最近提交app总是被拒,有时候在网上搜资料也没找到解决办法,我就想把我以前的一些被拒的问题总结一下,给同样遇到困难的朋友参考一下。
这是苹果的服务条款 Terms & Conditions。
我们平时审核规则是依据App Store审查指南App Store Review Guidelines。
一、访问权限的描述
Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage
We noticed that your app requests the user’s consent to access their camera but does not clarify the use of this feature in the permission modal alert.
这里说我在请求访问相机的时候没有说明它的具体说明是怎么用的,我是这么描述的,“请允许app访问你的照相机”,好吧,确实不够具体,我后来改成这样的,在访问照相机的时候弹出
请点击“好”以允许访问,如果不允许,你将无法在你的app中拍摄照片和视频,也无法使用【扫一扫】【好友聊天】等模块中的相机功能。
然后就这样通过了,以后就这么改了,同样的方法适用于其它权限的访问申请,包括访问位置信息、通讯录、蓝牙什么的。
以下是苹果的隐私属性列表参考
Information Property List Key Reference
二、使用了私有方法
Guideline 2.5.1 - Performance - Software Requirements
Your app uses the "prefs:root=" non-public URL scheme, which is a private entity. The use of non-public APIs is not permitted on the App Store because it can lead to a poor user experience should these APIs change.
Continuing to use or conceal non-public APIs in future submissions of this app may result in the termination of your Apple Developer account, as well as removal of all associated apps from the App Store.
这次是因为我使用了一些非公开API,最开始是这样写的
NSURL*url =[NSURL URLWithString:@"prefs:root=Bluetooth"];
if([[UIApplication sharedApplication]canOpenURL:url]){
[[UIApplication sharedApplication]openURL:url];
}
这种写法是苹果明令禁止的,很明显是不行的,后来又投机取巧使用了这种用ASCII值组合拼装的方式
NSData *encryptString = [[NSData alloc] initWithBytes:(unsigned char []){0x50,0x72,0x65,0x66,0x73,0x3a,0x72,0x6f,0x6f,0x74,0x3d,0x42,0x6c,0x75,0x65,0x74,0x6f,0x6f,0x74,0x68} length:20];
NSString*urlstr = [[NSStringalloc]initWithData:encryptStringencoding:NSUTF8StringEncoding];
NSURL*url = [NSURL URLWithString:urlstr];//利用ASCII值进行拼装组合:url =Prefs:root=Bluetooth
if([[UIApplication sharedApplication]canOpenURL:url]) {
[[UIApplication sharedApplication]openURL:url];
}
这种写法蒙过了一阵子,后来大概苹果又用了新的审核方式,检测出来了,又给打回来了,其实我至今还是不清楚,苹果的审核人员在审核app的时候到底能不能看到具体的代码。
其实这种问题的解决方式就是跟产品经理商量一下,老老实的跳转到app设置页面就行了,毕竟什么WiFi、数据流量、其它的什么一些权限都在这个页面上,也挺方便的不是,具体代码如下:
NSURL *url = [NSURL URLWithString:UIApplicationOpenSettingsURLString];
if([[UIApplication sharedApplication]canOpenURL:url]) {
[[UIApplicationsharedApplication]openURL:url];
}
三、隐私政策
Guideline 5.1.2 - Legal - Privacy - Data Use and Sharing
Additionally, your app accesses user data from the device but does not have the required precautions in place.
Next Steps
To collect personal data with your app, you must make it clear to the user that their personal data will be uploaded to your server and you must obtain the user's consent before the data is uploaded. You must also have a Privacy Policy URL and ensure that the URL you provide directs users to your privacy policy.
这一次被打回来是说我们缺少隐私政策,我们一直都疏忽了,以前注册的时候会让用户同意一份《用户服务协议》,我还以为是一样的,既然苹果这么要求了,那就按照他的思路来,隐私政策要包括什么东西呢,主要就是对于以下几点做一下说明
一、我们如何收集和使用您的个人信息
二、我们如何使用 Cookie 和同类技术
三、我们如何共享、转让、公开披露您的个人信息
四、我们如何保护您的个人信息
五、您的权利
六、我们如何处理儿童的个人信息
七、您的个人信息如何在全球范围转移
八、本隐私权政策如何更新
九、如何联系我们
以上都概括的很详细了,有一些不符合本公司具体情况的条例可以在公司技术顾问和法律顾问的帮助下酌情删减,友盟有一篇很好的模板可以拿来参考一下
《隐私政策》模板详情请点击
四、app名称的问题
3.4 Details
Your app name to be displayed on the App Store includes keywords or descriptors, which are not appropriate for use in an app name.
原因就是app的名字取得不规范,包含了一些关键词和描述,苹果应该会帮你把哪些关键词不符合规定指出来,去掉就可以了。
五、热修复的问题
Your app, extension, and/or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with section 3.3.2 of theApple Developer Program License AgreementandApp Store Review Guideline 2.5.2. This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes.
This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.
Please perform an in-depth review of your app and remove any code, frameworks, or SDKs that fall in line with the functionality described above.
这个问题可真是把我坑惨了,明明都上线很久了,突然有一天就发了一个警告过来,限我们30天之内处理,如下:
To ensure there is no interruption of the availability of your app on the App Store, please submit an update within 30 days of the date of this message. If we do not receive an update within 30 days, your app may be removed from sale.
我们的解决方式就是把app里用到的JSpath去掉,不服不行,这次审核整整用了二十多天,无论我打电话,发邮件还是使用加快审核通道,苹果都不为所动,好在最后给通过了。
本来我以为问题都解决了,中间还发了好几个版本,然后11月27号,稀里糊涂的苹果就把我的app给下架了,发来的邮件还是说违规了App Store Review Guideline 2.5.2 和section 3.3.2 of the Apple Developer Program License Agreement.而且还发出了很严重的警告,不仅直接下架了app,还延长了app以后的审核时间,并且以后都没有使用加速审核的权利了,想想上次用了二十多天,真的是累觉不爱了。而且还说继续违反规则的话会直接封号:
Deliberate disregard of the App Store Review Guidelines and attempts to deceive users or undermine the review process are unacceptable and is a direct violation Section 3.2(f) of theApple Developer Program License Agreement. Continuing to violate theTerms & Conditionsof the Apple Developer Program will result in the termination of your account, as well as any related or linked accounts, and the removal of all your associated apps from the App Store.
Future submissions of this app may require a longer review time, and this app will not be eligible for an expedited review.
真的是很坑了,但却是是我们违反规则再先,也没什么话说,可是问题究竟出在哪儿了呢,其实这条审核规则的意思就是说我们通过某些代码或某些SDK绕过了苹果的审核渠道,在不提交审核的情况下也能更改代码,这样会给app造成安全漏洞。
我的app中确实有一个隐藏的开关,审核的时候隐藏,审核通过之后显示,我先把这个去掉了。
其次关于很多人提到的某些第三方库也用到了热修复,我检测了一下我们正在使用的第三方库,dlopen(),dlsym(),respondsToSelector:,performSelector:, method_exchangeImplementations(),这几个方法在yykit,AFNetworking,容联云通讯中发现了,可是我们的对这几个库的依赖太大了,去掉的话app就无法维持了,找替代的库的话工作量也太大了,也更新到了最新版本。而且让人想不通的是我们其它的app也用到了其中的库,并没有什么问题。
所以我暂时只去掉了隐藏的开关,提交了审核,现在在焦急的等待中,后续有回复再来更新,祝我好运吧!
接着更
11月28号提交了,12月6号审核通过了,果然是延长了审核时间,没办法,只有慢慢等,可算是解决了。
总结一下,这次的解决办法是去掉了JSPatch,去掉了隐藏开关(主要是隐藏的是借贷功能,并且没有金融许可证。退一步来讲的话,如果有金融许可证也不必偷偷摸摸的隐藏为求过审了,总之就是苹果不允许的功能还是不要耍小聪明希望骗过审核人员,毕竟下架,延长审核时间甚至直接封号,我们都是被动的),反正是把那些不通过审核就能修改的部分给去掉了。至于很多人提到的在第三方库中找原因我是没找到,目前是通过了,但是鉴于苹果神奇的脑回路(有两次都是审核的时候通过了,过了个把月又给打回来来了),所以我还是不太敢掉以轻心,但是给大家参考一下还是可以的。