ginskill-init 1.0.0

package/skills/mobile-app-review/references/apple-review.md

@@ -0,0 +1,132 @@
+# Apple App Store Review Guidelines — Deep Dive
+
+Detailed reference for Apple-specific review requirements. The main SKILL.md covers the actionable checklist — this file provides background, edge cases, and policy details.
+
+## Apple's Five Review Categories
+
+Apple organizes its guidelines into five pillars:
+
+### 1. Safety
+- Apps must not include objectionable, offensive, or harmful content
+- User-generated content requires moderation tools
+- Physical harm risks must be mitigated
+- Apps dealing with regulated goods (alcohol, tobacco, gambling) need age gating
+
+### 2. Performance
+- Apps must be complete and fully functional at submission
+- Beta, demo, trial, or test versions are rejected
+- Apps must work without modification on the current shipping OS version
+- Hardware compatibility must be declared accurately
+
+### 3. Business
+- In-app purchases for digital goods must use Apple IAP
+- "Reader" apps (Spotify, Netflix) may link to external sign-up but cannot prompt in-app purchase
+- Commission: 30% standard, 15% for Small Business Program (<$1M/year)
+- Subscriptions must auto-renew through Apple's system
+- Free apps cannot become paid; must use IAP for upgrades
+
+### 4. Design
+- Apps must follow Human Interface Guidelines spirit (not pixel-perfect, but good UX)
+- No custom UI that mimics iOS system dialogs
+- Must support the latest device form factors
+- App extensions and widgets must follow their specific guidelines
+- Accessibility should be considered (VoiceOver, Dynamic Type)
+
+### 5. Legal
+- Apps must comply with all applicable laws in territories where available
+- Privacy policy is mandatory
+- Data collection must be disclosed via App Privacy Labels
+- GDPR, CCPA, and other regional privacy laws must be respected
+- Developer must hold necessary licenses for regulated industries
+
+## Guideline Numbers That Matter Most
+
+| Guideline | Topic | Common Issue |
+|-----------|-------|-------------|
+| **1.2** | User-Generated Content | Missing report/block/filter mechanisms |
+| **2.1** | App Completeness | Crashes, bugs, blank screens |
+| **2.3** | Accurate Metadata | Screenshots don't match app, misleading descriptions |
+| **2.5.1** | Software Requirements | Using private APIs |
+| **3.1.1** | In-App Purchase | Digital goods not using IAP |
+| **3.1.2** | Subscriptions | Missing clear terms, no restore button |
+| **4.0** | Design | Copycat apps, poor UI |
+| **4.8** | Sign in with Apple | Missing when other social logins exist |
+| **5.1** | Privacy | Missing policy, incorrect data labels |
+| **5.1.1** | Data Collection | Undisclosed tracking or data sharing |
+| **5.1.1(v)** | Account Deletion | No way to delete account from within app |
+
+## App Store Connect Requirements
+
+### App Information
+- Primary language
+- Bundle ID (cannot change after submission)
+- SKU (your internal reference)
+- Primary and secondary categories
+
+### Pricing & Availability
+- Price tier or custom pricing
+- Territory availability
+- Pre-order configuration (optional)
+
+### App Privacy
+- Privacy policy URL (required)
+- App Privacy Labels questionnaire (all data types)
+
+### Version Information
+- What's New text
+- Description, keywords, support URL
+- Screenshots for each device type
+- App icon (1024×1024, no alpha, no rounded corners)
+- App Review Information: demo account, notes, contact
+
+## Review Timeline & Appeals
+
+- **90% of submissions** reviewed within 24 hours
+- Rejections include specific guideline references
+- **Appeal process**: Resolution Center in App Store Connect
+- **Expedited review**: Available for critical bug fixes (use sparingly)
+- **Guideline clarification**: Can request before building a feature
+
+## 2025-2026 Policy Updates
+
+### AI Disclosure (2025)
+- Apps using external AI services must include consent modals
+- Must specify the AI provider and data types shared
+- User must be able to decline without losing core functionality
+
+### Age Ratings (July 2025)
+- New tiers: 13+, 16+, 18+
+- Updated questionnaire must be completed by January 31, 2026
+- Apps not updated risk submission delays
+
+### SDK Requirements (April 2025+)
+- All submissions must be built with SDKs for iOS 18
+- Xcode 16+ required
+- Check Apple Developer News for the latest requirements each spring
+
+### Alternative App Marketplaces (EU)
+- Applies to EU users under the Digital Markets Act
+- Developers can opt into alternative distribution
+- Separate notarization process for sideloaded apps
+
+## Common Edge Cases
+
+### WebView-Heavy Apps
+Apple may reject apps that are essentially web wrappers. The app must provide native value beyond what a website offers. Hybrid apps (React Native, Flutter) are fine because they compile to native code.
+
+### Subscription Gotchas
+- Must clearly show: price, billing period, trial duration, cancellation terms
+- "Start Free Trial" button must show what happens after the trial
+- Introductory offers must not be misleading
+- Management link: `https://apps.apple.com/account/subscriptions`
+
+### Push Notifications
+- Must not be used for advertising, promotions, or spam
+- Users must be able to opt out
+- Silent push is fine for background data sync
+- Rich notifications should enhance, not replace, in-app content
+
+### App Clips
+- Must be under 15MB
+- Cannot require sign-in for basic functionality
+- Must link to the full app

package/skills/mobile-app-review/references/google-play-review.md

@@ -0,0 +1,203 @@
+# Google Play Store Review Guidelines — Deep Dive
+
+Detailed reference for Google Play-specific review requirements. The main SKILL.md covers the actionable checklist — this file provides background, edge cases, and policy details.
+
+## Google Play Policy Categories
+
+Google organizes policies under these areas:
+
+### Restricted Content
+- Child sexual abuse material (CSAM) — zero tolerance
+- Inappropriate content involving minors
+- Hate speech, violence, bullying
+- Terrorist content
+- Dangerous organizations
+- Marijuana, tobacco, alcohol — restricted by region
+- Financial services — must be licensed where required
+- Gambling — requires specific licensing
+- Illegal activities — cannot facilitate
+
+### Privacy, Deception & Device Abuse
+- Must not deceive users about functionality
+- No impersonation of other apps, companies, or entities
+- Must not abuse device features (accessibility services, VPN, etc.)
+- No unauthorized data collection or surveillance
+- Data must be encrypted in transit
+
+### Monetization & Ads
+- Play Billing required for digital goods and subscriptions
+- Physical goods can use external payment
+- Ads must not interfere with app functionality
+- Full-screen ads must be dismissible
+- Ad content must be appropriate for app's content rating
+- No deceptive ads that mimic system notifications
+
+### Store Listing & Promotion
+- Title, icon, screenshots must accurately represent the app
+- No misleading claims or fake urgency
+- No keyword stuffing in metadata
+- User ratings and reviews cannot be manipulated
+- Promotional materials must match app content
+
+### Spam & Minimum Functionality
+- Apps must provide lasting user value
+- No apps that merely duplicate other apps
+- No apps that exist solely to send traffic to a website
+- Minimum functionality required — WebView wrappers usually rejected
+
+## Data Safety Section — Detailed Requirements
+
+The Data Safety form is **mandatory for all apps**. Google uses ML to cross-verify declarations against actual app behavior.
+
+### Data Types to Declare
+
+| Category | Examples |
+|----------|---------|
+| **Location** | Approximate, precise location |
+| **Personal info** | Name, email, phone, address |
+| **Financial info** | Payment info, purchase history |
+| **Health & fitness** | Health data, fitness data |
+| **Messages** | Emails, SMS, other messages |
+| **Photos & videos** | Photos, videos |
+| **Audio** | Voice recordings, music files |
+| **Files & docs** | Documents, file metadata |
+| **Calendar** | Calendar events |
+| **Contacts** | Contact list |
+| **App activity** | Page views, taps, search history |
+| **Web browsing** | Browsing history |
+| **App info & performance** | Crash logs, diagnostics, performance data |
+| **Device identifiers** | Device ID, advertising ID |
+
+### For Each Data Type Declare:
+1. **Is it collected?** (data leaves the device)
+2. **Is it shared?** (transferred to third parties)
+3. **Is it required or optional?**
+4. **Purpose**: App functionality, analytics, advertising, fraud prevention, etc.
+5. **Is it processed ephemerally?** (not stored beyond the request)
+
+### Common SDK Data Collection
+
+Don't forget to declare data collected by your SDKs:
+
+| SDK | Typically Collects |
+|-----|-------------------|
+| Firebase Analytics | App activity, device identifiers |
+| Firebase Crashlytics | Crash logs, device info |
+| Google Ads / AdMob | Device identifiers, app activity |
+| Facebook SDK | Device identifiers, app activity |
+| Sentry | Crash logs, device info |
+| Amplitude / Mixpanel | App activity, device identifiers |
+| Adapty / RevenueCat | Purchase history, device identifiers |
+| OneSignal / FCM | Device identifiers (push token) |
+
+## API Level Requirements
+
+| Date | New Apps | App Updates |
+|------|----------|-------------|
+| **Aug 31, 2025** | API 35 (Android 15) | API 34 (Android 14) |
+| **Prior** | API 34 | API 33 |
+
+Apps not targeting the minimum API level:
+- New submissions are rejected
+- Existing apps become unavailable to new users on newer Android versions
+- Existing installs continue to work
+
+## Android App Bundle (.aab)
+
+- **Required** for new app submissions (APK no longer accepted for new apps)
+- Enables dynamic delivery (smaller downloads)
+- Google Play generates optimized APKs per device
+- Max download size: 200MB (base module); use asset packs for larger content
+
+## Google Play Console Requirements
+
+### Store Listing
+- **App name**: Max 30 characters
+- **Short description**: Max 80 characters
+- **Full description**: Max 4000 characters
+- **App icon**: 512×512px, 32-bit PNG
+- **Feature graphic**: 1024×500px (required)
+- **Screenshots**: Min 2, max 8 per device type (phone, tablet, TV, etc.)
+- **Video**: Optional YouTube URL for promo video
+
+### Content Rating
+- IARC questionnaire must be completed
+- Ratings applied automatically based on answers
+- Inaccurate answers can lead to removal
+- Re-rate if content significantly changes
+
+### Financial Features Declaration (2025+)
+- Required for **all apps** regardless of whether they have financial features
+- Must be completed before any app update can be published
+- Covers: payments, loans, crypto, trading, insurance, etc.
+
+### Target Audience & Content
+- Must declare target age groups
+- If targeting children (<13), stricter requirements apply:
+  - No personalized ads
+  - Limited data collection
+  - Teacher Approved program eligibility
+  - Must comply with Families Policy
+
+## 2025-2026 Policy Updates
+
+### CSAE Policy (January 2026)
+- All apps must have explicit content policies prohibiting CSAE
+- In-app reporting mechanisms required
+- Apps must act on reports promptly
+- Applies to all apps, not just social/communication apps
+
+### US Age Verification (January 2026)
+- Some US states require age verification for certain app types
+- Developers must implement verification mechanisms
+- Affects dating, social media, alcohol, gambling apps
+
+### SDK Attestations (2025+)
+- Third-party SDK developers must provide attestations about data handling
+- App developers must ensure their SDKs are compliant
+- Google cross-checks SDK behavior with declared data practices
+
+### Play Integrity API
+- Replaces SafetyNet Attestation
+- Verifies device integrity and app authenticity
+- Recommended for apps with sensitive operations (payments, competitive gaming)
+
+## Common Rejection Scenarios
+
+### Metadata Rejection
+- Title contains "best", "#1", or unverifiable superlatives
+- Screenshots show features not in the app
+- Description contains competitor names or trademarks
+- Keyword stuffing in title or description
+
+### Permission Rejection
+- Requesting SMS permission without clear justification
+- Requesting CALL_PHONE without a calling feature
+- Background location without approved use case
+- Accessibility service usage without disability-assistance purpose
+
+### Payment Policy Violation
+- Using Stripe/PayPal for digital goods instead of Play Billing
+- Linking to external payment for subscriptions
+- Not implementing Google Play Billing Library v5+
+
+### Content Policy Violation
+- Gambling features without proper licensing
+- Health claims without medical verification
+- Financial advice without appropriate disclaimers
+- Real-money contests without age verification
+
+## Review Timeline
+
+- Most apps reviewed within **hours to 3 days**
+- New developer accounts may face extended review (up to 7 days)
+- Sensitive categories (finance, health, children) take longer
+- Policy violation appeals via Play Console
+- Escalation available through Google developer support
+
+## Useful Links
+
+- Play Console: https://play.google.com/console
+- Policy Center: https://play.google.com/about/developer-content-policy/
+- Data Safety: https://support.google.com/googleplay/android-developer/answer/10787469
+- Play Integrity: https://developer.android.com/google/play/integrity