Apple's App Review Guidelines are the official rulebook that determines whether your app can be sold or distributed on the App Store, covering everything from content and privacy to payments and age ratings. The single most important rule for most developers is that all digital goods and services sold within an iOS app must use Apple's in-app purchase system, through which Apple takes a commission of up to 30% on every transaction. Developers building apps for the EU should check Apple's alternative marketplace and payment rules under the Digital Markets Act, as different obligations now apply.
Apple's App Review Guidelines govern the submission, review, and distribution of applications on the App Store across all Apple platforms (iOS, iPadOS, macOS, tvOS, visionOS, watchOS), deriving authority from the Apple Developer Program License Agreement and Apple's unilateral platform control. The guidelines create binding obligations on developers including adherence to content standards, privacy requirements (mandatory App Privacy details, ATT framework compliance, prohibition on fingerprinting), in-app purchase mandates for digital goods via Apple's payment system (carrying a commission of up to 30%), and prohibition on directing users to external payment methods. Notably, Apple reserves absolute discretion to reject or remove any app at any time, prohibits developers from communicating app rejection reasons to users, mandates use of Apple's IAP system even where alternative payment processors are available externally, and restricts developers from using push notifications or email lists acquired through apps for marketing without explicit consent — provisions that collectively represent a significant exercise of platform gatekeeping power under ongoing antitrust scrutiny. The document engages the EU Digital Markets Act (DMA) obligations for Apple as a designated gatekeeper, COPPA (Children's Online Privacy Protection Act, 16 C.F.R. Part 312) for apps directed at minors, GDPR (particularly Articles 5, 6, 7, 13 for privacy nutrition labels and ATT consent), CCPA (§1798.100 et seq.), and FTC Act Section 5 regarding deceptive practices in subscription auto-renewal disclosures. Compliance teams advising app developers must assess IAP commission exposure, mandatory privacy manifest requirements (new as of iOS 17), and jurisdiction-specific obligations under DMA alternative distribution rules in the EU.
REGULATORY EXPOSURE: This document implicates the EU Digital Markets Act (Regulation (EU) 2022/1925), under which Apple is a designated gatekeeper and faces obligations to allow sideloading and alter…
REGULATORY EXPOSURE: This document implicates the EU Digital Markets Act (Regulation (EU) 2022/1925), under which Apple is a designated gatekeeper and faces obligations to allow sideloading and alternative payment processing in the EU; GDPR Arts. 5, 6, 7, 13 and CCPA §1798.100 regarding privacy nut…
Compliance intelligence locked
Regulatory exposure, material risk, and due diligence action items.