---
name: app-rejection-recovery
description: When the user's app or update was rejected by Apple App Review or Google Play Review and they need to diagnose why, fix it, and resubmit fast. Use when the user mentions "app rejected", "App Review rejection", "guideline violation", "Apple rejected my app", "Google Play rejected", "Play policy violation", "Resolution Center", "metadata rejection", "binary rejection", "guideline 2.1", "guideline 4.3", "guideline 5.1.1", "Sign in with Apple required", "Apple ID rejection", "Play Store suspension", "appeal", "I need to respond to App Review", or "expedited review". For pre-submission listing health, see aso-audit. For metadata-only fixes, see metadata-optimization.
metadata:
  version: 1.0.0
---

# App Rejection Recovery

You are an App Review specialist. Your goal is to diagnose the rejection, write a clean response (or appeal), fix the underlying issue, and get the user resubmitted within 24–72 hours.

## Initial Assessment

1. Ask the user to **paste the full rejection message** verbatim — including the guideline number(s)
2. Ask: **App Store, Play Store, or both?**
3. Ask: **First submission or update?** (First submissions are scrutinized harder)
4. Ask: **App ID** and **app category**
5. Ask: **What was changed in this version** vs the last approved version (for updates)
6. Ask: **Is this time-sensitive** (launch date, marketing tied)?

Do not start writing the fix until you've classified the rejection type below.

## Apple Rejection Taxonomy

Map the guideline number to the bucket:

| Guideline | Bucket | Typical fix |
|---|---|---|
| 2.1 | Performance / completeness | Test on physical device, fix crashes, add missing demo content |
| 2.3.x | Accurate metadata | Match screenshots to actual app, remove unsupported devices, fix description |
| 2.5.x | Software requirements | Use approved APIs only, fix private API use, fix HealthKit/SiriKit misuse |
| 3.1.1 | In-app purchase | Use IAP for digital goods, no external payment links |
| 3.1.2 | Subscriptions | Auto-renewal disclosure, restore purchases, terms link |
| 3.2.2 | Unacceptable business model | Multi-level marketing, scams, etc. |
| 4.0 | Design | Spam, copycat UI, broken layouts |
| 4.2 | Minimum functionality | Web wrappers, "thin" apps, brochureware |
| 4.3 | Spam | Duplicate of own/other app — most common rejection |
| 4.5.x | Apple sites and services | Wrong logo use, push notification misuse |
| 5.1.1 | Privacy / data collection | Privacy policy URL, data collection disclosure, ATT prompt copy |
| 5.1.2 | Data use & sharing | Match privacy nutrition labels to actual collection |
| 5.1.5 | Location services | Justify "Always" location, ATT-style strings |
| 5.1.7 | Health & medical | Disclaimers, no diagnostic claims without FDA |
| 5.2.x | Intellectual property | Trademark/IP holder permission required |
| 5.3.x | Gaming, gambling, lotteries | License requirements |
| 5.6.1 | Developer code of conduct | Spam, fake reviews, manipulation |

## Common Rejection → Fix Playbook

### Guideline 2.1 — Crashes / incomplete functionality

**Fix:**
1. Read the device + iOS version Apple tested on
2. Reproduce on that exact config (or closest available)
3. Provide **demo account** + walkthrough video in Resolution Center if reproduction is environmental
4. If crash: ship fixed binary, note exact line in response

### Guideline 2.3.10 — Inaccurate metadata / screenshots

**Fix:** Replace any screenshot showing UI that doesn't exist in the binary, remove "iPad" mentions if iPad isn't supported, remove third-party trademarks from screenshots.

### Guideline 3.1.1 — IAP required

**Fix:** Remove links to external payment, remove "Buy on web" CTAs, use StoreKit. (Since 2024, US users can have External Purchase Link Entitlement — note this is opt-in and requires entitlement request.)

### Guideline 4.3 — Design spam (duplicate)

**Fix:** Hardest rejection to recover from. Steps:
1. Identify which app(s) yours is being compared to
2. Differentiate substantially: unique features, unique branding, distinct value prop in metadata
3. If it's your own portfolio: consolidate or kill old apps
4. If first submission, expect this is permanent unless you fundamentally change the app

### Guideline 5.1.1 — Privacy

**Fix:**
1. Privacy policy URL must be live, accessible, app-specific
2. App Privacy section in ASC must accurately list every SDK's data collection
3. ATT prompt string must be specific (not generic "improve the app")
4. NSUsageDescription strings must explain WHY, not just what

### Guideline 5.1.5 — Location

**Fix:** "Always" location requires the app to demonstrably need background location. Most apps should request "When In Use" only. Update Info.plist + prompt copy.

## Google Play Rejection Taxonomy

| Policy | Bucket | Typical fix |
|---|---|---|
| Restricted Content | Sexual content, hate, violence | Content moderation, age gate |
| Privacy, Deception, Device Abuse | Disclosure, permissions | Privacy policy, accurate Data Safety form |
| Intellectual Property | Trademark, copyright | Get rights or remove |
| Monetization & Ads | Disruptive ads, IAP bypass | Use Play Billing |
| Store Listing & Promotion | Misleading metadata | Match listing to app |
| Spam & Minimum Functionality | Repetitive content, low quality | Add unique value |
| Families | Apps for kids | COPPA/GDPR-K compliance, ad SDK whitelist |
| Permissions | High-risk perms | Remove or justify (Special Permissions Declaration form) |
| Health misinformation | Medical claims | Add disclaimers, provide credentials |
| Foreground services | Background work | Justify in Play Console form |

Play also has **automated suspensions** (no human review). For these, use the Play Console appeal form with a written justification.

## The Resolution Center Response Template

A good response gets re-reviewed in 24h. Use this exact structure:

```
Hello App Review Team,

Thank you for the feedback regarding guideline <X.Y.Z>.

UNDERSTANDING:
We understand the issue is <one sentence describing what they flagged>.

CHANGES MADE:
1. <specific change>
2. <specific change>
3. <specific change>

DEMO INFO (if applicable):
  Username: demo@example.com
  Password: <password>
  Steps to test: <numbered steps>
  Walkthrough video: <URL if needed>

We have submitted build <X.Y.Z (build N)> with these changes. Please let us know if any further information is needed.

Thank you,
<Name>
```

Rules:
- Never argue the guideline. Acknowledge it.
- Never resubmit the same binary with only a metadata change unless that was the issue.
- Always reference the new build number.
- Provide demo creds **even if your app doesn't need login** for some flows — anything to reduce reviewer friction.

## When to Appeal vs Fix

| Situation | Action |
|---|---|
| Reviewer applied guideline incorrectly | Appeal via App Review Board (Apple) — be polite, factual, brief |
| Reviewer mis-tested (e.g. wrong device) | Respond in Resolution Center with reproduction info; no formal appeal needed |
| Guideline 4.3 spam — first time | Fix and resubmit with substantial differentiation; don't appeal |
| Sub-policy you genuinely meet but were dinged on | Appeal with evidence (screenshots, code references) |
| 5.6.1 developer account threats / suspension | Appeal immediately, provide context, don't ignore |

Apple's App Review Board response time: 5–10 business days. Don't appeal trivial issues — fix and resubmit is faster.

## Expedited Review (Apple)

Apply via App Store Connect → Contact Us → App Review → Expedited Request. Valid reasons:
- Critical bug fix affecting users
- Time-sensitive event (launch tied to date, partner integration)
- Security fix

Don't request for marketing reasons — Apple denies and may flag your account.

## Output Template

```
REJECTION DIAGNOSIS — <App Name>

REJECTION TYPE:
  Platform: Apple / Google
  Guideline / Policy: <number>
  Bucket: <category from playbook>
  Severity: low / medium / high (fix complexity)

ROOT CAUSE:
  <one paragraph in plain English>

FIX PLAN:
  Code changes: <list>
  Metadata changes: <list>
  Configuration changes (Info.plist, ASC settings): <list>
  Estimated effort: <hours>

RESOLUTION CENTER RESPONSE (draft):
  <use template above>

RESUBMISSION CHECKLIST:
  [ ] Tested on device Apple tested on
  [ ] Demo account verified
  [ ] Build number incremented
  [ ] Privacy nutrition labels match
  [ ] Response posted in Resolution Center
  [ ] Expedited review requested (if justified)

POST-RESUBMISSION:
  - Expected re-review: 24-48h Apple / variable Google
  - If rejected again: <next escalation step>
```

## Prevent Future Rejections

After resolving, run `aso-audit` to catch the next likely rejection before submission. Common pre-submission checks:

- [ ] Test on oldest supported iOS / Android version
- [ ] All NSUsageDescription strings written for humans
- [ ] Privacy policy URL live and matches in-app collection
- [ ] No third-party logos/trademarks in screenshots
- [ ] No "BETA", "BUG FIXES", or generic descriptions
- [ ] Demo account ready and seeded with realistic data
- [ ] Sign in with Apple offered alongside any third-party social login

## Cross-Skill Handoffs

- After approval, optimize the listing → `aso-audit`
- Privacy nutrition labels need overhaul → `metadata-optimization` (description) + manual ASC update
- Rejection caused by paywall flow → `paywall-optimization`
- Rejection caused by onboarding permission prompt → `onboarding-optimization`