rn-store-skills 1.0.0 → 3.0.0

package/README.md

@@ -11,6 +11,8 @@ Every time you add a feature, fix a bug, or change configuration in a React Nati
 - **Apple App Store Review Guidelines** — privacy, payments, permissions, design, metadata, and more
 - **Google Play Store Policies** — target SDK, billing, data safety, content policies, and more
 - **Common React Native rejection patterns** — Expo Go submissions, missing JS bundles, Hermes crashes, WebView-heavy apps, permission overuse
+- **20+ specific rejection rules** — with detection patterns, fix steps, and example rejection messages
+- **10 app-type checklists** — social, kids, health, games, AI, crypto, VPN, macOS, subscriptions, UGC
 
 About 40% of app submissions get rejected on the first try. This skill helps you avoid that.
 
@@ -19,7 +21,7 @@ About 40% of app submissions get rejected on the first try. This skill helps you
 ### Via skills CLI (recommended)
 
 ```bash
-npx skills add johnad/rn-store-skills
+npx skills add JohnAdib/rn-store-skills
 ```
 
 ### Via skillpm
@@ -55,11 +57,33 @@ cp -r skills/rn-store-compliance .windsurf/skills/
 skills/rn-store-compliance/
 ├── SKILL.md                              ← main hub (loaded on trigger)
 └── references/
-    ├── apple-guidelines.md               ← Apple App Store Review Guidelines (1.x–5.x)
-    ├── google-play-guidelines.md         ← Google Play Store policies
-    ├── react-native-patterns.md          ← RN-specific checks, 10 rejection patterns, AI rules
-    ├── pre-submission-checklist.md       ← both-store + platform-specific checklists
-    └── handling-rejections.md            ← how to respond to and appeal rejections
+    ├── guidelines/
+    │   ├── apple.md                      ← Apple App Store Review Guidelines (1.x–5.x)
+    │   └── google-play.md               ← Google Play Store policies
+    ├── rules/                            ← detection → fix → example rejection
+    │   ├── metadata.md                   ← trademarks, competitors, China, previews
+    │   ├── subscriptions.md              ← ToS/PP links, misleading pricing, IAP
+    │   ├── privacy.md                    ← unnecessary data, privacy manifest
+    │   ├── design.md                     ← SIWA violations, minimum functionality
+    │   ├── entitlements.md               ← unused entitlements, background modes
+    │   ├── performance.md                ← crashes, Hermes, bundle size, ANR
+    │   └── permissions.md                ← over-requesting, vague rationale, timing
+    ├── app-types/                        ← compliance by app category
+    │   ├── social.md                     ← social / messaging / community
+    │   ├── kids.md                       ← Kids Category (COPPA, parental gates)
+    │   ├── health-fitness.md             ← health / fitness / medical
+    │   ├── games.md                      ← games / gambling / loot boxes
+    │   ├── ai.md                         ← AI / generative AI / China DST
+    │   ├── crypto-finance.md             ← crypto / finance / trading
+    │   └── vpn.md                        ← VPN / networking
+    ├── features/                         ← compliance by feature
+    │   ├── subscriptions.md              ← IAP, subscriptions, restore purchases
+    │   ├── ugc.md                        ← user-generated content, moderation
+    │   └── macos.md                      ← macOS / Mac App Store
+    ├── all-apps.md                       ← universal checklist (every app)
+    ├── react-native.md                   ← RN/Expo-specific patterns
+    ├── pre-submission.md                 ← both-store submission checklist
+    └── rejections.md                     ← how to respond to and appeal rejections
 ```
 
 The SKILL.md is a lightweight navigation hub. Claude loads only the reference files relevant to the current task, keeping context efficient.
@@ -72,6 +96,7 @@ The SKILL.md is a lightweight navigation hub. Claude loads only the reference fi
 - Business (IAP, subscriptions, reader apps)
 - Design (quality, copycats, minimum functionality, Sign in with Apple)
 - Legal (privacy, ATT, PrivacyInfo.xcprivacy, nutrition labels)
+- Complete guideline quick-index (50+ guidelines)
 
 ### Google Play Store
 - Content policies (restricted content, deceptive behavior, ads)
@@ -80,6 +105,18 @@ The SKILL.md is a lightweight navigation hub. Claude loads only the reference fi
 - Closed testing requirements
 - Account deletion requirements
 
+### Rejection Rules
+- 20+ specific rules with grep/code detection patterns
+- React Native-specific detection commands
+- Step-by-step fix instructions
+- Real example rejection messages from Apple and Google
+
+### App-Type Checklists
+- 7 app-type checklists (social, kids, health, games, AI, crypto, VPN)
+- 3 feature checklists (subscriptions, UGC, macOS)
+- Both Apple and Google requirements in each
+- React Native library recommendations
+
 ### React Native Specific
 - Permission handling (Info.plist / AndroidManifest.xml) with code examples
 - Payment integration (react-native-iap, RevenueCat)
@@ -103,6 +140,10 @@ Works with any AI coding agent that supports the Agent Skills format:
 
 The `docs/` folder contains research notes, official source links, changelog, and improvement backlog. See [docs/README.md](docs/README.md) for the structure.
 
+## Related Projects
+
+Inspired by [app-store-preflight-skills](https://github.com/truongduy2611/app-store-preflight-skills) by [@truongduy2611](https://github.com/truongduy2611) — an iOS/macOS App Store preflight checker. We expanded to both stores with React Native detection patterns, app-type checklists, and feature-specific compliance guides.
+
 ## Contributing
 
 PRs welcome! If you know of a store guideline or rejection pattern we're missing, please open an issue or PR. See [docs/ideas/backlog.md](docs/ideas/backlog.md) for planned improvements.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "rn-store-skills",
-  "version": "1.0.0",
+  "version": "3.0.0",
   "description": "React Native App Store & Google Play compliance skill for AI coding agents. Checks every code change against Apple and Google store guidelines to prevent rejections.",
   "keywords": [
     "agent-skill",
@@ -19,11 +19,11 @@
     "windsurf",
     "ai-agent"
   ],
-  "author": "johnad <johnad@justzapp.com>",
+  "author": "John Adib <Mr.John.Adib@gmail.com> (https://MrAdib.com)",
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": "https://github.com/johnad/rn-store-skills"
+    "url": "https://github.com/JohnAdib/rn-store-skills"
   },
   "homepage": "https://www.npmjs.com/package/rn-store-skills",
   "files": [
@@ -32,11 +32,7 @@
     "LICENSE"
   ],
   "scripts": {
-    "publish:npm": "npm publish --access public",
-    "prepublishOnly": "node scripts/validate.js",
-    "pack:check": "npm pack --dry-run",
-    "version:patch": "npm version patch && npm run publish:npm",
-    "version:minor": "npm version minor && npm run publish:npm",
-    "version:major": "npm version major && npm run publish:npm"
+    "validate": "node scripts/validate.js",
+    "prepublishOnly": "node scripts/validate.js"
   }
 }

package/skills/rn-store-compliance/SKILL.md

@@ -13,8 +13,8 @@ description: >
   App Tracking Transparency, IDFA, permissions, app signing, release build, or app bundle.
 license: MIT
 metadata:
-  author: johnad
-  version: "1.0.0"
+  author: JohnAdib
+  version: "2.0.0"
   tags:
     - react-native
     - expo
@@ -32,92 +32,97 @@ Apple App Store and Google Play Store guidelines. Your job is to catch issues th
 rejections **before** they reach app review.
 
 About 40% of app submissions get rejected on the first attempt. Most rejections come from
-a small set of repeated mistakes — wrong permission usage, missing privacy declarations,
-broken payment flows, or metadata issues. This skill helps you avoid all of them.
+a small set of repeated mistakes. This skill helps you avoid all of them.
 
 ## How to Use This Skill
 
 When a developer asks you to add or modify any feature in a React Native app:
 
 1. **Build the feature** as requested
-2. **Run the compliance check** against the change — consult the relevant reference files below
-3. **Flag any violations** with the specific guideline reference number and a concrete fix
+2. **Run the compliance check** — consult the relevant reference files below
+3. **Flag any violations** with the specific guideline number and a concrete fix
 4. **Summarize** what passed and what needs attention
 
-If a change touches multiple areas (e.g., adding a subscription screen involves payments,
-UI, and privacy), check all relevant reference files.
-
 ## Reference Files
 
-This skill uses progressive loading. Only read the reference files relevant to the current
-task — don't load everything at once.
+This skill uses progressive loading. Only read what's relevant — don't load everything.
 
-### Apple App Store Guidelines
+### Step 1: Always Load
 
-Refer to [references/apple-guidelines.md](references/apple-guidelines.md) for the complete
-Apple App Store Review Guidelines covering:
-- Safety (1.x) — objectionable content, kids, health apps
-- Performance (2.x) — completeness, metadata, SDK requirements
-- Business (3.x) — IAP, subscriptions, reader apps
-- Design (4.x) — quality, copycats, minimum functionality, Sign in with Apple
-- Legal (5.x) — privacy, ATT, PrivacyInfo.xcprivacy, nutrition labels
+| File | Purpose |
+|------|---------|
+| `references/all-apps.md` | Universal checklist — every app, both stores |
+| `references/react-native.md` | RN/Expo-specific patterns and checks |
 
-Read this file when the change involves any iOS-specific feature, Apple services integration,
-or when preparing for App Store submission.
+### Step 2: Load by App Type
 
-### Google Play Store Guidelines
+Determine the app type and load the matching checklist:
 
-Refer to [references/google-play-guidelines.md](references/google-play-guidelines.md) for
-the complete Google Play Store policies covering:
-- Content policies — restricted content, deceptive behavior, ads
-- Technical requirements — target SDK, AAB, 64-bit, billing library, foreground services
-- Store listing & metadata — screenshots, data safety, content rating
-- Closed testing requirements
+| App Type | File |
+|----------|------|
+| Social / messaging / community | `references/app-types/social.md` |
+| Kids Category | `references/app-types/kids.md` |
+| Health / fitness / medical | `references/app-types/health-fitness.md` |
+| Games / gambling | `references/app-types/games.md` |
+| AI / generative AI | `references/app-types/ai.md` |
+| Crypto / finance / trading | `references/app-types/crypto-finance.md` |
+| VPN / networking | `references/app-types/vpn.md` |
 
-Read this file when the change involves any Android-specific feature, Google services
-integration, or when preparing for Play Store submission.
+### Step 3: Load by Feature
 
-### React Native Specific Patterns
+If the app uses these features, load the matching checklist:
 
-Refer to [references/react-native-patterns.md](references/react-native-patterns.md) for
-RN-specific compliance issues covering:
-- Apple-specific RN checks (Info.plist, ATS, Sign in with Apple, background modes)
-- Google-specific RN checks (AndroidManifest, ProGuard, signing, crash rates)
-- 10 most common React Native rejection patterns
-- AI/generative AI feature rules for both stores
-- Age rating requirements
+| Feature | File |
+|---------|------|
+| Subscriptions / IAP / loot boxes | `references/features/subscriptions.md` |
+| User-generated content | `references/features/ugc.md` |
+| macOS / Mac App Store | `references/features/macos.md` |
 
-Read this file for every change — it contains the patterns most likely to cause rejection
-in React Native apps specifically.
+### Step 4: Load Rules for Specific Issues
 
-### Pre-Submission Checklist
+When you need detection patterns, fix steps, and example rejection messages:
 
-Refer to [references/pre-submission-checklist.md](references/pre-submission-checklist.md)
-for the complete pre-submission verification checklist. This covers both-store checks,
-Apple-specific checks, and Google Play-specific checks.
+| Category | File |
+|----------|------|
+| Metadata violations | `references/rules/metadata.md` |
+| Subscription/payment issues | `references/rules/subscriptions.md` |
+| Privacy violations | `references/rules/privacy.md` |
+| Design rejections | `references/rules/design.md` |
+| Entitlement/capability issues | `references/rules/entitlements.md` |
+| Crashes / performance | `references/rules/performance.md` |
+| Permission problems | `references/rules/permissions.md` |
 
-Read this file when the developer is preparing a release build or submitting to either store.
+### Step 5: Submission & Rejection
 
-### Handling Rejections
+| Task | File |
+|------|------|
+| Pre-submission verification | `references/pre-submission.md` |
+| Got a rejection / need to appeal | `references/rejections.md` |
 
-Refer to [references/handling-rejections.md](references/handling-rejections.md) for guidance
-on responding to App Store and Play Store rejections, including appeal processes.
+### Full Store Guidelines
 
-Read this file when a developer reports a rejection or asks how to respond to one.
+| Store | File |
+|-------|------|
+| Apple App Store Review Guidelines | `references/guidelines/apple.md` |
+| Google Play Store Policies | `references/guidelines/google-play.md` |
 
 ## Quick Decision Guide
 
-Use this to decide which reference files to read for common tasks:
-
 | Task | Files to Read |
 |------|--------------|
-| Adding a new feature | `react-native-patterns.md` + relevant store guide |
-| Implementing payments/subscriptions | `apple-guidelines.md` (section 3) + `google-play-guidelines.md` (billing) |
-| Adding permissions (camera, location, etc.) | `react-native-patterns.md` (permissions section) |
-| Adding push notifications | `react-native-patterns.md` + both store guides |
-| Adding user-generated content | `apple-guidelines.md` (section 1.1) + `google-play-guidelines.md` (content) |
-| Privacy/data collection changes | `apple-guidelines.md` (section 5.1) + `google-play-guidelines.md` (privacy) |
-| Preparing for submission | `pre-submission-checklist.md` |
-| Got a rejection | `handling-rejections.md` |
-| Adding AI features | `react-native-patterns.md` (AI section) |
-| Upgrading React Native version | `react-native-patterns.md` (all sections) |
+| Adding a new feature | `all-apps.md` + `react-native.md` + relevant app-type |
+| Implementing payments/subscriptions | `features/subscriptions.md` + `rules/subscriptions.md` |
+| Adding permissions (camera, location, etc.) | `rules/permissions.md` + `react-native.md` |
+| Adding push notifications | `react-native.md` (push section) |
+| Adding user-generated content | `features/ugc.md` + `app-types/social.md` |
+| Privacy/data collection changes | `rules/privacy.md` + `guidelines/apple.md` (5.x) |
+| Preparing for submission | `pre-submission.md` + `all-apps.md` |
+| Got a rejection | `rejections.md` + matching `rules/*.md` |
+| Adding AI features | `app-types/ai.md` + `rules/metadata.md` (China) |
+| Building a kids app | `app-types/kids.md` |
+| Building a health/medical app | `app-types/health-fitness.md` |
+| Building a game | `app-types/games.md` + `features/subscriptions.md` |
+| Crypto/finance app | `app-types/crypto-finance.md` |
+| VPN app | `app-types/vpn.md` |
+| macOS app | `features/macos.md` + `rules/entitlements.md` |
+| Upgrading React Native | `react-native.md` + `rules/performance.md` |

package/skills/rn-store-compliance/references/all-apps.md

@@ -0,0 +1,90 @@
+# Universal Checklist — Every App, Both Stores
+
+Master checklist loaded for every app regardless of type or category.
+
+---
+
+## Pre-Submission Essentials
+
+- [ ] App is final, complete, and tested on real devices
+- [ ] No placeholder/Lorem ipsum content anywhere
+- [ ] No beta/test/preview/demo labels in UI
+- [ ] Backend services live during review
+- [ ] Demo account provided if login required (pre-populated with data)
+- [ ] IAP items findable and functional
+- [ ] Review notes describe non-obvious features
+
+## Metadata
+
+- [ ] App name ≤ 30 chars, no trademark stuffing
+- [ ] No pricing info or other app names in metadata
+- [ ] No competitor platform names (no "Android" on Apple, no "iOS" on Google)
+- [ ] Screenshots show actual app in use (current build)
+- [ ] Category accurately reflects primary function
+- [ ] What's New describes actual changes
+- [ ] No unverifiable superlative claims ("best", "#1")
+
+## Privacy & Data
+
+- [ ] Privacy policy linked in store listing AND accessible in-app
+- [ ] Privacy policy accurately describes ALL data collection (including SDKs)
+- [ ] Consent obtained before collecting personal data
+- [ ] Only request data relevant to core functionality
+- [ ] Account deletion available if account creation offered
+- [ ] Third-party SDK data collection declared
+
+## Apple-Specific
+
+- [ ] Sign in with Apple if any third-party login offered
+- [ ] Don't re-ask name/email after SIWA
+- [ ] App Tracking Transparency prompt if tracking users
+- [ ] PrivacyInfo.xcprivacy present with Required Reason API declarations
+- [ ] Privacy Nutrition Labels accurate in App Store Connect
+- [ ] Uses iOS 26 SDK or later (as of April 2026)
+- [ ] App preview videos: screen captures only (no device frames)
+- [ ] No Apple device images in app icon
+- [ ] Info.plist permission descriptions are specific
+
+## Google-Specific
+
+- [ ] Targets Android 15 (API 35) or later
+- [ ] Published as AAB (not APK)
+- [ ] Data Safety section matches privacy policy
+- [ ] Closed testing completed (12+ testers, 14 days) for new apps
+- [ ] POST_NOTIFICATIONS runtime permission handled (Android 13+)
+- [ ] 16 KB page size compatibility for native libraries
+
+## Design & UX
+
+- [ ] Not a copycat of another app
+- [ ] Provides meaningful functionality beyond a website
+- [ ] No pixelated or stretched images
+- [ ] Handles dark mode without breaking
+- [ ] Text readable with sufficient contrast
+
+## Business
+
+- [ ] Digital content uses platform IAP
+- [ ] Not forcing ratings/reviews
+- [ ] Support URL with working contact method
+- [ ] Developer identity accurate and verifiable
+
+## Build Verification
+
+- [ ] Release build tested on real device (not simulator)
+- [ ] All deep links tested from cold start, background, and external apps
+- [ ] Offline behavior: shows clear state, doesn't crash
+- [ ] Memory usage acceptable on low-end devices
+- [ ] App size under 200MB
+- [ ] Certificate/signing valid and not expired
+- [ ] Version number incremented above current live version
+
+## Related Rules
+
+- See `rules/metadata.md` for metadata rejection patterns
+- See `rules/privacy.md` for privacy rejection patterns
+- See `rules/design.md` for design rejection patterns
+- See `rules/performance.md` for crash/performance patterns
+- See `rules/permissions.md` for permission patterns
+- See `rules/subscriptions.md` if app has subscriptions/IAP
+- See `rules/entitlements.md` for entitlement/capability issues

package/skills/rn-store-compliance/references/app-types/ai.md

@@ -0,0 +1,40 @@
+# AI / Generative AI Compliance
+
+## Apple
+
+- [ ] China distribution: remove all references to ChatGPT, OpenAI, GPT, Gemini, Claude, Anthropic, Midjourney, DALL-E (DST Guideline 5)
+- [ ] China distribution: suppress AI functionality entirely or obtain MIIT generative AI license (DST Guideline 5)
+- [ ] No false or misleading claims about AI capabilities (Guideline 1.4)
+- [ ] Medical AI features must include disclaimers that AI is not a substitute for professional advice (Guideline 1.4.1)
+- [ ] All AI features documented in App Review notes — explain what the AI does and how (Review Submission)
+- [ ] Do not use AI brand names (GPT, ChatGPT, Gemini, etc.) in your app name unless you are the brand owner (Guideline 2.3.7)
+- [ ] Content moderation required for all AI-generated output — filter harmful/illegal content (Guideline 1.2)
+- [ ] Disclose AI data processing in privacy policy — what inputs are processed, where, and by whom (Guideline 5.1.1)
+- [ ] Obtain user consent before processing user inputs through AI services (Guideline 5.1.1)
+- [ ] AI features, credits, and token packs sold via IAP (Guideline 3.1.1)
+
+## Google Play
+
+- [ ] AI-generated content must not violate content policies — same rules as human-created content (Content Policy)
+- [ ] Realistic AI images/video/audio of real people require provenance signals: watermarks or metadata (AI Content Policy)
+- [ ] Disclose AI usage prominently in store description if AI is a core feature (Store Listing Policy)
+- [ ] AI decisions affecting users may trigger regulatory requirements (transparency, appeal rights) (AI Policy)
+- [ ] No AI for deceptive content — deepfakes for fraud, impersonation, or misinformation prohibited (Deceptive Behavior Policy)
+
+## React Native Notes
+
+- API key security: NEVER embed AI service keys in the JS bundle — they are trivially extractable via `react-native-decompiler` or Hermes bytecode inspection
+- Pattern: proxy all AI calls through your backend; backend holds the API key
+- `react-native-dotenv` does NOT protect keys — env vars are baked into the bundle at build time
+- Content moderation wrapper: run AI responses through a moderation endpoint (OpenAI Moderation API, Perspective API) before displaying to user
+- Consent modal: present before first AI interaction — explain what data is sent, to which service, and retention policy
+- For China builds: use build flavors or runtime config to disable AI features — `Platform.constants` or a feature flag service
+- IAP for AI credits: use consumable IAP via `react-native-iap` — track credit balance server-side, not client-side
+- Expo Config Plugins can conditionally include/exclude AI-related native modules per build variant
+
+## Related Rules
+
+- [rules/api-key-security.md](../rules/api-key-security.md)
+- [rules/in-app-purchases.md](../rules/in-app-purchases.md)
+- [rules/privacy-policy.md](../rules/privacy-policy.md)
+- [rules/china-distribution.md](../rules/china-distribution.md)

package/skills/rn-store-compliance/references/app-types/crypto-finance.md

@@ -0,0 +1,42 @@
+# Crypto / Finance / Trading Compliance
+
+## Apple
+
+- [ ] Organization enrollment required — individual developer accounts will be rejected (Guideline 3.1.3)
+- [ ] No on-device crypto mining — cloud mining display only is permitted (Guideline 3.1.5(b))
+- [ ] Crypto exchanges must hold valid licenses in every jurisdiction served (Guideline 3.1.5(a))
+- [ ] ICOs, futures, and securities trading: from established financial institutions only (Guideline 3.1.5(a))
+- [ ] No offering cryptocurrency as reward for completing tasks (Guideline 3.1.5(b))
+- [ ] No binary options trading apps (Guideline 3.2)
+- [ ] CFD and FOREX apps must be properly licensed in served jurisdictions (Guideline 3.2)
+- [ ] Loan apps: APR must not exceed 36%, repayment period > 60 days, terms clearly disclosed (Guideline 3.2)
+- [ ] Banking and financial services: legal entity enrollment required (Guideline 3.2)
+- [ ] NFTs purchased via IAP if they unlock content/features; external purchase links not permitted (except US) (Guideline 3.1.1)
+- [ ] NFT browsing/viewing permitted without IAP, but no external purchase buttons (except US) (Guideline 3.1.1)
+
+## Google Play
+
+- [ ] Financial services apps must comply with local regulations in every jurisdiction served (Financial Services Policy)
+- [ ] Crypto apps require proper licenses and registrations (Financial Services Policy)
+- [ ] No deceptive financial claims — no guaranteed returns or misleading profit projections (Financial Services Policy)
+- [ ] Loan apps: APR must be disclosed upfront, no predatory terms or hidden fees (Personal Loans Policy)
+- [ ] Trading apps: risk disclaimers required and visible before first trade (Financial Services Policy)
+- [ ] Content rating must reflect financial complexity and risk exposure (Content Rating Policy)
+
+## React Native Notes
+
+- Organization account ($99/yr Apple, $25 Google) required before development begins — cannot switch from individual to org mid-review
+- Apple organization enrollment requires D-U-N-S number — apply early, takes 5-30 business days
+- Financial data security: use `react-native-encrypted-storage` for sensitive data, never `AsyncStorage`
+- SSL pinning: implement via `react-native-ssl-pinning` or `TrustKit` native module — financial apps are high-value targets for MITM
+- Jailbreak/root detection: `react-native-jail-monkey` or `freeRASP` — financial apps should warn or restrict on compromised devices
+- Biometric auth: `react-native-biometrics` or `expo-local-authentication` for transaction confirmation
+- For NFT display: render metadata and images only — do not embed wallet connection or purchase flows in iOS builds (except US)
+- WebView restrictions: Apple rejects financial apps that are just WebView wrappers around a web trading platform
+
+## Related Rules
+
+- [rules/organization-account.md](../rules/organization-account.md)
+- [rules/in-app-purchases.md](../rules/in-app-purchases.md)
+- [rules/data-encryption.md](../rules/data-encryption.md)
+- [rules/financial-services.md](../rules/financial-services.md)

package/skills/rn-store-compliance/references/app-types/games.md

@@ -0,0 +1,38 @@
+# Games / Gambling Compliance
+
+## Apple
+
+- [ ] All in-game currency, items, and content purchased via IAP — no external payment links (Guideline 3.1.1)
+- [ ] Loot boxes and gacha mechanics must disclose odds before purchase (Guideline 3.1.1)
+- [ ] IAP currencies must not expire (Guideline 3.1.1)
+- [ ] Restore Purchases mechanism required for non-consumable IAP and subscriptions (Guideline 3.1.1)
+- [ ] Game enemies must not target a specific race, culture, government, or real entity (Guideline 5.3)
+- [ ] Gambling and betting apps must hold valid licenses in every jurisdiction served (Guideline 5.3.3)
+- [ ] Lottery apps permitted only from the lottery organization itself (Guideline 5.3.3)
+- [ ] Age rating must honestly reflect violence, language, and mature content (Guideline 5.3)
+
+## Google Play
+
+- [ ] Real-money gambling requires valid gambling license per jurisdiction (Real-Money Gambling Policy)
+- [ ] Geo-restrictions enforced — block users in unlicensed jurisdictions (Real-Money Gambling Policy)
+- [ ] Loot box odds must be disclosed before purchase (Monetization Policy)
+- [ ] Contests and sweepstakes require published official rules (Contests Policy)
+- [ ] No content encouraging dangerous bets or challenges (Gambling Policy)
+- [ ] Game ads must be appropriate for the declared content rating (Ad Policy)
+
+## React Native Notes
+
+- `react-native-iap` (v12+) for cross-platform IAP — handles consumables, non-consumables, and subscriptions
+- `expo-in-app-purchases` deprecated — use `react-native-iap` or `react-native-purchases` (RevenueCat) instead
+- Loot box odds UI: render odds table in a modal before the purchase button becomes active — Apple reviewers verify this flow
+- Restore Purchases: must be a visible button (not buried in settings) — common rejection reason
+- For gacha/loot mechanics: log all odds server-side for audit compliance
+- `react-native-purchases` (RevenueCat) simplifies receipt validation, entitlement management, and cross-platform subscription state
+- Gambling apps: cannot use Expo Go or development builds in production — Apple requires native binary review
+- Age gating: implement at app launch for gambling apps — cannot rely on store age restrictions alone
+
+## Related Rules
+
+- [rules/in-app-purchases.md](../rules/in-app-purchases.md)
+- [rules/subscriptions.md](../rules/subscriptions.md)
+- [rules/age-rating.md](../rules/age-rating.md)

package/skills/rn-store-compliance/references/app-types/health-fitness.md

@@ -0,0 +1,39 @@
+# Health / Fitness / Medical Compliance
+
+## Apple
+
+- [ ] Medical apps must disclose data sources and methodology for accuracy claims (Guideline 1.4.1)
+- [ ] Cannot claim sensor-only diagnostics — no x-ray, blood pressure, glucose, or SpO2 from phone sensors alone (Guideline 1.4.1)
+- [ ] Include reminders for users to consult a doctor — do not replace professional medical advice (Guideline 1.4.1)
+- [ ] Drug dosage databases sourced only from approved entities (FDA, EMA, etc.) (Guideline 1.4.1)
+- [ ] HealthKit data must not be used for advertising, marketing, or data mining (Guideline 5.1.3)
+- [ ] Must not write false or fabricated data to HealthKit (Guideline 5.1.3)
+- [ ] Must not store personal health data in iCloud — use on-device or encrypted server storage (Guideline 5.1.3)
+- [ ] Health research apps require informed consent and ethics board (IRB) approval (Guideline 5.1.3)
+- [ ] Must be a legal entity (not individual developer) for regulated medical fields (Guideline 1.4.1)
+
+## Google Play
+
+- [ ] Health claims must be evidence-based with citations (Health Policy)
+- [ ] Medical apps require proper disclaimers visible before use (Health Policy)
+- [ ] Health Connect integration follows data sharing rules — request only necessary data types (Health Connect Policy)
+- [ ] No selling health data to third parties (Health Policy)
+- [ ] Health data must be encrypted in transit and at rest (Health Policy)
+- [ ] Content rating reflects health-related content accurately (Content Rating Policy)
+
+## React Native Notes
+
+- `react-native-health` for HealthKit (iOS) — request only the data types you actually need; over-requesting triggers review flags
+- `react-native-health-connect` for Health Connect (Android) — requires declaring permissions in `AndroidManifest.xml`
+- `expo-health` (Expo SDK 50+) for cross-platform HealthKit/Health Connect access
+- HealthKit entitlement must be added in Xcode — cannot be configured purely through RN config
+- Health data storage: never persist raw health data in AsyncStorage or MMKV — use encrypted storage (`react-native-encrypted-storage`)
+- For research apps: implement consent flow with `react-native-informed-consent` pattern — capture signature, date, version
+- Apple requires HealthKit usage description strings even if you only read (not write) data
+- Organization account required for medical apps on both stores
+
+## Related Rules
+
+- [rules/healthkit.md](../rules/healthkit.md)
+- [rules/privacy-policy.md](../rules/privacy-policy.md)
+- [rules/data-encryption.md](../rules/data-encryption.md)

package/skills/rn-store-compliance/references/app-types/kids.md

@@ -0,0 +1,40 @@
+# Kids Category Compliance
+
+## Apple
+
+- [ ] No external links without parental gate (Guideline 1.3)
+- [ ] No purchasing opportunities without parental gate (Guideline 1.3)
+- [ ] No third-party advertising of any kind (Guideline 1.3)
+- [ ] No third-party analytics except those that do not collect IDFA, PII, or location (Guideline 1.3)
+- [ ] COPPA and GDPR-K compliance verified (Guideline 5.1.4)
+- [ ] No sending PII or device info to third parties (Guideline 5.1.4)
+- [ ] Privacy policy (COPPA/GDPR compliant) accessible in-app and on App Store listing (Guideline 5.1.4)
+- [ ] "For Kids" / "For Children" metadata reserved — only use if enrolled in Kids Category (Guideline 1.3)
+- [ ] No ads in app extensions, widgets, iMessage apps, keyboards, or watchOS components (Guideline 1.3)
+
+## Google Play
+
+- [ ] Enrolled in Designed for Families program (Families Policy)
+- [ ] Ads served only through Google Play certified ad networks (Families Policy)
+- [ ] No personalized or interest-based advertising to children (Families Policy)
+- [ ] No social features without parental controls (Families Policy)
+- [ ] No behavioral tracking of children (Families Policy)
+- [ ] Login not required unless it provides clear value to the child (Families Policy)
+- [ ] All content appropriate for the declared age range (Families Policy)
+- [ ] Target age group declared accurately in store listing (Families Policy)
+
+## React Native Notes
+
+- Parental gate implementation: use a math problem or multi-step gesture — Apple rejects simple "Are you over 13?" confirmations
+- COPPA-compliant analytics alternatives: Firebase with analytics collection disabled for kids sessions, or self-hosted analytics with no PII
+- Remove or gate all `Linking.openURL()` calls behind parental verification
+- Strip all ad SDKs from kids builds — even dormant SDK code triggers rejection
+- `react-native-age-gate` pattern: render different component trees based on verified age context
+- Expo: disable `expo-tracking-transparency` entirely for kids apps — the prompt itself implies tracking
+- Test with a clean device — reviewers check for any network calls to ad/analytics endpoints
+
+## Related Rules
+
+- [rules/kids-category.md](../rules/kids-category.md)
+- [rules/privacy-policy.md](../rules/privacy-policy.md)
+- [rules/coppa-gdpr.md](../rules/coppa-gdpr.md)

package/skills/rn-store-compliance/references/app-types/social.md

@@ -0,0 +1,41 @@
+# Social / Messaging / Community Compliance
+
+## Apple
+
+- [ ] Content moderation system to filter objectionable material (Guideline 1.2)
+- [ ] Report mechanism accessible from within content with timely responses (Guideline 1.2)
+- [ ] Block abusive users functionality (Guideline 1.2)
+- [ ] Published support contact visible in-app (Guideline 1.2)
+- [ ] Sign in with Apple required if any third-party login offered (Guideline 4.8)
+- [ ] Do not re-ask name/email after SIWA — use provided identity token (Guideline 4.8)
+- [ ] Account deletion offered if account creation exists (Guideline 5.1.1)
+- [ ] Allow access without social login if social is not core feature (Guideline 5.1.1)
+- [ ] Privacy policy accessible in-app and on App Store listing (Guideline 5.1.1)
+
+## Google Play
+
+- [ ] Content moderation system with both automated and human review (UGC Policy)
+- [ ] User reporting accessible from within the content itself (UGC Policy)
+- [ ] Terms of service explicitly prohibiting objectionable content (UGC Policy)
+- [ ] Block and mute users functionality (UGC Policy)
+- [ ] DMCA/takedown process documented and operational (UGC Policy)
+- [ ] Remove illegal content within 24 hours of report (UGC Policy)
+- [ ] Account deletion available in-app (Data Deletion Policy)
+- [ ] Data Safety section accurate and complete (Data Safety Policy)
+
+## React Native Notes
+
+- `expo-apple-authentication` for SIWA — handles identity token, name, email scoping
+- `react-native-apple-authentication` as alternative for bare workflow
+- Content moderation: integrate server-side (Perspective API, OpenAI moderation, AWS Rekognition) — never do client-only filtering
+- Report UI pattern: contextual menu on content items (long-press or three-dot menu) leading to report flow
+- Block/mute: maintain server-side block list, filter in API responses — do not rely on client-side filtering alone
+- Account deletion must actually delete data server-side, not just disable the account
+- `@invertase/react-native-apple-authentication` supports credential revocation listening
+
+## Related Rules
+
+- [rules/sign-in-with-apple.md](../rules/sign-in-with-apple.md)
+- [rules/account-deletion.md](../rules/account-deletion.md)
+- [rules/privacy-policy.md](../rules/privacy-policy.md)
+- [rules/user-generated-content.md](../rules/user-generated-content.md)