If you build apps for clients, a policy update from Apple can feel like a change in the rules mid-game. App Store guidelines shift more often than most agencies realize—and missing a key update can mean rejected builds, delayed launches, or worse, a client’s app getting pulled entirely.
This post breaks down the most significant App Store policy changes an iOS app agency need to be across right now. Whether you’re mid-build or planning your next project, these updates will affect how you develop, submit, and maintain apps for your clients.
Why Apple’s App Store Policies Keep Changing
Apple updates its App Store Review Guidelines several times a year. Most updates are incremental—minor clarifications or tweaks to existing rules. But occasionally, Apple makes sweeping changes that restructure how entire categories of apps are built and distributed.
The pressure driving these changes comes from multiple directions: antitrust regulators in the EU and US, court rulings (particularly the ongoing fallout from Epic vs. Apple), and evolving standards around user privacy and data security. For iOS app agencies, staying current isn’t optional. A policy you built around six months ago may already be outdated.
Here’s what’s changed—and what it means for your agency today.
The EU’s Digital Markets Act Is Reshaping iOS Distribution
The most significant structural change in recent Apple history is the impact of the EU’s Digital Markets Act (DMA). Apple is now required to allow alternative app marketplaces and third-party payment systems for users in the European Economic Area (EEA).
For iOS app agencies with EU-based clients, this opens up new distribution options that weren’t possible before. Apps can now be distributed outside the App Store through approved alternative marketplaces. However, Apple still requires notarization—a review process separate from the standard App Store review—for all apps distributed this way.
What this means for your agency:
- If your clients target EEA users, you may be asked to distribute through alternative channels. Understand the notarization process before committing to a timeline.
- Alternative payment processors are now permitted in EEA apps, but Apple’s Core Technology Fee (a €0.50 charge per install beyond 1 million annually) still applies.
- Apps built for alternative distribution need to comply with a different—and in some ways more complex—set of requirements than standard App Store submissions.
This is new territory. Agencies that understand it early will be well-positioned to advise clients on the tradeoffs between traditional App Store distribution and alternative marketplaces.
App Privacy Manifest and Third-Party SDK Requirements
Apple introduced mandatory privacy manifests and signatures for third-party SDKs starting in 2024. This is one of the most practically impactful changes for agencies that rely on popular third-party libraries.
A privacy manifest is a file that declares the types of data an app or SDK collects, why it collects it, and which APIs it uses. Apple now requires this for a growing list of “required reason APIs”—system APIs like UserDefaults, file timestamps, and disk space—that have historically been misused for device fingerprinting.
What your agency needs to do:
- Audit your standard SDK stack. Popular libraries including Amplitude, Firebase, Crashlytics, and Meta’s Audience Network are on Apple’s required SDK list. Each must include its own privacy manifest.
- If you maintain any internal SDKs or reusable code packages distributed across client projects, those will also need privacy manifests.
- Submissions that include SDKs without the required privacy manifests will be rejected. Apple began enforcing this requirement for all new submissions and updates in spring 2024.
This change demands upfront due diligence. The good news is that most major SDK providers have already updated their libraries to comply. Running a dependency audit at the start of each new project is now a smart standard practice.
App Store Pricing Updates and New Pricing Tiers
Apple significantly expanded its global pricing infrastructure, giving developers access to 900 price points across 175 storefronts—up from the previous 94 price tiers. This gives agencies and their clients far more control over regional pricing strategies.
Alongside this, Apple introduced new tools for managing introductory offers, subscription upgrades, and price increases. Notably, Apple now notifies subscribers directly when an app raises its subscription price above a certain threshold, rather than requiring users to actively re-consent for smaller increases.
Practical implications:
- For subscription-based apps, review your client’s pricing strategy with these new tiers in mind. Localizing pricing to regional purchasing power is now much more achievable.
- Understand the new consent rules for subscription price changes. Price increases above a defined threshold still require user re-consent—plan subscription pricing adjustments accordingly to minimize churn.
In-App Purchase Rule Changes and External Payment Links
Following the court ruling in Epic vs. Apple, US developers are now permitted to include a single link in their app directing users to an external website to complete a purchase. This applies specifically to apps distributed in the US App Store.
Apple has placed strict conditions on how this link can be presented. It must follow Apple’s approved entitlement format, display a mandatory disclosure sheet, and cannot offer preferential pricing language inside the app itself. Non-compliance—even minor cosmetic deviations—will result in rejection.
For agencies building e-commerce or subscription apps, this is worth discussing with clients who want to reduce their App Store commission exposure. The practical benefits depend heavily on the client’s business model and user base.
Expanded Rules Around AI and Machine Learning Features
As AI-powered features become standard in mobile apps, Apple has tightened its guidelines around AI-generated content and automated functionality.
Key updates include:
- Apps using AI to generate written, visual, or audio content must ensure that content complies with App Store content guidelines. This includes avoiding content that could be used to mislead users, generate harmful material, or violate third-party rights.
- Apps that use AI chatbot functionality are now subject to additional review scrutiny, particularly around safeguards for younger users.
- Apple has also added clarifications around apps that use AI to impersonate real people or generate synthetic media.
For agencies building apps with generative AI features, building in content filtering and appropriate age-gating isn’t just good practice—it’s now a review requirement.
Kids Category and Age-Gating Enforcement
Apple has always enforced strict rules for apps in the Kids category, but recent guideline updates have strengthened requirements around age-gating across all app categories—not just those explicitly targeting children.
Apps that could appeal to children but are not in the Kids category must now implement robust age gates at the point of account creation and before displaying any content not suitable for minors. Agencies building social, entertainment, or lifestyle apps should treat this as a standard requirement, not an edge case.
Additionally, apps in the Kids category face even stricter limitations on advertising, data collection, and third-party analytics. If a client’s brief involves a product for younger audiences, be explicit about these constraints from the outset. They affect the entire technical architecture.
App Metadata and Screenshot Policy Tightening
Apple has been increasingly rigorous in reviewing app metadata—screenshots, preview videos, descriptions, and keywords—for accuracy. Apps that misrepresent features in screenshots, show UI from another platform, or use keywords designed purely to game search rankings face rejection or removal.
This matters for agencies because metadata is often treated as a marketing task rather than a compliance task. Building a review step for App Store assets into your handover process can prevent unnecessary submission delays.
Frequently Asked Questions
Do these policy changes affect apps already live in the App Store?
Most updates apply to new submissions and updates. However, Apple occasionally enforces changes retroactively—particularly around privacy and data collection. It’s worth reviewing live client apps against current guidelines annually, not just at submission time.
How often does Apple update its App Store Review Guidelines?
Apple publishes updates several times per year. Major overhauls tend to coincide with WWDC in June, but smaller updates can happen at any point. Subscribing to Apple’s developer news feed is the simplest way to stay current.
What’s the fastest way to check whether an SDK in my project needs a privacy manifest?
Apple maintains a published list of third-party SDKs that require privacy manifests. Check this list against your project’s dependencies and verify that each SDK provider has issued a compliant update.
Can EEA policy changes affect apps not targeting European users?
Generally, no. The DMA-driven changes apply specifically to apps and users in the EEA. However, if your client anticipates future EU expansion, it’s worth building with those requirements in mind from the start.
Build Compliance Into Every Project From Day One
Apple’s App Store policies are more complex than they’ve ever been—but they’re also better documented. The agencies that get caught out are rarely those who read the guidelines and missed something. More often, it’s those who treat compliance as a final step rather than a design constraint.
The smart move is to bake policy review into your project kickoff process. Audit SDKs before development begins. Brief clients on pricing and monetization options early. Flag AI, children’s content, or EU distribution requirements as soon as they appear in the brief.
Staying current with App Store guidelines is now a legitimate competitive advantage. Clients who’ve been burned by delayed launches due to policy rejections will pay a premium for an agency that treats compliance as a core service—not an afterthought.
