performSelector 和 RespondsToSelector 是否被 App Store 禁止? [英] Are performSelector and respondsToSelector banned by App Store?
问题描述
我的最新版本已被 Apple 应用商店接受,但几天后我收到了下面引用的通知.
My latest build was accepted into the Apple app store, but I got the notice quoted below a couple of days later.
我的应用程序也使用了 Rollout.io,我明确询问了这是否是问题所在.还没有回复.
My app also uses Rollout.io, and I asked explicitly if this was the problem. No response yet.
如果 RespondsToSelector 或 performSelector 被禁止,是否有替代品?
If respondsToSelector or performSelector are banned, are there any replacements?
亲爱的开发者:
您的应用、扩展程序和/或链接框架似乎包含明确设计的代码,能够在应用审核批准后更改应用的行为或功能,这不符合 Apple 开发者计划许可的第 3.3.2 节协议和 App Store 审核指南 2.5.2.与最初在 App Store 中审核时相比,此代码与远程资源相结合,可以促进对应用行为的重大更改.虽然您目前可能没有使用此功能,但它有可能加载私有框架、私有方法,并支持未来的功能更改.
Your app, extension, and/or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with section 3.3.2 of the Apple Developer Program License Agreement and App Store Review Guideline 2.5.2. This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes.
这包括将任意参数传递给动态方法(例如 dlopen()、dlsym()、respondsToSelector:、performSelector:、method_exchangeImplementations() 和运行远程脚本以更改应用程序的任何代码行为或调用 SPI,基于下载的脚本的内容.即使远程资源不是故意恶意的,也很容易被中间人 (MiTM) 攻击劫持,这可能会给您的应用用户带来严重的安全漏洞.
This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.
请对您的应用进行深入审核,并删除任何符合上述功能的代码、框架或 SDK,然后再提交您的应用的下一次更新以供审核.
Please perform an in-depth review of your app and remove any code, frameworks, or SDKs that fall in line with the functionality described above before submitting the next update for your app for review.
编辑:苹果论坛提到了这一点:https://forums.developer.apple.com/thread/73640
EDIT: Apple forum mentions this: https://forums.developer.apple.com/thread/73640
推荐答案
被禁止的不是respondsToSelector:、performSelector:.禁令是将动态内容作为此方法的参数.例如,这不是禁止的:
It is not respondsToSelector:, performSelector: that are banned. The ban is on putting dynamic content as a parameter to this method. For example, this is not banned:
if([self.delegate respondsToSelector: @selector(myDelegateMethod)]) {
[self.delegate performSelector: @selector(myDelegateMethod)];
}
但是,此代码可能会被禁止:
However, this code might be banned:
NSString *remotelyLoadedString = .... (download from your backend)
[self performSelector: NSSelectorFromString(remotelyLoadedString)];
这篇关于performSelector 和 RespondsToSelector 是否被 App Store 禁止?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
