Apple 如何知道您使用的是私有 API? [英] How does Apple know you are using private API?

问题描述

我向 Apple 提交了一个没有任何源代码的二进制文件.

I submitted a binary file to Apple without any source code.

除了手动检查源代码之外，Apple 如何知道使用了什么以及您调用了哪些 API?

Apart from manually checking the source code how does Apple know what was used and what APIs you have called?

推荐答案

我知道有 3 种方法.这些只是一些猜测，因为我不在 Apple 审核团队工作.

There are 3 ways I know. These are just some speculation, since I do not work in the Apple review team.

这将列出应用程序链接到的所有库.显然你不应该使用的东西，比如 IOKit 和 WebKit 可以通过这个检测到.

This will list all libraries the app has linked to. Something clearly you should not use, like IOKit and WebKit can be detected by this.

这将列出所有链接的符号.这个可以检测

This will list all linked symbols. This can detect

• 未公开的 C 函数，例如 _UIImageWithName;
• Objective-C 类，例如 UIProgressHUD
• Ivar，例如 UITouch._phase(这可能是 拒绝过去几个月基于 Three20 的应用.)

• Undocumented C functions such as _UIImageWithName;
• Objective-C classes such as UIProgressHUD
• Ivars such as UITouch._phase (which could be the cause of rejection of Three20-based apps last few months.)

Objective-C 选择器存储在二进制文件的一个特殊区域，因此 Apple 可以从那里提取内容，并检查您是否使用了一些未公开的 Objective-C 方法，例如 -[UIDevice setOrientation:].

Objective-C selectors are stored in a special region of the binary, and therefore Apple could extract the content from there, and check if you've used some undocumented Objective-C methods, such as -[UIDevice setOrientation:].

由于选择器独立于您要发送消息的类，即使您的自定义类定义了与 UIDevice 无关的 -setOrientation:，也有可能被拒绝.

Since selectors are independent from the class you're messaging, even if your custom class defines -setOrientation: irrelevant to UIDevice, there will be a possibility of being rejected.

您可以使用 Erica Sadun 的 APIKit 来检测由于 (私有 API 的误报.

You could use Erica Sadun's APIKit to detect potential rejection due to (false alarms of) private APIs.

(如果你真的真的真的很想解决这些检查，你可以使用运行时功能，例如

(If you really really really really want to workaround these checks, you could use runtime features such as

• dlopen，dlsym
• objc_getClass、sel_registerName、objc_msgSend
• -valueForKey:;object_getInstanceVariable、object_getIvar 等

• dlopen, dlsym
• objc_getClass, sel_registerName, objc_msgSend
• -valueForKey:; object_getInstanceVariable, object_getIvar, etc.

获取那些私有库、类、方法和变量.)

to get those private libraries, classes, methods and ivars. )

这篇关于Apple 如何知道您使用的是私有 API?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！