App Store 审核被拒

项目中使用了高德地图 定位 SDK,然后提交审核,被拒:

发件人 Apple

  1. 5 PERFORMANCE: SOFTWARE REQUIREMENTS

Performance - 2.5.2

Your app, extension, and/or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with App Store Review Guideline 2.5.2 and section 3.3.2 of the Apple Developer Program License Agreement. This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.Next Steps Perform an in-depth review of your app and remove any code, frameworks, or SDKs that fall in line with the functionality described above and resubmit your app’s binary for review.

大概意思,说是你的 APP 中使用了一些代码 Code,然后这些 Code 可以和远程关联,通过下发一些脚本,改变你 APP 的行为。苹果认为,这样的下发脚本行为很可能会被劫持,导致 APP 被恶意篡,以及引起其它安全性问题。

因此,苹果让用户再次 Review 一下代码,并去掉相关的 Code。也就是去掉使用了热更新的代码,主要针对于使用了 JSPatch 的部分

我应用使用的 高德 定位 SDK,这里面 高德使用了 JSPatch。于是立刻打开 高德官网,在首页高德已经做出了回应:应对iOS热更新警告 高德发布升级包 。

重新下载相应 SDK,打包上传,审核通过。好险

你可能感兴趣的:(App Store 审核被拒)