|
|
Dear Developer,
Your app, extension, and/or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with section 3.3.2 of the Apple Developer Program License Agreement and App Store Review Guideline 2.5.2. This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes.
This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.
Please perform an in-depth review of your app and remove any code, frameworks, or SDKs that fall in line with the functionality described above before submitting the next update for your app for review.
Best regards,
App Store Review
今天收到Apple的警告邮件。
应用中使用了JSPatch一段时间了,之前的版本是没有问题的。
而且这个通知邮件也不是在提交更新版本审核过程中收到,而是苹果主动发出的。
是否和JSPatch有关?
如果有关请问是否有解决方案。
其它开发者最近有收到类似邮件的话,也请分享一下。 请不要灌水。
Related Issue in Apple Developer Forums
Related Issue in react-native
Related Issue in AFNetworking
======================================================
wex5这个混合框架是不是也悬了? |
|
IP卡
狗仔卡
发表于 2017-3-8 16:02:30
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
