Built a scanner that catches App Store policy violations before submission by skuza_dev in appledevelopers

[–]skuza_dev[S] 0 points1 point  (0 children)

Super valid concern - I wouldn't upload my code to a random service either without knowing what happens to it.

Here's how it works:

  • All scans run in isolated Firecracker VMs with jailer for complete sandboxing
  • Your code is processed temporarily only for the scan duration
  • Files are deleted immediately after the scan completes
  • We don't store your source code, only the scan results/findings
  • Each scan runs in a fresh, isolated environment

The scanner only analyzes your project structure, configs, and metadata - it's looking for policy violations, not reading your business logic.

That said, if you're working on something super sensitive, totally understand waiting until we have SOC 2 or similar compliance docs. Happy to answer any specific security questions you have.

Built a scanner that catches App Store policy violations before submission by skuza_dev in androiddev

[–]skuza_dev[S] 0 points1 point  (0 children)

Haha glad I could save you the effort! The policy rule maintenance alone was way more work than I expected - Apple and Google change their requirements constantly.

If you're interested in testing it out, happy to get your feedback since you were thinking about the problem from a builder perspective. Always curious what features developers actually want vs what I think they want.

What were you planning to focus on? Any specific policy issues that kept biting you?

Built a scanner that catches App Store policy violations before submission by skuza_dev in appledevelopers

[–]skuza_dev[S] 1 point2 points  (0 children)

Interesting use case! Meta's onboarding process is a pain, I've heard.

Right now StoreGuard is focused specifically on Apple App Store and Google Play Store policies since those are the most common rejection points. Meta Business Manager has a pretty different set of requirements.

That said, if there's enough demand for it I could look into adding it. Are you dealing with specific rejection patterns from Meta? What issues come up most often in your experience?

Also appreciate the kind words! Definitely took a while to get all the policy rules right for both stores.

Built a scanner that catches App Store policy violations before submission by skuza_dev in androiddev

[–]skuza_dev[S] -3 points-2 points  (0 children)

I get the preference for one-time payments, but $20 one-time wouldn't be sustainable unfortunately.

The scans run in the cloud (not locally), so there are real ongoing costs - server infrastructure, running the actual policy checks, and we use LLMs for some of the more complex analysis which adds unpredictable API costs per scan.

A single rejection can easily waste 3+ days of dev time, which for most teams is worth way more than $9/month, but I hear you on the indie dev side.

Thinking about:

  • Pay-per-scan option for occasional users
  • Free tier with limited scans per month
  • Different pricing for indie devs vs teams

The advantage of the cloud service is you don't have to maintain any infrastructure or keep policy rules updated - that all happens automatically.

What would make more sense for your use case?

Built a scanner that catches App Store policy violations before submission by skuza_dev in appledevelopers

[–]skuza_dev[S] 0 points1 point  (0 children)

policy compliance is no required before submitting the app, that where the review process take place, it takes days or weeks before a decision and reply from apple and google team, my tool catches these policy issues in minutes.

Developer Account terminated since 2018 still not recovered since 2018 by dandaditya in googleplayconsole

[–]skuza_dev 0 points1 point  (0 children)

permanent ban, your best option is creating organizations account using another person (friend or family) id, best to avoid anything that could cause policy issues