ProductClientsDevice Studio
Mobile Policy Boundaries
This document is product and engineering policy guidance. It is not legal
Status
This document is product and engineering policy guidance. It is not legal advice and it does not determine App Store or Google Play approval.
Core Risk
Mobile app stores are more sensitive to dynamic code, mini apps, user-generated content, payments, native API exposure, age ratings, moderation, privacy claims, and developer-distributed experiences than a web-only product.
A future Prox OS native companion app must not become an unreviewed app marketplace.
Product Rules
- Dynamic mobile views are render-only by default.
- Mobile dynamic UI should use Studio View JSON and trusted blocks.
- Do not execute arbitrary remote JavaScript or uploaded React bundles inside a native companion app.
- Do not expose native APIs directly to user-generated mini experiences.
- Use permission manifests and host-mediated actions.
- Keep native permission copy visible near the action that needs it.
- Treat publish, deploy, external write, payment, sharing, destructive edit, and sensitive connector actions as high-impact.
- Do not claim store approval, privacy compliance, or platform compatibility before review and testing.
Risk Areas
| Area | Risk | Early mitigation |
|---|---|---|
| Dynamic code | Store policies may reject unreviewed executable code or app-like runtimes. | Use declarative Studio View JSON and trusted renderer blocks. |
| Mini apps | A mini app platform implies review, metadata, reporting, and policy enforcement. | Use Gallery, Templates, Verified Views, and Dynamic Blocks first. |
| UGC | Public user content requires reporting, takedown, moderation, and age/content posture. | Keep early mobile private-first and reviewed where public. |
| Payments | In-app purchases and external payment links have strict platform rules. | Do not add mobile payment flows until product, legal, and platform policy are ready. |
| Native APIs | Camera, contacts, photos, files, background upload, and notifications need clear purpose. | Ask for permission at the moment of need and keep actions host-mediated. |
| AI actions | AI suggestions can modify or publish content if not constrained. | Require explicit approval, provenance, and audit for high-impact actions. |
| Connectors | Connector data may include sensitive personal or business context. | Show source, scope, retention, and permission boundaries. |
Future Requirements Before Native Distribution
| Requirement | Why it matters |
|---|---|
| Content reporting | Required before public or community-distributed mobile content scales. |
| Block / mute / hide controls | Lets users control exposure to people, Spaces, and shared content. |
| Age rating metadata | Needed for public Gallery, mini experiences, and store review posture. |
| Permission descriptions | Users and reviewers need clear purpose for camera, photos, contacts, push, files, and AI actions. |
| App / view metadata | Required for review, discovery, support, and takedown. |
| Takedown flow | Needed for hosted public content and policy enforcement. |
| Audit log | Required for sensitive approvals, AI actions, external writes, publish, deploy, and permissions. |
| Privacy policy | Required before native permissions, accounts, analytics, push, or uploads are shipped. |
| Terms and developer agreement | Needed before third-party publishing, templates, mini experiences, payments, or public submissions. |
Store Review Posture
Future mobile review material should explain:
- Prox OS is web-first and Runtime-first.
- The native app, if shipped, is a companion shell.
- Dynamic views are data-rendered and constrained by a host renderer.
- User-generated experiences do not receive direct native API access.
- High-impact actions require explicit user approval.
- Public content and templates are governed by metadata, reporting, and takedown workflows before broad distribution.
Not Now
- No native app submission.
- No mobile App Store or mini app marketplace.
- No third-party code execution in native mobile.
- No native payment flow.
- No public UGC launch through mobile without reporting and takedown readiness.