Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

苹果审核- 热更新审核不过。 #63

Closed
dazhifu opened this issue Oct 10, 2017 · 6 comments
Closed

苹果审核- 热更新审核不过。 #63

dazhifu opened this issue Oct 10, 2017 · 6 comments

Comments

@dazhifu
Copy link

dazhifu commented Oct 10, 2017

Your app, extension, or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with App Store Review Guideline 2.5.2 and section 3.3.2 of the Apple Developer Program License Agreement.

This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.

The next submission of this app may require a longer review time.

Next Steps

  • Review the Software Requirements section of the App Store Review Guidelines.
  • Ensure your app is compliant with all sections of the App Store Review Guidelines and the Terms & Conditions of the Apple Developer Program.
  • Once your app is fully compliant, resubmit your app for review.

Submitting apps designed to mislead or harm customers or evade the review process may result in the termination of your Apple Developer Program account. Review the Terms & Conditions of the Apple Developer Program to learn more about our policies regarding termination.

If you believe your app is compliant with the App Store Review Guidelines, you may submit an appeal. Alternatively, you may provide additional details about your app by replying directly to this message.
@dazhifu
Copy link
Author

dazhifu commented Oct 10, 2017

好像和用到dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations()这几个方法有关

@wpstarnice
Copy link

同问 现在wax还能用吗

1 similar comment
@yhhwatl
Copy link

yhhwatl commented Jan 18, 2018

同问 现在wax还能用吗

@1046683456
Copy link

不能用了,我提审测试了一下,成功被拒

@pantaopt
Copy link

难道现在的手游热更新是自己混淆代码的吗

@intheway
Copy link

developers should not use wax for hot fix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@intheway @dazhifu @yhhwatl @wpstarnice @1046683456 @pantaopt