System actions

App Intents and Siri Shortcuts review checklist

App Intents make app actions available outside your UI. That is powerful, but review risk appears when an action is private, destructive, stale, or hard to verify.

Quick answer

Expose only actions that are predictable, user-understandable, and safe from system surfaces. Apple describes App Intents as structured actions and data that make app capabilities discoverable by Siri, Shortcuts, Spotlight, Apple Intelligence, and other experiences. AppReviewReady interpretation: write an action contract for parameters, authentication, privacy, confirmation, and failure.

01

Choose actions with clear user intent

Good intents map to actions users already understand: log a workout, create a task, start a timer, order a saved item, open a document, send a status, or retrieve a summary. Weak intents expose internal operations or require too much hidden context.

Write the action name, required parameters, optional parameters, side effects, and expected result. If the action could spend money, share data, delete content, or contact another person, it needs stronger confirmation and review evidence.

02

Make parameters and entities stable

  • Entity names should be recognizable and not leak private data in suggestions.
  • Defaults should not perform surprising actions for the wrong account or workspace.
  • Deleted, renamed, unavailable, and permission-restricted entities need clear errors.
  • Localized phrases should match the app's actual feature names and supported languages.
03

Protect privacy outside the app UI

System surfaces may show phrases, entity names, summaries, and results in places where the full app's privacy controls are not obvious. Do not expose sensitive health, finance, child, location, message, or workplace data unless the user intentionally configured that action.

AppReviewReady interpretation: test intents with the device locked, another account active, permissions denied, and no recent data. A safe error is better than revealing stale or private information.

04

Verify action lifecycle

  1. Run each shortcut from Shortcuts, Siri, Spotlight, and any relevant system surface.
  2. Test missing parameters, invalid parameters, denied permissions, signed-out state, and network failure.
  3. Confirm destructive or paid actions require confirmation where appropriate.
  4. Verify the app opens to the matching detail screen when the user needs to continue.
  5. Check that App Store metadata does not promise system integrations that are not included in the submitted build.
05

Document the intent contract

This contract helps QA, support, and Review Notes stay aligned as intents expand. It also prevents accidental exposure when a new App Entity becomes searchable or suggested by the system.

Revisit the contract after adding new shortcuts, widgets, Spotlight results, or Apple Intelligence integrations. A harmless in-app entity can become sensitive when it appears in suggestions or is spoken aloud by Siri.

For automations, verify repeat execution. An action that is safe once can become risky when a user schedules it, chains it with other shortcuts, or runs it from a locked device.

Copy-ready frameworkAdapt every bracketed field
App Intent review contract:
Intent name: [action]
System surfaces: [Siri, Shortcuts]
Parameters: [required/optional]
Sensitive data shown: [none or fields]
Confirmation required: [yes/no]
Test phrase: [example]
Expected result: [observable behavior]
Sources

Primary references checked for this guide

Policy statements above are grounded in the linked Apple documentation. Operational recommendations are AppReviewReady's interpretation and should be tested against your app and the current guideline text.

Put it to work

Check App Intents readiness

Review action scope, privacy, parameters, and system-surface behavior before submission.

Open the tool