Stop guessing if Apple will reject your app.
StoreShield 2.0 turns every scan into a local Review Room. Drop an .ipa or xcarchive, replay upload, privacy, SDK, metadata, reviewer-notes, and submission gates, then export a complete submission package before you submit.
Currently supports iOS archives only. Requires macOS 14+. Mac App Store or Direct DMG.
- Privacy gatePASS · manifest complete
- Binary uploadITMS diagnostics mapped locally
- Submission packReviewer notes + fix plan ready
- App Store ConnectMetadata checklist prepared
Zero data sent.
By design.
Your IPA stays on your Mac. No upload. No telemetry. No third-party servers. The way pre-release builds should be.
Review Room
See the same gates developers care about: Binary Upload, Privacy, SDKs, metadata, reviewer notes, and final submission decision.
Submission Pack
Export REVIEW_ROOM.md, reviewer notes draft, fix plan, metadata checklist, mapped ITMS errors, machine summary, SARIF, and PDF.
Fully offline
Your binary never leaves your Mac. No telemetry, no third-party uploads. Suitable for confidential pre-release builds.
Offline context import
Paste Transporter logs, ITMS emails, or App Store Connect metadata JSON. StoreShield enriches gates locally without using App Store Connect APIs.
Strict score.
Clear next fix.
Drag, drop, read the release plan. Large apps can take longer, so StoreShield shows elapsed time and the slowest scan phases instead of hiding the work.
From archive to submission package.
StoreShield is built around one workflow: scan, review, export.
- 1
Drop your .ipa
Export an archive from Xcode, or grab one from your CI. StoreShield reads it in place without needing your source code.
- 2
Walk the Review Room
Each gate shows PASS, RISK, BLOCK, or MANUAL with evidence, confidence, linked issues, ITMS codes, and the next best action.
- 3
Export the pack
Generate reviewer notes, a fix plan, metadata checklist, mapped ITMS errors, PDF report, machine JSON, and SARIF before submission.
Built to catch what tools miss.
Apple changed the rules.
We already knew.
Compliance criteria sync weekly from Apple's official documentation. StoreShield shows the installed and available criteria versions, changelog, and rescan warning when your report is stale.
AI explanations, on your terms.
Bring your own Anthropic or OpenAI API key. StoreShield sends only the issue type and minimal scan metadata to the selected provider. No IPA bytes, no source code, no personal data. The AI never sees your build.
Your IPA, source code, screenshots, license file, and any personal data never leave the device.
Only the issue category, the rule that triggered it, and a short context string. Strictly what the AI needs to write a useful fix suggestion.
We never proxy or charge for AI usage. You pay Anthropic or OpenAI directly with your own API key. You stay in control of every cent.
AI is OFF by default. Toggle it from the privacy badge in the app. Switch back to fully offline mode in one click.
What StoreShield checks
100+ checks for App Store upload, privacy, SDK, accessibility, entitlement, and binary readiness.
Privacy Manifests
Detects missing or incomplete PrivacyInfo.xcprivacy in your app and every embedded SDK. A frequent cause of App Store upload failures since May 2024.
Required Reason APIs
Flags UserDefaults, file timestamps, disk space, and other sensitive APIs used without a declared reason. Maps each violation to the exact NSPrivacyAccessedAPIType Apple expects.
Third-Party SDK Inventory
Identifies every embedded SDK, flags those missing a privacy manifest, and surfaces known high-risk frameworks.
App Store Readiness
Checks ITMS-style upload gates, binary hardening, export compliance, scene manifest, launch screen, iPad declaration, and App Transport Security.
Entitlements
Surfaces unexpected or over-privileged entitlements (push notifications, iCloud, associated domains) before Apple's review team does.
Binary Security
Verifies architecture, Swift and Objective-C presence, runtime linkage, debug symbol and path signals, deprecated API references, and bitcode status.
Common questions
Does StoreShield guarantee my app won't be rejected?
No tool can guarantee App Store approval. Apple's review has a human element. StoreShield eliminates every detectable technical cause of rejection before you hit Submit, which is a very different risk profile than hoping for the best.
Does my IPA ever leave my Mac?
Never. StoreShield runs entirely on your machine. No upload, no cloud scan, no telemetry. Optional AI mode sends only a minimal issue description to your selected provider; your binary stays local.
Do I need Xcode or a developer account?
No. StoreShield reads any iOS .ipa, .xcarchive, or .zip (iOS archives only — macOS apps are not supported). No Xcode required, and you don't need to be the app's developer to scan it.
How is this different from Xcode's App Store validation?
Xcode checks binary format errors. StoreShield checks ITMS-style upload gates, privacy manifests, Required Reason APIs, SDK risk, accessibility signals, entitlements, export compliance, and binary security.
Can I scan apps before they're on the App Store?
Yes, that's the primary use case. Scan pre-release builds, CI artifacts, or client deliverables before they ever reach App Store Connect.
How often are compliance rules updated?
Rules sync weekly from Apple's official documentation. The app shows the installed criteria version, available remote version, changelog, and whether an older report should be rescanned.
Why can a scan take several minutes?
StoreShield scans locally and does not upload your archive. Large IPAs, many frameworks, and binary review checks can take longer. The app now shows elapsed time, activity logs, and the slowest phases in the report.
Ready for your next submission?
Get StoreShield from the Mac App Store, or use the signed Direct DMG if you prefer Paddle licensing.