How to Check an APK or IPA for Errors Before Submission
Most submission rejections are caught in the first 60 seconds of automated review. Here is exactly what to check in your APK or IPA before you submit: so you don't waste a review cycle.
Quickest option: Upload your APK, AAB, or IPA to apptester.co/health-check. It runs all the checks below automatically in 30 seconds and shows you what to fix.
APK / AAB checks (Android)
Build type
Unzip the APK and look at AndroidManifest.xml: debuggable="true" means it's a debug build. Better: use our Health Check to detect this instantly.
targetSdkVersion
In AndroidManifest.xml, check uses-sdk android:targetSdkVersion. Must be 34 or higher for new submissions on Google Play.
Permissions audit
List all <uses-permission> entries in AndroidManifest.xml. Verify each one is actively used by a feature in the current build.
Cleartext traffic
Check for android:usesCleartextTraffic="true" in AndroidManifest.xml. This should be false or absent in production builds.
ProGuard/R8 obfuscation
Decompile the APK with jadx or apktool. If class and method names are still readable (like 'LoginActivity', 'getUserData'), obfuscation is not enabled.
APK/AAB signing
Run: keytool -list -printcert -jarfile your-app.apk to verify it's signed with your release keystore, not the debug keystore.
Version code and name
Check versionCode and versionName in AndroidManifest.xml. versionCode must be higher than the currently published version.
IPA checks (iOS)
Release vs Debug build
Run: file YourApp.ipa or check the embedded.mobileprovision. Debug builds have a development provisioning profile. Release builds use Distribution.
PrivacyInfo.xcprivacy present
Unzip the IPA and navigate to Payload/YourApp.app. Verify PrivacyInfo.xcprivacy exists at the top level. Check it declares all required reason APIs.
App Transport Security
In Info.plist, look for NSAppTransportSecurity. Any NSAllowsArbitraryLoads: true in production is a rejection risk.
Icon format and sizes
iOS requires a 1024x1024 PNG without alpha channel for the App Store icon. Check Assets.xcassets/AppIcon. No transparency allowed.
Bundle ID matches App Store Connect
In Info.plist: CFBundleIdentifier must exactly match the bundle ID registered in App Store Connect.
Privacy usage descriptions
Every permission your app requests must have a corresponding NSXxxUsageDescription key in Info.plist with a meaningful description (not just 'Required').
Bitcode and architecture
For older apps: verify the correct architecture slices are present. New apps for iOS 14+ should include arm64.
Related articles
Scan your file in 30 seconds: free
Upload your APK, AAB, or IPA. Get a severity-ranked error report before you waste a review cycle.