Apple's New Mini App Rules: Comply or Face App Store Removal
Source: Dev.to
What Changed
Apple has removed all ambiguity around dynamically loaded content. Previously, developers argued that lightweight HTML5 experiences were essentially web content and exempt from full app review. That interpretation is now eliminated. The update impacts three critical areas:
- Mini Apps Must Follow All Guidelines
- Native API Exposure Requires Permission
- Age Rating and Content Restrictions Mandatory
Who Is Affected
Several categories of applications are impacted:
- Super apps that host multiple mini apps or services within a single container (e.g., WeChat and Alipay models)
- Gaming platforms offering HTML5 or JavaScript‑based casual games that load dynamically
- Productivity platforms allowing third‑party developers to build tools using web technologies
- Content aggregators hosting HTML5‑based interactive experiences or educational content
- Browser‑based app builders and “vibecoding” tools that let users create lightweight JavaScript experiences
Technical Requirements in Detail
WebKit and JavaScript Core Only
Mini apps must be built using WebKit and JavaScriptCore; other native rendering engines are not permitted.
No Native API Exposure Without Permission
Any exposure of native iOS APIs from a mini app requires explicit permission from Apple before implementation.
Content Manifest Required
Developers must provide a manifest that lists all dynamic content, resources, and third‑party dependencies used by the mini app.
Privacy Compliance
All mini apps must adhere to Apple’s privacy guidelines, including the App Tracking Transparency (ATT) framework and data handling disclosures.
Age Rating Systems
Mini apps must be assigned an appropriate age rating and must enforce any content restrictions associated with that rating.
Getting Permission for Native APIs
If your core functionality requires exposing native APIs, you must request explicit Apple permission before implementation. This involves submitting a detailed request through App Store Connect, describing the API usage, security considerations, and user impact.
Conclusion
Apple’s November 2025 update makes clear that HTML5 and JavaScript mini apps are subject to the full App Store guidelines, cannot expose native platform APIs without permission, and must implement age rating systems and other compliance measures. Compliance is now mandatory, and non‑conforming apps risk removal from the App Store.