@leejungkiin/awkit 1.7.1 → 1.7.4

package/skills/app-store-review-agent/references/guidelines/by-app-type/vpn.md

@@ -0,0 +1,18 @@
+# Checklist: VPN & Networking Apps
+
+Guidelines specifically applying to VPN, proxy, and network management apps.
+
+## Critical (Will Reject)
+
+- [ ] **5.4** — Must use the NEVPNManager API
+- [ ] **5.4** — Must be from developers enrolled as an organization
+- [ ] **5.4** — Must not collect any user data
+- [ ] **5.4** — Must not use VPN profiles to block ads, redirect traffic for monetization, or collect/sell data
+- [ ] **5.4** — Must clearly state what data is collected and how it is used on-screen before any data access
+
+## Important
+
+- [ ] **5.1.1** — Privacy policy required
+- [ ] **2.5.5** — Fully functional on IPv6-only networks
+- [ ] **2.3.1** — All app functionality documented in review notes
+- [ ] **3.1.1** — Premium VPN features must use IAP (not external payment for digital service)

package/skills/app-store-review-agent/references/rules/design/minimum_functionality.md

@@ -0,0 +1,96 @@
+# Rule: Minimum Functionality
+- **Guideline**: 4.2
+- **Severity**: REJECTION
+- **Category**: design
+
+## What to Check
+
+Apple requires apps to provide "valuable utility or entertainment" and be more than a repackaged website, simple wrapper, or thin shell. Apps rejected under 4.2 typically:
+
+- Have only 1-2 screens with minimal interactivity
+- Are essentially a WebView wrapping a website
+- Provide no functionality beyond what Safari offers
+- Are a simple collection of links or RSS feed
+- Consist primarily of marketing material or a product catalog
+- Are a book or game guide that should be on Apple Books instead
+- Are template-generated apps with no unique content
+
+### Related Sub-Guidelines
+
+| Guideline | What It Covers |
+|-----------|---------------|
+| 4.2.1 | ARKit apps must provide rich integrated AR — not just dropping a model |
+| 4.2.2 | Not primarily marketing materials, ads, web clippings, or link aggregators |
+| 4.2.3(i) | App must work on its own without requiring another app |
+| 4.2.3(ii) | Disclose size of additional required downloads before user proceeds |
+| 4.2.6 | Template/app-generator apps rejected unless submitted by content provider |
+
+## How to Detect
+
+### Code-Level Signals
+
+```bash
+# Check if app is primarily a WebView wrapper
+grep -rn "WKWebView\|UIWebView\|WebView\|SFSafariViewController" --include="*.swift" --include="*.m" .
+
+# Count total view controllers / screens
+grep -rn "class.*:.*UIViewController\|class.*:.*View {" --include="*.swift" . | wc -l
+
+# Check for meaningful model/data layer
+find . -name "*.swift" -path "*/Model*" -o -name "*.swift" -path "*/Models*" | wc -l
+
+# Check if app has any local data persistence
+grep -rn "CoreData\|SwiftData\|UserDefaults\|Realm\|SQLite\|KeychainSwift" --include="*.swift" .
+```
+
+### Red Flags
+
+- **< 3 unique screens** -> Very likely to trigger 4.2
+- **Single WebView** loading an external URL as the primary experience
+- **No model layer** — no local data structures beyond what the web provides
+- **No offline functionality** — completely dependent on network
+- **Only static content** — no user interaction beyond scrolling
+
+### Description Check
+If the app description is very short (< 50 words) or struggles to articulate what the app does beyond what a website offers, it may lack sufficient functionality.
+
+## Resolution
+
+1. **Add unique features** that go beyond what a website offers:
+   - Offline mode / local data caching
+   - Push notifications for relevant events
+   - Device-specific integrations (camera, location, HealthKit, etc.)
+   - User-generated content or personalization
+   - Native UI patterns (swipe actions, drag & drop, widgets)
+
+2. **If your app is a web wrapper**, consider:
+   - Adding native authentication (Sign in with Apple, biometrics)
+   - Implementing native navigation instead of web-based nav
+   - Adding local storage so the app works offline
+   - Integrating Apple frameworks (Share Sheet, Spotlight, Shortcuts)
+
+3. **In your review notes**, clearly explain:
+   - What the app does that a website can't
+   - The target audience and use case
+   - Any features that might not be immediately obvious to the reviewer
+
+## Example Rejection
+
+```
+Guideline 4.2 - Design - Minimum Functionality
+
+The usefulness of the app is limited by the minimal functionality it currently
+provides.
+
+Specifically, the app does not provide sufficient content and features to be
+useful, unique, and "app-like."
+
+Apps should provide valuable utility or entertainment, draw people in by
+offering compelling capabilities or content, or enable people to do something
+they couldn't do before or in a way they couldn't do it before.
+
+Next Steps
+
+We encourage you to review your app concept and incorporate different content
+and features that are in compliance with the App Review Guidelines.
+```

package/skills/app-store-review-agent/references/rules/design/sign_in_with_apple.md

@@ -0,0 +1,54 @@
+# Rule: Sign in with Apple UX Violations
+- **Guideline**: 4.0 – Design
+- **Severity**: REJECTION
+- **Category**: design
+
+## What to Check
+If the app offers **Sign in with Apple** (SIWA), the implementation must follow Apple's design and UX requirements. The most common violations:
+
+### Common Violations
+1. **Asking for name/email after SIWA** — The Authentication Services framework already provides name and email (if the user chooses to share). Do not prompt for this information again.
+2. **Non-standard button styling** — The SIWA button must use Apple's provided `ASAuthorizationAppleIDButton` or equivalent, not a custom-designed button.
+3. **Hidden or de-emphasized SIWA** — If other social logins are shown (Google, Facebook, etc.), SIWA must be equally prominent.
+4. **Not handling the "Hide My Email" relay** — The app must work with Apple's relay email addresses (`*@privaterelay.appleid.com`).
+
+## How to Detect
+
+### Check for post-SIWA data requests
+```bash
+# Find SIWA implementation
+grep -rn "ASAuthorizationAppleIDProvider\|SignInWithApple\|appleIDCredential\|apple.*sign.*in" --include="*.swift" --include="*.dart" .
+
+# Check if name/email is requested AFTER sign-in
+grep -rn "askForName\|askForEmail\|nameTextField\|emailTextField\|profileSetup\|completeProfile" --include="*.swift" --include="*.dart" .
+```
+
+### Check for relay email handling
+```bash
+# Ensure the app doesn't reject relay emails
+grep -rn "privaterelay.appleid.com\|@privaterelay\|email.*validation\|isValid.*email" --include="*.swift" --include="*.dart" .
+```
+
+### Visual Inspection
+1. Sign in with Apple using the "Hide My Email" option
+2. After authenticating, check if the app:
+   - Shows a form asking for your name (❌ violation)
+   - Shows a form asking for your email (❌ violation)
+   - Immediately proceeds to the main app (✅ correct)
+
+## Resolution
+1. **Use the data from SIWA credentials**: `ASAuthorizationAppleIDCredential` provides `fullName` and `email` — cache these on first use
+2. **Don't re-ask for provided data**: If the user shared their name/email via SIWA, use it directly
+3. **Handle missing data gracefully**: If the user chose to hide email, use the relay address; if they hid their name, use a default
+4. **Use standard SIWA button**: Use `ASAuthorizationAppleIDButton` (Swift) or `sign_in_with_apple` package (Flutter)
+
+## Example Rejection
+> **Guideline 4.0 - Design**
+>
+> Your app offers Sign in with Apple as a login option but does not follow the design and user experience requirements for Sign in with Apple. Specifically:
+>
+> - Your app requires users to provide their name and/or email address after using Sign in with Apple. This information is already provided by the Authentication Services framework.
+>
+> Next Steps
+>
+> Please revise the Sign in with Apple experience in your app to address the issues we identified above.

package/skills/app-store-review-agent/references/rules/entitlements/unused_entitlements.md

@@ -0,0 +1,83 @@
+# Rule: Unused or Unnecessary Entitlements
+- **Guideline**: 2.4.5(i) – Performance
+- **Severity**: REJECTION (info request, blocks review)
+- **Category**: entitlements
+
+## What to Check
+Apps should only declare entitlements that are **actively used** by the app. Apple will request justification for any entitlement that doesn't have matching functionality in the app. If you can't justify an entitlement, it must be removed.
+
+### Commonly Flagged Entitlements (macOS)
+- `com.apple.security.network.server` — App acts as a network server
+- `com.apple.security.network.client` — App makes outbound network requests
+- `com.apple.security.files.downloads.read-only` — App reads the Downloads folder
+- `com.apple.security.files.downloads.read-write` — App writes to Downloads
+- `com.apple.security.files.user-selected.read-only` — App reads user-selected files
+- `com.apple.security.files.user-selected.read-write` — App writes to user-selected files
+- `com.apple.security.files.bookmarks.app-scope` — App uses security-scoped bookmarks
+- `com.apple.security.temporary-exception.*` — Temporary exceptions (will draw scrutiny)
+
+### iOS Capabilities That Add Entitlements
+- Push Notifications → `aps-environment`
+- HealthKit → `com.apple.developer.healthkit`
+- Sign in with Apple → `com.apple.developer.applesignin`
+- iCloud → `com.apple.developer.icloud-*`
+
+## How to Detect
+
+### Find entitlements files
+```bash
+# Find all entitlements files
+find . -name "*.entitlements" -not -path "./.build/*"
+```
+
+### Parse entitlements
+```bash
+# List all declared entitlements
+plutil -p *.entitlements
+# or
+cat *.entitlements
+```
+
+### Cross-reference with code usage
+For each entitlement, verify the app actually uses the capability:
+
+```bash
+# Network server — is the app running a local server?
+grep -rn "NWListener\|GCDWebServer\|Swifter\|Vapor\|HttpServer\|startServer" --include="*.swift" .
+
+# Downloads folder access — does the app read/write Downloads?
+grep -rn "Downloads\|downloadsDirectory\|FileManager.*downloads" --include="*.swift" .
+
+# HealthKit — is HealthKit actually used?
+grep -rn "HKHealthStore\|HealthKit\|health_kit" --include="*.swift" --include="*.dart" .
+```
+
+### Automated audit
+```bash
+# List entitlements from the built app
+codesign -d --entitlements :- /path/to/YourApp.app
+```
+
+## Resolution
+1. **Remove unused entitlements**: Open the `.entitlements` file in Xcode and remove keys for capabilities you don't use
+2. **Remove unused capabilities**: In Xcode → Target → Signing & Capabilities, remove capabilities you don't need
+3. **If the entitlement IS needed**: Reply to Apple in App Store Connect explaining how and where the app uses each flagged entitlement
+4. **Rebuild and resubmit**: After removing entitlements, Developer Reject the current submission, rebuild, and upload a new binary
+
+## Example Rejection
+> **Guideline 2.4.5(i) - Performance**
+>
+> Issue Description
+>
+> In order to continue reviewing the app, we require additional information.
+>
+> The app uses one or more entitlements which do not appear to have matching functionality within the app. Please reply to this message in App Store Connect and describe how and where the app uses the following entitlements.
+>
+> ---
+> • com.apple.security.network.server
+> • com.apple.security.files.downloads.read-only
+> ---
+>
+> Resources
+>
+> Learn more about Mac App Store requirements in guideline 2.4.5.

package/skills/app-store-review-agent/references/rules/metadata/accurate_metadata.md

@@ -0,0 +1,54 @@
+# Rule: App Preview Contains Device Frames
+- **Guideline**: 2.3.4 – Performance – Accurate Metadata
+- **Severity**: REJECTION
+- **Category**: metadata
+
+## What to Check
+App preview videos must only contain capture footage of the app running. They must **not** include:
+
+- Device images or device frames (e.g., an iPhone bezel around the screen)
+- Framing around the video screen capture
+- Non-app content that obscures the app experience
+
+> **Note**: This applies to **app preview videos**, not static screenshots. Static screenshots _may_ use device frames.
+
+## How to Detect
+
+### Manual Inspection
+1. Open App Store Connect -> your app version -> Previews and Screenshots
+2. Play each app preview video in full screen
+3. Check for:
+   - Device bezels or phone outlines visible in the video
+   - Borders, frames, or decorative elements around the screen capture
+   - Non-app scenes (e.g., lifestyle shots with a person holding a phone)
+
+### Check local preview assets (if stored in repo)
+```bash
+# Find preview video files
+find . -name "*.mp4" -o -name "*.mov" | grep -i "preview"
+
+# Extract first frame for visual inspection (requires ffmpeg)
+for preview in ./previews/*.mp4; do
+  ffmpeg -i "$preview" -vframes 1 -q:v 2 "${preview%.mp4}_frame.jpg"
+done
+```
+
+## Resolution
+1. Re-record app previews using **only screen capture** (e.g., Xcode Simulator recording, QuickTime screen recording)
+2. Remove any device frame overlays from the video
+3. Narration and text overlays are allowed for clarity
+4. Upload via App Store Connect -> "View All Sizes in Media Manager"
+
+## Example Rejection
+> **Guideline 2.3.4 - Performance - Accurate Metadata**
+>
+> The app preview includes content that does not sufficiently show the app in use. Specifically, the app preview:
+>
+> - Includes framing around the video screen capture.
+> - Includes device images and/or device frames.
+>
+> App previews should allow users to see what the app does and how it will appear on their device when the preview is played in full screen.
+>
+> Next Steps
+>
+> To resolve this issue, revise the app preview to only use video screen captures of the app that may include narration and video or textual overlays for added clarity.

package/skills/app-store-review-agent/references/rules/metadata/apple_trademark.md

@@ -0,0 +1,99 @@
+# Rule: Apple Trademark Violations
+- **Guideline**: 5.2.5 – Legal – Intellectual Property
+- **Severity**: REJECTION
+- **Category**: metadata
+
+## What to Check
+App metadata, icons, and screenshots must not include content confusingly similar to Apple products, services, or trademarks.
+
+### Flagged Patterns
+
+**App Icon:**
+- Apple device silhouettes or imagery (iPhone, iPad, Mac, Apple Watch)
+- Apple logo or any variation of it
+- Icons confusingly similar to Apple's own app icons
+
+**App Name / Subtitle:**
+- Using Apple product names as part of your app name (e.g., "iPhone Cleaner", "iPad Manager")
+- Using Apple service names (e.g., "My iCloud Backup", "Siri Helper")
+
+**Metadata Text:**
+- Apple product names used as feature descriptors unnecessarily
+- Phrases like "best app in the App Store" (using "App Store" generically)
+- Terms like "iPhone app", "iPad edition" in subtitle or description
+
+**Screenshots / Marketing:**
+- Unauthorized 3D renders or simulations of Apple products
+- Illustrations of Apple devices (unless for instructional use showing your app running)
+- Apple device images placed alongside competitor product images
+- Obscuring or exploiting the Apple logo on device images
+- Die-cut promotions in the shape of an Apple product
+- Using icons, logos, or images sourced directly from apple.com
+
+### Commonly Flagged Terms
+- `iPhone`, `iPad`, `Mac`, `MacBook`, `Apple Watch`, `Apple TV`, `Vision Pro`
+- `iMessage`, `FaceTime`, `Siri`, `AirDrop`, `iCloud`
+- `App Store` (when used generically)
+- `Apple` (when implying endorsement or association)
+
+## How to Detect
+
+### App Icon
+- Visually inspect the app icon asset (`AppIcon.appiconset/`) for device silhouettes or Apple product imagery
+- Check `Assets.xcassets/AppIcon.appiconset/Contents.json` for references
+
+### App Name (in project files)
+```bash
+# Check Info.plist for Apple product terms in display name
+grep -i "iphone\|ipad\|macbook\|apple watch\|apple tv\|imessage\|facetime\|siri\|icloud\|vision pro" **/Info.plist
+```
+
+### In source code and strings
+```bash
+# Search localizable strings for Apple trademarks used inappropriately
+grep -ri "iphone\|ipad\|macbook\|apple watch\|apple tv\|imessage\|facetime\|siri\|airdrop\|vision pro" --include="*.strings" --include="*.stringsdict" --include="*.xcstrings" .
+```
+
+### In local metadata (if fastlane or similar)
+```bash
+grep -ri "iphone\|ipad\|macbook\|apple watch\|apple tv\|imessage\|facetime\|siri\|airdrop\|vision pro" ./fastlane/metadata/ ./metadata/ 2>/dev/null
+```
+
+### Screenshots
+- Visually inspect all screenshot assets for:
+  - Unauthorized Apple device renders (3D models, illustrations, die-cuts)
+  - Apple logo exploitation (centering on or enhancing the Apple logo)
+  - Apple devices shown next to competitor devices (Samsung, Google, etc.)
+- **Allowed**: Showing your app running on a real Apple device in screenshots, as long as the device illustrates natural use and is not the focal point
+
+### In App Store Connect (manual check)
+Verify app name, subtitle, and description do not use Apple product terms inappropriately.
+
+## Resolution
+1. **App Icon**: Remove any Apple device imagery; use abstract or product-specific design instead
+2. **App Name**: Remove Apple product names from app name/subtitle:
+   - "iPhone Cleaner Pro" -> "Phone Cleaner Pro"
+   - "My iPad Manager" -> "My Tablet Manager"
+3. **Metadata**: Remove or rephrase Apple product references:
+   - "Works with iPhone" -> "Works with your phone" (if it's a universal claim)
+   - "Download on App Store" -> remove (users are already on the App Store)
+   - "Best Siri alternative" -> "Best voice assistant"
+4. **Screenshots**: Replace unauthorized renders with real device screenshots or remove device frames entirely
+5. **Apple device photos**: If showing an Apple device, ensure it shows your app in natural use; don't place alongside competitor products
+
+## Example Rejection
+> **Guideline 5.2.5 - Legal - Intellectual Property**
+>
+> Issue Description
+>
+> The app's metadata includes content that is similar to designs or terms used for Apple products and services and may cause confusion for users. Specifically, your metadata includes:
+>
+> - iPhone device found in the application icon
+>
+> Next Steps
+>
+> To resolve this issue, remove images and terms that are confusingly similar to an Apple product or service from the app's metadata.
+>
+> Resources
+>
+> - Learn more about appropriate and inappropriate use of Apple trademarks in the Guidelines for Using Apple's Trademarks and Copyrights.

package/skills/app-store-review-agent/references/rules/metadata/china_storefront.md

@@ -0,0 +1,72 @@
+# Rule: AI Service References for China Storefront
+- **Guideline**: 5 – Legal (Chinese DST Regulations)
+- **Severity**: REJECTION
+- **Category**: metadata
+
+## What to Check
+Apps distributed on the **China mainland storefront** must not reference AI services that lack the required Chinese government permits (MIIT license). This applies to both **metadata** and **in-app functionality**.
+
+### Banned Terms (China Storefront)
+- `ChatGPT`, `GPT-4`, `GPT-4o`, `GPT`
+- `OpenAI`
+- `Gemini` (Google), `Bard`
+- `Claude`, `Anthropic`
+- `Midjourney`, `DALL-E`, `DALL·E`
+- `Copilot` (in AI context)
+- `Stable Diffusion` (when referencing cloud API)
+- Any **deep synthesis technology (DST)** service without a Chinese MIIT license
+
+### Metadata Fields to Check
+- App name
+- Subtitle
+- Promotional text
+- App description
+- Keywords
+- Screenshots (text overlays)
+- What's New
+
+## How to Detect
+
+### In source code and strings
+```bash
+# Search for banned AI terms in localizable strings
+grep -ri "chatgpt\|openai\|gpt-4\|gemini\|claude\|anthropic\|midjourney\|dall-e\|copilot\|bard" --include="*.strings" --include="*.stringsdict" --include="*.xcstrings" .
+
+# Search in source code (hardcoded strings)
+grep -rn "chatgpt\|openai\|gpt-4\|gemini\|claude\|anthropic\|midjourney\|dall-e\|copilot\|bard" --include="*.swift" --include="*.m" .
+```
+
+### In local metadata (if fastlane or similar)
+```bash
+# Check all locales — Apple may flag ANY locale if the app is distributed in China
+grep -ri "chatgpt\|openai\|gpt-4\|gemini\|claude\|anthropic\|midjourney\|dall-e" ./fastlane/metadata/ ./metadata/ 2>/dev/null
+```
+
+### In App Store Connect (manual check)
+Verify that app name, subtitle, description, keywords, promotional text, What's New, and screenshot text overlays do not contain banned AI terms across ALL locales. Also verify whether China mainland is included in the app's availability settings.
+
+## Resolution
+
+### Option A: Remove references (keep China distribution)
+1. Remove all AI service brand names from metadata across **all locales**
+2. Use generic terms: "AI-powered" or "smart assistant" instead of brand names
+3. Suppress AI functionality specifically for the China storefront build
+4. Update Review Notes to confirm AI functionality is suppressed in China
+
+### Option B: Exclude China storefront
+1. In App Store Connect -> Pricing and Availability -> Deselect "China mainland"
+2. Keep AI references in metadata for all other storefronts
+
+### Option C: Obtain compliance
+Seek professional advice on compliance with the *Administrative Provisions on Deep Synthesis of Internet-based Information Services* to obtain the required MIIT permits.
+
+## Example Rejection
+> **Guideline 5 - Legal**
+>
+> Issue Description
+>
+> As you may know, the Chinese government has been tightening regulations associated with deep synthesis technologies (DST) and generative AI services, including ChatGPT. DST must fulfill permitting requirements to operate in China, including securing a license from the Ministry of Industry and Information Technology (MIIT) if the services are provided while connected to the Internet.
+>
+> Based on our review, the app appears to be associated with ChatGPT, which does not have requisite permits to operate in China. Specifically, the app's metadata includes the following references to ChatGPT and/or OpenAI: OpenAI.
+>
+> Accordingly, pursuant to local Chinese law, this functionality must be deactivated in the version of the app that you make available on the China App Store and all references to ChatGPT or OpenAI must be removed from metadata fields such as app name, subtitle, promotional text, app description, and screenshots.

package/skills/app-store-review-agent/references/rules/metadata/competitor_terms.md

@@ -0,0 +1,56 @@
+# Rule: Competitor Platform Terms in Metadata
+- **Guideline**: 2.3.1 – Performance – Accurate Metadata
+- **Severity**: REJECTION
+- **Category**: metadata
+
+## What to Check
+App Store metadata (name, subtitle, description, keywords, promotional text, What's New) must not reference competing platforms or brands.
+
+### Banned Terms
+- `Android`, `Google Play`, `Google Play Store`
+- `Samsung`, `Galaxy Store`
+- `Huawei`, `AppGallery`
+- `Amazon Appstore`
+- `Windows Store`, `Microsoft Store`
+- `APK`, `sideload`
+
+## How to Detect
+
+### In Xcode project files
+```bash
+# Check Info.plist and project files for competitor terms
+grep -ri "android\|google play\|samsung\|huawei\|apk\|amazon appstore\|windows store\|microsoft store" *.xcodeproj/project.pbxproj **/Info.plist
+```
+
+### In source code (user-facing strings)
+```bash
+# Search localizable strings and string catalogs
+grep -ri "android\|google play\|samsung\|huawei\|apk\|amazon appstore\|windows store\|microsoft store" --include="*.strings" --include="*.stringsdict" --include="*.xcstrings" .
+
+# Search hardcoded strings in source
+grep -rn "android\|google play\|samsung\|huawei\|apk\|sideload" --include="*.swift" --include="*.m" .
+```
+
+### In local metadata (if fastlane or similar)
+```bash
+grep -ri "android\|google play\|samsung\|huawei\|apk\|amazon appstore\|windows store\|microsoft store" ./fastlane/metadata/ ./metadata/ 2>/dev/null
+```
+
+### In App Store Connect (manual check)
+Verify app name, subtitle, description, keywords, promotional text, and What's New text do not contain competitor platform references.
+
+## Resolution
+1. Remove all references to competing platforms from metadata fields
+2. Replace with generic terms:
+   - "Available on Android" -> "Available on multiple platforms"
+   - "Also on Google Play" -> remove entirely
+   - "Transfer from Android" -> "Transfer from your previous device"
+3. Check App Store Connect metadata manually for any remaining references
+
+## Example Rejection
+> **Guideline 2.3.1 - Performance - Accurate Metadata**
+>
+> We noticed that your app's metadata includes references to other mobile platforms, which is not appropriate for the App Store. Specifically, the following content was found:
+> - "Android" mentioned in the app description
+>
+> **Next Steps**: Remove all references to other mobile platforms from the app's metadata.

package/skills/app-store-review-agent/references/rules/metadata/subscription_metadata.md

@@ -0,0 +1,81 @@
+# Rule: Missing Subscription Metadata in App Store Listing
+- **Guideline**: 3.1.2 – Business – Payments – Subscriptions
+- **Severity**: REJECTION
+- **Category**: metadata
+
+## What to Check
+Apps offering **auto-renewable subscriptions** must include all of the following in both the app and App Store metadata:
+
+### Required in the App
+- Title of auto-renewing subscription
+- Length of subscription
+- Price of subscription (and price per unit if appropriate)
+- Functional link to **Privacy Policy**
+- Functional link to **Terms of Use (EULA)**
+
+### Required in App Store Metadata
+- **Privacy Policy URL** — Set in the Privacy Policy field in App Store Connect
+- **Terms of Use (EULA)** — Either:
+  - A functional link in the **App Description**, OR
+  - A custom EULA added in the **EULA field** in App Store Connect
+  - If using Apple's standard EULA, include a link to it in the description
+
+## How to Detect
+
+### Check in-app subscription screens
+```bash
+# Find subscription-related UI code
+grep -rn "subscribe\|paywall\|purchase\|StoreKit\|RevenueCat\|Superwall" --include="*.swift" .
+
+# Check if terms/privacy links exist in subscription UI
+grep -rn "terms\|privacy\|eula\|TermsOfService\|PrivacyPolicy" --include="*.swift" .
+```
+
+### Check local metadata (if fastlane or similar)
+```bash
+# Check if description contains ToS/EULA link
+grep -i "terms of use\|terms of service\|terms and conditions\|eula\|end user license" ./fastlane/metadata/*/description.txt ./metadata/*/description.txt 2>/dev/null
+
+# Look for actual URLs in descriptions
+grep -oE "https?://[^ ]+" ./fastlane/metadata/*/description.txt ./metadata/*/description.txt 2>/dev/null
+```
+
+### In App Store Connect (manual check)
+- App Information -> Privacy Policy URL field must not be empty
+- App Information -> EULA field should have custom EULA or description should reference Apple's standard EULA
+
+### Check in-app subscription flow
+Verify the app's subscription purchase screen includes:
+- Subscription title and duration
+- Price
+- Tappable Privacy Policy link
+- Tappable Terms of Use link
+- "Restore Purchases" button
+
+## Resolution
+1. Add a Terms of Use / EULA link to the app description for **every locale**
+2. Add a Privacy Policy URL in App Store Connect -> App Information -> Privacy Policy URL
+3. Optionally, add a custom EULA in App Store Connect -> App Information -> EULA
+4. Ensure the in-app subscription screen shows all required information with working links
+
+### Description Template
+Add this block at the bottom of your app description:
+```
+Terms of Use: https://yourdomain.com/terms
+Privacy Policy: https://yourdomain.com/privacy
+```
+
+## Example Rejection
+> **Guideline 3.1.2 - Business - Payments - Subscriptions**
+>
+> Issue Description
+>
+> The submission did not include all the required information for apps offering auto-renewable subscriptions.
+>
+> The following information needs to be included in the App Store metadata:
+>
+> - A functional link to the Terms of Use (EULA). If you are using the standard Apple Terms of Use (EULA), include a link to the Terms of Use in the App Description. If you are using a custom EULA, add it in App Store Connect.
+>
+> Next Steps
+>
+> Update the App Store metadata to include the information specified above.