80+ Mini Program Review Lessons: Common Pitfalls and How to Fix Them
After more than 80 WeChat Mini Program submissions, this guide compiles the most frequent review rejections—privacy agreement gaps, content‑security failures, forced login, brand misuse, and missing test accounts—and provides concrete checklists and step‑by‑step solutions to help developers pass audits quickly and reliably.
Self‑Check Checklist
Initial reviews focus on whether the Mini Program can be launched; subsequent reviews assess whether the new changes introduce new risks.
Change Details – Identify what features were added, optimized, or fixed.
Review Risks – Check for forced login, forced sharing or payment, prohibited content (e.g., pornographic or politically sensitive material), and multimedia uploads.
Service Category – Ensure new capabilities still match the declared service category.
User Privacy – Verify that no personal data (phone number, nickname, avatar, location, etc.) is collected without explicit user consent.
Completeness – Confirm that all functions are operational, edge cases are handled, the app works without a logged‑in user, and a test account is provided if needed.
Standard Submission Template
本次版本变更:
1. 新增:
2. 优化:
3. 修复:
测试账号(非必需):
账号:
密码:
补充说明(非必需,以下只是举例):
1. 本次是否涉及新增用户隐私信息收集?
2. 本次是否涉及支付、内容发布或外链?
3. 本次是否涉及服务类目或资质变化?Typical Rejection Scenarios and Solutions
01 Privacy Agreement Not Updated
If the Mini Program has not integrated the official privacy agreement after the first successful launch, the reviewer will reject the submission. The fix is to update the privacy agreement in the backend under Account Settings → Service Content Declaration → User Privacy Protection Guidelines → Complete .
02 Content Security
When the app allows users to upload media, reviewers may test the upload endpoint with prohibited images. If the server cannot block these images, the review is rejected.
Short‑term fix: Submit an appeal explaining that the admin console can handle illegal images and that accounts can be disabled. This only works occasionally.
Long‑term fix: Integrate WeChat’s asynchronous multimedia content‑security API. The flow is: user uploads avatar → avatar is temporarily stored in the cloud → async request to WeChat for content check → server receives callback → if approved, the avatar is finally applied.
Official API documentation: https://developers.weixin.qq.com/miniprogram/dev/server/API/sec-center/sec-check/api_mediacheckasync.html
03 Avoid Mixing Official Branding
Do not embed WeChat’s logo or brand wording in the Mini Program’s UI, as it may confuse users about the source of the content. Remove such elements and resubmit.
04 Force Login on First Open
WeChat now forbids forcing a login before the user experiences any functionality. Reviewers reject submissions that immediately request phone number, avatar, or nickname.
Guest mode: Users enter the Mini Program, receive a silent login token, and the server enforces content access based on guest permissions.
Implementation details are described in earlier articles on dual‑token login and silent login designs (URLs: https://mp.weixin.qq.com/s?__biz=Mzk0NDI1NzI2Mw==∣=2247488057&idx=1&sn=3a34435cdd758445d20ca231b9d20a8d&scene=21, https://mp.weixin.qq.com/s?__biz=Mzk0NDI1NzI2Mw==∣=2247487658&idx=1&sn=0813592e7e7d2c52f09128b5b50199b0&scene=21).
Final Advice
Do not treat the review as the final step. Stable practice is to consider review requirements throughout development, testing, material preparation, and release planning.
Official rejection guidelines are available at https://developers.weixin.qq.com/minigame/product/reject.html.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Eric Tech Circle
Backend team lead & architect with 10+ years experience, full‑stack engineer, sharing insights and solo development practice.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.
