All geek questions in one place

How does Apple detect UDID access while viewing an application?

So, obviously, Apple has begun to reject applications that use [UIDevice uniqueIdentifier]. I heard reports that applications were rejected and approved last week, which use it (some of them pass, some do not). However, not one of the major ad networks (which do not generate revenue for my application) has yet come out with an API that does not use UDIDs. All of their APIs that are included in my application use it. They all say that they are working on a new API, and it will be released soon, but it may take several months.

It seems very strange to me that Apple will apply this policy through the application review process, and not through the new version of the OS, which simply does not allow it (and people have time for programming during beta testing).

All that said, my question is how exactly does Apple detect that you are viewing the UDID while browsing the application? Do they somehow scan the package to see if there is a call there, or do they track the system calls that are actually being made during application testing? I thought that I might not have turned to the advertising API if the user wants to pay, or by giving them the choice to advertise and, therefore, provide their UDID. But I need to understand if Apple deviates based on [UIDevice uniqueIdentifier] just compiles into your code or is detected based on what you call [UIDevice uniqueIdentifier] during the application validation test.

Please do not answer this question for reasons why you should not use [UIDevice uniqueIdentifier] or how to create your own UDIDs, etc. etc. My problem is the third-party libraries that I need, which do not yet have an alternative solution. The question is: how does Apple detect UDID access while viewing an application?

+6
source share
2 answers

They are known to use static analysis, which basically scans your compiled binary for compiled versions of calls for specific methods. They also use this to detect calls to private APIs. It may be possible to fool static analysis by constructing row selectors for creative purposes. Although this is in no way fair and discouraged.

But a more reliable method, most likely through the HTTP proxy, using your application, they can view HTTP traffic for any UDIDs that are sent. Which can be obtained by hashing or 2way encryption. It would also not be honest or recommended.

And when iOS6 comes out this summer, this method is likely to be completely removed, which makes all the obfuscation of its use completely controversial.

+7
source

It was reported that Apple uses static checks for all method signatures used in the application (in order to sometimes reject the application to use the same message signature for its own custom developer class as for one of Apple's non-public APIs.)

In addition, they also previously reported the launch of pending applications on special hardware and / or non-running versions of the OS, which may or may not include any hardware, for example, in network traffic.

+2
source

Source: https://habr.com/ru/post/911989/

More articles:


All Articles