The Contractor‑Ready QA Plan: Device Matrix, Acceptance Tests & Smoke Flows That Prevent Store Rejections
Written by AppWispr editorial
Return to blogTHE CONTRACTOR‑READY QA PLAN: DEVICE MATRIX, ACCEPTANCE TESTS & SMOKE FLOWS THAT PREVENT STORE REJECTIONS
If you hire contractors to finish or QA your app, you need a deliverable they can run without asking a dozen clarifying questions. This article gives founders and product leads a concrete, copy‑pasteable QA blueprint: a prioritized device matrix based on install share, 12 acceptance tests with clear pass/fail criteria, a concise smoke-test runbook to run before submission, and a post‑release checklist that closes the loop after launch. Use this to reduce rework, avoid the common causes of App Store and Play Store rejections, and hand contractors an operational playbook that produces review-ready builds.
Section 1
1) Build a prioritized device matrix (why 10–15 devices is the sweet spot)
You can’t test every handset. Prioritize devices by global install share and your own analytics. Aim for 10–15 devices that cover: latest iOS major release + one previous, popular Android OS versions in your target markets, and a spread of screen sizes and CPU classes. This keeps coverage meaningful while staying contractor‑friendly.
Concrete selection rule: pick the top 3 iOS device families (e.g., flagship phone, mid-range phone, recent iPad if you support tablets), then choose 6–10 Android devices representing different OEMs, OS versions, and screen buckets. If you have analytics, replace the defaults with the top device models and OS versions from your traffic. If not, weight by market share (Android vs iOS) and popular models in your target countries.
- iOS: 2–3 devices — latest major iOS release (modern flagship), one older major release, and iPad if applicable.
- Android: 6–10 devices — at least one low-end, one mid-range, and one flagship; include different OEM skins.
- Include two emulators/simulators for quick CI checks, but reserve physical devices for the final smoke run.
Sources used in this section
Section 2
2) The 12 acceptance tests you must hand the contractor (with pass/fail criteria)
Acceptance tests should be actionable, binary where possible, and tied to user flows and App Store rules. Below are 12 tests that catch the majority of technical and review issues (completeness, crashes, metadata mismatches, privacy requests, and core flows). For each test, include the exact build number, environment (prod/test), and a short reproduction script.
For each test define: test objective, preconditions (account state, network), steps, expected result, and 'blocker' condition(s) that must fail the submission if seen. Require video recording of any failing test and a short log or device screenshot attached to the ticket.
- 1) Cold start & deep‑link launch: app opens from zero cold start in <5s on flagship; deep link opens to intended screen with no placeholder content. Blocker: crash or placeholder UI.
- 2) Core happy path (primary value prop): end-to-end flow (signup/purchase/send/share) completes without errors; the final success screen displays exact text from metadata. Blocker: broken flow or mismatch to screenshots.
- 3) Offline and degraded network: primary flow fails gracefully with user-friendly error and allows retry. Blocker: crash or silent failure.
- 4) Background/foreground lifecycle: continue in-progress work after backgrounding for 30s. Blocker: data loss.
- 5) Permissions & privacy: every permission prompt shows contextual rationale matching store submission notes and privacy policy. Blocker: unexplained or unmatched permission prompts.
- 6) In‑app purchase & subscription flow: purchase completes, receipt validated (or sandbox shown), SKU names match App Store metadata. Blocker: billing failures or mismatched SKUs/screenshots that violate metadata rules (Guideline 2.3.3 / 3.1). Refer to App Store metadata policy in notes when handing off this test.)
Sources used in this section
Section 3
3) Smoke test runbook — the pre‑submission checklist contractors run on the golden device set
A smoke run should take 30–90 minutes on the prioritized device matrix and is the last manual gate before upload. The runbook should be a short, ordered list: sanity checks, critical flows, permissions, performance quick checks, and submission metadata verification. If any blocker is found, the contractor marks the build 'reject-to-dev' with video and logs attached.
Make the runbook prescriptive. Assign timeboxes per device, require specific artifacts (crash logs, screenshots, short Loom videos), and include precise metadata checks so reviewers don’t reject for obvious mismatches (screenshots, app name, privacy policy URL).
- Sanity: build number matches release notes, no debug menus, binary is signed and uses production endpoints.
- Core flows: run the 3 top acceptance tests (from section 2) on each golden device.
- Permissions: trigger every permission flow and verify the on‑screen rationale matches the App Store notes.
- Performance quick check: verify app doesn’t exceed 30% CPU on average during a typical session on flagship and low‑end devices (use simple profiler or OS tools).
- Metadata: confirm screenshots, app name, and privacy policy URL in the store listing match the app behavior and text in the app.
Sources used in this section
Section 4
4) Post‑release checklist: prevent hotfix churn and store takedowns
After the build is live, the contractor follows a short post‑release checklist to catch issues the review might have missed and to validate distribution: crash and first‑24‑hour metrics, payments reconciliation, and user reports triage. Early detection prevents urgent rollbacks and expensive hotfix cycles.
Define ownership and SLAs: who monitors crash alerts, who triages new user complaints from the store, and how long the contractor must be on-call after release. Make these explicit in the handoff so contractors know when to escalate and when to file a patch ticket.
- Confirm rollout: install successful from the store on at least two golden devices in different geographies.
- Monitor crashes & errors: check crash dashboard and set a 24‑hour SLA for a critical-crash rollback decision.
- Validate payments & entitlements: confirm sample purchases, restore purchases, and subscription status on live store receipts.
- Collect reviewer/first-user feedback: scan the first 50 user reviews and forward any reproducible issues as priority tickets.
Sources used in this section
Section 5
5) How to hand this to a contractor (templates, artifacts, and governance)
Pack everything. A contractor‑ready packet contains: prioritized device matrix, acceptance test checklist (12 items) with binary-specific preconditions, smoke runbook, and a post-release checklist. Add links to credentials (throwaway test accounts), app store submission notes, and the exact build artifact (IPA/APK) plus the CI tag.
Include governance rules: who can mark a build 'ready', what qualifies as a 'blocker', and how to escalate. Also require contractors to attach recorded evidence for any failed acceptance test. This converts subjective QA into auditable decisions, prevents rework, and reduces rounds of review.
- Deliverables: device matrix spreadsheet, acceptance-test scripts (one row per test), smoke-run template (timed), and post-release checklist.
- Artifacts required from contractor: per-test status (pass/fail), video of failures, crash logs, and a one‑paragraph release verification note.
- Governance: define blocker criteria, escalation path (who to ping), and sign‑off authority (founder or product owner).
Sources used in this section
FAQ
Common follow-up questions
How many physical devices should I ask a contractor to test before submission?
Aim for 10–15 physical devices that cover the latest and previous major iOS releases, and a representative mix of Android OEMs and OS versions for your target markets. Use analytics to replace default picks with the actual top devices your users run.
What makes a test a 'blocker' worthy of rejecting the build back to engineering?
A blocker causes data loss, crashes, failed payments, incorrect privacy/permission flows, or metadata mismatches that violate store guidelines (for example screenshots that promise features the app doesn’t provide). Define blockers as unambiguous conditions in the acceptance tests and require recording evidence when they occur.
Do I need physical devices or are emulators OK?
Use emulators for fast CI checks and developer debugging. But require physical devices for the final smoke run and acceptance tests — many store rejections and user problems stem from hardware-specific issues, OEM skins, or performance on low-end devices that emulators don’t replicate reliably.
How do I avoid metadata-related rejections from Apple or Google?
Before submission, verify screenshots, app name, descriptions, and the privacy policy URL match the built app. Include this check in the smoke runbook and require contractors to confirm exact text matches and that any paywalled features are clearly disclosed in metadata.
Sources
Research used in this article
Each generated article keeps its own linked source list so the underlying reporting is visible and easy to verify.
Apple
2024 App Store Transparency Report
https://www.apple.com/legal/more-resources/docs/2024-App-Store-Transparency-Report.pdf
Apple Developer
App Store Review Guidelines
https://developer.apple.com/app-store/review/guidelines
Wikipedia
Mobile operating system — usage & stats
https://en.wikipedia.org/wiki/Mobile_operating_system
Adapty
Common App Store Rejection Reasons: Causes & Fixes
https://adapty.io/blog/app-store-rejection/
Forge
Top 10 App Store Rejection Reasons
https://forgeasc.com/blog/app-store-rejection-reasons
Next step
Turn the idea into a build-ready plan.
AppWispr takes the research and packages it into a product brief, mockups, screenshots, and launch copy you can use right away.