Skip to main content
Stora LogoStora
Start free
Blog
app-store

Apple's 2.5.2 crackdown isn't about AI. It's about apps that finish building themselves.

Apple is pulling vibe-coding apps under Guideline 2.5.2. The rule hasn't changed — what changed is that AI runtimes finally make it obvious which apps were always violating it.

Carlton Aikins3 min read

Apple has spent the last six weeks quietly deplatforming a specific category of AI app, and the reason most coverage gets wrong is that it has nothing to do with AI specifically. It has to do with a guideline written in 2017 that finally caught up to what those apps actually do.

what's been happening#

In mid-March, Apple started blocking updates for vibe-coding apps — Replit, Vibecode, and a handful of others. By the end of March they pulled "Anything," the natural-language app-builder that briefly went viral. Last week TechCrunch reported on the Cal AI takedown, which made the pattern legible: this isn't one-off enforcement. Apple is policing a category.

The citation is the same in every case: Guideline 2.5.2. An app can't download, install, or execute code that "introduces or changes features or functionality" after review. It's been on the books since 2017. The only thing new is the volume of apps that violate it on purpose.

why the rule wasn't a problem until now#

For most of its life, 2.5.2 was a backstop against bad-faith updates — sneaking gambling code into a wallpaper app, or hot-patching a banned feature back in. The kind of thing where the developer knew exactly what they were doing.

What the AI wave produced is apps where the entire point is that the user, post-install, types a prompt and the app produces new functionality. The app on day one and the app on day three are not the same app. The reviewer signed off on the day-one version. The day-three version is whatever the model decided to build that morning.

That's not a rule violated in spirit. It's a literal description of what 2.5.2 prohibits.

what indie devs should actually take from this#

The useful framing is the one the rule has always had: anything that meaningfully changes what your app does, after the review build, has to come through review. AI features inside your app — text generation, image generation, agent flows — are fine. The model output is content, not code. The constraint is on whether your app's behavior expands beyond what was reviewed.

A summarization app that calls an LLM is fine. A "build me a tool that does X" app where X is anything the user types — that's the line. Anywhere your app's surface area is defined at runtime by a third party (the user, the model, a remote config), you're in 2.5.2 territory.

the stora angle#

Stora's compliance engine reads your bundle and your listing together, and one of the categories it now flags hard is "app whose stated functionality and shipped behavior are not the same shape." If your description says "create custom workflows with AI" and your binary contains a code-execution path, the engine surfaces the 2.5.2 risk before you submit, not after the rejection.

That doesn't make your app compliant — only your architecture does that. But it stops you from finding out the expensive way, ten days into a review queue, that the rule applied to you.

closing#

Apple isn't cracking down on AI. It's enforcing a 2017 rule against the first generation of apps for which the rule actually bites. If you're building inside that category, the move isn't to argue with the guideline. It's to design your app so the reviewer sees the real shape of it.