Updated April 2026
Complete Checklist for iOS App Submission to the Apple App Store
Everything you need to publish your iPhone or iPad app successfully in 2026 — from Xcode configuration and provisioning profiles to App Store Connect metadata, privacy requirements, and post-submission steps.
1.8B+Active iOS devices
$99/yrDeveloper programme fee
1–3 daysAverage review time
65+Items in this checklist
30%Apple’s commission (standard)
Submitting an app to the Apple App Store is one of the most detail-intensive processes in software publishing. Unlike Google Play, Apple’s review is conducted by human reviewers who assess your app against the App Store Review Guidelines — and they are thorough.
Miss a provisioning profile, skip a required privacy string, or submit a screenshot at the wrong resolution, and you’ll face rejection and a delay of several days. This end-to-end checklist — maintained by the specialists at MobileMerit.com — ensures you get it right the first time.
0 / 65
🏢 Phase 1: Apple Developer Programme Setup
You need an active Apple Developer Programme membership before you can submit anything to App Store Connect.
Account & Membership Prerequisites
6 itemsEnrol in the Apple Developer Programme ($99/year)Required to distribute apps on the App Store; enrol at developer.apple.com/programs
Critical
Verify your Apple ID and accept latest licence agreementsLog in to App Store Connect and accept any pending agreements
Critical
Set up your banking and tax information in App Store ConnectRequired to receive paid app revenue or in-app purchase payouts
High
Add team members and assign roles (if working in a team)Admin, App Manager, Developer, Marketing — assign least-privilege roles
Medium
Enable two-factor authentication on your Apple IDRequired for all Apple Developer accounts; protects against takeover
Critical
Create your app record in App Store ConnectApps → (+) New App → set platform, name, primary language, Bundle ID, SKU
Critical
⚙️ Phase 2: Xcode Build & Technical Requirements
Apple has strict technical requirements for your IPA. Every field in Xcode’s build settings matters.
Always build with the latest Xcode release
Apple requires apps to be built with the most recently released version of Xcode. Apps built with outdated Xcode versions may be rejected automatically after a grace period. Check developer.apple.com/news/releases before every submission.
Xcode Configuration & Build Settings
11 itemsUse the latest stable release of XcodeCheck Xcode version matches Apple’s current submission requirement
Critical
Set Deployment Target to iOS 16.0 or higher (recommended)Broader reach while still supporting latest APIs
High
Build for Release, not Debug — archive the .ipa correctlyProduct → Archive → Distribute App → App Store Connect
Critical
Confirm Bundle Identifier matches App Store Connect record exactlyCase-sensitive; mismatch causes immediate upload rejection
Critical
Set correct CFBundleShortVersionString (Marketing Version)Must increment with each new App Store release (e.g., 1.0.0 → 1.1.0)
Critical
Set correct CFBundleVersion (Build Number) — must be higher than previousTestFlight and App Store reject uploads with duplicate build numbers
Critical
Enable App Thinning (Bitcode / Asset Catalogs) where applicableReduces download size for users; use xcassets for all image resources
Medium
Remove all debug symbols, test code, and placeholder contentIncluding Lorem Ipsum, test accounts, hardcoded API keys
Critical
Enable Swift strict concurrency / Sendable compliance (Swift 6)Swift 6 mode catches data race issues at compile time
Medium
Run Validate App in Xcode Organizer before uploadingCatches common errors before the binary reaches Apple’s servers
High
Upload IPA via Xcode Organizer or Transporter appCommand-line: xcrun altool –upload-app (deprecated); use Transporter 2.x
Critical
Technical Specifications Quick Reference
| Requirement | Specification | Status |
|---|---|---|
| Build tool | Latest stable Xcode release | Mandatory |
| Minimum iOS target | iOS 16.0+ (recommended) | Recommended |
| Architecture | arm64 (64-bit only) | Mandatory |
| IPA size limit | 4 GB total; 200 MB OTA download | Mandatory |
| On-Demand Resources | Use for assets > 200 MB | Recommended |
| Privacy Manifest | PrivacyInfo.xcprivacy required | Mandatory |
| App Sandbox | Required; entitlements must match usage | Mandatory |
| IPv6 compatibility | App must work over IPv6-only networks | Mandatory |
🔑 Phase 3: Certificates, Identifiers & Provisioning
Code signing is the most technically confusing part of iOS submission. Get this right and the rest is easier.
Certificates, Identifiers & Profiles
7 itemsCreate an App ID (Bundle Identifier) in the Developer Portaldeveloper.apple.com → Certificates, Identifiers & Profiles → Identifiers
Critical
Generate a Distribution Certificate (Apple Distribution)Used to sign your production build; store the .p12 file securely
Critical
Create an App Store Distribution Provisioning ProfileLinks your App ID + Distribution Certificate; download and install in Xcode
Critical
Enable only required capabilities / entitlements in App IDPush Notifications, Sign in with Apple, iCloud, HealthKit — match exactly with Xcode entitlements
High
Use Automatic Signing in Xcode for CI/CD pipelinesXcode manages profiles automatically; or use fastlane match for team-wide consistency
Medium
Verify APNs certificate if app uses Push NotificationsProduction APNs cert (or token-based auth p8 key) must not be expired
High
Check all certificates are not expired before submissionExpired certificates will fail the upload step silently or with a cryptic error
Critical
🖼️ Phase 4: App Store Connect — Metadata & Assets
Your store listing directly impacts conversion rates and discoverability. Apple also enforces strict asset specifications.
App Name, Description & Metadata
8 itemsApp Name: max 30 characters, keyword-richPrimary ASO signal; must match the name in your Xcode project
Critical
Subtitle: max 30 characters — explain your core value propositionShown below the app name in search results; strong ASO opportunity
High
Keywords field: max 100 characters, comma-separatedDo not repeat words from your title; no spaces after commas
High
Description: max 4,000 characters, benefits-first writingFirst 3 lines appear before “more” — lead with your key differentiator
Critical
Promotional Text: max 170 characters (updatable without new build)Use for time-sensitive announcements, sales, or feature highlights
Medium
Select the most accurate Primary Category and Sub-categoryAffects discoverability in browse and Today tab placements
High
Add “What’s New” text for updates (version release notes)Required for updates; highlight new features and bug fixes
High
Localise your metadata into key markets (EN-GB, FR, DE, JA, etc.)Localised listings rank higher and convert better in non-English markets
Medium
Screenshots, App Previews & App Icon
8 itemsiPhone 6.9″ screenshots required (1320×2868 px or 1290×2796 px)Required for all new submissions from iOS 18; covers iPhone 16 Pro Max
Critical
iPhone 6.5″ screenshots (1284×2778 px) or let 6.9″ fill inIf you provide 6.9″ screenshots, Apple uses them for 6.5″ too
High
iPad Pro 12.9″ 3rd gen+ screenshots (2048×2732 px) if supporting iPadRequired if your app supports iPad; provide at minimum 2 screenshots
High
Upload minimum 2, maximum 10 screenshots per device sizeFirst screenshot is your hero shot — make it count
Critical
Screenshots show actual in-app UI (not marketing composites)Apple requires screenshots to accurately represent the app experience
Critical
App Preview video: 15–30 sec, MP4/MOV, from actual device captureOptional but increases conversions; must show real app — no animated mockups
Medium
App Icon: 1024×1024 px PNG, no rounded corners, no alpha channelApple adds the rounded mask; alpha transparency causes rejection
Critical
All sizes of app icon included in Assets.xcassets (AppIcon)Xcode generates sizes automatically from 1024×1024 source image
Critical
🔒 Phase 5: Privacy, Data & Permissions
Apple’s privacy requirements are among the strictest in the industry. Every permission needs a usage description string — and the new Privacy Manifest is mandatory.
Privacy Manifest (PrivacyInfo.xcprivacy) is mandatory
Since May 2024, Apple requires all apps and third-party SDKs to include a Privacy Manifest file declaring which Required Reason APIs they use and why. Missing or inaccurate manifests result in rejection.
Privacy Manifest, Permissions & Data Declarations
9 itemsAdd PrivacyInfo.xcprivacy manifest to your app targetDeclare all Required Reason APIs, data types collected, and tracking domains
Critical
Add NSUsageDescription strings for every permission requestedCamera, Location, Microphone, Contacts, Photos, HealthKit, Bluetooth — all require a reason string in Info.plist
Critical
Request permissions only when contextually necessary (just-in-time)Requesting all permissions on launch causes rejections and user distrust
High
Host a publicly accessible Privacy Policy URLRequired for all apps; must be linked in App Store Connect and inside the app
Critical
Complete the App Privacy (Nutrition Labels) section in App Store ConnectDeclare all data types collected, linked to identity, used for tracking
Critical
Implement ATT (App Tracking Transparency) prompt if tracking usersNSUserTrackingUsageDescription + requestTrackingAuthorization() required
Critical
Provide account deletion functionality if app has user accountsMandatory since June 2022 — must delete server-side data too
Critical
Review all third-party SDK privacy manifests are includedSDKs like Firebase, Amplitude, Adjust must supply their own PrivacyInfo.xcprivacy
High
Comply with COPPA / GDPR-K if app is directed at children under 13Use the Kids Category; no third-party analytics, no behavioural ads
High
📋 Phase 6: App Review Guidelines Compliance
Apple’s App Store Review Guidelines cover safety, performance, design, legal, and business. Human reviewers check all of these.
Content, Design & Policy Compliance
8 itemsApp is complete — no placeholder screens, “coming soon” features, or broken flowsApple reviewers will test your app; incomplete apps are rejected under Guideline 2.1
Critical
App does not crash or produce major ANRs on any tested deviceStability is the single most common rejection reason
Critical
App works on all supported device sizes and orientationsBroken layouts on iPad or in landscape mode cause rejections
High
All links in the app are functional (no 404 errors, no broken web views)Reviewers follow links; broken URLs result in rejection under Guideline 2.1
High
In-app purchases use Apple’s StoreKit — no external payment promptsDirecting users to pay outside the app (except approved entitlements) is a rejection
Critical
App does not use private/undocumented Apple APIsStatic analysis detects this; rejection is immediate with no appeal path
Critical
App icon, name, and screenshots do not use Apple trademarksNo Apple logos, iPhone outline, or product names in your assets
High
Age Rating accurately reflects all content in the appComplete the age rating questionnaire honestly; misleading ratings are removed
Critical
🧪 Phase 7: TestFlight & Pre-Submission Testing
Thorough testing on real devices before submission dramatically reduces rejection rates and improves your app’s rating out of the gate.
Use TestFlight for external testing before production
TestFlight external testing requires a brief review by Apple (usually under 24 hours) but lets you test with up to 10,000 external testers. Always run a full TestFlight cycle before submitting to production.
Testing Requirements
8 itemsTest on real physical devices — not just simulatorSimulator doesn’t expose camera, GPS, NFC, or biometric edge cases
Critical
Test on the oldest supported iOS version (your deployment target)APIs available on iOS 17 may crash on iOS 16 without @available guards
High
Test on both iPhone and iPad if app is UniversaliPad-specific layout bugs are a frequent review rejection reason
High
Run Instruments (Leaks + Time Profiler) to check for memory leaksMemory leaks and retain cycles degrade experience and may cause crashes
Medium
Distribute via TestFlight and collect feedback from beta testersAim for at least 2 weeks of external TestFlight testing before submission
High
Test all in-app purchase flows in sandbox environmentApp Store Connect → Sandbox Testers; test purchase, restore, and cancel flows
Critical
Verify VoiceOver accessibility on key screensAccessibility failures are increasingly scrutinised under Guideline 5.1.1
Medium
Test Dark Mode, Dynamic Type, and high-contrast accessibility settingsApps that break under accessibility settings receive low ratings and rejections
Medium
💰 Phase 8: In-App Purchases & Monetisation
StoreKit & Revenue Setup
5 itemsImplement using StoreKit 2 (Swift) or StoreKit 1 (Obj-C legacy)StoreKit 2 is the modern API with async/await; required for iOS 15+ native experiences
High
Create all IAP products in App Store Connect (must be “Ready to Submit”)Products in “Missing Metadata” or “Waiting for Screenshot” state block submission
Critical
Set up banking / tax details before going live with paid contentPaid apps and IAPs are blocked until paid agreements are signed
Critical
Provide a “Restore Purchases” button for non-consumable IAPsRequired by Guideline 3.1.1; failure to include causes rejection
Critical
Display subscription terms, price, and renewal clearly before purchaseAll subscription pricing must be clearly shown — no dark patterns
High
🚀 Phase 9: Final Submission in App Store Connect
Pre-Publish Final Checks
5 itemsSelect your uploaded build from TestFlight in the submission formBuilds expire after 90 days in TestFlight; use a recent one
Critical
Fill in “Notes for App Review” — provide test credentials if login requiredWithout test account details, reviewers cannot access gated content
Critical
Choose release type: Manual, Automatic, or Phased ReleasePhased Release rolls out to 1% → 100% of users over 7 days — recommended for new apps
Medium
Confirm pricing tier and territory availabilityCheck that your app is available in all intended countries/regions
High
Click “Submit for Review” and monitor review status in App Store ConnectYou’ll receive email updates; typical review 1–3 days; sensitive categories may take longer
Critical
❌ Top 12 Reasons iOS Apps Get Rejected
These are the most common issues flagged by Apple’s review team in 2025–2026.
| # | Rejection Reason | Guideline | Fix | Severity |
|---|---|---|---|---|
| 1 | App crashes on launch or during review | 2.1 | Fix crashes in Xcode; test on all supported OS versions | Critical |
| 2 | Incomplete or broken privacy policy | 5.1.1 | Host at a public URL; link in App Store Connect | Critical |
| 3 | Missing or incorrect privacy manifest | 5.1.2 | Add PrivacyInfo.xcprivacy; declare all Required Reason APIs | Critical |
| 4 | No test credentials provided for login-gated app | 2.1 | Add credentials in Notes for App Review | High |
| 5 | External payment links without entitlement | 3.1.1 | Remove or apply for StoreKit External Purchase entitlement | Critical |
| 6 | App looks unfinished / placeholder content | 2.1 | Remove Lorem Ipsum, dummy data, grayed-out features | High |
| 7 | Screenshots do not match app functionality | 2.3 | Use actual in-app screenshots; no staged mockups | High |
| 8 | Use of private/undocumented APIs | 2.5.1 | Audit all API calls; replace with documented equivalents | Critical |
| 9 | Missing “Restore Purchases” button | 3.1.1 | Add a restore button accessible from settings or paywall | High |
| 10 | Broken links or web views returning 404 | 2.1 | Test all URLs in the app; ensure server is live during review | High |
| 11 | Inaccurate age rating / hidden mature content | 1.3 | Re-complete age rating; set content filtering for user-generated content | Critical |
| 12 | App only works with internet — no offline state handling | 2.1 | Show a friendly offline state; don’t crash without connectivity | Medium |
Getting Rejected by the App Store?
The MobileMerit.com team has guided 300+ iOS apps through App Store review — from first submission to global launch. Let us review your app before you submit.
Get a Free App Audit View Our Services📚 Official Resources & Essential Links
Bookmark these official Apple and community resources — they are your single source of truth for submission requirements.
App Store ConnectSubmit and manage your iOS apps
App Store Review GuidelinesThe definitive policy document — read before every release
Privacy Manifest DocumentationHow to create PrivacyInfo.xcprivacy correctly
TestFlightBeta test your app before submitting to production
StoreKit DocumentationImplement in-app purchases and subscriptions correctly
App Privacy DetailsGuide to completing the App Privacy / Nutrition Labels section
Apple Developer Videos (WWDC)Submission guidelines explained by Apple engineers
MobileMerit.comExpert iOS development, ASO & App Store submission services
❓ Frequently Asked Questions
Answers to the most common iOS App Store submission questions from developers in 2026.
How long does Apple App Store review take in 2026? +
The vast majority of App Store submissions are reviewed within 24–48 hours. Apple’s review time tracker at developer.apple.com shows real-time averages. First-time submissions, apps in categories like Health, Finance, Kids, or VPN can take 3–5 business days. If your app hasn’t been reviewed within 7 days, you can use the Resolution Centre in App Store Connect to request an expedited review.
What is a Privacy Manifest and is it really required? +
Yes — as of May 2024, Apple requires a Privacy Manifest file (PrivacyInfo.xcprivacy) for all new app submissions and updates. The manifest declares which “Required Reason APIs” your app uses (such as file timestamps, user defaults, or disk space), the purpose for using them, the data types collected, and whether any tracking domains are used. Third-party SDKs must also supply their own manifests. Without this file, or with inaccurate declarations, your app will be rejected. See Apple’s Privacy Manifest documentation for the full list of APIs and their acceptable reasons.
What happens if my app is rejected? Can I appeal? +
If rejected, you’ll receive a detailed message in the Resolution Centre explaining which guideline was violated and why. You have three options: (1) Fix and resubmit — address the issue and upload a new build; (2) Reply to the reviewer via the Resolution Centre if you believe the rejection was made in error; (3) Formally appeal to the App Review Board if you believe Apple’s interpretation is incorrect. Appeals are taken seriously — Apple overturns a meaningful proportion of contested decisions. Do not submit a new build without addressing the specific feedback, as this extends your wait time.
Does my iOS app need to support iPad as well as iPhone? +
No — you can submit an iPhone-only app. However, if your app is iPhone-only, you should explicitly set the Targeted Device Families build setting to iPhone only (value: 1) in Xcode to prevent it from appearing as a scaled-up iPhone app on iPad. If you do support iPad (Universal), you must supply iPad-specific screenshots at 2048×2732 px for the 12.9″ iPad Pro, and your UI must work correctly on all iPad screen sizes including Split View and Slide Over.
Can I use third-party payment processors instead of Apple’s StoreKit? +
This is a complex and evolving area. In the United States, following the Epic v. Apple ruling, Apple now allows apps to link to external payment websites under a specific entitlement (StoreKit External Purchase Entitlement). In the European Union, under the Digital Markets Act, alternative payment options and alternative app distribution are available. For all other regions, you must use Apple’s StoreKit for in-app purchases of digital goods and subscriptions. Physical goods and services (e.g., Uber, food delivery) are exempt and may use third-party payments. Consult Apple’s Guideline 3.1 for the current rules in your region.
What are App Privacy Nutrition Labels and how do I fill them in? +
App Privacy labels (sometimes called “nutrition labels”) are a section in App Store Connect where you disclose what data your app collects, how it’s used, and whether it’s linked to a user’s identity. Data types include identifiers, location, usage data, diagnostics, contacts, browsing history, purchases, and more. You must accurately declare data collected by your own code and by any third-party SDKs you include. The labels are shown to users on your App Store listing page. Inaccurate labels are a policy violation and can result in removal. Apple provides detailed guidance at developer.apple.com/app-store/app-privacy-details.
How do I request an expedited review from Apple? +
Log in to App Store Connect, navigate to your app, go to the current version, and in the App Review section click “Request Expedited Review.” You’ll need to provide a business justification. Legitimate reasons include: critical bug fixes (crash, security vulnerability, data loss), time-sensitive app launches tied to a real-world event, or legal/regulatory compliance deadlines. Apple grants expedited reviews selectively — frivolous requests may be declined and could affect future requests. Typically, approved expedited reviews are completed within 24 hours.
What is Phased Release and should I use it? +
Phased Release rolls out your approved update to a percentage of eligible users over 7 days: 1% on Day 1, 2% on Day 2, 5% on Day 3, 10% on Day 4, 20% on Day 5, 50% on Day 6, and 100% on Day 7. You can pause the rollout at any point if you detect critical crashes. It is strongly recommended for all apps, especially major version updates — catching a production crash before it reaches all users can save your rating and prevent thousands of negative reviews. You can also manually accelerate or complete the rollout at any time from App Store Connect.
Ready to Launch on the App Store?
Use this checklist as your submission playbook. If you need expert iOS development, App Store Optimisation, or review guidance, the team at MobileMerit.com is here to help.
Visit MobileMerit.com Read More Guides