「iOS」热更新审核被拒的解决方法

「iOS」热更新审核被拒的解决方法

最近很多人提交到App Store审核被拒,作者我也不列外,提交了好几个版本,都一一被打回了,而且你去问他们的审核团队什么地方有问题,他们也只会搪塞几句,说等他们要再复查下,基本没下文了,所以做人还得靠自己。

这是苹果的答复:

Thank you for your response. Your application is still in review but is requiring additional time. We will provide further status as soon as we are able. Thank you for your continued patience.

尼玛这就是连发好几封邮件,追着客服问的结果,扎心

好了废话扯多了,进入正题,本人的项目中没有引入jspath,所以我想到应该不是我这边的问题,而且网上都说是第三方的问题,于是楼主就从第三方的sdk入手。以下是楼主接入的第三方:jpush,bugly,百度地图,百度导航,讯飞语音。度娘下看到bugly有热更新,说更新到最新版本就没问题了,但是他们的技术论坛中有人说道最新的2.4.7也有问题,查看公告。 慎重起见,算了就直接用jpush的崩溃日志了,满心欢喜提交,结果:

发件人 Apple
2. 5 Performance: Software Requirements (iOS)
Performance - 2.5.2
Your app, extension, and/or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with App Store Review Guideline 2.5.2 and section 3.3.2 of the Apple Developer Program License Agreement.
This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.
Next Steps
Perform an in-depth review of your app and remove any code, frameworks, or SDKs that fall in line with the functionality described above and resubmit your app’s binary for review.

对,又被拒了,当时就有点搞不懂了,难道还有那些第三方有问题,但是楼主其它的sdk在网上都没有没说涉及热更新的,但没办法继续查,度娘+google,结果发现有人说讯飞语音以前的framework涉及到一些私有方法,算了死马当活马医把,更新提交,焦急等待,结果。。。。。。。懵逼了,同样的理由被拒。

最后我在技术交流群里沟通了下,了解到可以打印下第三方的.a文件看看,看有没有 dlopen(), dlsym(),命令行:

nm -u libwechaat.a >> xxx.txt

生成的txt文件在finder中查找下。

终于我在百度导航的.a文件中看见了 _dlopen _dlsym,一看有戏,应该就是百度导航的锅(我的百度导航的版本2.0.7),马上更新到最新版本3.1.0,再次提交,审核通过,万岁 (前前后后提交了10个版本,终于过了,这几天被项目经理追着问进度,不说了都是泪)

最后附上我在集成百度地图和百度导航的遇到的问题,大家可以参考下(最新的地图sdk3.3.1和最新的导航sdk3.1.0,发现编译是OK的,但一调用百度地图,项目就奔溃了,连个日志都没有,在他们的论坛查看了下,也有人遇到了问题,最后我用百度地图V3.0.0和导航3.1的编译ok,运行ok,这个问题可能大家不一定会遇到,可能是楼主自己的问题,大家参考下就行了)

编辑于 2018-08-12

文章被以下专栏收录

    用文章的方式记录分享自己上架的每个App项目过审与被拒的详细经历(“金融类APP5.2.1被拒”“4.2 最低功能要求被拒”“2.1 App完成度被拒”“金融类APP上架审核被拒3.2.1缺少金融许可证被拒”“没有贷款资质被拒”“3.2(f)上架被拒”“准确的元数据被拒”“4.2.1App被拒”“IOS 2.1狗年大礼包”“4.2.2 被拒”“垃圾应用或相似的马甲包被拒”),分享帮助IOS开发经验。互相学习交流,经常会持续不断更新,也欢迎其它朋友一起来补充,增加,一起相互学习,共同进步,如有问题没有及时回复可以发邮件到我的邮箱ioszhifu88@tom.com

    q2205357007可上架各类被拒无资质App,提供公司开发者账号