前段时间提交AppStore的时候,很悲催的收到Reject邮件,其中有一条是我们的app里包含了dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations()等方法,让删除。
如下描述:
This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app
...
我在工程代码里搜索了一下,果然,MJRefresh,AFN,还有Realm数据库也用到了dlsym()。其中我们自己写的代码里,用到的performSelector等方法不尽其数。如果把这些都去掉,那简直是不可能完成的任务,我想了好长时间,又仔细查找了其他的库。最终发现,是因为百度统计,我们使用了4.3版本,其中包含了一些动态执行的代码,替换4.5版本以上,重新打包提交AppStore,噢耶,可以啦!
总结:
当初我怀疑Realm,MJRefresh, AFN, 这些是不是无法通过审核,后来可以确定的是,这些库没有问题。
所以,遇到这个问题的小伙伴,检查一下你是不是用了低版本的百度统计,祝好运。
网友评论