Closed RayCyder closed 5 years ago
@terenceleetrade 你用的wax被拒了吗?
@ningman 是的,一直没事,包括上次清洗JSPatch,我们都没事,但这次新提交就不行了。你有遇到吗?有没有什么办法?
我之前把jspatch混淆后上架可以通过审核,今天也不行了,正打算用wax呢?
这个混淆是混淆JSPatch?自己混淆还是JSPatch出了混淆版? 知道苹果审核这种问题的方法吗?是不是还是靠审核人去分析逻辑?
我是自己混淆的,没有用官方的JSPatch
Wax不知道是不是可以混淆通过审核? 我是被拒了,比较麻烦,因为很多功能依赖Wax。。
被拒的理由是什么呢 ?
Your app, extension, or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with App Store Review Guideline 2.5.2 and section 3.3.2 of the Apple Developer Program License Agreement.
This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.
跟JSPatch当时一样的原因
JSPatch的平台出了1.7.1的SDK,加深了混淆力度(原来只混淆了类名,现在把很多内部的方法名都混淆了)。 不知道能不能通过审核。 正在找替代方案,想来Wax看看,结果这里也出现问题了,悲剧ing.... 是不是Apple已经掌握了一些更加通用的检查模式了?
同行有什么成功的进展,在这里分享哦~
去掉wax
貌似就只能对wax做ios代码混淆这条路了
混淆我们也尝试了,不用试了,Apple依然检测了出来
最后的结果呢
有没有进展 难道要放弃?
我之前也是把wax混淆,可以上,但是最近上不了了,不知道是不是被苹果发现了
570599199,加这个qq群,大家讨论下哈
怎么样?有进展的吗?
我觉得应该是苹果的review环境直接统计了对私有api的使用了,后面估计也上不了
我们的应用这次被拒了,之前都没问题 原因就是使用了动态加载代码,改变应用功能。。有没有其他同学遇到相同问题?