Common App Store Rejections and How to Resolve Them
Written by Steve Farrugia
Updated at March 20th, 2025
Table of Contents
Apple
Terms of Use
Guideline 3.1.2 - Business - Payments - Subscriptions
…Next Steps
Update the app's metadata to include the following required information:
- A functional link to the Terms of Use (EULA)
At the end of the Description box in the app listing, add Terms and conditions: [URL to publication T&Cs].
Puzzles in app
Guideline 4.7.4 - Design - Mini apps, mini games, streaming games, chatbots, and plug-ins
We noticed that your app includes code for games or software that is not embedded in the binary.
In order to continue our review, we need an index of the games or software available in your app. We will use the index to confirm that they comply with all the requirements in guideline 4.7.
Next Steps
Please provide an up-to-date index with URLs and metadata for any games or software not embedded in the binary, including:
- Game or software's name/title
- Game or software developer's name
- URL to the games or software
In the Notes section under App Review Information add the following, with the relevant information:
Puzzles information:
- Game or software's name/title: [e.g. Puzzler / PA Media]
- Game or software developer's name: [e.g. Puzzler (https://www.puzzler.com/) / PA Media (https://pa.media/puzzles/)]
- URL to the games or software: [URL of Puzzle timeline]ATT
Guideline 5.1.2 - Legal - Privacy - Data Use and Sharing
The app privacy information you provided in App Store Connect indicates you collect data in order to track the user. However, you do not use App Tracking Transparency to request the user's permission before tracking their activity.Starting with iOS 14.5, apps on the App Store need to receive the user’s permission through the AppTrackingTransparency framework before collecting data used to track them. This requirement protects the privacy of App Store users.
App Privacy answers will need to be re-submitted, in some cases. There's a long standing Apple bug where an error message blocks the user from editing and re-saving Privacy answers post rejection - Your app contains NSUserTrackingUsageDescription, indicating that you will request permission to track users. This usually requires some back and forth with the Apple reviewer on the rejection thread to explain your way to approval if the app does not need ATT enabled. Send screenshots and explain this is a bug on their side.
External Link Entitlement
Guideline 3.1.1- Business - Payments - In-App Purchase
Your "reader" app uses the External Link Account entitlement to link out for account creation and management but does not meet all requirements for using this entitlement.
Specifically, we found that your app does not meet the following requirement(s):
- The URL for linking out is not formatted as a standard HTML link and/or does not contain the domain name of your website (the URL must match the URL on the info.plist).
These requirements help protect user privacy and security, prevent scams and fraudulent activity, and maintain the overall quality of the experience when leaving the app to create or manage accounts.
App will need to be resubmitted with proper ELE formatting. The link to the entitlement should not be a button and be in “hyperlink” form (blue underline) both in the paywall and subscription modal.
Google Play
Violation of Subscriptions policy
Issue found: Violation of Subscriptions policy
Your app does not comply with the Subscriptions policy.
Your offer does not clearly and accurately describe the terms of your subscription, including the cost, frequency of billing cycle, and whether a subscription is required to use the app.
Google Play have started to require notes on the Subscriptions screen in the app with some terms and conditions, similar to iOS. This will require additional configuration and a new build, actioned by a Pugpig Support Engineer.
Invalid data deletion section on your Data safety form
Issue found: Invalid data deletion section on your Data safety form
The User Data - Account Deletion Requirement requires that if your app allows users to create an account from within your app, then it must also allow users to request for their account to be deleted. Developers are required to complete an accurate Data safety form that discloses their account creation practices.
You have declared that your app does not allow users to create an account in your app’s Data safety form and we’ve detected that there is account creation available.
Issue details
We found an issue in the following area(s):
Policy Declaration - Data Safety Section: “You have provided log-in credentials in Play Console, indicating presence of app account.”
Google Play is assuming that because users can log in, that account creation must be possible. This isn't necessarily true, as we allow users to log in with accounts that are created outside of the app. The steps to resolve are:
- Confirm that account creation isn't possible.
- If it is, the Data safety form should be updated.
- If it is not, ensure the Data safety form is correct.
- Reply to the rejection to say:
Despite being able to log in with an account, it is not possible to create an account via the app.
Foreground Services
Permissions for Foreground Services: Functionality is not initiated by or perceptible to the user (Your in-app experience or video does not match the Data Sync - Network Backup in your declaration.)
Permissions for Foreground Services: Permission use is either not declared or incorrectly declared (Your in-app experience or video does not match the Data Sync - Network Backup in your declaration.)
Google has started to require the Foreground services permission to be declared with new app submissions. If your Android app is rejected for this reason, please raise a support ticket and our support team will be able to take a look.