6月份后,RN应用一直被APPLE拒审,有人审核通过吗



  • 2017年6月8日 上午4:37
    发件人 Apple

    1. 5 Performance: Software Requirements
      Hello,

    Thank you so much for your patient, upon the further revision, we found that this app, or a library embedded within it, contains functionality which is able to execute remote javascript as native code. It would be appropriate to fully remove any and all features similar to this before resubmitting for review.

    We hope you can make the necessary revision and we look forward to review your app again.

    Best regards,

    App Store Review
    2017年6月7日 下午11:35
    发件人 Apple
    Hello,

    We apologize for the delay.

    Your app is still in review but is requiring additional time. We will provide further status as soon as we are able.

    Thank you for your continued patience.

    Best regards,

    App Store Review

    2017年6月7日 上午10:05
    发件人 *******
    This is the fourth Software Requirements,I had already delete 'react-native-update'.The methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations() are only in the third SDK 'react-native'.Are you mean the SDK 'react-native' was forbidden?
    If not, could you tell us which class violate the rules?the class name.Thanks!
    2017年6月7日 上午8:28
    发件人 Apple
    Guideline 2.5.2 - Performance - Software Requirements

    Your app, extension, or linked framework still appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with App Store Review Guideline 2.5.2 and section 3.3.2 of the Apple Developer Program License Agreement.

    This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.

    Next Steps

    To resolve this issue, please perform an in-depth review of your app and remove any code, frameworks, or SDKs that fall in line with the functionality described above and resubmit your app’s binary for review.

    我提交了四次,,已经删除了react-native-update组件,依然通不过审核,如果apple是通过使用判定使用dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations()这些方法的话,我实在不知道咋办了,在Xcode全局搜索。RCTUtils.m文件多次调用这些方法,,其他三方的组件有调用这些方法的我都已经删除了,比如learnCloud.


  • administrators

    贴一下package.json



  • 你可以看下是不是第三方库的问题,这个问题我遇到过,是高德地图第三方库的问题,现在苹果被拒的热更新好像是JSPatch吧



  • 此回复已被删除!


  • @晴明 谢谢了
    "dependencies": {
    "blueimp-md5": "^2.6.0",
    "classnames": "^2.2.5",
    "lodash": "^4.17.3",
    "moment": "^2.17.1",
    "react": "15.4.1",
    "react-native": "0.39.2",
    "react-native-circular-progress": "^0.0.8",
    "react-native-collapsible": "^0.7.0",
    "react-native-cookies": "^2.0.0",
    "react-native-device-info": "^0.9.7",
    "react-native-fileupload": "^1.2.0",
    "react-native-image-picker": "0.24.1",
    "react-native-modalbox": "latest",
    "react-native-mtj": "^1.0.2",
    "react-native-pathjs-charts": "^0.0.22",
    "react-native-scrollable-tab-view": "^0.7.0",
    "react-native-storage": "^0.1.4",
    "react-native-update": "^4.0.2",
    "react-native-webview-bridge": "^0.33.0",
    "react-timer-mixin": "^0.13.3"
    },
    "devDependencies": {
    "babel-jest": "18.0.0",
    "babel-preset-react-native": "1.9.1",
    "jest": "18.0.0",
    "react-test-renderer": "15.4.1",
    "shelljs": "^0.7.5"
    },
    "jest": {
    "preset": "react-native"
    }



  • @Dreamhai 用到的三方只有友盟了
    ![alt text](0_1496889269035_3219E23A-7F7A-42ED-8975-8EEE11142418.png image url)


  • administrators

    我记得友盟也是含有jspatch的?



  • @晴明
    删除友盟,任然被拒了......



  • 此回复已被删除!


  • @nazihead 楼主的应用现在什么情况?找到什么原因没过了吗?



  • 楼主是被辞退了吗...



  • @shitb 我倒是想走,,



  • @nazihead 我们公司这边IOS发版已经耽搁两个月了,一直处于等待审核状态,听你这么说,胆战心惊,还要被fire



  • @alexlili 等待审核那么久是进了苹果黑名单了,,,不过给审的,苹果最近抽风了。。试试找下三方的公司加急下,我们公司就打算这么干。几千块。据说是无效退款
    fire就换一家呗,,



  • 我第一次提交就通过了


登录后回复