The Reality of Mobile App Deployment

Deploying a React Native application to the Apple App Store and Google Play Store is a milestone every mobile developer faces. While React Native gives you the power to target both platforms from a single codebase, the journey to a successful production launch involves strict guidelines, complex build tooling, and rigorous testing. A single oversight—a missing permission string, a misconfigured keystore, or an unreachable API endpoint—can delay your launch by days or weeks.

This guide provides a production-hardened checklist for deploying React Native apps. Whether you are shipping a simple utility app or a complex content-driven platform powered by Directus, these steps will help you navigate the submission process with confidence. The goal is to eliminate surprises and deliver a stable experience to your users on day one.

Pre-Deployment Hardening

Testing Completeness

Before you even think about building a release artifact, your app needs to be thoroughly vetted. This goes beyond passing unit tests. You must perform end-to-end testing on physical devices, covering the full range of iOS and Android screen sizes and OS versions. If your React Native app relies on a Directus backend, integration testing becomes essential. Verify that your API calls handle network timeouts gracefully, that Directus SDK queries return data in the expected format, and that your app displays meaningful error states if the backend is unreachable.

Asset Finalization

Both app stores have strict requirements for visual assets. Do not wait until the last minute to generate these files.

  • iOS: Prepare app icons at all required sizes (@1x, @2x, @3x). Provide screenshots for every required device size (6.5-inch, 5.5-inch, iPad Pro, etc.).
  • Android: Create adaptive icons (foreground and background layers). Generate feature graphic and screenshots for phone and tablet.
  • Splash Screen: Use libraries like react-native-bootsplash to ensure your splash screen matches your brand and transitions smoothly into the app. A broken or stretched splash screen is a common cause of rejection.

Permissions & Privacy

This is one of the most common stumbling blocks during review. Every permission your app requests must be justified to the user.

  • iOS Info.plist: For every permission (camera, photo library, location, microphone), you must provide a purpose string. If your app uses Directus for media uploads, your string should be specific: “We need access to your camera to upload your profile photo.”
  • Android Manifest: Remove any unnecessary permissions. Google Play is strict about apps that request permissions like READ_CONTACTS or CALL_PHONE without a clear feature requirement.
  • Testing: Go through every permission flow in your release build. What happens if the user taps “Deny”? Does your app crash, or does it gracefully fall back to a manual input option?

Backend Lockdown (The Directus Factor)

A common oversight is leaving the backend accessible after the app goes live. If your React Native app relies on Directus as a headless CMS, pre-deployment is the time to configure your production environment properly.

  • Roles and Permissions: Disable public access to the admin panel. Create a dedicated API role that has exactly the permissions needed for your app. Use Directus’s permission system to restrict read, create, update, and delete operations on a per-collection basis.
  • CORS Configuration: Lock down Cross-Origin Resource Sharing to only accept requests from your app’s domain or custom scheme.
  • Rate Limiting: Protect your Directus API from abuse by enabling rate limiting.
  • Static Tokens vs. Dynamic Auth: Decide early whether your app will use a static API token for public data or a full authentication flow for user-specific data. Static tokens are simpler for public content, but user authentication (via Directus’s built-in auth system) is required for personalized experiences.

Reference: Directus Permissions Documentation

Environment Configuration & Secrets Management

Hardcoding API keys or your Directus project URL into your source code is a critical security risk. It also makes maintaining different environments (staging, production) unnecessarily painful.

The .env Ecosystem

Use libraries like react-native-dotenv (for bare React Native) or expo-constants (for Expo projects) to manage environment variables.

  • Create separate files: .env.staging and .env.production.
  • Store your Directus instance URL, static token (if applicable), and any third-party API keys here.
  • Never commit these files to your version control system. Add them to your .gitignore.

Secure Storage for User Tokens

When a user authenticates against your Directus backend, the returned access token should never be stored in plain text or in AsyncStorage for extended periods. Use react-native-keychain (iOS) or react-native-encrypted-storage (Android) to store sensitive credentials securely. This protects your users in the event of a physical device compromise.

Building for Release

Running npx react-native run-ios or run-android is not sufficient for production. Release builds require code signing, optimization, and specific distribution formats.

Android: The Signed AAB

Google Play now requires the Android App Bundle (AAB) format for new apps.

  • Generate a production keystore using Android Studio or the keytool command.
  • Place the keystore file in your android/app directory.
  • Create a key.properties file referencing your keystore path, password, key alias, and key password.
  • Configure your android/app/build.gradle to read from key.properties for the signing config.
  • Run cd android && ./gradlew bundleRelease to generate the AAB file.
  • Note: Never lose your keystore file. Without it, you cannot issue updates to your app.

iOS: Archive and Export

iOS distribution requires an active Apple Developer Program membership.

  • Create a distribution certificate and provisioning profile on the Apple Developer Portal.
  • In Xcode, select the target for your app and navigate to Signing & Capabilities. Ensure you are using the production distribution profile.
  • Set the build scheme to “Release”.
  • Go to Product > Archive. Once the archive is built, the Organizer window will open. Click “Distribute App” and select “App Store Connect”.

EAS Build (Expo)

If you are using Expo, EAS Build is the recommended way to create production builds. It handles signing, keystore generation, and cloud compilation.

  • Install the eas-cli and log in to your Expo account.
  • Run eas build --platform all --profile production.
  • EAS will manage your Android keystore and iOS certificates automatically, storing them securely on Expo’s servers.
  • This approach integrates seamlessly with EAS Submit for uploading to the stores.

Reference: EAS Build Documentation

Pre-Submission Quality Assurance

Uploading your release build to TestFlight (iOS) or Internal App Sharing (Android) should be a mandatory step before hitting “Submit for Review.” This is your final safety net.

TestFlight (iOS)

After uploading your archive to App Store Connect, enable TestFlight. You can invite internal testers (up to 100 members of your team) without needing a beta review. For external testers, you must submit the build for Beta App Review, which follows similar guidelines to the full App Store review. Use this to catch issues early.

Internal App Sharing (Android)

Google Play Console allows you to upload an AAB and generate a shareable link to distribute to testers. This is faster than managing a full beta track and is perfect for final validation.

QA Checklist for Build Validation

  • Deep Links: Test Universal Links (iOS) and App Links (Android). Ensure they correctly route users to the right content, especially if you are using Directus to manage dynamic deep link destinations.
  • Offline Support: Does your app handle a loss of network connectivity? Does it display cached data? If your app relies on Directus data that doesn’t change often, consider caching the responses locally using react-native-mmkv or AsyncStorage.
  • Push Notifications: Verify that push notifications are configured with the production certificate (iOS) and Firebase Cloud Messaging key (Android). Test a full notification flow, including tapping a notification to open a specific Directus content item.
  • Analytics and Crash Reporting: Check that Firebase or Sentry is initialized with the production configuration. Make a deliberate test crash to ensure the crash report appears in your monitoring dashboard.

The Submission and Review Process

This is the final frontier. The App Store Review Guidelines are notoriously strict, while Google Play relies heavily on automated checks, though human reviews are becoming more common for policy compliance.

Metadata Optimization

  • App Store: Choose keywords carefully. They are one of the primary ways users discover your app outside of direct search.
  • Google Play: Write a compelling, keyword-rich description. The first few lines are the most important for search ranking.
  • Screenshots: Ensure your screenshots reflect the latest version of your app. If you updated the UI post-alpha, take new screenshots. Outdated visuals are a common reason for rejection.
  • Account Deletion: Both stores now require that apps supporting account creation also allow account deletion directly within the app. If you are using Directus user management, ensure your app has a button that triggers the DELETE /users/me endpoint via the SDK. Users must be able to purge their data without needing to email an administrator.
  • Privacy Policy: You must provide a URL to a privacy policy. This applies to both iOS and Android. If you collect any personal data (names, email addresses, usage data via analytics), your policy must reflect that.
  • App Tracking Transparency (iOS): If your app uses Firebase Analytics, Mixpanel, or similar SDKs, you must request user permission via the ATT prompt. Failing to implement this will result in an immediate rejection from Apple.

Reference: Apple App Store Review Guidelines

Handling Rejection

A rejection is a common part of the process. The key is to respond quickly and professionally.

  • Read the rejection reason carefully. Is it a metadata issue (placeholder text left in a screenshot)? A broken link (your Directus instance was down during review)?
  • If your app requires a login, make sure you provide a demo account for the reviewer. Include clear instructions: “Login with [email protected] / password123. This account has read-only access to the Directus backend.”
  • Appeal the rejection directly if you believe your app complies with the guidelines. If you need to fix an issue, resolve it, upload a new build, and submit a new review request.

Post-Launch Operations

Congratulations, you are live. The deployment process does not stop at “Ready for Sale.” Long-term success depends on monitoring and iteration.

Monitor Production Health

  • Set up performance alerts in Sentry or Firebase Crashlytics. Watch for crashes that correlate with specific devices or OS versions.
  • Monitor your Directus server load. Are your API queries optimized? Use Directus’s built-in fields and filter parameters in your SDK queries to reduce the payload size and avoid fetching unnecessary data.
  • Keep an eye on the latency of your Directus instance. If you are serving users globally, consider deploying Directus in a region closer to your user base or using a CDN in front of your assets.

Content Updates Without App Updates

This is the key advantage of pairing React Native with a headless CMS like Directus. You can change the content, layout, or even feature flags stored in Directus, push a publish button, and your users see the changes immediately—without needing to download a new binary from the app store.

  • Update promotional banners, pricing tiers, or static text by editing entries in your Directus collections.
  • Use Directus Flows (webhooks) to trigger Over-The-Air (OTA) updates via EAS Update or CodePush when you publish a content update.
  • This workflow decouples the design iteration cycle from the slow app store review process. You can respond to market changes in minutes, not days.

Iterate Based on Data

Use your Directus backend as a remote configuration tool. Toggle features on and off based on user segments or A/B testing groups. Combine this with analytics data to make informed decisions about your next release. Every app store update should be meaningful, adding real value to the user.

Mastering the Full Mobile Lifecycle

Deploying a React Native app is not just about writing code—it is about managing a continuous lifecycle of testing, building, reviewing, and monitoring. A structured checklist ensures that no step is overlooked.

By pairing your React Native frontend with a flexible, headless backend like Directus, you gain the ability to update your app’s content and logic independently of the app store approval process. This gives your team agility while maintaining the stability and quality that users expect from a production application. Follow this checklist, respect the platform guidelines, and you will be well on your way to a successful launch and a sustainable update strategy.