Building a Flutter app is half the journey. Getting it past Apple review and onto Google Play without surprises is the other half. This 2026 guide walks through the full deployment pipeline for cross-platform Flutter apps, from signing keys to store listings to first-launch metrics.
Pre-Flight Checklist
- Bump version in
pubspec.yamlusingversion: 1.4.2+27format - Run
flutter analyzeand fix every warning - Run integration tests on physical iPhone and Android devices
- Profile with
flutter run --profile; jank above 16ms must be fixed - Review permissions and remove any you no longer use
iOS: App Store Connect Pipeline
1. Apple Developer Account
You need a paid Apple Developer Program membership ($99/year). Individual or Organization — Organization gives you team management and the ability to publish under a company name.
2. Certificates and Provisioning
Use automatic signing for most apps. Open Xcode, select your Runner target, set your Team, check "Automatically manage signing." For CI, switch to manual and use fastlane match.
3. App Store Connect Setup
- Create the app record with a unique bundle ID
- Fill in localized metadata: name, subtitle, description, keywords (100 char limit)
- Upload screenshots: 6.7", 6.5", 5.5" iPhone, plus iPad if applicable
- Set the category, age rating, and pricing
- Configure privacy nutrition labels — be exhaustive
4. Build and Upload
flutter build ipa --release
xcrun altool --upload-app -f build/ios/ipa/*.ipa \
--type ios -u "your@apple.id" -p "@keychain:AC_PASSWORD"Or with Fastlane:
cd ios && fastlane release5. Submit for Review
Apple reviews take 24-48 hours in 2026. Common rejection causes:
- Account-required apps without the Sign in with Apple option
- Permissions requested without clear justification
- Crash on launch on the reviewer device
- Demo accounts that do not work
- Web-view-only apps with no native value
Android: Google Play Pipeline
1. Generate Upload Keystore
keytool -genkey -v -keystore upload-keystore.jks \
-keyalg RSA -keysize 2048 -validity 10000 -alias uploadStore the keystore in a vault — losing it means losing the ability to update your app.
2. Configure android/key.properties
storePassword=...
keyPassword=...
keyAlias=upload
storeFile=/secure/path/upload-keystore.jks3. Build the App Bundle
flutter build appbundle --releaseGoogle Play requires AAB, not APK, for new uploads. The Play Store generates per-device APKs from your AAB, shrinking download size.
4. Play Console Setup
- Create the app, fill in store listing
- Upload feature graphic (1024x500), screenshots, and icon
- Complete the Data Safety form — required since 2022
- Set content rating via the IARC questionnaire
- Choose internal, closed, open, or production release track
5. Staged Rollouts
Always release to 5-10% first. Watch crash-free users and ANR rate for 24-48 hours before scaling to 100%. Halt the rollout instantly if metrics regress.
CI/CD with GitHub Actions
name: Flutter Release
on:
push:
tags: ['v*']
jobs:
android:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: subosito/flutter-action@v2
with: { channel: stable }
- run: flutter pub get
- run: flutter build appbundle --release
- uses: r0adkll/upload-google-play@v1
with:
serviceAccountJsonPlainText: ${{ secrets.PLAY_SERVICE_ACCOUNT }}
packageName: com.example.app
releaseFiles: build/app/outputs/bundle/release/app-release.aab
track: internal
ios:
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- uses: subosito/flutter-action@v2
- run: cd ios && pod install
- run: flutter build ipa --release
- uses: apple-actions/upload-testflight-build@v1Privacy and App Tracking
iOS requires the App Tracking Transparency prompt before any cross-app tracking. Android 14+ requires runtime notification permission. Both stores demand a privacy policy URL. Be specific about every SDK that touches user data.
Post-Launch Monitoring
- Crashlytics or Sentry for crash and error tracking
- Firebase Performance for cold-start and network metrics
- Reviews monitoring — respond within 48 hours
- Funnel analytics tied to release versions
Common Mistakes
- Forgetting to bump build number (Apple rejects duplicate builds)
- Embedded test data or staging API URLs in release builds
- Missing app icons in required sizes
- ProGuard rules that strip required classes — test the release variant locally
Conclusion
Shipping Flutter apps to both stores is a process, not a one-click event. Automate the pipeline, gate releases on real metrics, and treat staged rollouts as the default. Once the pipeline runs end-to-end on tag push, releases become a routine event instead of a fire drill.
