http://blog.csdn.net/drunkard_001/article/details/60867627
今天早上被一封来自iTunes Store的邮件给整的忐忑起来,邮件内容是这样的:
- 2017年3月8日 上午8:16
- 发件人 Apple
- Dear Developer,
- Your app, extension, and/or linked framework appears to contain code designed explicitly with the capability to change
- your app’s behavior or functionality after App Review approval, which is not in compliance with section 3.3.2 of the Apple
- Developer Program License Agreement and App Store Review Guideline 2.5.2. This code, combined with a remote resource, can
- facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may
- not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future
- feature changes.
- This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:,
- performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior or call SPI,
- based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be
- hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.
- Please perform an in-depth review of your app and remove any code, frameworks, or SDKs that fall in line with the
- functionality described above before submitting the next update for your app for review.
- Best regards,
- <div style="text-align: right;"><span style="font-family: Arial, Helvetica, sans-serif;">向 App 审查委员会提交上诉。</span></div><div style="text-align: right;"><span style="font-family: Arial, Helvetica, sans-serif;"> App Store Review</span></div>
- <div style="text-align: right;"><span style="font-family: Arial, Helvetica, sans-serif;">使用下面的栏位向 App 审核团队提问或提供额外信息。了解更多</span></div>
如果你使用有JSPatch的话倒是可以理解,因为它在严格意义上讲确实违反了Apple开发人员计划许可协议和应用的第3.3.2节商店审查指南2.5.2,但是对于我们这些没有使用JSPatch的开发者来说就有点无辜被连累的感觉,不过莫要惊慌!你没有使用JSPatch并不代表你使用的第三方没有使用啊!现在已经确定使用有JSPatch或者使用有类似违反苹果政策的第三方有以下几个:
1.高德地图的SDK;2.腾讯的Bugly;3.BugTags(也是一个类似于腾讯Bugly的产品);4.个推;5.百度移动统计;
另外,respondsToSelector:, performSelector这两个方法不会造成审核被拒,本人项目中多处使用这些方法,并且已经在3月15日审核通过了,所以,请诸位勿要惊慌。顺便加几个链接,可能会对你有用
1.关于苹果警告的理解:http://blog.cnbang.net/internet/3374/
3.Apple向热更新下达最后通牒:http://www.skyfox.org/apple-2017-hot-patch.html