Apple Guideline 3.1.5: the rule that blocks crypto exchange apps
Guideline 3.1.5 requires that a cryptocurrency exchange app be offered by the exchange itself and have appropriate licensing and permissions in every region where the app is available. Since no global crypto license exists, reviewers accept a mapped evidence pack instead: legal opinion letters per jurisdiction, a country availability statement, entity documentation, and Review Notes that tie them together.
The rule, verbatim
Apps may facilitate transactions or transmissions of cryptocurrency on an approved exchange, provided they are offered by the exchange itself… and have appropriate licensing and permissions in the regions where the app is available.
Two tests hide in one sentence: an identity test (the developer account must credibly be the exchange, not an agency or shell) and a jurisdiction test (every storefront must have a defensible legal basis). Most rejections fail the second test — often just by leaving all storefronts enabled.
Why "appropriate licensing" is a trap if you read it literally
There is no license that covers 175 App Store storefronts. Apple knows this. What the reviewer actually needs is the ability to close a checklist item: "developer has demonstrated lawful operation in the regions of availability." That is a documentation problem with three moving parts:
| Component | Question it answers | What satisfies it |
|---|---|---|
| Entity | Who operates this exchange, and does the developer account match? | Corporate documents; developer account held by the operating entity; consistent naming across app, website, documents. |
| Legal basis per region | Why is this app allowed to be live in each storefront? | License or registration where required; exemption or lawful cross-border access analysis where applicable — stated in a legal opinion letter. |
| Availability scope | Where exactly will the app be live? | A country availability statement: available / restricted / excluded lists that match the actual App Store Connect storefront selection. |
The three ways exchanges fail 3.1.5
- All storefronts enabled. The default. You have implicitly claimed licensing in every jurisdiction on earth. Reviewers only need one counterexample to reject.
- License shown, story missing. A VASP registration from one country attached with no explanation of the other 100 storefronts. The document is real; the mapping is absent.
- Right documents, unreadable delivery. A 40-page legal memo dumped into the attachment field. Reviewers are not lawyers; without Review Notes that summarize and map, the pack fails on readability.
Not sure which test you're failing? Send the rejection email — we'll point at the exact gap, free.
Get the 3.1.5 gap read →What a passing 3.1.5 evidence pack contains
Template excerpt: mapping a legal conclusion for a reviewer
Regional availability. This app is made available only in the storefronts listed in Appendix A (XX regions). Storefronts where the operator has not established a legal basis for offering exchange services are excluded from distribution.
Licensing basis. The operator, ████████ Ltd., holds ████████ registration in ██████ and relies on the exemption and lawful-access analysis set out in the attached legal opinion (Legal_Opinion.pdf, sections 2–4) for the remaining regions of availability.
Attachments. Legal_Opinion.pdf · Country_Availability_Statement.pdf · Entity_Registry_Extract.pdf
Frequently asked questions
Does Apple publish a list of accepted crypto licenses?
No. Apple deliberately keeps 3.1.5 principle-based. Reviewers assess whether the documentation coherently demonstrates lawful operation in the regions of availability, which is why a mapped legal opinion plus availability statement outperforms any single license upload.
Can I just limit my app to one country to pass 3.1.5?
Yes, narrowing storefronts is the fastest way to reduce 3.1.5 surface area, and expanding later is routine. But even a single storefront still needs a defensible legal basis — and Review Notes stating it.
Is 3.1.5 only about exchanges, or wallets too?
The 'offered by the exchange itself' clause targets apps facilitating exchange transactions. Non-custodial wallets face different scrutiny. If your app mixes both, reviewers apply the stricter reading — scope your features and documents accordingly.
What if my exchange has no license anywhere?
That's a structuring question before it's a submission question. Depending on target markets there may be registration, exemption or partnership routes. The diagnosis is exactly what the free rejection-email read covers.