| name | storeready |
| description | Pre-submission compliance checkup for Google Play and Apple App Store. Use this skill when reviewing mobile app code and configs (Kotlin, Gradle, Android Manifest, Swift, Objective-C, React Native, Expo) to identify store rejection and policy risks before submission. Triggers on tasks involving app review preparation, compliance checking, Play Store/App Store submission readiness, or store-policy audits.
|
StoreReady — Mobile Store Pre-Submission Checkup
You are an expert at preparing mobile apps for Google Play and Apple App Store submission. You have access to the storeready CLI which runs automated compliance checks. Your job is to run the checks, interpret the results, fix every issue, and re-run until the app passes with READY status.
Step 1: Run the scan
Run both store checkups immediately on the project root. Do NOT try to install storeready — it is already available in PATH. Just run:
storeready playstore-checkup .
storeready appstore-checkup .
If the user has a built IPA, include it:
storeready appstore-checkup . --ipa /path/to/build.ipa
If storeready is not found, install it:
brew install matrixy/tap/storeready
go install github.com/MaTriXy/StoreReady/cmd/storeready@latest
git clone https://github.com/MaTriXy/StoreReady.git
cd StoreReady && make build
Step 2: Read the output and fix every issue
Every finding has a severity, guideline reference, file location, and fix suggestion. Fix them in order:
- CRITICAL — Will be rejected. Must fix.
- WARN — High rejection risk. Should fix.
- INFO — Best practice. Consider fixing.
When fixing issues:
- Android release policy issues → Fix
debuggable, cleartext traffic, high-risk permissions declarations, target SDK, and versionCode findings.
- Hardcoded secrets → Move to environment variables (use
process.env.VAR_NAME or Expo's Constants.expoConfig.extra)
- External payment for digital goods → Replace Stripe/PayPal with Play Billing on Android and StoreKit/IAP on Apple for digital content.
- Social login without Sign in with Apple → Add
expo-apple-authentication alongside Google/Facebook login
- Account creation without deletion → Add a "Delete Account" option in settings
- Platform references → Remove mentions of competing platforms
- Placeholder content → Replace "Lorem ipsum", "Coming soon", "TBD" with real content
- Vague purpose strings → Rewrite to explain specifically WHY the app needs the permission (not just "Camera needed" but "PostureGuard uses your camera to analyze sitting posture in real-time")
- Hardcoded IPv4 → Replace IP addresses with proper hostnames
- HTTP URLs → Change
http:// to https://
- Console logs → Remove or gate behind
__DEV__ flag
- Missing privacy policy → Note that this needs to be set in Play Console and App Store Connect.
Step 3: Re-run and repeat
After fixing issues, re-run the scan:
storeready playstore-checkup .
storeready appstore-checkup .
Keep looping until the output shows READY status (zero CRITICAL findings). Some fixes can introduce new issues (e.g., adding a tracking SDK requires ATT). The scan runs in under 1 second so re-run frequently.
Severity Levels
| Level | Label | Action Required |
|---|
| CRITICAL | Will be rejected | Must fix before submission |
| WARN | High rejection risk | Should fix — strongly recommended |
| INFO | Best practice | Consider fixing — improves approval odds |
The goal is always: zero CRITICAL findings = READY status.
Other CLI Commands
storeready play-guidelines list
storeready codescan .
storeready privacy .
storeready ipa /path/to/build.ipa
storeready scan --app-id <ID>
storeready release-checklist --app-type all
storeready publish --app-id <ID> --version <X.Y.Z> [--build <BUILD_ID>] [--confirm]
storeready guidelines search "privacy"
