App Store RejectionGuideline 2.5.1Software Requirements

Your app is calling APIs Apple hasn't made public. Here's how to find and fix them.

Using private, deprecated, or undocumented Apple APIs is an automatic rejection. Sometimes it's your own code, sometimes it's a third-party SDK you didn't realize was doing it. Either way, Apple holds you responsible. This guide shows you how to track them down.

What Apple said

Your app uses or references the following non-public APIs, which is not permitted: [API name]. The use of non-public APIs is not permissible on the App Store because it can lead to a poor user experience should these APIs change.

What this actually means

Apple only allows apps to call APIs documented in the official SDK. Private APIs are internal Apple frameworks not meant for third-party use. Using them risks crashes when Apple changes internal implementations, and more immediately, it gets your app rejected. The rejection message usually names the offending API.

What Apple needs to see

  • Complete removal of all referenced private or undocumented API calls from your binary
  • Updated third-party SDKs that have resolved any private API usage on their end
  • Replacement functionality built on documented public APIs only
  • A clean scan result from tools like MobSF or nm/grep on your binary before resubmission
  1. 1Note the exact API name Apple flagged in the rejection and search your entire codebase for it
  2. 2Run 'grep -r "APIName" .' across your project including Pods and frameworks to find every reference
  3. 3Update all third-party SDKs and CocoaPods to their latest versions — private API usage in dependencies is a common cause
  4. 4Replace any private API functionality with documented public equivalents, even if the public version is less capable
  5. 5Use the strings command on your compiled binary to scan for private API strings before resubmitting

While you're at it — Apple also requires these pages for every app.

Fix this rejection, then make sure you're covered on the compliance side too. Apple requires every app to link to a hosted Privacy Policy, Terms of Service, Support page, and Data Deletion page. No link means another rejection — just for a different reason.

Privacy Policy
Terms of Service
Support Page
Data Deletion Page
Generate my compliance pages — $9

Common questions

The private API is in a third-party SDK I use — what do I do?
You're still responsible even if a dependency is the cause. Check if the SDK has a newer version that fixes the issue, report it to the SDK maintainer, or find an alternative library. Apple's rejection message will name the API so you can search the SDK's GitHub issues to see if others have flagged it.
Can I appeal a 2.5.1 rejection?
Only if the API Apple flagged is actually a public API and they've made a mistake. This does occasionally happen. If the API is documented in Apple's developer documentation, include the documentation link in your appeal. Otherwise, fix and resubmit — appeals won't succeed if the private API use is real.
How do I prevent this from happening again in the future?
Add a pre-submission step to your CI pipeline that runs a binary scan for known private API strings. Tools like LSUnusedResources and custom grep scripts on your .ipa can catch issues before you submit. Also pin your SDK versions and audit changelogs when updating dependencies.