All geek questions in one place

Do SelectSelector perform and respond to App Store locks?

My last build was accepted at the Apple App Store, but I received the notification below a couple of days later.

My application also uses Rollout.io, and I asked if this is really a problem. There is no answer yet.

If responsesToSelector or performSelector are forbidden, are there any replacements?

Dear Developer,

Your application, extension, and / or related structure appears to contain code that is explicitly designed to change the behavior or functionality of your applications after App Review approval, which does not comply with Section 3.3.2 of the Apple Developer Program License and Agreement and Overview of the Application Store 2.5. 2. This code, combined with a remote resource, can significantly affect the behavior of your applications compared to when it was originally reviewed for the App Store. Although you cannot use this function at present, it can load private frameworks, private methods, and include future changes to functions.

This includes any code that passes arbitrary parameters to dynamic methods such as dlopen (), dlsym (), responds to SoSelector :, performSelector :, method_exchangeImplementations () and runs remote scripts to modify the application behavior or call SPI, based on the contents of the loaded script . Even if the remote resource is not a malicious evil, it can be easily stolen using the Man In The Middle (MiTM) attack, which could pose a serious security vulnerability for users of your application.

Read the detailed description of your application and remove any code, frameworks or SDKs that correspond to the functions described above before sending the next update for your application to view.

EDIT : The Apple forum mentions the following: https://forums.developer.apple.com/thread/73640

+6
source share
4 answers

It does not respond. ToSelector :, performSelector: not allowed. The ban is for dynamic content to be a parameter of this method. For example, this is not prohibited:

if([self.delegate respondsToSelector: @selector(myDelegateMethod)]) { [self.delegate performSelector: @selector(myDelegateMethod)]; }

However, this code may be prohibited:

 NSString *remotelyLoadedString = .... (download from your backend) [self performSelector: NSSelectorFromString(remotelyLoadedString)];
+5
source

On March 8, 2017, Apple warned all developers about the introduction of JS. This includes libraries such as:

  • Jspatch
  • Rollout.io
  • AMapFoundation , since it includes JSPatch [edit: they now provide a new version without it]
  • Bugly , since it includes JSPatch [edit: they now provide a new version without it]
  • GTSDK , since it includes JSPatch [edit: they now provide a new version without it]
  • ...

If you use the JSPatch or Rollout.io service directly, you should stop using it.

If you are using a third-party supporter that is indirectly dependent on JSPatch, you should request an updated version of your third-party version that no longer includes JSPatch.

+2
source

The app store notification told you exactly what the situation is.

The features in question are not prohibited. What is forbidden uses these functions to get around the app store verification process and do things like calling private APIs or downloading and executing code. Application application applications must have all the code that they run compiled into them. They are also prohibited from using iOS private APIs. If the API is not documented, it does not work.

I assume that you know exactly what they are talking about, and you trying to get around the rules.

If you do not call private APIs, load scripts and use the performSelector function to call them, then you should appeal to the application’s overview panel, explaining that you , do, in detail, and as it is not a violation of the rules of the application store. If you really do not break the rules and have a legitimate reason for what you are doing, you are likely to be able to reverse your rejection, but you will need to provide full disclosure and a convincing argument as to why what you are doing without breaking Apple’s rules .

Their field, their ball, their rules. If you don’t want to play by the rules of Apple, the only real alternative is to try to extend your application to jailbreak devices, but this will most likely cost you membership in your developer program.

EDIT:

Based on your comment below, it seems like the problem is that the Rollout.io environment you are using is making js injection, which Apple now prohibits. I suggest that you do a search in the “Prohibit iOS app store”, etc.

0
source

dlopen

dlsym

respondsToSelector

performSelector

method_exchangeImplementations

Sometimes some people are used to thinking that all of the above methods are forbidden, but the exact problem is that these methods are limited by the use of parameters that are generated at runtime. For instance,

when we use

 SEL selector = NSSelectorFromString(@"stopProgress");

Allowed but

when we use

 SEL selector = NSSelectorFromString(@"%@", runtimeFunction);

Is not allowed!

0
source

Source: https://habr.com/ru/post/1015573/

More articles:


All Articles