No external payment links or buttons for digital goods

ab-000405 · app-store-iap-subscriptions.iap-integration.no-external-payment

Severity: criticalactive

Why it matters

Apple guideline 3.1.1 prohibits directing users to external payment flows for digital goods — and enforcement is not limited to rejection. Apple has terminated developer accounts for this violation and retroactively removed apps from the store. Google Play Billing Policy carries equivalent restrictions. The damage extends beyond the individual app: a terminated developer account means every app under that account is removed simultaneously. Unlike most rejection reasons which allow a resubmit with a fix, account termination has no straightforward appeal path. This is the highest-severity policy violation in the entire IAP compliance surface.

Severity rationale

Critical because external payment links for digital goods are the single most severe App Store policy violation, causing immediate rejection and potential permanent developer account termination.

Remediation

Remove all external payment links, webview checkout flows, and Linking.openURL() calls pointing to payment processors for digital goods. Implement purchases exclusively through StoreKit (iOS) or Play Billing Library (Android).

Search your codebase for the following patterns and eliminate each one found for digital goods:

// Remove patterns like these for digital goods:
Linking.openURL('https://yourapp.com/subscribe');
Linking.openURL('https://buy.stripe.com/...');
<WebView source={{ uri: 'https://checkout.paddle.com/...' }} />

The "reader app" exemption (Netflix, Kindle) allows having no purchase button at all — but explicitly prohibits linking to external purchase. You may link to account management (cancel, update billing) AFTER the user has subscribed via the platform store. Physical goods and real-world services remain fully exempt — only digital goods require the platform store.

Detection

ID: no-external-payment
Severity: critical
What to look for: Count all relevant instances and enumerate each. Search all source files for patterns that route digital goods purchases outside the platform store. Look for: (1) Linking.openURL() calls where the URL contains payment-related paths — stripe.com, paddle.com, paypal.com/checkout, lemonsqueezy.com, /subscribe, /checkout, /billing, /payment, /upgrade. (2) WebView components loaded with payment or checkout URLs. (3) Button labels containing "Buy on website", "Subscribe on web", "Get Premium at [URL]", "Pay with card". (4) Deep link handlers that redirect to a web checkout. (5) API calls to third-party payment processors (stripe.com/v1/, api.paddle.com, api-m.paypal.com) from within the app's own payment/purchase flow. Note the exceptions: physical goods and services (Uber, food delivery, Amazon physical products), reader apps (Netflix, Kindle — allowed to have no purchase button at all but cannot link to external purchase), and side-loading from App Store Connect (Enterprise distribution). The rule applies to the App Store and Play Store distribution only.
Pass criteria: No links, buttons, or flows route the user to an external payment processor for digital goods purchasable within the app. At least 1 implementation must be verified. Links to account management pages (not purchase flows) are generally acceptable.
Fail criteria: Any link, button, or navigation flow that directs users to purchase digital goods outside the platform store. Web checkout URLs opened from within the app for in-app digital goods.
Skip (N/A) when: App is entirely free with no purchasable digital goods, OR app sells only physical goods or real-world services.
Detail on fail: "Linking.openURL('https://yourapp.com/subscribe') called in src/screens/UpgradeScreen.tsx — routes digital goods purchase outside the App Store in violation of Apple guideline 3.1.1" or "PaywallScreen renders a 'Buy on our website' button that opens a Stripe checkout — this pattern results in immediate App Store rejection"
Remediation: This is the single most severe IAP policy violation — Apple has terminated developer accounts and removed apps for this. There is no warning period.
1. Remove all external payment links, buttons, and WebView checkout flows for digital goods
2. Implement purchases exclusively through the platform store APIs (see Check 1)
3. The "reader app" exemption allows apps like Netflix to have no purchase button — but they cannot link to external purchase
4. You may direct users to your website for account management (cancel subscription, update billing info) AFTER they have already subscribed — just not to initiate the purchase
Review the configuration in src/ or app/ directory for implementation patterns.
Cross-reference: For related patterns and deeper analysis, see the corresponding checks in other AuditBuffet audits covering this domain.

External references

external · apple-guideline-3.1.1 — Apple App Store Review Guidelines § 3.1.1 — In-App Purchase (no external payment links)
external · google-play-billing-policy — Google Play Billing Policy — Prohibition on external payment for digital goods

Taxons

regulatory-conformance

History

2026-04-18·v1.0.0·Initial import from app-store-iap-subscriptions·automated

Why it matters

Remediation

Search your codebase for the following patterns and eliminate each one found for digital goods:

// Remove patterns like these for digital goods:
Linking.openURL('https://yourapp.com/subscribe');
Linking.openURL('https://buy.stripe.com/...');
<WebView source={{ uri: 'https://checkout.paddle.com/...' }} />

Detection

ID: no-external-payment
Severity: critical
What to look for: Count all relevant instances and enumerate each. Search all source files for patterns that route digital goods purchases outside the platform store. Look for: (1) Linking.openURL() calls where the URL contains payment-related paths — stripe.com, paddle.com, paypal.com/checkout, lemonsqueezy.com, /subscribe, /checkout, /billing, /payment, /upgrade. (2) WebView components loaded with payment or checkout URLs. (3) Button labels containing "Buy on website", "Subscribe on web", "Get Premium at [URL]", "Pay with card". (4) Deep link handlers that redirect to a web checkout. (5) API calls to third-party payment processors (stripe.com/v1/, api.paddle.com, api-m.paypal.com) from within the app's own payment/purchase flow. Note the exceptions: physical goods and services (Uber, food delivery, Amazon physical products), reader apps (Netflix, Kindle — allowed to have no purchase button at all but cannot link to external purchase), and side-loading from App Store Connect (Enterprise distribution). The rule applies to the App Store and Play Store distribution only.
Pass criteria: No links, buttons, or flows route the user to an external payment processor for digital goods purchasable within the app. At least 1 implementation must be verified. Links to account management pages (not purchase flows) are generally acceptable.
Fail criteria: Any link, button, or navigation flow that directs users to purchase digital goods outside the platform store. Web checkout URLs opened from within the app for in-app digital goods.
Skip (N/A) when: App is entirely free with no purchasable digital goods, OR app sells only physical goods or real-world services.
Detail on fail: "Linking.openURL('https://yourapp.com/subscribe') called in src/screens/UpgradeScreen.tsx — routes digital goods purchase outside the App Store in violation of Apple guideline 3.1.1" or "PaywallScreen renders a 'Buy on our website' button that opens a Stripe checkout — this pattern results in immediate App Store rejection"
Remediation: This is the single most severe IAP policy violation — Apple has terminated developer accounts and removed apps for this. There is no warning period.
1. Remove all external payment links, buttons, and WebView checkout flows for digital goods
2. Implement purchases exclusively through the platform store APIs (see Check 1)
3. The "reader app" exemption allows apps like Netflix to have no purchase button — but they cannot link to external purchase
4. You may direct users to your website for account management (cancel subscription, update billing info) AFTER they have already subscribed — just not to initiate the purchase
Review the configuration in src/ or app/ directory for implementation patterns.
Cross-reference: For related patterns and deeper analysis, see the corresponding checks in other AuditBuffet audits covering this domain.