Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with getentropy and App Store #668

Closed
MoNTE48 opened this issue Mar 3, 2021 · 9 comments
Closed

Issue with getentropy and App Store #668

MoNTE48 opened this issue Mar 3, 2021 · 9 comments
Labels
2.1 enhancement iOS

Comments

@MoNTE48
Copy link

MoNTE48 commented Mar 3, 2021
edited

ITMS-90338: Non-public API usage - The app references non-public symbols in ***: _getentropy. If method names in your source code match the private Apple APIs listed above, altering your method names will help prevent this app from being flagged in future submissions. In addition, note that one or more of the above APIs may be located in a static library that was included with your app. If so, they must be removed. For further information, visit the Technical Support Information at http://developer.apple.com/support/technical/

570e758#diff-11fdc83eeaa7032904efe2cb664a276453eb1cf8efcc8880cb69b61a3ad9763f
@MikePall
Copy link
Member

MikePall commented Mar 4, 2021

Errr ... Apple docs present getentropy() as the preferred way to get trusted random numbers for iOS:
https://support.apple.com/guide/security/random-number-generation-seca0c73a75b/web
So, why on earth would they not allow using this in an app? That's an insane policy and should be called out on an Apple forum.

Please escalate it there -- I can't do anything about it. I'm not willing to back down on generally recommended security practices.

@MoNTE48
Copy link
Author

MoNTE48 commented Mar 4, 2021
edited

Well, I had to modify the code to set #define LJ_TARGET_HAS_GETENTROPY=0. After that, my build was immediately accepted and approved.
I am asking to be able to set this via CFlags, because patches complicate my build system!

Upd. https://developer.apple.com/forums/thread/675396

@MoNTE48
Copy link
Author

MoNTE48 commented Mar 4, 2021

@MikePall, as the forum said, this is a really private API and Apple does not mention it anywhere in the developer documentation. And indeed, I have checked the documentation. Not a word about using getentropy() by third party apps...
Please, make using getentropy() optional and configured by compilation flags for iOS/macOS.

@corsix
Copy link

corsix commented Mar 4, 2021

I don't see anything insightful in those forum comments; just random people trying to draw inferences from nothing. One potential source of insight is what other people/projects do, which seem to point at SecRandomCopyBytes for iOS:

  1. Docs at https://docs.rs/getrandom/0.2.2/getrandom/ and source at https://docs.rs/crate/getrandom/0.2.2/source/src/ios.rs
  2. https://www.mikeash.com/pyblog/friday-qa-2011-03-18-random-numbers.html

@MikePall
Copy link
Member

MikePall commented Mar 4, 2021

Sigh. I really wonder why I still bother to dance around every single instance of Apple eccentricity. I guess my next project will have an: #if __APPLE__ #error "Buy a computer you really own" #endif

Anyway, if you disable getentropy() you'll just get /dev/urandom ... which apparently works on iOS? Otherwise LuaJIT wouldn't even start up.

Can you please confirm that after your change it does access /dev/urandom and starts up correctly on iOS (in the released app, not just in developer mode)? Then I can simply disable getentropy() for iOS.

Not keen on linking to frameworks for something which is a one-line wrapper around a syscall. A publicly documented cross-platform syscall used by all modern BSD-like operating systems, mind you.

@MoNTE48
Copy link
Author

MoNTE48 commented Mar 4, 2021

Well, on iOS, we either play by the rules or buy Android.
(For me personally, Pure Android like Pixel looks not enough, Samsung or any other looks too bloatware-overloaded. Buying a phone for ~$1000 to disable protection, hack and install Custom ROM – I appreciate my time...)
On macOS, we have ample freedom. Perhaps modifying system files gets harder with each release, but it's still better Windows for me.

Can you please confirm that after your change it does access /dev/urandom and starts up correctly on iOS (in the released app, not just in developer mode)? Then I can simply disable getentropy() for iOS.

Yes, my app with #define LJ_TARGET_HAS_GETENTROPY=0 has been in the App Store for 2 days and I have 80k+ sessions according to analytics. It's okay with that.

A publicly documented cross-platform syscall used by all modern BSD-like operating systems, mind you.

Well, I am a developer of a fairly popular application and I think I can try to get an official answer from Apple. But again – I value my time and I think the answer will be exactly the same as on the forum – this is a private API, do not use it... 🙁

@MoNTE48
Copy link
Author

MoNTE48 commented Mar 4, 2021
edited

image
image
Well, in so many years I have never tried this. My English is terrible and if anyone can help with a description of the problem, I'll just sent it to Code-Level Support.

@MikePall
Copy link
Member

Since we seem to have no choice, I've disabled getentropy() use for iOS.

@wyattoday
Copy link

Just FYI, Apple does have a public API since iOS 8.0 and macOS 10.11: CCRandomGenerateBytes()

Here are a couple of examples:

wyday/mod_cspnonce@f5c6bf0

weidai11/cryptopp#1135

Yes, their getentropy() policy is confusing and conflicts with their docs.

@thomcc thomcc mentioned this issue Oct 4, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2.1 enhancement iOS
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@corsix @MikePall @MoNTE48 @wyattoday