iOS软件不移除热更新将导致6月12日下架



  • RN的热更新使用也会受影响吗????


  • administrators

    和3月的警告没有区别,仅针对jspatch,不影响RN和RN的热更新



  • 谢谢,晴明老师!



  • @晴明 2017年6月3日 上午12:27
    发件人 Apple

    1. 5 Performance: Software Requirements
      Hello,

    Thank you for your response.

    The code referenced in our initial rejection message is designed explicitly with the capability to change your app’s behavior or functionality after it has been approved to the App Store.

    Any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior or call SPI, based on the contents of the downloaded script is considered not appropriate and needs to be removed from your app’s binary. Even if the code is not intended to be malicious, the security risks it poses to users is significant.

    To ensure your users are protected, perform an in-depth review of your app and remove any code, frameworks, or SDKs that facilitate the functionality outlined above.

    Best regards,

    App Store Review
    2017年6月2日 下午2:42
    发件人 ******
    I had alreadly delete the hotUpdate code,it will be appricate that you can tell me the detail that where I have combined with a remote resource and how can I go through this examine,thanks for reading this.
    2017年6月2日 上午4:34
    发件人 Apple
    Guideline 2.5.2 - Performance - Software Requirements

    Your app, extension, or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with App Store Review Guideline 2.5.2 and section 3.3.2 of the Apple Developer Program License Agreement.

    This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.

    Next Steps

    To resolve this issue, please perform an in-depth review of your app and remove any code, frameworks, or SDKs that fall in line with the functionality described above and resubmit your app’s binary for review.

    如果说苹果是禁用的dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations()这些方法的话,是不是RN框架就不能用了?dlopen及dlsym都调用了很多次



  • @nazihead 那就说无法通过自己搭建服务器下载jsbundle文件和assets资源文件的方式进行热更新了?



  • 0_1496628238265_image.png
    AFN里用到method_exchangeImplementations这个,会不会受到影响?


登录后回复