Using unlicensed content — a commercially-licensed font TTF file distributed without a mobile app license, a stock photo with a watermark removed, background music without a synchronization license — violates copyright law (17 U.S.C. §501) and supply chain integrity (CWE-1357). App stores reject apps containing clearly infringing assets when detected during review, and rights holders can file DMCA takedowns post-publication that force removal within 24 hours. Commercial font licenses for desktop typically explicitly exclude app distribution; Proxima Nova, Gotham, and Helvetica Neue each require separate mobile licensing agreements costing hundreds to thousands of dollars annually.
High because unlicensed assets expose the developer to copyright infringement claims, DMCA takedowns, and forced app removal — each of which disrupts active users.
Audit every asset in assets/, src/assets/, and lib/assets/ before submission. Create a THIRD_PARTY_LICENSES.md at the repo root documenting each third-party asset:
# Find all font files in the project
find . -name '*.ttf' -o -name '*.otf' | sort
# Find all audio files
find . -name '*.mp3' -o -name '*.wav' -o -name '*.m4a' | sort
Replace commercial fonts with open-licensed equivalents: Google Fonts packages (@expo-google-fonts/*) use the Open Font License and are safe for app distribution. Replace stock photos with CC0-licensed images from Unsplash or Pexels (verify each image's specific license for commercial use). For icon libraries, use FontAwesome Free (SIL OFL + MIT) or Material Icons (Apache 2.0) rather than Pro icon sets without documented licenses.
app-store-metadata-listing.review-submission.content-rightshighassets/, src/assets/, images/, fonts/, audio/, lib/assets/) for content that may require licensing. Check: (a) Fonts: Look in assets/fonts/ for .ttf or .otf files. Cross-reference font filenames against known commercial fonts (e.g., Proxima Nova, Gotham, Futura, Helvetica Neue as a custom TTF file rather than a system font) — commercial fonts require purchase of a mobile/app distribution license, not just a desktop license. For Expo Google Fonts (@expo-google-fonts/*), these are licensed under the Open Font License and are safe to distribute. For react-native-vector-icons, check the specific icon set license (FontAwesome free vs. Pro). (b) Images and illustrations: Look for stock photo filenames (common patterns: shutterstock_, getty_, 123rf_, depositphotos_, numbered filenames like 1234567890.jpg that resemble stock library IDs). Check if LICENSES.md or THIRD_PARTY_LICENSES.md documents image sources. (c) Audio/Music: Look for .mp3, .wav, .aac, .m4a files in assets/. Music requires synchronization licensing for app distribution. (d) Trademarks in assets: Look for well-known logos, brand marks, or character artwork in the assets directory — using trademarked imagery without permission is a rejection cause. (e) Check package.json dependencies for icon library packages and verify their license terms. Count every third-party asset (fonts, images, audio, icons) in the project and enumerate each with its license type. Classify as properly licensed or needs review.LICENSES.md or equivalent documents all third-party assets; or all detected assets are from clearly open/free sources (Google Fonts, SIL OFL licensed fonts, CC0/public domain images); or no third-party media assets are detected in the repository. At least 1 implementation must be confirmed.icon-compliant check in Listing Content verifies the icon does not infringe on third-party trademarks, complementing this broader rights check."assets/fonts/ProximaNova-Regular.ttf appears to be a commercial font with no license documentation in the repository" or "assets/images/shutterstock_1234567890.jpg filename pattern suggests an unlicensed stock photo".LICENSES.md file documenting every third-party font, image, and audio asset with its source and licensesrc/assets/LICENSES.md or a root THIRD_PARTY_LICENSES.md. Reference font licenses from src/assets/fonts/.