MAS Build rejected with: Apps that use non-public APIs will be rejected

[slaskis]

• Electron version: 1.1.1
• Operating system: Mac OS X 10.11.4

After the entitlement fixes to the MAS builds in Electron 1.1.1 we now got this rejection message:

From Apple
2.5 - Apps that use non-public APIs will be rejected
2.5

The use of non-public APIs can lead to a poor user experience should these APIs change in the future, and is therefore not permitted. The following non-public APIs are included in your application:

: AXTextMarkerCreate
: AXTextMarkerGetBytePtr
: AXTextMarkerRangeCopyEndMarker
: AXTextMarkerRangeCopyStartMarker
: AXTextMarkerRangeCreate

If you have defined methods in your source code with the same names as the above-mentioned APIs, we suggest altering your method names so that they no longer collide with Apple's private APIs to avoid your application being flagged in future submissions.

Additionally, one or more of the above-mentioned APIs may reside in a library included with your application. If you do not have access to the library's source, you may be able to search the compiled binary using "strings" or "otool" command line tools. The "strings" tool can output a list of the methods that the library calls and "otool -ov" will output the Objective-C class structures and their defined methods. These techniques can help you narrow down where the problematic code resides.

If you are unable to reproduce this issue, ensure you are testing the exact version of the app that you submitted for review, and that you're doing so in a minimally privileged environment. See Technical Q&A QA1778: How to reproduce bugs reported against Mac App Store submissions.

For information on how to symbolicate and read a crash log, please see Technical Note TN2123 - CrashReporter.

And after running some commands to try to figure out where the private API:s might come from:

$ find dist/Example-mas-x64/Example.app/ -type f -perm -111 -print -exec strings {} 2> /dev/null \; | grep AXText
$ find dist/Example-mas-x64/Example.app/ -type f -perm -111 -print -exec otool -ov {} 2> /dev/null \; | grep AXText
$ find dist/Example-mas-x64/Example.app/ -type f -perm -111 -print -exec nm {} 2> /dev/null \; | grep AXText

We found that it is to be found in Electron Framework:

Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework
                 U _AXTextMarkerCreate
                 U _AXTextMarkerGetBytePtr
                 U _AXTextMarkerRangeCopyEndMarker
                 U _AXTextMarkerRangeCopyStartMarker
                 U _AXTextMarkerRangeCreate

And a quick google search takes us to this chromium code.

I'm guessing there will have to be some update to libchromiumcontent which skips these in the case of a MAS_BUILD?

But we're getting closer to be able to get Electron apps up on the App Store!

[zcbenz]

Thanks for reporting this back, those calls seem to be introduced by Chrome 50, I'll patch them out.

[mcfedr]

I have the same rejection

The use of non-public APIs can lead to a poor user experience should these APIs change in the future, and is therefore not permitted. The following non-public APIs are included in your application:

In framework '/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices':

AXTextMarkerCreate
AXTextMarkerGetBytePtr
AXTextMarkerRangeCopyEndMarker
AXTextMarkerRangeCopyStartMarker
AXTextMarkerRangeCreate

If you have defined methods in your source code with the same names as the above-mentioned APIs, we suggest altering your method names so that they no longer collide with Apple's private APIs to avoid your application being flagged in future submissions.

[mcfedr]

@zcbenz do you know when a new release will be made?

[mmm117]

Anyone confirm this fix work for MAS?

[slaskis]

I currently have an app waiting for review. I'll ping here when it's reviewed.

[slaskis]

It got through! Thank you @zcbenz, I believe we have a winner

[zcbenz]

@slaskis Awesome, thanks so much for testing the MAS build!

[mmm117]

@slaskis , did you submit a copy of U.S. Encryption Registration (ERN) approval when submitting your app to MAS?

As mentioned on this page, it seems we need to do it for all Electron built apps:
https://github.com/electron/electron/blob/master/docs/tutorial/mac-app-store-submission-guide.md

Cryptographic Algorithms Used by Electron
Depending on the country and region you are located, Mac App Store may require documenting the cryptographic algorithms used in your app, and even ask you to submit a copy of U.S. Encryption Registration (ERN) approval.

[slaskis]

@mmm117 actually I don't think we did, we selected "no" the first time and any updates only ask if we changed anything regarding encryption since the last release which we technically didn't :P

our app has no network communication though so maybe since we don't actually use TLS they let it pass? but who knows what happens behind the wall of app store reviews...

[mcfedr]

👍 I have done exactly the same thing

My app does use TLS

[mmm117]

@slaskis @mcfedr So Apple doesn't check actually and they just trust us? Since it mentioned if the app contains or incorporate cryptography, not necessarily use, we will need to answer "YES" then...

[mcfedr]

I recently read that any app, even native and using apple http libraries, has to answer yes, just for using https

[mmm117]

As I know, France also need this kind of approval, developer need to apply another approval from them if you sell your app in France too..

Good to read:
https://carouselapps.com/2015/12/09/mac-ios-applications-breaking-rules-removed/