This guide is reference only — AppDock does not automate Play Console, signing bundles, or device QA. Wide tables scroll horizontally on narrow viewports.

🤖 Google Play Store Deployment Checklist

Flutter / React Native / Native Android — 2026 Edition

Last updated: April 2026 | Reflects Google Play's latest API requirements (Target SDK 35 mandatory; Android 16 / API 36 required from August 31, 2026)

Legend

Tag	Meaning
🔴 `[BLOCKER]`	App will be rejected / removed without this
🟠 `[MANDATORY]`	Required by policy — violation leads to enforcement
🟡 `[RECOMMENDED]`	Best practice; impacts ranking, discoverability, or UX
🟢 `[OPTIONAL]`	Nice to have

Phase 1 — Developer Account & Identity

1.1 Google Play Console Account

#	Item	Status	Severity	Field Type	Limits & Validation	Mandatory?
1.1.1	Google Play Developer Account registered	`[ ]`	🔴 BLOCKER	Account enrollment at play.google.com/console	$25 one-time fee. Payment via credit/debit card. Account verification requires valid Google account + payment profile. Takes 48–72h for new accounts to activate.	✅ Yes
1.1.2	Identity verification completed	`[ ]`	🔴 BLOCKER	ID upload + form	Google may require identity verification (government ID). Required for new accounts and some policy-sensitive categories.	✅ Yes
1.1.3	Two-Factor Authentication enabled	`[ ]`	🔴 BLOCKER	Account security setting	Must be enabled on the Google account used for Play Console.	✅ Yes
1.1.4	Google Play payment profile linked	`[ ]`	🟠 MANDATORY	Google Payments Console	Required even for free apps. Must be completed before submitting any app to production.	✅ Yes
1.1.5	Tax information submitted	`[ ]`	🟠 MANDATORY (if paid)	Tax forms in Payments profile	Required before collecting any revenue. Country-specific forms (W-8, W-9, etc.).	Conditional
1.1.6	Banking / payout details added	`[ ]`	🟠 MANDATORY (if paid)	Bank account form in Payments	Required to receive revenue payouts. Verification can take 3–5 business days.	Conditional

1.2 App Identity

#	Item	Status	Severity	Field Type	Limits & Validation	Mandatory?
1.2.1	App name (Play Console)	`[ ]`	🔴 BLOCKER	Text input	Max 50 characters (Play Console store listing name — differs from launcher icon name). No excessive punctuation. No promotional phrases ("Best!", "#1"). No keyword-stuffing.	✅ Yes
1.2.2	App launcher name (home screen)	`[ ]`	🔴 BLOCKER	`app_name` string resource / AndroidManifest	Max 30 characters. Shown under app icon on device. Keep short and recognizable.	✅ Yes
1.2.3	Application ID / Package Name	`[ ]`	🔴 BLOCKER	`applicationId` in build.gradle	Reverse-domain format: `com.company.appname`. Lowercase, alphanumeric + `.`. Cannot be changed after first submission.	✅ Yes
1.2.4	App Type (App or Game)	`[ ]`	🔴 BLOCKER	Radio select in Play Console	Set at app creation. Cannot be changed easily later. Affects category options and review process.	✅ Yes
1.2.5	Primary App Category	`[ ]`	🔴 BLOCKER	Dropdown	Select from Google's category list. Affects discoverability.	✅ Yes
1.2.6	Free or Paid	`[ ]`	🔴 BLOCKER	Radio select	Set at creation. Cannot convert free app to paid after publishing. Paid → free conversion is allowed.	✅ Yes
1.2.7	Default language	`[ ]`	🔴 BLOCKER	Dropdown	Primary language for store listing. Additional locales can be added.	✅ Yes

1.3 Team & Access

#	Item	Status	Severity	Notes	Mandatory?
1.3.1	User roles / permissions configured	`[ ]`	🟡 RECOMMENDED	Play Console supports Admin, Release Manager, Developer roles. Invite team with least-privilege access.	Recommended
1.3.2	Emergency contact for review questions	`[ ]`	🟡 RECOMMENDED	Google may email during review. Monitor the account owner's Gmail closely.	Recommended

Phase 2 — Technical Build Requirements

2.1 Target API Level (Critical 2026 Deadlines)

#	Item	Status	Severity	Field Type	Limits & Validation	Mandatory?
2.1.1	`targetSdkVersion` = 35 (Android 15) for current submissions	`[ ]`	🔴 BLOCKER	`build.gradle` → `targetSdk 35`	From August 31, 2025: all new apps and updates must target API 35. Apps below API 34 become invisible to users on newer Android versions.	✅ Yes
2.1.2	`targetSdkVersion` = 36 (Android 16) from August 31, 2026	`[ ]`	🔴 BLOCKER	`build.gradle` → `targetSdk 36`	From August 31, 2026: new apps and updates must target Android 16 (API 36). Plan migration now.	✅ Yes (Aug 2026)
2.1.3	`compileSdk` matches or exceeds `targetSdk`	`[ ]`	🔴 BLOCKER	`build.gradle`	`compileSdk` must be ≥ `targetSdk`. Use same value or higher.	✅ Yes
2.1.4	`minSdkVersion` set appropriately	`[ ]`	🟠 MANDATORY	`build.gradle` → `minSdk`	Min recommended: API 26 (Android 8.0). Lower = more devices but more maintenance. Cannot be higher than `targetSdk`.	✅ Yes
2.1.5	64-bit architecture (ARM64) supported	`[ ]`	🔴 BLOCKER	ABI split config	ARM64-v8a required. Flutter handles this automatically. No 32-bit-only apps.	✅ Yes
2.1.6	16KB memory page size support (Android 15+)	`[ ]`	🟠 MANDATORY	Native library compilation	Required for Android 15 compatibility. NDK apps must recompile native libraries. Flutter apps: check plugins that use native code.	✅ Yes

2.2 App Bundle & Build Format

#	Item	Status	Severity	Field Type	Notes	Mandatory?
2.2.1	Android App Bundle (.aab) format used	`[ ]`	🔴 BLOCKER	Build artifact	APK NOT accepted for new apps since August 2021. Must be `.aab` file. Flutter: `flutter build appbundle --release` → `/build/app/outputs/bundle/release/app-release.aab`	✅ Yes
2.2.2	Release build tested on real device	`[ ]`	🔴 BLOCKER	QA testing	Debug builds behave differently. Always test the release AAB via internal testing track on real physical device.	✅ Yes
2.2.3	App does not crash on launch	`[ ]`	🔴 BLOCKER	QA / Pre-launch report	Google runs automated launch tests. Crash on startup = immediate rejection.	✅ Yes

2.3 Signing & Keystores

#	Item	Status	Severity	Field Type	Notes	Mandatory?
2.3.1	Upload keystore (.jks / .keystore) generated	`[ ]`	🔴 BLOCKER	File generated via keytool	RSA key, 2048 bits minimum. Command: `keytool -genkey -v -keystore upload-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload`	✅ Yes
2.3.2	Keystore alias, store password, key password recorded	`[ ]`	🔴 BLOCKER	key.properties file (gitignored)	All three values required for every release build. Store in password manager. Never commit to Git.	✅ Yes
2.3.3	Keystore backed up securely in multiple locations	`[ ]`	🔴 BLOCKER	File backup	Losing keystore = can never update app. Must publish as new app with new package name. Store in: password manager + encrypted cloud backup + offline secure location.	✅ Yes
2.3.4	Play App Signing enrolled	`[ ]`	🟡 RECOMMENDED	Play Console → App Integrity → Play App Signing	Strongly recommended for new apps. Google manages the app signing key. Your upload key is separate. If you lose upload key, Google can reset it. Opt in during first release.	Recommended
2.3.5	Signing config in build.gradle (not hardcoded)	`[ ]`	🔴 BLOCKER	`key.properties` + `build.gradle` reference	Reference `key.properties` file. Never hardcode passwords in `build.gradle`. `key.properties` must be in `.gitignore`.	✅ Yes
2.3.6	Release build signed (not debug keystore)	`[ ]`	🔴 BLOCKER	Build validation	Uploading a debug-signed AAB = instant rejection: "You uploaded an APK or app bundle that was signed in debug mode."	✅ Yes

2.4 AndroidManifest & Permissions

#	Item	Status	Severity	Field Type	Notes	Mandatory?
2.4.1	Only required permissions declared	`[ ]`	🔴 BLOCKER	`AndroidManifest.xml`	Reviewers compare declared permissions vs actual app functionality. Extra permissions = rejection.	✅ Yes
2.4.2	`INTERNET` permission	`[ ]`	🟠 MANDATORY (if networking)	`<uses-permission android:name="android.permission.INTERNET"/>`	Required for any network calls.	Conditional
2.4.3	`ACCESS_NETWORK_STATE`	`[ ]`	🟢 OPTIONAL	`AndroidManifest.xml`	For checking connectivity before network requests.	No
2.4.4	`CAMERA` permission	`[ ]`	🔴 BLOCKER (if used)	`<uses-permission android:name="android.permission.CAMERA"/>`	Must justify use. Core functionality only.	Conditional
2.4.5	`ACCESS_FINE_LOCATION` / `ACCESS_COARSE_LOCATION`	`[ ]`	🔴 BLOCKER (if used)	`AndroidManifest.xml`	Background location (`ACCESS_BACKGROUND_LOCATION`) requires separate Declaration Form submission in Play Console.	Conditional
2.4.6	`READ_CONTACTS` / `WRITE_CONTACTS`	`[ ]`	🔴 BLOCKER (if used)	`AndroidManifest.xml`	Sensitive permission — requires Declaration Form in Play Console. Must be essential to core functionality.	Conditional
2.4.7	`READ_SMS` / `RECEIVE_SMS` / `SEND_SMS`	`[ ]`	🔴 BLOCKER (if used)	`AndroidManifest.xml`	Restricted permission. Requires Declaration Form + explicit approval from Google Play policy team.	Conditional
2.4.8	`CALL_LOG` / `READ_CALL_LOG`	`[ ]`	🔴 BLOCKER (if used)	`AndroidManifest.xml`	Restricted permission. Requires Declaration Form. Very rarely approved.	Conditional
2.4.9	`USE_BIOMETRIC` / `USE_FINGERPRINT`	`[ ]`	🟠 MANDATORY (if used)	`AndroidManifest.xml`	Standard biometric permission. No special declaration needed.	Conditional
2.4.10	`POST_NOTIFICATIONS` (Android 13+)	`[ ]`	🟠 MANDATORY (if push)	`<uses-permission android:name="android.permission.POST_NOTIFICATIONS"/>`	Required to show notifications on Android 13+. Must request at runtime.	Conditional
2.4.11	Health permissions (Android 16 granular)	`[ ]`	🟠 MANDATORY (if health)	New granular `android.permission.health.*` permissions	New 2026 (Android 16): Granular health permissions replacing old `BODY_SENSORS`. Use new specific permissions (heart rate, SpO₂, skin temperature etc.).	Conditional
2.4.12	Runtime permission requests implemented	`[ ]`	🟠 MANDATORY	Code + UI	Dangerous permissions must be requested at runtime with clear rationale. Never request on app start without context.	✅ Yes
2.4.13	`android:usesCleartextTraffic="false"`	`[ ]`	🟡 RECOMMENDED	`AndroidManifest.xml`	Set `false` to block plain HTTP. Use Network Security Config for any exceptions.	Recommended

2.5 Versioning

#	Item	Status	Severity	Field Type	Limits & Validation	Mandatory?
2.5.1	`versionCode` set and incremented	`[ ]`	🔴 BLOCKER	`build.gradle` → `versionCode`	Integer. Must increment with EVERY upload. Cannot reuse a version code. Start at 1. Cannot be 0 or negative.	✅ Yes
2.5.2	`versionName` set	`[ ]`	🟠 MANDATORY	`build.gradle` → `versionName`	Human-readable string, e.g. `"1.0.0"`. Shown in Play Console. Not used for ordering (that's versionCode).	✅ Yes
2.5.3	`pubspec.yaml` version matches (Flutter)	`[ ]`	🔴 BLOCKER	`version: 1.0.0+1`	`+1` maps to `versionCode`. Must match `build.gradle` values.	✅ Yes (Flutter)

2.6 Flutter-Specific Requirements

#	Item	Status	Severity	Notes	Mandatory?
2.6.1	Flutter 3.38+ (or latest stable)	`[ ]`	🟡 RECOMMENDED	Ensure latest stable Flutter SDK for best compatibility and bug fixes. Run `flutter upgrade`.	Recommended
2.6.2	`flutter_launcher_icons` configured	`[ ]`	🟠 MANDATORY	Run `flutter pub run flutter_launcher_icons`. All icon variants generated including adaptive icon.	✅ Yes
2.6.3	Adaptive icon foreground + background layers	`[ ]`	🟠 MANDATORY	Required for Android 8.0+. Foreground: 108×108dp. Background: solid color or image. Configured in `flutter_launcher_icons` config.	✅ Yes
2.6.4	`flutter_native_splash` configured	`[ ]`	🟡 RECOMMENDED	Consistent launch experience. Prevents white/black flash on startup.	Recommended
2.6.5	Production flavor/scheme configured	`[ ]`	🟡 RECOMMENDED	Separate `prod` flavor with production API URLs, Firebase project, RevenueCat keys. Prevents dev config leaking into production.	Recommended
2.6.6	`flutter build appbundle --release` tested	`[ ]`	🔴 BLOCKER	Must test the actual release artifact. Debug differs significantly.	✅ Yes
2.6.7	Flutter obfuscation enabled	`[ ]`	🟡 RECOMMENDED	`flutter build appbundle --release --obfuscate --split-debug-info=build/app/outputs/symbols`. Save symbols for crash symbolication.	Recommended
2.6.8	ProGuard/R8 rules configured (if code shrinking)	`[ ]`	🟡 RECOMMENDED	Prevents crashes from minification. Keep rules for Gson, Retrofit, etc.	Recommended
2.6.9	Platform channels tested on release build	`[ ]`	🟠 MANDATORY	Native method channels behave differently in release mode. Test all MethodChannel calls.	✅ Yes
2.6.10	All dependencies on stable channel	`[ ]`	🟡 RECOMMENDED	Avoid pre-release packages in production builds.	Recommended

Phase 3 — Store Listing Assets

3.1 App Icons

#	Item	Status	Severity	Dimensions	File Specs	Mandatory?
3.1.1	Store listing icon	`[ ]`	🔴 BLOCKER	512 × 512 px	PNG. No alpha/transparency. No rounded corners (Google applies mask). ≤ 1024 KB.	✅ Yes
3.1.2	Adaptive icon — foreground layer	`[ ]`	🟠 MANDATORY	108 × 108 dp (432 × 432 px @4x)	PNG with transparency allowed. Subject matter in center 72dp safe zone.	✅ Yes
3.1.3	Adaptive icon — background layer	`[ ]`	🟠 MANDATORY	108 × 108 dp	Solid color or image. No transparency.	✅ Yes
3.1.4	Monochrome / themed icon (Android 13+)	`[ ]`	🟢 OPTIONAL	Same as foreground	Single-color silhouette. Used for themed icon support on Android 13+.	No

3.2 Screenshots

#	Item	Status	Severity	Dimensions	File Specs	Mandatory?
3.2.1	Phone screenshots	`[ ]`	🔴 BLOCKER	Min: 320px shortest side. Max: 3840px on any side. Recommended: 1080 × 1920 px or 1080 × 2160 px	JPEG or PNG. Max 8MB per image. 16:9 or 9:16 aspect ratio. Minimum 2, maximum 8.	✅ Yes
3.2.2	7-inch tablet screenshots	`[ ]`	🟡 RECOMMENDED	1024 × 600 px minimum	Required to show tablet UI if app targets tablets. Same file specs as phone.	Recommended
3.2.3	10-inch tablet screenshots	`[ ]`	🟡 RECOMMENDED	1280 × 800 px minimum	Additional tablet size. Same file specs.	Recommended
3.2.4	Chromebook screenshots	`[ ]`	🟢 OPTIONAL	1280 × 800 px	Only if targeting Chromebook / large-screen optimization.	No
3.2.5	Wear OS screenshots	`[ ]`	🟢 OPTIONAL	384 × 384 px (round)	Only if app has a Wear OS component.	Conditional
3.2.6	Android TV screenshots	`[ ]`	🟢 OPTIONAL	1280 × 720 px	Only if app supports Android TV.	Conditional

Screenshot Content Rules:

Must show actual app functionality — no fictitious/mockup screenshots
No pricing information or promotional language
No user testimonials or fabricated reviews
No misleading imagery that implies features not present
Screenshots from actual device or emulator (not design tool mockups)
First 2–3 screenshots are the most critical for conversion

3.3 Feature Graphic & Promo Video

#	Item	Status	Severity	Specs	Notes	Mandatory?
3.3.1	Feature graphic	`[ ]`	🟠 MANDATORY	1024 × 500 px, JPEG or PNG, max 1MB	Required when promo video is present. Shown as banner in store. Even without video, highly recommended for promotional placement eligibility.	Recommended
3.3.2	Promo video	`[ ]`	🟢 OPTIONAL	YouTube URL. Public or unlisted. 30 seconds – 2 minutes. Up to 3 videos.	Must demonstrate actual app functionality. Cannot be a generic company ad.	No

3.4 Text Metadata

#	Item	Status	Severity	Character Limit	Notes	Mandatory?
3.4.1	App Title (Store listing name)	`[ ]`	🔴 BLOCKER	Max 50 characters	Shown in Play Store search results and listing page. Include primary keyword naturally. No ALL CAPS titles. No excessive punctuation. No promotional superlatives ("Best", "Free", "#1").	✅ Yes
3.4.2	Short Description	`[ ]`	🔴 BLOCKER	Max 80 characters	Shown in search results under app name. First impression copy. Must accurately describe app. No keyword spam.	✅ Yes
3.4.3	Full Description	`[ ]`	🔴 BLOCKER	Max 4000 characters	HTML-like formatting supported (bold: `<b>`, italic: `<i>`, line break: `<br>`). Keyword-rich. Must match actual app functionality. No references to competitor apps or platforms (e.g. "also on iOS").	✅ Yes
3.4.4	What's New / Release Notes	`[ ]`	🟠 MANDATORY	Max 500 characters	Required for every update submission. Describe what changed. Plain text only.	✅ Yes (updates)
3.4.5	Tags	`[ ]`	🟢 OPTIONAL	Max 5 tags	Helps discoverability. Select from Google's predefined tag list.	No
3.4.6	Contact Email	`[ ]`	🔴 BLOCKER	Valid email address	Publicly displayed on store listing. Must be monitored. Required for all apps.	✅ Yes
3.4.7	Privacy Policy URL	`[ ]`	🔴 BLOCKER (required if sensitive data)	Valid URL	Must be a live web page (not PDF, not geofenced). Must match Data Safety declarations.	✅ Yes
3.4.8	Website URL	`[ ]`	🟢 OPTIONAL	Valid URL	Optional but builds trust.	No
3.4.9	Phone Number	`[ ]`	🟢 OPTIONAL	Valid phone	Optional support contact.	No

Note: Google Play has no dedicated keywords field. Keyword optimization depends entirely on placement within Title, Short Description, and Full Description.

Phase 4 — App Content Section (Policy Declarations)

All items in the App Content section must be completed before publishing. Located in Play Console → Policy → App Content.

4.1 Privacy Policy

#	Item	Status	Severity	Notes	Mandatory?
4.1.1	Privacy policy URL entered in Play Console	`[ ]`	🔴 BLOCKER	Required for all apps that access sensitive permissions OR any personal/device data. Strongly recommended for ALL apps.	✅ Yes
4.1.2	Privacy policy hosted on accessible, non-geofenced HTTPS URL	`[ ]`	🔴 BLOCKER	Must load in all regions. No PDF. No login walls. No geographic blocks.	✅ Yes
4.1.3	Privacy policy accessible from within the app	`[ ]`	🟠 MANDATORY	In-app link (Settings → Privacy Policy or footer). Both Play Console link AND in-app link required.	✅ Yes
4.1.4	Privacy policy non-editable / stable URL	`[ ]`	🟠 MANDATORY	Google warns against editable documents (Google Docs). Use a hosted webpage or service like Termly/iubenda.	✅ Yes
4.1.5	Privacy policy includes: data collected	`[ ]`	🔴 BLOCKER	All data types collected (name, email, location, device ID, usage data, etc.)	✅ Yes
4.1.6	Privacy policy includes: third-party data sharing	`[ ]`	🔴 BLOCKER	All third parties (Firebase, Crashlytics, RevenueCat, ads SDKs, etc.)	✅ Yes
4.1.7	Privacy policy includes: data retention + deletion	`[ ]`	🟠 MANDATORY	How long data is kept and how users can request deletion.	✅ Yes
4.1.8	Privacy policy includes: user rights	`[ ]`	🟠 MANDATORY	Access, correction, deletion rights (GDPR/CCPA). Contact info for privacy inquiries.	✅ Yes
4.1.9	Privacy policy includes: security practices	`[ ]`	🟠 MANDATORY	Encryption in transit, storage security.	✅ Yes
4.1.10	Privacy policy labeled clearly	`[ ]`	🟠 MANDATORY	Title must include "Privacy Policy" — not "Terms" or "Legal".	✅ Yes

4.2 Data Safety Section

#	Item	Status	Severity	Input Type	Notes	Mandatory?
4.2.1	Data Safety form completed	`[ ]`	🔴 BLOCKER	Multi-step questionnaire in Play Console → App Content → Data safety	Required for ALL apps since July 2022. Incomplete = blocked from publishing. Takes 30–60 minutes to complete properly.	✅ Yes
4.2.2	Data collection types declared	`[ ]`	🔴 BLOCKER	Checklist (location, personal info, financial, health, contacts, photos, files, app activity, device info, etc.)	Declare EVERY data type your app AND its SDKs collect. Google audits for inconsistencies.	✅ Yes
4.2.3	Data sharing with third parties declared	`[ ]`	🔴 BLOCKER	Checkbox per data type	Any data passed to third-party SDKs counts as "sharing" — even if just analytics.	✅ Yes
4.2.4	Data usage purposes declared	`[ ]`	🟠 MANDATORY	Checkbox (app functionality, analytics, advertising, fraud prevention, etc.)	Must justify why each data type is collected.	✅ Yes
4.2.5	Data encryption in transit declared	`[ ]`	🟠 MANDATORY	Yes/No toggle	Standard HTTPS = "Yes".	✅ Yes
4.2.6	Data deletion on request declared	`[ ]`	🟠 MANDATORY	Yes/No toggle + URL	Must state whether users can request data deletion. Link to account deletion page.	✅ Yes
4.2.7	Data Safety consistent with privacy policy	`[ ]`	🔴 BLOCKER	Cross-check	Inconsistency between Data Safety form and privacy policy or actual app behavior = enforcement action / suspension.	✅ Yes
4.2.8	Third-party SDK data practices included	`[ ]`	🟠 MANDATORY	Per-SDK audit	You are responsible for disclosing data collected by ALL SDKs (Firebase, Crashlytics, AdMob, RevenueCat, etc.). Check each SDK's Data Safety documentation.	✅ Yes

4.3 App Access (Login Requirements)

#	Item	Status	Severity	Input Type	Notes	Mandatory?
4.3.1	App access declaration completed	`[ ]`	🔴 BLOCKER	Radio: "All functionality available" vs "Some functionality is restricted"	If login required, must provide demo credentials or instructions for reviewer.	✅ Yes
4.3.2	Demo login credentials provided	`[ ]`	🔴 BLOCKER (if login required)	Username + Password fields	Reviewer must access all app features. Account cannot be restricted. Must be a working account at time of review.	Conditional
4.3.3	Demo account instructions provided	`[ ]`	🟡 RECOMMENDED	Text notes	Step-by-step access instructions if app flow is non-obvious.	Recommended

4.4 Content Rating (IARC)

#	Item	Status	Severity	Input Type	Notes	Mandatory?
4.4.1	Content rating questionnaire completed	`[ ]`	🔴 BLOCKER	IARC multi-question form	Google requires IARC rating. Cannot publish without it. Questionnaire asks about: violence, sexual content, profanity, controlled substances, gambling, user interaction. Takes ~5 minutes. Ratings issued within minutes of completion.	✅ Yes
4.4.2	Questionnaire answered accurately	`[ ]`	🔴 BLOCKER	Accuracy check	Misrepresentation can result in app removal or account suspension. When in doubt, err on the side of disclosure.	✅ Yes
4.4.3	Rating applies to app content only	`[ ]`	🟠 MANDATORY	Policy note	The questionnaire covers only app content — not ads, not privacy practices. Ads content must not be more mature than app content.	✅ Yes

4.5 Target Audience & Content

#	Item	Status	Severity	Input Type	Notes	Mandatory?
4.5.1	Target age group declared	`[ ]`	🔴 BLOCKER	Checkboxes: Under 13 / 13–17 / 18+ / Mixed	Critical. Apps targeting under-13 face strict Families Policy requirements. Cannot have behavioral advertising.	✅ Yes
4.5.2	"Store presence" age group appeal set	`[ ]`	🟠 MANDATORY	Determines icon/screenshot appeal rules	If audience includes under-13, store listing assets must be appropriate for children.	✅ Yes
4.5.3	Families Policy compliance (if targeting children)	`[ ]`	🔴 BLOCKER	Policy checklist	No third-party behavioral advertising. No tracking. Limited data collection. No social features allowing child-to-stranger contact. Families Program approval required.	Conditional

4.6 Ads Declaration

#	Item	Status	Severity	Input Type	Notes	Mandatory?
4.6.1	Ads declaration answered	`[ ]`	🔴 BLOCKER	Yes/No toggle	Must declare whether app contains ads. Store badge "Contains ads" shown. Required.	✅ Yes
4.6.2	Ad placement policy compliant	`[ ]`	🟠 MANDATORY	Policy review	No ads on launch/splash screens. No interstitials on app start. No ads interfering with navigation. No ads in apps targeting children.	✅ Yes (if ads)
4.6.3	GDPR consent for ads (EU)	`[ ]`	🟠 MANDATORY	UMP / CMP implementation	Use Google's User Messaging Platform or equivalent Consent Management Platform.	✅ Yes (EU + ads)
4.6.4	ATT equivalent for ads (if applicable)	`[ ]`	🟠 MANDATORY	GDPR consent + contextual fallback	Android doesn't have ATT but requires GDPR consent for personalized ads in EU.	Conditional

4.7 Account Deletion

#	Item	Status	Severity	Notes	Mandatory?
4.7.1	In-app account deletion implemented	`[ ]`	🔴 BLOCKER	Required for all apps that support account creation. Must be in-app — not "email us." Must delete account + all associated data.	✅ Yes (if accounts)
4.7.2	Account deletion URL submitted in Play Console	`[ ]`	🔴 BLOCKER	URL field in App Content	Link to deletion page (web or in-app deep link). Required in Play Console.
4.7.3	Temporary deactivation ≠ deletion	`[ ]`	🟠 MANDATORY	Policy note	Disabling or "freezing" account does not satisfy the policy. Full permanent deletion required.
4.7.4	Data retention exceptions documented	`[ ]`	🟠 MANDATORY	Privacy policy clause	If retaining some data post-deletion (fraud prevention, legal), must disclose this in privacy policy.

4.8 Special Declarations (Conditional)

#	Item	Status	Severity	Notes	Mandatory?
4.8.1	Background location declaration	`[ ]`	🔴 BLOCKER (if used)	Separate Declaration Form + justification	Background location permission requires strong justification. Most use cases rejected. Submit via Play Console Declaration Form.
4.8.2	SMS / Call log permission Declaration Form	`[ ]`	🔴 BLOCKER (if used)	Declaration Form + approval	Requires explicit approval from Google. Very limited to specific app types (SMS/dialer defaults).
4.8.3	Financial services declaration	`[ ]`	🔴 BLOCKER (if applicable)	Declaration + documentation	Personal loans, investment, crypto, insurance apps — special requirements per region. Pakistan: limited exceptions for short-term loans.
4.8.4	Health app declaration	`[ ]`	🔴 BLOCKER (if applicable)	Declaration form	Health & Fitness apps — special requirements for medical apps.
4.8.5	News & Magazines declaration	`[ ]`	🔴 BLOCKER (if applicable)	Declaration form	News category apps must complete News & Magazines declaration. Deadline: August 27, 2025 for existing apps.
4.8.6	Government app declaration	`[ ]`	🔴 BLOCKER (if applicable)	Declaration form	Apps created by or for government entities.
4.8.7	AI-Generated Content policy compliance	`[ ]`	🟠 MANDATORY (if AI)	Policy review	Apps using generative AI must follow Google's AI-Generated Content policy. Best practices for safeguarding genAI apps. AI misuse under increased review scrutiny in 2026.

Phase 5 — Legal & Compliance

5.1 Google Play Policies

#	Item	Status	Severity	Notes	Mandatory?
5.1.1	Developer Program Policy reviewed (Jan 28, 2026 version)	`[ ]`	🟠 MANDATORY	Review full policy at support.google.com/googleplay/android-developer.	✅ Yes
5.1.2	No deceptive behavior	`[ ]`	🔴 BLOCKER	No misleading descriptions, fake reviews, artificial ratings, impersonation of other apps.	✅ Yes
5.1.3	No malware / unauthorized data access	`[ ]`	🔴 BLOCKER	App must not transmit user data without knowledge. No background data exfiltration.	✅ Yes
5.1.4	Intellectual property rights respected	`[ ]`	🔴 BLOCKER	Do not use third-party trademarks, logos, copyrighted assets without permission. If you have permission, document it and contact Play team in advance.	✅ Yes
5.1.5	User-generated content moderation (if UGC)	`[ ]`	🟠 MANDATORY	Reporting, blocking, and moderation features required for apps with user-generated content.	Conditional
5.1.6	Google Play Billing for all digital goods	`[ ]`	🔴 BLOCKER	All digital in-app purchases MUST use Google Play Billing. Cannot bypass with third-party payment for in-app digital content. Physical goods/services are exempt.	✅ Yes (if IAP)
5.1.7	Sensitive events policy	`[ ]`	🟠 MANDATORY	Cannot exploit natural disasters, crises, pandemics for profit.	✅ Yes

5.2 Regulatory Compliance

#	Item	Status	Severity	Notes	Mandatory?
5.2.1	GDPR compliance (EU users)	`[ ]`	🟠 MANDATORY	Consent management, data subject rights (access, deletion, portability), DPA contact.	✅ Yes
5.2.2	CCPA compliance (California users)	`[ ]`	🟠 MANDATORY	"Do Not Sell My Personal Information" option if applicable.	Conditional
5.2.3	COPPA compliance (under-13 users)	`[ ]`	🔴 BLOCKER	No behavioral advertising. Parental consent. Limited data collection.	Conditional
5.2.4	HIPAA compliance (US health data)	`[ ]`	🔴 BLOCKER (if health)	If handling US protected health information.	Conditional
5.2.5	Country availability configured	`[ ]`	🟡 RECOMMENDED	Review Play Console → Setup → Countries/Regions. Default may not include all desired markets. Check for restricted countries.	Recommended

Phase 6 — Monetization Setup

6.1 Google Play Billing (In-App Purchases)

#	Item	Status	Severity	Field Type	Limits & Validation	Mandatory?
6.1.1	Products created in Play Console	`[ ]`	🔴 BLOCKER	Play Console → Monetize → Products → In-app products	Product ID (alphanumeric + `_` + `.`), Product name, Description, Price. Must be published before app goes live.	✅ Yes (if IAP)
6.1.2	Product IDs match app code exactly	`[ ]`	🔴 BLOCKER	Text string	Case-sensitive. Cannot be changed after creation. Cannot be deleted once used (only deactivated). Max 150 chars.	✅ Yes (if IAP)
6.1.3	Consumable vs non-consumable type set	`[ ]`	🔴 BLOCKER	Dropdown at product creation	Affects purchase logic. Managed product (non-consumable) vs consumable. Cannot be changed.	✅ Yes (if IAP)
6.1.4	Google Play Billing Library (latest version) integrated	`[ ]`	🔴 BLOCKER	Gradle dependency	Must use latest Play Billing Library. Old versions deprecated.	✅ Yes (if IAP)
6.1.5	new `monetization.subscriptions` API used (new apps)	`[ ]`	🟠 MANDATORY	Play Billing Library v5+	New apps should use the new subscriptions API. Old subscriptions API being phased out.	✅ Yes (if subscriptions)
6.1.6	License testing configured	`[ ]`	🟡 RECOMMENDED	Play Console → License Testing	Test accounts for testing IAP without real charges. Add Gmail address of tester.	Recommended

6.2 Subscriptions

#	Item	Status	Severity	Notes	Mandatory?
6.2.1	Subscription products created in Play Console	`[ ]`	🔴 BLOCKER	Under Monetize → Subscriptions. Product ID, Base plans, Offers.	✅ Yes (if sub)
6.2.2	Base plans configured	`[ ]`	🔴 BLOCKER	Monthly / Annual / Weekly. Price, billing period, trial period.	✅ Yes (if sub)
6.2.3	Free trial configured (if offered)	`[ ]`	🟠 MANDATORY	Duration: 3 days, 1 week, 2 weeks, 1 month, etc. Grace period.	Conditional
6.2.4	Subscription terms clearly shown in-app	`[ ]`	🔴 BLOCKER	Price, duration, and auto-renewal must be shown before purchase. No hidden renewal terms.	✅ Yes (if sub)
6.2.5	Cancellation instructions accessible	`[ ]`	🟠 MANDATORY	Link to Google Play subscription management or in-app instructions.	✅ Yes (if sub)
6.2.6	Grace period enabled	`[ ]`	🟡 RECOMMENDED	Keeps user access during failed payment retry window.	Recommended
6.2.7	Subscription status checked on app launch	`[ ]`	🟠 MANDATORY	Check entitlement via Play Billing / RevenueCat on every launch. Don't cache indefinitely.	✅ Yes (if sub)
6.2.8	RevenueCat integration tested (if using)	`[ ]`	🟠 MANDATORY	Full purchase → entitlement unlock → restore flow tested.	Conditional

6.3 Pricing

#	Item	Status	Severity	Notes	Mandatory?
6.3.1	App price set (if paid)	`[ ]`	🟠 MANDATORY	Play Console price tiers. Auto-converts to local currencies.	Conditional
6.3.2	Regional pricing reviewed	`[ ]`	🟡 RECOMMENDED	Consider lower prices for emerging markets (Pakistan, India, etc.).	Recommended
6.3.3	Google's 15–30% commission factored in	`[ ]`	🟡 RECOMMENDED	30% standard. 15% for subscriptions after year 1. Certain categories may have different rates.	Recommended

Phase 7 — Testing & QA Gates

7.1 Functional Testing

#	Item	Status	Severity	Notes	Mandatory?
7.1.1	App launches without crash	`[ ]`	🔴 BLOCKER	Cold start on multiple real devices. Google runs automated launch tests.	✅ Yes
7.1.2	Core user flows tested end-to-end	`[ ]`	🔴 BLOCKER	All primary screens, happy paths.	✅ Yes
7.1.3	Offline behavior handled gracefully	`[ ]`	🟠 MANDATORY	No unhandled exceptions. Clear error messages.	✅ Yes
7.1.4	Permission denial handled	`[ ]`	🟠 MANDATORY	App must not crash when any permission is denied. Show rationale UI.	✅ Yes
7.1.5	Background / foreground transitions	`[ ]`	🟠 MANDATORY	No state loss or crashes when app is backgrounded.	✅ Yes
7.1.6	Push notifications tested (FCM)	`[ ]`	🟠 MANDATORY (if used)	Foreground, background, and killed-state notification handling.	Conditional
7.1.7	Deep links / App Links tested	`[ ]`	🟠 MANDATORY (if used)	Test from browser, messaging apps. Test `/.well-known/assetlinks.json` for verified App Links.	Conditional
7.1.8	Logout / login cycle	`[ ]`	🟠 MANDATORY (if auth)	All cached data and session tokens cleared properly.	Conditional
7.1.9	Account deletion flow tested	`[ ]`	🔴 BLOCKER (if accounts)	Full flow: in-app delete → backend purge → confirmation.	Conditional
7.1.10	IAP sandbox purchase tested	`[ ]`	🔴 BLOCKER (if IAP)	Full purchase → receipt → entitlement → restore flow with test account.	Conditional
7.1.11	Back navigation follows Android conventions	`[ ]`	🟠 MANDATORY	System back button / gesture must work correctly. No crash on back press.	✅ Yes
7.1.12	Edge-to-edge display handling (Android 15+)	`[ ]`	🟠 MANDATORY	Android 15 enforces edge-to-edge by default. App must handle system bar insets. Use `WindowInsetsController`.	✅ Yes

7.2 Device Coverage

#	Item	Status	Severity	Notes	Mandatory?
7.2.1	Tested on min SDK device	`[ ]`	🟠 MANDATORY	Real device or emulator at `minSdkVersion`.	✅ Yes
7.2.2	Tested on latest Android version (15/16)	`[ ]`	🟠 MANDATORY	Catch API changes and deprecated behavior.	✅ Yes
7.2.3	Tested on small screen (5")	`[ ]`	🟡 RECOMMENDED	Layout must not overflow or clip.	Recommended
7.2.4	Tested on large screen / tablet	`[ ]`	🟡 RECOMMENDED	Required if app declares tablet support or targets large screens.	Conditional
7.2.5	Tested on foldable (Android 16 orientation policy)	`[ ]`	🟡 RECOMMENDED	Android 16 enforces app resizability. Apps targeting API 36 cannot opt out of adaptive layout.	Recommended
7.2.6	Tested on low-end device	`[ ]`	🟡 RECOMMENDED	Performance on entry-level Android (1–2GB RAM).	Recommended
7.2.7	Dark mode tested	`[ ]`	🟡 RECOMMENDED	App should not break in dark mode.	Recommended

7.3 Performance

#	Item	Status	Severity	Notes	Mandatory?
7.3.1	Release build profiled (not debug)	`[ ]`	🟠 MANDATORY	Always profile release build. Debug is significantly slower. Use Android Profiler.	✅ Yes
7.3.2	App startup time < 3 seconds (cold start)	`[ ]`	🟡 RECOMMENDED	Measure cold start. Over 3s risks user abandonment and Android Vitals penalties.	Recommended
7.3.3	ANR (Application Not Responding) rate monitored	`[ ]`	🟠 MANDATORY	No blocking operations on main thread. ANR rate monitored in Android Vitals.	✅ Yes
7.3.4	App size optimized	`[ ]`	🟡 RECOMMENDED	AAB + Dynamic Delivery handles this automatically. Flutter: use `--split-per-abi` for APKs. Target < 50MB download size.	Recommended
7.3.5	Memory leaks checked	`[ ]`	🟡 RECOMMENDED	Use Android Studio Memory Profiler or LeakCanary.	Recommended

7.4 Security

#	Item	Status	Severity	Notes	Mandatory?
7.4.1	API keys not hardcoded in code	`[ ]`	🔴 BLOCKER	Use `local.properties` / environment variables / remote config. Never commit to Git.	✅ Yes
7.4.2	HTTPS enforced for all network calls	`[ ]`	🟠 MANDATORY	`android:usesCleartextTraffic="false"` in manifest. Network Security Config for exceptions.	✅ Yes
7.4.3	Auth tokens stored in EncryptedSharedPreferences / Keystore	`[ ]`	🟠 MANDATORY	Use Android Keystore API or `flutter_secure_storage`. Not plain SharedPreferences.	✅ Yes (if auth)
7.4.4	Play Integrity API integrated	`[ ]`	🟡 RECOMMENDED	Replacing deprecated SafetyNet. Use Play Integrity API for device integrity checks. Important for financial/auth apps.	Recommended
7.4.5	Sensitive data not logged in release	`[ ]`	🟠 MANDATORY	Remove all `Log.d()` / `print()` statements that output PII or tokens in release builds.	✅ Yes
7.4.6	SQL injection protection	`[ ]`	🟠 MANDATORY (if local DB)	Use parameterized queries. Never concatenate user input into SQL.	Conditional
7.4.7	Obfuscation / ProGuard enabled	`[ ]`	🟡 RECOMMENDED	Harder to reverse-engineer. Keep mapping files for crash symbolication.	Recommended

7.5 Testing Tracks

#	Item	Status	Severity	Notes	Mandatory?
7.5.1	Internal testing track used first	`[ ]`	🟠 MANDATORY	Upload AAB to internal testing track FIRST. Reviews complete in hours (not days). Catches issues before production.	✅ Yes
7.5.2	Closed testing (alpha) track	`[ ]`	🟡 RECOMMENDED	Real user feedback before public launch. Requires email list or Google Group of testers.	Recommended
7.5.3	Open testing (beta) track	`[ ]`	🟡 RECOMMENDED	Public beta. Gather feedback at scale before full launch.	Recommended
7.5.4	Pre-launch report reviewed	`[ ]`	🟡 RECOMMENDED	Google runs automated tests on Firebase Test Lab devices. Shows crashes, ANRs, accessibility issues. Review before promoting to production.	Recommended
7.5.5	Firebase Crashlytics active during testing	`[ ]`	🟠 MANDATORY	Know about crashes before users report them. Configure before internal testing.	✅ Yes

Phase 8 — Submission & Review

8.1 Play Console — Pre-Submission Checklist

#	Item	Status	Severity	Notes	Mandatory?
8.1.1	AAB uploaded to correct track	`[ ]`	🔴 BLOCKER	Internal → Closed → Open → Production. Don't skip straight to production.	✅ Yes
8.1.2	All store listing fields completed	`[ ]`	🔴 BLOCKER	Play Console will block publishing if any required field is missing. Check Dashboard checklist.	✅ Yes
8.1.3	All App Content sections completed	`[ ]`	🔴 BLOCKER	Data Safety, Content Rating, Target Audience, Ads, App Access must all be in "Completed" state.	✅ Yes
8.1.4	Countries / regions selected	`[ ]`	🔴 BLOCKER	Default may be limited. Explicitly select all target countries.	✅ Yes
8.1.5	Release notes (What's New) written	`[ ]`	🟠 MANDATORY	Required for every release. Max 500 chars.	✅ Yes
8.1.6	Staged rollout configured	`[ ]`	🟡 RECOMMENDED	Roll out 10% → 20% → 50% → 100%. Can halt rollout if crash spike detected. Applies to production releases.	Recommended
8.1.7	Android Vitals baseline noted	`[ ]`	🟡 RECOMMENDED	Note pre-launch crash rate / ANR rate targets so you have a baseline for comparison after launch.	Recommended

8.2 Review Timeline

Phase	Typical Duration
Internal testing track	Hours (usually < 2h)
Closed / Open testing tracks	1–3 days
New app — production review	3–7 days (stricter scrutiny for new accounts)
App update — production review	1–3 days (established accounts)
Policy violation appeal	3–7 days
Staged rollout complete	Up to 7 days at your discretion

8.3 Common Rejection Reasons (2026)

#	Reason	How to Avoid
R1	App crashes on launch	Test release AAB on real device via internal track first. Check Pre-Launch Report.
R2	Targeting outdated SDK (below API 35)	Update `targetSdk` to 35 in `build.gradle`. Plan migration to API 36 before Aug 31, 2026.
R3	APK uploaded instead of AAB	Always use `flutter build appbundle`. Check file extension is `.aab`.
R4	Privacy policy missing or URL broken	Host policy on live webpage. Test URL from different network / incognito.
R5	Data Safety inconsistent with actual behavior	Audit all SDKs. Cross-check form answers vs code behavior.
R6	Permissions not justified / excessive	Remove all unused permissions. Add justification in-app for each.
R7	Using third-party billing for digital goods	Digital in-app purchases must use Google Play Billing.
R8	App targets children but has behavioral ads	Either remove ads or apply for Families Policy approval.
R9	Subscription terms not disclosed before purchase	Show price + duration + auto-renewal before purchase confirmation.
R10	No account deletion for apps with accounts	Implement in-app deletion + submit URL in Play Console App Content.
R11	Misleading store listing (screenshots/description)	Screenshots must match actual app. Description must match actual functionality.
R12	AI-generated content not disclosed	Follow Google's AI-Generated Content policy. Disclose AI usage.
R13	Demo account not provided for restricted app	Always add working demo credentials in App Access section.
R14	New health permissions not implemented (Android 16)	Update to granular `android.permission.health.*` permissions for body sensor data.

8.4 Post-Rejection Process

#	Item	Status
P1	Read rejection notice carefully	Usually specific. Address exactly what's stated in the Policy Status page.
P2	Respond via Play Console Policy Status	Can submit an appeal or provide context before resubmitting.
P3	Fix all mentioned issues + full audit	Fix explicit issue AND audit for similar problems.
P4	Do not resubmit unchanged	Wastes review time, signals disregard for policy.

Phase 9 — Post-Launch

9.1 Monitoring

#	Item	Status	Severity	Notes	Mandatory?
9.1.1	Crashlytics / Sentry active and receiving events	`[ ]`	🟠 MANDATORY	Monitor from day 1. Set crash rate alert thresholds.	✅ Yes
9.1.2	Android Vitals monitored in Play Console	`[ ]`	🟠 MANDATORY	Crash rate, ANR rate, battery usage, startup time. Google uses these for store ranking. Apps with poor vitals may be penalized in search.	✅ Yes
9.1.3	Firebase Analytics / Mixpanel configured	`[ ]`	🟡 RECOMMENDED	Track key user events, funnel metrics, retention.	Recommended
9.1.4	Alerts for crash rate spikes	`[ ]`	🟡 RECOMMENDED	Know before users flood your reviews. Integrate with Slack/PagerDuty if critical app.	Recommended

9.2 Support Infrastructure

#	Item	Status	Severity	Notes	Mandatory?
9.2.1	Support email actively monitored	`[ ]`	🟠 MANDATORY	Publicly listed on store. Google may contact here during policy issues.	✅ Yes
9.2.2	Support / website URL live	`[ ]`	🟠 MANDATORY	Must remain live. Dead URLs can trigger policy enforcement.	✅ Yes
9.2.3	In-app review prompt implemented	`[ ]`	🟡 RECOMMENDED	Google Play In-App Review API (`in_app_review` Flutter package). Prompt after positive user action. Never on app launch. Never in exchange for rewards.	Recommended
9.2.4	Respond to Play Store reviews	`[ ]`	🟡 RECOMMENDED	Especially negative reviews. Shows care. Can improve ratings. Never offer incentives for reviews.	Recommended

9.3 Legal Ongoing

#	Item	Status	Severity	Notes	Mandatory?
9.3.1	Privacy policy kept up to date	`[ ]`	🟠 MANDATORY	Update whenever data practices change.	✅ Yes
9.3.2	Data Safety form kept accurate	`[ ]`	🟠 MANDATORY	Update when app adds new data collection. Inconsistency = enforcement.	✅ Yes
9.3.3	GDPR data deletion requests handled	`[ ]`	🟠 MANDATORY	Process within 30 days of request.	✅ Yes
9.3.4	Developer Program Policy changes tracked	`[ ]`	🟡 RECOMMENDED	Google updates policies regularly. Subscribe to Play Console email notifications.	Recommended

9.4 Update Cadence

#	Item	Status	Severity	Notes	Mandatory?
9.4.1	`versionCode` incremented for every upload	`[ ]`	🔴 BLOCKER	Cannot reuse version codes. Even test uploads consume a version code.	✅ Yes
9.4.2	Target SDK deadline tracked	`[ ]`	🔴 BLOCKER	August 31, 2026: all submissions must target Android 16 (API 36). Mark calendar now.	✅ Yes
9.4.3	Force update mechanism	`[ ]`	🟢 OPTIONAL	Firebase Remote Config can enforce minimum app version for breaking API changes.	No
9.4.4	Store Listing Experiments (A/B testing)	`[ ]`	🟢 OPTIONAL	Play Console → Grow → Store listing experiments. Test different icons, screenshots, descriptions.	No

Quick Summary — Top 10 Android Blockers in 2026

1.  Target API 35 now; plan migration to API 36 before August 31, 2026
2.  AAB format ONLY — no APK for new apps or updates
3.  Data Safety form completed accurately (matches ALL SDK behavior)
4.  Privacy policy on live HTTPS webpage — not PDF, not Google Doc
5.  All App Content sections completed (Content Rating, Target Audience, Ads, App Access)
6.  Upload keystore backed up in 3+ locations — losing it = losing the app
7.  Play App Signing enrolled for new apps
8.  In-app account deletion + URL submitted in Play Console (if accounts exist)
9.  Google Play Billing for all digital goods — no third-party payment bypass
10. Demo credentials provided for any login-required app

Flutter Android Build Commands Reference

# Build release AAB (required for Play Store)
flutter build appbundle --release

# Build with obfuscation (recommended)
flutter build appbundle --release --obfuscate --split-debug-info=build/app/outputs/symbols

# Check target SDK in build.gradle
android {
  compileSdk 35
  defaultConfig {
    targetSdk 35
    minSdk 26
    versionCode 1
    versionName "1.0.0"
  }
}

# key.properties (gitignored)
storePassword=YOUR_STORE_PASSWORD
keyPassword=YOUR_KEY_PASSWORD
keyAlias=upload
storeFile=/path/to/upload-keystore.jks

Reference sources: Google Play Developer Program Policy (effective Jan 28, 2026), Google Play Console Help Center, Android Developers Documentation, Google Play Target API Level Policy, Play App Signing Documentation — April 2026