有赞新零售社区

发帖
API使用问题»急!请问你们的iOS App SDK之前有没成功提交苹果审核

急!请问你们的iOS App SDK之前有没成功提交苹果审核

magebeat 2017-03-10 4650 浏览 4 评论 | 只看楼主 [打印]
AppSDK
店铺名称: 蒲蒲团商城
UA: 隐藏内容
我昨天提交了集成有赞App SDK的版本到app store进行审核,但是被苹果打回。苹果回复的邮件如下:

Dear Developer,

Your app, extension, and/or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with section 3.3.2 of the Apple Developer Program License Agreement and App Store Review Guideline 2.5.2. This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes.

This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior or call SPI, based on the contents of the downloaded script. The Objective-C methods respondsToSelector: and performSelector: are still supported and allowed. For example, they can be used to check OS compatibilty before using a selector. However, you should only pass selectors to these methods, which are specified at compile time. If you think you are using static selectors, it’s possible a third-party framework you’ve added to your app is not in compliance. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.

Please perform an in-depth review of your app and remove any code, frameworks, or SDKs that fall in line with the functionality described above before submitting the next update for your app for review.

Best regards,

App Store Review


我们通过对比上一个上线版本,目前确定只新增了有赞App SDK。同时有赞App SDK接口文件里边有提到通过js与Objective-C代码进行交互的内容。所以我们目前怀疑是有赞这个SDK的实现方式导致App被苹果拒绝。由于我们的版本需要尽快过审上线,请尽快确认并帮忙提供一下解决方案。谢谢。
用手机打开
收藏 1 ··· 回复
    蒲蒲团商城   青铜   2017-03-10 | 只看该作者
    我刚从高德方面了解到,最近苹果加强了审核,对包含JS-Patch的应用的审核都被打回了。高德前天出了新版SDK解决这个问题。请问有赞什么时候能提供新版SDK解决?

    附高德方面对这个问题的描述的链接:http://lbsbbs.amap.com/forum.php ... 34&extra=page=1

      蒲蒲团商城 发表于 2017-3-10 11:07
      我刚从高德方面了解到,最近苹果加强了审核,对包含JS-Patch的应用的审核都被打回了。高德前天出了新版SDK ...


      你好:
      我们任何的SDK版本都可以使用~

      苹果那个警告根据现阶段的信息看,主要警告目标是JSPatch/wax/rollout类的热修复框架,特点是可以通过下载JS脚本调用/替换任意OC方法。若你们工程使用了这些热修复框架,或者你们用的SDK使用了这些热修复框架,都会跪。

      现阶段躺枪的SDK有Bugtags、个推、友盟、Bugly、高德等,建议你们排查下你们用的SDK。

        蒲蒲团商城   青铜   2017-03-10 | 只看该作者
        可乐_123456 发表于 2017-3-10 11:35
        你好:
        我们任何的SDK版本都可以使用~


        好的。我也留意到网上提到的这部分组件。目前我们正在处理中。非常感谢你们的答复。

          书香亭记   青铜   2017-04-07 | 只看该作者
          蒲蒲团商城 发表于 2017-3-10 11:07
          我刚从高德方面了解到,最近苹果加强了审核,对包含JS-Patch的应用的审核都被打回了。高德前天出了新版SDK ...


          请问你解决了吗,我因为这个最近提交两个都被拒绝了...

            1跳至
            您需要登录后才可以回帖 登录 | 立即注册

            本版积分规则

            复制链接
            新浪微博
            QQ空间
            微信扫码
            • 回复

            • 评分

            客服工作时间是9:00-18:00,客服妹子当前不在线,若不能及时回复请谅解。试试右上角的搜索吧,论坛有丰富的经验贴、公告贴,相信一定能够帮到您~

            复制成功