ZenCodeLabs Logo

Avoid Rejection: App Store & Google Play Checklist 2025

Everything you need before hitting ‘Publish’—step-by-step checks for App Store & Play Store submissions, CI/CD, compliance, testing, and post-launch monitoring in 2025.

Ahsan A 18 min read
Avoid Rejection: App Store & Google Play Checklist 2025

Table of Contents

What to do before you press Publish

  1. Pass functional QA + device testing (real devices).
  2. Complete app store metadata, screenshots, and ASO assets.
  3. Complete privacy & compliance (Privacy Nutrition, data disclosure).
  4. Verify code signing, provisioning, and store credentials.
  5. Confirm build settings (target SDK/API level, architectures).
  6. Run CI/CD to build, test, sign, and distribute to TestFlight / Play internal testing.
  7. Use staged rollout and monitor crash/analytics after launch.

This guide expands each step and gives links, commands, and real-world tips so your first submission in 2025 isn’t the one that wakes you at 3am.

1) Legal & compliance: privacy, age rating, and policies (do this early)

  • Privacy Nutrition / App Privacy: Apple requires you to declare what data you collect, why, and how it’s used (the “App Privacy” or privacy nutrition questionnaire in App Store Connect). Prepare a short privacy policy and map every API, SDK or analytics tool to a clear purpose. Apple App Privacy Details
  • Google Play policies: Review Play Policy updates (e.g., billing, restricted content). If you use in-app purchases, verify you’re using the required Play Billing library version and disclosures. Keep policies and TOS links ready. Google Play Policy Center
  • Age rating & COPPA: Assign correct age ratings; if your app targets children, follow Apple’s kids’ app rules and Google’s Families policy. Have parental-consent flows documented if needed.

Tip: Put your privacy policy URL on the app listing and inside the app (Settings/About). That same URL will be requested by both stores.

2) Technical prerequisites — build, signing, SDKs

  • Xcode / macOS for iOS: Apple requires builds to be made with supported Xcode/SDK versions. Keep Xcode updated and confirm the minimum required SDKs in Apple’s “upcoming requirements” notes. Test with the same Xcode used for archiving. Apple Release Notes
  • Target API level (Android): Google Play requires submissions to target current API levels. As of 2025, new apps/updates must target Android 15 (API 35) or higher (with limited exceptions). Make sure your Gradle configuration, libraries, and native dependencies compile against the target SDK. Target API Level requirements
  • App Signing & Key management: For Play, use Play App Signing / App Integrity and protect your JSON service accounts (.json for fastlane supply). For iOS, maintain provisioning profiles and an App Store Connect account with correct roles. Never commit signing keys to public repos. App Signing docs

Checklist

  • Xcode version confirmed for iOS build
  • Android targetSdkVersion updated to required API level
  • Signing keys backed up and secured (keystore, App Signing)
  • CI has access to signing credentials (secured secrets)

3) QA & device testing — real devices only

Automated tests catch regressions but real-device testing catches UX, permission, sensor, and performance issues.

  • Minimum device matrix: test on at least one low-end Android, a recent Android flagship, an iPhone SE-sized device, and a modern iPhone (test different OS versions).
  • Test flows: onboarding, sign-up, offline behavior, edge-case inputs (long names, long lists), permission flows, background/foreground transitions, and low-memory handling.
  • Crash testing: Use instrumentation and purposely reproduce crashes to confirm crash reporting picks them up (Firebase Crashlytics, Sentry).

Tip: Use TestFlight and Play Console internal tracks to share builds with testers before public release. TestFlight supports public links and internal/external testers for iterative builds. Apple TestFlight docs

4) CI/CD & release automation — repeatable builds

Automate everything: building, running tests, signing, generating screenshots, and uploading builds. Recommended tools for Flutter and native apps include Fastlane, Codemagic, GitHub Actions, and Bitrise.

  • Fastlane: Automates building, code signing, screenshots, and store uploads via supply/produce/pilot/airplane lanes. Integrate Fastlane lanes into your CI pipeline. Fastlane docs

  • GitHub Actions / Codemagic: Use CI to run tests, build artifacts, and call fastlane for deployment. Codemagic has fastlane preinstalled and explicit Flutter support; Flutter docs also recommend CI patterns for deployment. Codemagic docs | GitHub Actions docs

    Example (Fastlane lane — simplified): ```ruby lane :release_ios do capture_screenshots build_app(scheme: "App") upload_to_app_store end

    lane :release_android do gradle(task: "assembleRelease") supply(track: "internal", json_key: "play-account.json") end ```

    Checklist

    • CI runs unit/widget/integration tests on PRs
    • CI artifacts are reproducible (no local-only steps)
    • Secrets (keystore, App Store Connect key) stored in CI vaults
    • Auto-upload to TestFlight / Play internal via CI for QA

    5) App Store / Play Store metadata & ASO

    Make your listing convincing and compliant.

    Essentials

    • Title, short & long descriptions, subtitle (iOS), promotional text (iOS), and localized versions.
    • Screenshots for each device family (iPhone sizes, iPad if supported). Use real app screens with high-fidelity content (no lorem ipsum).
    • App icon and promotional graphic (Play Store). Follow platform asset specs precisely to avoid rejections.
    • Keywords (App Store) and tags (Play) — research competitors and search volume.
    • Privacy section: fill App Privacy details on Apple and Privacy Policy links on both platforms. :contentReference[oaicite:8]{index=8}

    Checklist

    • Localizations prepared (title, descriptions, screenshots)
    • High-res icon and required graphic sizes uploaded
    • Privacy policy URL included and accurate
    • At least 3–5 screenshots showing core flows

    6) Release strategy — staged rollouts & feature flags

    • Staged rollout: Release to 1–5% of users first on Play Store, then gradually increase while monitoring metrics. For iOS, use phased release in App Store Connect.
    • Feature flags: Toggle new features server-side to mitigate risk. Roll features on for cohorts as you confirm stability.
    • Beta groups: Use TestFlight external groups and Play internal/closed testing to validate releases before general availability. :contentReference[oaicite:9]{index=9}

    Checklist

    • Phased rollout plan in Play/App Store configured
    • Feature flags for risky features implemented
    • Beta tester group and feedback loop established

    7) Monitoring & observability — first 72 hours are critical

    • Crash reporting: Integrate Crashlytics or Sentry; configure alerts for new crash spikes.
    • Analytics: Use Firebase Analytics, Amplitude, or Mixpanel to track DAU, funnel conversion (onboarding, signup, purchase).
    • Logging & performance: Collect logs for key flows and monitor CPU/memory on real devices if possible.
    • User feedback: Monitor reviews and in-app feedback channels. Early rapid response to issues prevents bad reviews from snowballing.

    Checklist

    • Crash alerts on Slack/Email set up
    • Key funnel dashboards ready (onboarding, purchase, retention)
    • Plan for hotfix release in place

    8) Post-launch maintenance & legal housekeeping

    • Respond to reviews: Triage, acknowledge, and patch critical bugs fast.
    • Privacy & SDK audits: Periodically audit third-party SDKs for data collection; update privacy disclosures accordingly.
    • Updates cadence: Plan frequent small updates for bug fixes and performance improvements; larger feature releases can follow after stability.
    • App freshness: Apple sometimes deprecates old apps that are unmaintained — keep your app updated to avoid removal. :contentReference[oaicite:10]{index=10}

    Appendix: Quick technical checklist you can copy

    • Build passes local linting & tests
    • Signed release APK/AAB (Play) / IPA (App Store) produced via CI
    • targetSdkVersion >= required API level (Android)
    • Info.plist keys declared (iOS permissions) with usage descriptions
    • Privacy Policy URL set in console & in-app
    • App screenshots uploaded, localized if possible
    • Store listing copy ready, ASO checked
    • TestFlight & Play internal tracks populated with CI artifacts
    • Staged rollout configured, monitoring dashboards ready

    Key references (authoritative quick links)

  • Apple App Store Review Guidelines

  • Google Play target API level & publishing requirements (2025 updates)

  • TestFlight & App Store Connect beta testing docs

  • Fastlane & CI/CD guidance — plus examples with Codemagic and GitHub Actions

  • Play Console App signing & Play Integrity updates

    Final note

    Preparing a reliable launch in 2025 means more than a green build. It demands privacy readiness, API-level compliance, reproducible CI/CD, realistic device testing, and a monitoring plan for the crucial first 72 hours. Use the checklists above, automate what you can (CI + Fastlane/Codemagic), and treat store metadata and privacy declarations as first-class deliverables—not an afterthought.

    Want this exported as:

    • a single printable Markdown checklist, or
    • a ready-to-drop-in GitHub Actions + Fastlane starter repo (I can generate config files), or
    • a short “pre-launch” Kanban template for your team?

    Tell me which and I’ll generate it next.

  • #App Store
  • #Google Play
  • #CI/CD
  • #Release
  • #Checklist