iOS¶
iOS checks: Info.plist, Podfile, SwiftLint, privacy/encryption compliance, and the App Store build-SDK requirement.
14 checks.
ios-allows-arbitrary-loads¶
Severity: Medium
Disabling ATS allows insecure HTTP connections, exposing the app to man-in-the-middle attacks and data interception.
How to fix: Remove NSAllowsArbitraryLoads or set it to false. Add per-domain exceptions only for domains that truly require HTTP.
ios-bitcode-enabled¶
Severity: Low
Bitcode was removed from the App Store pipeline by Apple. Enabling it adds build overhead and can cause unexpected linker behavior without any benefit.
How to fix: Set ENABLE_BITCODE = NO in your Xcode project build settings or xcconfig files. This is the default in Xcode 14+.
ios-build-sdk-requirement¶
Severity: Info
Apple raises the required build SDK roughly yearly. A stale CI Xcode image silently blocks every App Store upload once the deadline passes.
How to fix: Pin your CI to Xcode …+ (e.g. the macOS runner image / xcode-select) and keep local Xcode current.
ios-hardcoded-paths¶
Severity: Medium
Hardcoded paths break builds on other developers' machines and CI environments, causing mysterious build failures.
How to fix: Replace absolute paths with relative paths or Xcode build setting variables like $(SRCROOT).
ios-info-plist-overview¶
Severity: Info
Understanding the Info.plist configuration helps identify app metadata and security settings.
How to fix: Review Info.plist settings to ensure they match your release requirements.
ios-low-deploy-target¶
Severity: Medium
Supporting iOS versions below 15 increases maintenance burden, limits modern API adoption (async/await, SwiftUI improvements), and covers a shrinking share of active devices.
How to fix: Raise the iOS deployment target to at least 15.0 in both the Podfile and Xcode project settings.
ios-missing-encryption-declaration¶
Severity: Low
A missing export-compliance declaration blocks automated TestFlight/App Store delivery and forces a manual answer on each build, slowing releases.
How to fix: Add
ios-missing-privacy-manifest¶
Severity: High
Apple has required a privacy manifest for App Store submissions since May 2024; a missing manifest blocks release.
How to fix: Add a PrivacyInfo.xcprivacy to the app target declaring data collection and required-reason API usage.
ios-oversized-resource¶
Severity:
Large asset files increase the app bundle size, slow down downloads from the App Store, and consume more device storage.
How to fix: Compress the assets, use HEIC format for photos, or leverage asset catalogs with on-demand resources for large files.
ios-pbxproj-overview¶
Severity: Info
A large number of file references can indicate project bloat, stale references, or organizational issues.
How to fix: Periodically clean up stale file references and organize the project structure.
ios-podfile-overview¶
Severity: Info
Understanding dependency count and versioning practices helps assess maintenance burden and reproducibility.
How to fix: Review pod dependencies for unused or redundant entries.
ios-swiftlint-excessive-disabled¶
Severity: Low
Disabling too many lint rules defeats the purpose of having a linter and allows code quality issues to accumulate undetected.
How to fix: Run swiftlint rules to see rule descriptions and identify which disabled rules are still relevant. Use swiftlint --fix for auto-correctable rules, and prefer inline // swiftlint:disable:next rule_name over global disables for legitimate exceptions.
ios-unversioned-pods¶
Severity: Low
Pods without version constraints can silently update to incompatible versions, leading to build failures or runtime bugs.
How to fix: Add version constraints to all pods, e.g., pod 'Name', '~> 1.0'.
ios-weak-permission-description¶
Severity: High
iOS shows the purpose string at the permission prompt; an empty, placeholder, or vague justification confuses users and is a common App Store review rejection reason.
How to fix: Replace each flagged purpose string with a clear, specific sentence explaining exactly why the app needs the permission.