Skip to main content

Features

Compliance

How Stora scans your app for store compliance issues before submission.

Compliance Scanning#

Stora's compliance engine checks your app against 40+ rules to catch issues that cause store rejections. Run a scan before submitting to save days of back-and-forth with review teams.

What Gets Checked#

Scans cover six categories:

Privacy#

  • Privacy policy URL present in app and metadata
  • Data collection disclosures match actual app behavior
  • App Tracking Transparency (ATT) implementation on iOS
  • GDPR and CCPA consent flows where required
  • Third-party SDK data practices

Security#

  • Insecure network requests (HTTP instead of HTTPS)
  • Hardcoded secrets or API keys in the binary
  • Outdated dependencies with known vulnerabilities
  • Certificate pinning presence
  • Encryption declaration accuracy (ITAR/EAR compliance)

Metadata#

  • Title, subtitle, and description length compliance
  • Keyword stuffing detection
  • Screenshot count and dimension requirements
  • App category accuracy
  • Content rating consistency

Functionality#

  • Crash detection during automated testing
  • Broken links and dead ends
  • Login flow completeness
  • Required feature declarations (camera, location, etc.)
  • Minimum OS version compatibility

Accessibility#

  • VoiceOver / TalkBack label coverage
  • Color contrast ratios
  • Touch target sizes
  • Dynamic Type / font scaling support
  • Screen reader navigation order

Monetization#

  • In-app purchase configuration
  • Subscription disclosure requirements
  • Price tier consistency across locales
  • Restore purchases functionality
  • External payment link compliance

Binary-Only vs Full Source Analysis#

Stora adjusts the depth of its scan based on what you have connected:

| Mode | What's analyzed | Depth | |---|---|---| | Binary only | Uploaded .ipa or .apk | Metadata, privacy manifest, entitlements, basic security checks | | GitHub connected | Full source code + binary | All of the above plus dependency auditing, code-level security analysis, and accessibility linting |

Tip: Connect your GitHub repository for the deepest analysis. Source-level scanning catches issues that binary analysis cannot, like hardcoded API keys hidden in string constants.

AI-Powered Deep Analysis#

Beyond rule-based checks, Stora uses AI to:

  • Analyze your privacy policy text and compare it against your app's actual data collection
  • Read your app's UI flows and identify potential rejection reasons a rule engine would miss
  • Generate human-readable explanations and fix recommendations for every issue

Auto-Fix PRs#

For GitHub-connected projects, Stora can automatically open pull requests to fix certain issues:

  • Add missing accessibility labels
  • Replace HTTP URLs with HTTPS
  • Add missing privacy manifest entries
  • Update dependency versions with known vulnerabilities

Note: Auto-fix PRs are created as draft pull requests on a stora/fix-* branch. Review and merge them like any other PR.

Pre-Submission Readiness#

After a scan completes, Stora assigns a readiness level:

| Readiness | Meaning | |---|---| | Ready | No blocking issues. You can submit with confidence. | | Needs Review | Warnings exist that may or may not cause rejection. Review them. | | Not Ready | Critical errors that will likely cause rejection. Fix before submitting. |

Using Compliance Scanning#

Web UI#

Go to your project's Compliance tab and click Run Scan.

API#

bash
curl -X POST \
  -H "Authorization: Bearer sk_stora_..." \
  https://stora.sh/api/v1/projects/proj_abc123/compliance

See the Compliance API reference for full details.

MCP (Claude Code)#

"Run a compliance check on Versed and tell me what needs to be fixed."

See the MCP Tools Reference for stora_check_compliance and stora_get_compliance_results.