive website without any native features.
How to fix it
Add genuine native value: push notifications, widget support, offline functionality, Apple Watch companion, Shortcuts integration. Combine related utilities into a single richer app.
Insider tip
If your app is a web view wrapper, you must own the domain, and the web app must offer features that are distinctly better as a native app (offline, notifications, etc.).
Spam / Duplicate Apps
Submitting multiple apps that are essentially the same: varying only in content that could be delivered via a content update: is not permitted. This includes apps identical to yours that you release under different developer accounts.
Real rejection trigger
A quiz app developer who submits 20 near-identical apps varying only in the quiz topic (Football Trivia, Basketball Trivia, Soccer Trivia, etc.).
How to fix it
Consolidate similar apps into a single app with content type selection. Use in-app purchases to unlock content packs. This is better for discoverability and user retention anyway.
Insider tip
This guideline also applies to reseller apps: app templates sold and rebranded by multiple developers are flagged by Apple's automated systems.
Privacy Policy
All apps must include a privacy policy link in the App Store listing and within the app itself if the app collects any user data, uses analytics, or includes social features.
Real rejection trigger
Any app using Firebase Analytics, Crashlytics, or any third-party SDK that collects device or usage data: even anonymously: must have a privacy policy.
How to fix it
Write a real privacy policy (not generic boilerplate). Host it on a stable URL. Add it to App Store Connect under App Privacy. Link it from your app's Settings or About screen.
Insider tip
Apple cross-references your App Privacy section (data types declared) with what SDKs are known to collect. Inaccurate declarations are now an automatic rejection.
Data Use and Sharing
Apps must only collect data that is genuinely necessary for functionality. Data collected for one purpose cannot be used for another without explicit user consent.
Real rejection trigger
A weather app that requests contact access 'to sync your location contacts': this is not proportionate to the weather function and will be rejected.
How to fix it
Audit every permission against a genuine feature requirement. Use NSUsageDescription strings to clearly explain why each permission is needed. Request permissions lazily.
Insider tip
Apple reviewers read your NSUsageDescription strings. If the string says 'We need your camera' without context, it will be flagged. Be specific: 'To scan product barcodes'.
Before you submit: the 10-minute pre-check
Install your release build on a physical device: not a simulator
Test every flow: onboarding, core feature, settings, account deletion
Check every external link and URL in your app
Confirm your privacy policy URL is live and accessible
Verify all permissions have meaningful NSUsageDescription strings
Ensure no placeholder or Lorem Ipsum content is visible
Test with no internet connection: all empty states must be handled
Review your screenshots: do they match the current UI exactly?
Confirm your demo account credentials work (for login-gated apps)
Run the App Health Check at AppTester.co for an automated pre-scan
Know before Apple tells you
Our App Health Check scans your IPA for the most common guideline violations: privacy manifests, permissions, metadata issues, and build mode: in under 30 seconds. Free to use.