My iOS app has gone through multiple releases. I just added another feature (playing audio files using facebook audio360 tbe format), and the app got rejected with the wording:
From Apple
2. 3 Performance: Accurate Metadata Guideline 2.3.1 - Performance
We discovered that your app contains hidden features. Specifically, It
would be appropriate to remove all code obfuscation and selector
mangling from this app before resubmitting for review.
The next submission of this app may require a longer review time.
Next Steps
Review the Performance section of the App Store Review Guidelines.
Ensure your app is compliant with all sections of the App Store Review Guidelines and the Terms & Conditions of the Apple Developer
Program.
Once your app is fully compliant, resubmit your app for review.
Submitting apps designed to mislead or harm customers or evade the
review process may result in the termination of your Apple Developer
Program account. Review the Terms & Conditions of the Apple Developer
Program to learn more about our policies regarding termination.
If you believe your app is compliant with the App Store Review
Guidelines, you may submit an appeal. Alternatively, you may provide
additional details about your app by replying directly to this
message.
I am not performing "code obfuscation and selector mangling", has submitted an appeal, which was also rejected pointing to the same guideline.
I am using objective-c with some swift, Xcode 9, Product -> Archive -> Submit to App Store... Is it doing some obfuscation that I could turn off?
Perhaps your audio playing feature is using a 3rd party framework which does use code obfuscation?
In any case, you can use the /usr/bin/nm tool for outputting the symbols within your raw executable and see if any of those look "mangled" in any way.
It's most probably a 3'rd party library that does that.
I used Hopper to get to know the library.
First, unzip the ipa and get the app file.
Second, Drag it to Hopper and start scanning it.
Third, search for the mangled selectors.
Related
I got response from Apple Review Team:
Dear Developer,
Your app, extension, and/or linked framework appears to contain code
designed explicitly with the capability to change your app’s behavior
or functionality after App Review approval, which is not in compliance
with section 3.3.2 of the Apple Developer Program License Agreement
and App Store Review Guideline 2.5.2. This code, combined with a
remote resource, can facilitate significant changes to your app’s
behavior compared to when it was initially reviewed for the App Store.
While you may not be using this functionality currently, it has the
potential to load private frameworks, private methods, and enable
future feature changes.
This includes any code which passes arbitrary parameters to dynamic
methods such as dlopen(), dlsym(), respondsToSelector:,
performSelector:, method_exchangeImplementations(), and running remote
scripts in order to change app behavior or call SPI, based on the
contents of the downloaded script. Even if the remote resource is not
intentionally malicious, it could easily be hijacked via a Man In The
Middle (MiTM) attack, which can pose a serious security vulnerability
to users of your app.
Please perform an in-depth review of your app and remove any code,
frameworks, or SDKs that fall in line with the functionality described
above before submitting the next update for your app for review.
Best regards,
App Store Review
I check my code again and I see AFNetworking included methods: performSelector:, method_exchangeImplementations(), respondsToSelector:
I intend to tell Apple that AFNetworking is an opensource and legal but I think Apple will NOT trust me
So I have 2 questions:
Does Apple ask me to remove AFNetworking from my code after they know AFNetworking included respondsToSelector:, performSelector:, method_exchangeImplementations()
As the way Apple see AFNetworking, is AFNetworking legal? Are there any documents to prove it?
After getting the same message and reading in different forums, it is possible you are using a 3rd party service which allows you to alter the code after uploading the app to the AppStore.
The most popular service for that is Rollout.io, which I had to remove from my own app.
I strongly doubt that AFNetworking would cause you any issues (still looking for an answer from Apple myself, and will update when they do answer)
Update: Apple has approved my app, meaning it was Rollout.io indeed. I believe it'll be true for any 3rd party code injection tool.
I still have AFNetworking, so no problems there.
This is my first attempt to implement an anti-piracy code in my App.
I am using the Landon Fuller method (LC_ENCRYPTION_INFO).
This method is based on the App being encrypted when downloaded from the App store.
I checked and found out that downloaded Apps are indeed encrypted. I also found out that when I create my App in Xcode - even if I use Release build - the App is not encrypted yet.
Here's my question: When I upload the App to Apple using Application Loader, will they test it after it has been encrypted or will they test it in its unencrypted form? The latter will cause the App not to function properly, which will of course result in the App not being approved.
This article is old and thats the wrong way to deal with piracy. (using In-Apps you can verify purchase)
Most chances the app will be rejected because of using undocumented APIs,
the Author himself state he is not using it anymore.
quote from the page:
However, there's a problem -- none of this is documented by Apple. While most of the APIs and file formats are public, the actual distribution format is not. Apple could change the signature format, the meta-data plist, or any other distribution component at any time, at which point your copy protection may raise a false positive, and your paying customers will be wondering why you're wasting their time.
So the answer for your question is dont worry how they going to test it because it wont pass.
I want to know if an app developed with QuickConnect, and uploaded on AppStore will be approved by Apple successfully or will there be any specific terms and conditions for this type of app?
Apple used to have a policy banning apps that were not written on C,Objective-C, or C++. Tha policy has long since changed. So long as your app is completely compiled and does not include any language runtime or interpreters, you should be fine. The reason to be concerned is section 2.8 of the App Store Review Guidelines (Login required), which states:
2.8 Apps that install or launch other executable code will be rejected
That said, it doesn't sound like you'll have a problem.
I'm not familiar with QuickConnect in particular, but other projects that build "native-ish" apps by wrapping web applications in a UIWebView (PhoneGap and Appcelerator being the best known of these) have had no problem getting approved for the App Store. I bet you'll do fine.
I'm about to submit my apple iOS app for the first time,
and have a few general questions regarding submission.
1) Can I choose the platform specifically, like iPad or iPhone, but not both?
2) My app runs well in general, but keeps receiving a warning at a certain point of the app, and often crashes. How strict is Apple with that, and could that be a cause of rejection?
3) What is the uploading process like? Do I get to manually upload all the classes and resources and frameworks, or is there a single magical way that uploads everything for me?
4) Is it required to have a website that supports the app? or can I just leave it blank?
*added:
5) if it gets rejected once, can I re-apply with the same app?
1) It is a project setting. It will require some extra work on your part if you plan on releasing both an iPhone and iPad version (multiple xibs, etc).
2) Run your app through instruments and try to reduce memory leaks. Also, if you are dealing with large images in your app, do it sparingly and be sure to release everything properly (one of the main reasons for app crashes in my experience).
3) You'll build the app for release and have it signed with your developer certificate (Xcode will do this for you once you have it all setup). Then you'll run through the web interface filling out app information, uploading screenshots, and finally the zipped .app package which you built earlier. Make sure you don't have any spaces in the zip filename, and don't change your .app name.
4) You don't need a website for support, but it if is required just link to one of your personal sites (twitter, etc).
5) You can resubmit to your hearts content until Apple finally approves your app. But, you USUALLY won't have an issue with rejection unless you are doing something Apple has explicitly banned or your app is in such a bad state that the testers can't even test it.
5) Yes you can resubmit, as many times as you want. You don't even have to increase the version number (except maybe for your own internal accounting). It depends on the cause of rejection though - if it's a bug you fixed, it's one thing; if it's a rejection because of policy violation, resubmission won't help you much.
Before your app can be reviewed, the following issues must be corrected:
Invalid Binary Architecture - iOS 3.0 introduced support for multiple binary architectures. If your binary is built for multiple architectures, your Info.plist must have a MinimumOSVersion key with a value of at least 3.0. Additionally, if your app is intended to support earlier iPhone and iPod touch models, your app must contain at least an armv6 binary; "thin" armv7-only binaries will not be accepted unless the armv7 required device capability is also present in the Info.plist UIRequiredDeviceCapabilities key or the MinimumOSVersion key has a value of 4.3 or higher.
For more information, see Technical Q&A QA1707 at: http://developer.apple.com/iphone/library/qa/qa2010/qa1707.html.
Once these issues have been corrected, go to the Version Details page and click Ready to Upload Binary. Continue through the submission process until the app status is Waiting for Upload and then use Application Loader to upload the corrected binary.
1) You do it with your app.
2) If it crashes when they are testing it it will be rejected.
3) You build the app, zip it, and upload.
4) You have to put in some info. It should probably exist.
I made an iPhone application that displays a couple of pictures from the internet
where you can comment on (iPhone sms bubble style )
My app was rejected because of:
We cannot post this version of your iPhone application to the App Store
because it violates section 3.3.3 of
the iPhone SDK Agreement;
"Without Apple's prior written
approval, an Application may not
provide, unlock or enable additional
features or functionality through
distribution mechanisms other than the
iTunes Store."
If you would like to provide an
invitation-only pre-release version of
your application to a group of
friends, then we encourage you to use
the Ad Hoc application distribution
method. Please go to the Distribution
Tab in the iPhone Developer Portal for
complete information on Ad Hoc
distribution.
But what does it mean? I surfed a little on the internet and found out that this covers applications that have similarity to applications by Apple?
Does anyone have experience with that? And know how to solve this issue?
I got official response from apple
The website component of the
application is currently not available
to the general public. If you would
like to provide an invitation-only
pre-release version of your
application to a group of friends,
then we encourage you to use the Ad
Hoc application distribution method.
Please go to the Distribution Tab in
the iPhone Developer Portal for
complete information on Ad Hoc
distribution.
Section 3.3.3
Without Apple’s prior written
approval, an Application may not
provide, unlock or enable additional
features or functionality through
distribution mechanisms other than the
App Store.
That means, for example, that you are not allowed to enable your application to download music or podcast files. Apple wants the owner of iPhones to use iTunes for that purpose.
You seem to violate that section since you're providing content from your site, even if you're downloading only pictures.
See this blog entry about the PodCaster app:
Podcaster quite obviously serves to
unlock a feature using a distribution
mechanism outside the iTunes Store.
This limitation would also include
apps that are designed to install
other apps independent of iTunes (such
as the Cydia jailbreak app - it’s not
in the Apps Store either), or any
other app that distributes song, TV,
or movie downloads or podcasts.
See also this answer here on Stack Overflow: Reasons for rejecting iPhone application by Apple store
Or they believe you used the open SDK to reuse the bubble control from the SMS app.
Can you post a screenshot?