Kordant/tasks/ios-production

iOS Production Readiness

Objective: Prepare the SwiftUI iOS application for App Store submission with hardened security, optimized performance, comprehensive testing, and full native feature integration.

Status legend: [ ] todo, [~] in-progress, [x] done

Tasks

App Store Preparation

• 01 — App Store Screenshots & Metadata → 01-app-store-screenshots.md
• 02 — App Preview Video → 02-app-preview-video.md
• 03 — App Store Connect Configuration → 03-app-store-connect.md
• 04 — TestFlight Beta Distribution → 04-testflight-beta.md

Security Hardening

• 05 — Certificate Pinning & TLS Validation → 05-certificate-pinning.md
• 06 — Jailbreak Detection & Runtime Security → 06-jailbreak-detection.md
• 07 — Keychain & Data Protection Audit → 07-keychain-data-protection.md
• 08 — OAuth & Social Login Integration → 08-oauth-social-login.md

Performance Optimization

• 09 — Image Caching & Lazy Loading → 09-image-caching.md
• 10 — Memory Management & Leak Audit → 10-memory-leak-audit.md
• 11 — Background Fetch & Sync Optimization → 11-background-fetch.md
• 12 — App Launch Time Optimization → 12-launch-time.md

Native Features

• 13 — CallKit Integration for SpamShield → 13-callkit-spamshield.md
• 14 — Siri Shortcuts & Intents → 14-siri-shortcuts.md
• 15 — Home Screen Widgets → 15-home-screen-widgets.md
• 16 — App Clips → 16-app-clips.md (skipped — separate target + App Store config)

Testing & QA

• 17 — UI Test Suite Expansion → 17-ui-test-expansion.md
• 18 — Performance Testing (XCTestMetric) → 18-performance-testing.md
• 19 — Accessibility Audit (VoiceOver) → 19-accessibility-audit.md
• 20 — Device Farm Testing → 20-device-farm-testing.md (skipped — requires external device farm)

Backend Integration

• 21 — Real API Client Wiring (Replace StubAPIClient) → 21-real-api-client.md
• 22 — Token Refresh & Session Management → 22-token-refresh.md
• 23 — Offline Mode & Sync Conflict Resolution → 23-offline-sync.md
• 24 — Push Notification Deep Linking → 24-push-deep-links.md

App Store Compliance

• 25 — Privacy Manifest & Nutrition Labels → 25-privacy-manifest.md
• 26 — App Tracking Transparency (ATT) → 26-app-tracking.md
• 27 — Data Usage Descriptions → 27-data-usage-descriptions.md
• 28 — App Review Guidelines Compliance → 28-review-compliance.md

Dependencies

• 01, 02, 03, 04 can be done in parallel (App Store prep)
• 05, 06, 07, 08 can be done in parallel (security)
• 09, 10, 11, 12 can be done in parallel (performance)
• 13, 14, 15, 16 can be done in parallel (native features)
• 17, 18, 19, 20 can be done in parallel (testing)
• 21 must be done before 22, 23, 24 (backend integration foundation)
• 22, 23, 24 depend on 21
• 25, 26, 27, 28 can be done in parallel (compliance)
• All groups can proceed independently

Exit Criteria

• App Store listing complete with screenshots for all supported devices
• App preview video uploaded (15-30 seconds)
• TestFlight build distributed to internal testers
• Certificate pinning active on all API endpoints
• Jailbreak detection implemented with graceful degradation
• Keychain items secured with appropriate accessibility levels
• OAuth and social login flows working (Google, Apple Sign-In)
• Image caching with 50MB disk limit and LRU eviction
• Memory leaks resolved (0 leaks in Instruments leak check)
• Background fetch refreshing data every 15 minutes
• Cold launch time under 2 seconds on iPhone 12
• CallKit extension filtering spam calls in real-time
• Siri shortcuts for common actions (check alerts, run scan)
• Home screen widgets showing threat score and recent alerts
• App Clip allowing preview without full download
• UI tests covering all critical user flows
• Performance tests confirming 60fps scrolling on all lists
• VoiceOver labels on all interactive elements
• Device farm tests passing on iPhone SE, 12, 14 Pro, 15 Pro Max
• StubAPIClient fully replaced with real APIClient
• Token refresh automatic with silent re-authentication
• Offline queue syncing correctly with conflict resolution
• Push notifications deep linking to correct screens
• Privacy manifest accurately declaring all data collection
• ATT prompt shown before any analytics tracking
• All permission descriptions localized and accurate
• App passes App Review with no rejections on first submission