kofiloski/app-store-review-risk — explained in plain English
Analysis updated 2026-05-18
Scan an iOS or macOS app repo for App Store rejection risks before submitting.
Check a pull request diff for new App Review risks without re-flagging old ones.
Audit PrivacyInfo.xcprivacy, entitlements, and StoreKit code before release.
Fail a CI pipeline automatically when high severity risks are found.
| kofiloski/app-store-review-risk | 0xhassaan/nn-from-scratch | 3ks/embedoc | |
|---|---|---|---|
| Stars | 0 | 0 | — |
| Language | Python | Python | Python |
| Last pushed | — | — | 2023-06-08 |
| Maintenance | — | — | Dormant |
| Setup difficulty | easy | moderate | hard |
| Complexity | 2/5 | 4/5 | 1/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Install with pip or pipx, then point the CLI at an existing Apple app project directory.
app-store-review-risk is a scanner and AI agent skill that checks an Apple app project for things that commonly cause App Store rejections before you actually submit it. The goal is to catch problems in advance instead of finding out after a rejection, which can cost days of back and forth with Apple's review team. The scanner works across iOS, iPadOS, macOS, Mac Catalyst, watchOS, tvOS, and visionOS projects. It looks through configuration files like Info.plist and entitlements, the PrivacyInfo.xcprivacy file that describes what data an app collects, StoreKit code for in-app purchases and subscriptions, permission requests, tracking, Sign in with Apple setup, account deletion flows, and any user-generated content handling. It also flags missing pieces that App Store Connect submissions often need, such as screenshots, reviewer notes, privacy answers, a support URL, or demo login credentials for reviewers to test with. You run it from the command line against a project folder, and it can print results as a short summary, a compact JSON object, a full JSON object for automated pipelines, or a Markdown report for humans to read. There is a diff mode that only reports risks introduced by recent code changes, comparing against a Git branch, tag, or commit, so a team can check a pull request without being reminded of every pre-existing issue again. A command line flag lets a continuous integration pipeline fail a check when high severity findings turn up. Beyond the command line tool, the project is also packaged so AI coding agents such as Codex can call it directly as a skill during a release or review workflow. The scanner is built on pattern matching, so it can produce false positives or miss things hidden behind runtime configuration, and the project is clear that its findings are leads to investigate, not official rulings. Apple's own review guidelines remain the final word. The tool is written in Python and can be installed with pip or pipx.
A scanner and AI agent skill that checks an Apple app's code, config, and privacy setup for common App Store rejection risks before you submit.
Mainly Python. The stack also includes Python, CLI, pipx.
No license information is provided in the README.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.