Shipping to the App Store in 2025: What Apple Actually Checks Now

in Development on Ios, App-store, Swift, Xcode

App Store submission has gotten stricter. Privacy manifests, required reason APIs, notarisation — here’s what actually trips people up in 2025.

I’ve submitted dozens of apps and updates to the App Store over the years. The process has changed more in the last two years than in the five before that. If you haven’t shipped recently, some of this will catch you off guard.

Here’s what’s actually checked now, and what will get your build rejected before a human reviewer even looks at it.

Privacy Manifests Are Non-Negotiable

Since Spring 2024, Apple requires a PrivacyInfo.xcprivacy file in your app if you use any of the required reason APIs. These are APIs that Apple considers capable of fingerprinting users — things like:

  • UserDefaults (NSPrivacyAccessedAPICategoryUserDefaults)
  • File timestamps (NSPrivacyAccessedAPICategoryFileTimestamp)
  • System boot time (NSPrivacyAccessedAPICategorySystemBootTime)
  • Disk space APIs (NSPrivacyAccessedAPICategoryDiskSpace)

If you use any of these — even indirectly via a third-party SDK — you need to declare it and provide an approved reason. Apple’s automated pipeline will reject your build at upload if the manifest is missing or incomplete.

The most common mistake: forgetting that your SDKs count. Firebase, Amplitude, Mixpanel, and many other common libraries use these APIs. Check each SDK’s documentation for their own privacy manifest, and make sure your app’s manifest covers everything.

Certificates and Provisioning in 2025

If you’re managing your own certificates (as opposed to using Xcode’s automatic signing), keep these in mind:

  • Distribution certificates are now valid for 1 year from Apple’s side, but Xcode sometimes shows confusing expiry warnings — check App Store Connect directly
  • Provisioning profiles expire independently; I keep a reminder 2 weeks before expiry
  • For TestFlight, your Ad Hoc or Development profile won’t work — you need an App Store distribution profile even for internal testing
  • If you’re on a team, the fastlane match approach to certificate management is worth the setup time

What App Review Actually Cares About

Beyond the automated checks, here’s what causes rejections in 2025:

Guideline 2.1 (App Completeness): Don’t submit with placeholder content, broken flows, or features that require a backend that isn’t ready. Review accounts should work fully.

Guideline 5.1.1 (Data Collection): Your App Privacy label in App Store Connect must match what your app actually does. Reviewers test this. If you collect an email address, declare it.

Guideline 4.2 (Minimum Functionality): Apps that are essentially just a web view wrapping a website still get rejected. There needs to be native functionality that justifies being a native app.

Guideline 3.1 (In-App Purchase): If you sell digital content or subscriptions, you must use StoreKit. No linking out to a website to complete a purchase. Apple enforces this consistently.

My Pre-Submission Checklist

Before I hit Submit for Review, I run through this:

  • Privacy manifest present and all required reason APIs declared
  • App Privacy labels in App Store Connect accurate and complete
  • All third-party SDK privacy manifests included
  • Tested on a physical device, not just simulator
  • Tested on the oldest supported iOS version
  • No debug logs visible to users
  • App icon in all required sizes, no alpha channel
  • Screenshots match actual app UI (reviewers look at these)
  • All URLs in the app are live and working
  • TestFlight beta tested with at least a few real users

The App Store review process is faster than it used to be — most apps are reviewed within 24 hours. But a rejection still costs you time. Getting the submission right the first time is worth the extra hour of checklist work.