Store Release

Submit iOS and Android releases and operate updates after launch.

Release is where the Expo template's pieces meet: production variant, store records, EAS credentials, legal URLs, privacy disclosures, RevenueCat products, Supabase webhooks, update gates, and OTA channel hygiene.

Pre-flight checklist

Before creating a production store build:

  • Confirm APP_VARIANT=production so the bundle ID/package is expo.soarstarter.com and the scheme is soar-starter-expo.
  • Replace app name, icon, adaptive icon, splash, and favicon assets.
  • Run pnpm generate:assets after changing the source icon set.
  • Replace EXPO_PUBLIC_TERMS_URL, EXPO_PUBLIC_PRIVACY_URL, and EXPO_PUBLIC_EULA_URL.
  • Host the Universal/App Links files if EXPO_PUBLIC_LINKING_DOMAIN is set.
  • Review Android permissions in app.config.ts: CAMERA, READ_MEDIA_IMAGES, and POST_NOTIFICATIONS.
  • Review iOS usage strings for camera, photo library, Apple Sign-In, and ATT.
  • Configure production Supabase URL/anon key, RevenueCat SDK keys, Sentry DSN, PostHog key, and store URLs.
  • Deploy production Supabase Edge Functions and set Edge secrets.
  • Make sure RevenueCat's webhook points at the production Supabase project.
  • Confirm eas.json production uses distribution: "store", channel: "production", and autoIncrement: true.

iOS release

Create the iOS app record for:

Bundle ID: expo.soarstarter.com

Prepare:

  • App name, subtitle, category, screenshots, support URL, marketing URL, and privacy policy URL.
  • Sign in with Apple capability, because the app includes Apple auth.
  • In-app purchase products if you ship RevenueCat purchases.
  • Sandbox testers and TestFlight tester groups.
  • Associated Domains if you use Universal Links.

Build and submit:

eas build --profile production --platform ios
eas submit --profile production --platform ios

The first submit will ask for Apple credentials or App Store Connect API key details because submit.production.ios is empty in the template.

Mention the review-relevant flows:

  • Account deletion lives in Me -> Account & Security and calls the delete-account Edge Function.
  • Legal consent is versioned by LEGAL_VERSION.
  • ATT is requested only from the permissions primer, separate from legal consent.
  • Purchases are account-bound through RevenueCat and Supabase entitlements.
  • Push sending is not enabled unless you add token persistence and a send path.

If a tester has an active Apple subscription and deletes the account, the app offers the subscription management URL before deletion.

Android release

Create the Android app for:

Package name: expo.soarstarter.com

Prepare:

  • App content, target audience, content rating, screenshots, feature graphic, privacy policy, and support contact.
  • Google Play App Signing and an internal testing track.
  • In-app products or subscriptions if you ship RevenueCat purchases.
  • App Links asset links if you use EXPO_PUBLIC_LINKING_DOMAIN.
  • Notification, camera, and photo/media permission explanations.

Build and submit:

eas build --profile production --platform android
eas submit --profile production --platform android

The template's preview profile produces an APK for internal sharing. Production store builds are handled by EAS for Play submission.

Use the same data map as iOS, then adapt it to Google's categories. Be explicit about account data, diagnostics, analytics, purchases, and files users upload.

The client can configure the RevenueCat Android SDK, but the shipped Supabase webhook currently ignores PLAY_STORE events. Extend the webhook before promising Android purchases unlock Supabase entitlements.

Privacy map

ServiceData involvedDisclosure notes
Supabase AuthEmail, auth identifiers, profile fieldsAccount creation, login, profile, account deletion
Supabase DatabaseTodos, profile, subscriptions, payments, sample upload metadataUser-owned data protected by RLS
Supabase StorageUploaded sample files and avatarsFiles are stored under user-scoped paths
RevenueCatApp user ID, purchase history, product identifiersUsed for purchases; entitlement source of truth is Supabase
PostHogAnalytics events and device/app context when configuredLegal consent does not currently block PostHog initialization
SentryCrash reports, stack traces, device/app context when configuredUpload sourcemaps for readable production traces
Expo NotificationsExpo push token when retrievedToken is not persisted by the shipped client
ATTTracking authorization statusiOS-only prompt from the permissions primer

Post-release operations

Set store URLs after the listings exist:

EXPO_PUBLIC_APP_STORE_URL=
EXPO_PUBLIC_PLAY_STORE_URL=

Then use the version gate deliberately:

KeyUse
EXPO_PUBLIC_LATEST_APP_VERSIONSoft prompt users to upgrade
EXPO_PUBLIC_MIN_APP_VERSIONForce old app versions to upgrade
EXPO_PUBLIC_APP_UPDATE_URLStore or landing-page URL opened by the gate
EXPO_PUBLIC_APP_UPDATE_MESSAGEUser-facing update copy
EXPO_PUBLIC_APP_UPDATE_CONFIG_URLRemote JSON override for update policy

Use OTA updates only on the matching channel:

eas update --channel production --message "Fix production copy"

Keep production, preview, and development channels separate. Do not publish unreviewed experimental changes to the production channel just because they are "only JavaScript".

On this page