Highlighted

Apple Appstore rejections - Guideline 2.5.2 - Performance - Software Requirements.

Community Beginner ,
Jul 04, 2018

Copy link to clipboard

Copied

Hello Adobe!

We got this reject from Apple for our app which uses AIR SDK version: 30.0.0.107.

Do you use any "hot code push" features in AIR SKD? Something else that uses dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations()?
I found those three in IPA with "nm" tool: dlopen(), dlsym(), method_exchangeImplementations().

----------

Guideline 2.5.2 - Performance - Software Requirements.

Your app, extension, or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with App Store Review Guideline 2.5.2 and section 3.3.2 of the Apple Developer Program License Agreement.

This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.

TOPICS
Development

Views

1.5K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Apple Appstore rejections - Guideline 2.5.2 - Performance - Software Requirements.

Community Beginner ,
Jul 04, 2018

Copy link to clipboard

Copied

Hello Adobe!

We got this reject from Apple for our app which uses AIR SDK version: 30.0.0.107.

Do you use any "hot code push" features in AIR SKD? Something else that uses dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations()?
I found those three in IPA with "nm" tool: dlopen(), dlsym(), method_exchangeImplementations().

----------

Guideline 2.5.2 - Performance - Software Requirements.

Your app, extension, or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with App Store Review Guideline 2.5.2 and section 3.3.2 of the Apple Developer Program License Agreement.

This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.

TOPICS
Development

Views

1.5K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Jul 04, 2018 0

Have something to add?

Join the conversation