Mobile Store Compliance Auditor

Catch App Store and Google Play rejection causes before you submit — privacy manifest, permissions, billing, target SDK, ATT.

Install
cmdop skills install agensi-mobile-store-compliance-auditor

Mobile Store Compliance Auditor is a skill that statically analyzes a mobile app’s code and configuration files to identify the specific issues that cause Apple App Store and Google Play rejections before an app is submitted.

For the Apple App Store, it runs 16 checks covering the Privacy Manifest (PrivacyInfo.xcprivacy) and required-reason APIs, permission usage strings in Info.plist, App Tracking Transparency including the 2025 recipient-disclosure requirement, account deletion compliance under Guideline 5.1.1(v), in-app purchase vs. external payment rules under Guideline 3.1.1, Sign in with Apple, encryption compliance, background modes, AI consent disclosure, and web-wrapper minimum functionality.

For Google Play, it runs 15 checks covering the target API level requirement (35 now, 36 required August 2026), foreground service types mandatory on Android 14+, restricted permissions such as QUERY_ALL_PACKAGES and background location, Google Play Billing vs. alternative billing rules for the US and EEA, Data Safety form alignment, account and data deletion, cleartext traffic, AAB and 64-bit requirements, and the Families policy.

The skill detects the project’s framework — React Native, Expo, Flutter, Capacitor/Ionic, or NativeScript — and maps all relevant config surfaces including Info.plist, manifests, entitlements, build.gradle, and payment code. It produces a MOBILE_STORE_AUDIT.md file grading each finding as Blocker, High, Medium, or Low, with the exact file location, the guideline cited, a description of the problem, and a copy-pasteable fix.

It performs static analysis only. It does not submit apps, does not access App Store Connect or Play Console, and does not check store-listing assets. It does not guarantee approval.

Use cases

  • Audit an Expo or React Native app for missing Privacy Manifest entries before an App Store submission
  • Check a Flutter app's Android manifest for restricted permissions that would trigger a Google Play rejection
  • Identify billing-compliance issues in a subscription app after post-Epic US or EEA DMA rule changes
  • Run a pre-submission checklist on a first app to catch Blocker-level issues before the review queue
  • Diagnose why a previously rejected app was blocked by reviewing all applicable store guidelines against the current codebase
  • Verify foreground service type declarations in an Android 14+ app that crashes due to missing manifest entries

When to use it

  • Before any App Store or Google Play submission to catch rejection causes early
  • After a rejection to identify which guideline violation triggered it before resubmitting
  • When working with cross-platform frameworks like Expo or Flutter where privacy manifest or target-SDK issues can be introduced silently by plugins
  • When adding features involving ads, subscriptions, location, contacts, or AI that trigger additional store policies

When not to use it

  • When review of store-listing assets (screenshots, metadata, descriptions) is needed — those are out of scope
  • When the goal is to submit the app or interact with App Store Connect or Play Console directly
  • When runtime behavior testing or dynamic analysis is required — this is static config and code review only
  • When a guarantee of approval is needed — reviewer discretion is not covered by any static check
  • When the target platform is outside Apple App Store or Google Play