I put together a list of common reasons why not to do it. Some of them are based on personal experience, others you may have heard of, or even used yourself.

Invite users to make purchases on your site.

Point of rules 3.1.3. Allows certain types of apps to access purchases made outside of the app, such as reading apps, cross-platform services, enterprise services, or person-to-person sales. But you still can't directly tell people to go elsewhere to buy something on your app. You also cannot use "touchpoints obtained when registering an in-app account (such as email or text messages) to force users to use a purchase method other than in-app purchase."

Hiding application features for review and enabling them using, for example, server changes

Point of the rules 2.3.1. Don't include hidden, inactive, or undocumented features in your application; the functionality of your application should be clear to end users and App Review. All new features, functionality, and product changes must be specifically described in the Notes for Review section of App Store Connect (general descriptions will be rejected) and made available for review.

To explain this rule in a simpler way, your application should only do what it says and nothing more. They often use flags to check applications, and after the review they change them to what they need.

Advertising in push notifications or widgets

Rule 3.2.2 - in short, monetization of push notifications is not allowed. 

There is a nuance in 4.5.4 where Apple says that push notifications should not be used for promotions or direct marketing purposes unless explicit consent has been given by customers . This loophole is just often used for some kind of advertising mailings, for example, or the announcement of new products.

Inclusion of third-party analytics in applications "for children"

Clause 1.3 of the rules says this explicitly.

But! In limited cases, third-party analytics may be permitted, provided that the services do not collect or share IDFA or any identifiable information about children (such as name, date of birth, email address), their location, or their devices, Apple said. . This includes any device, network or other information that can be used directly or in combination with other information to identify users and their devices."

If you use third party analytics, be prepared to show Apple exactly how it works, what it collects, how you make sure it doesn't collect prohibited data, and how you make sure it stays that way over time.

Collection of unauthorized user data

In paragraph 5.1.1. explicitly states that the application should collect only the information it needs to complete the task. 

It is also about what third-party software (for example, some libraries) can collect in your application.

For example, the SDK of a fraudulent ad network may collect data, so it may not even be your fault. This is why you need to check your dependencies very, very carefully.

Do not collect, for example, credit card passwords to pass the level.

Forced to enable tracking. For example, unlocking some options.

Point of rules 3.2.2. You cannot, for example, beg for a rating or turn on tracking to receive additional content.

Apps must not require users to rate, review an app, watch videos, download other apps, click on ads, turn on tracking, or take any other similar action in order to access features, content, use the app, or receive monetary or other compensation, including gift cards. and codes, but not limited to.

Using Device Fingerprinting Instead of IDFA for Tracking Purposes

Device fingerprints or fingerprint is the identification of a device by its characteristics: location, device data, language and much more. On desktops, this is easier to do than on mobile devices, and the accuracy can be from 80% to high 90%.

You can read more about this in the article singular .

Offering a controversial or even potentially dangerous product

Rule clause 1.4.3 is explicit about this and includes, for example, products with tobacco or alcohol.

Crazy prices, disproportionate to the product.

Remember, there was a $1,000 app that was called "I'm rich" or something like that. It was removed from the app store, but then returned for 8.99. Although now we can say that the name of the application is misleading (hardly with a price of $ 8.99 you can say that the user is rich).

Using a private API

Paragraph 2.5.1 of the rules says just about this. Although one of the possible reasons why applications were forced to update is that some APIs become deprecated over time.

And although this item is at the end of the list, this does not mean that it is the least common.