Apple App Store rejection due to non-public selectors

[srkleiman]

Issue Type

• [x] Bug Report
• [ ] Feature Request
• [ ] Support Question

Description

Information

Today when I tried to build and submit an app that had been submitting fine I get:

App Store Connect Operation Error The app references non-public selectors in Payload/Baron Performance.app/Baron Performance: applicationNameForUserAgent, initWithFrame:configuration:, isMainFrame, navigationDelegate, navigationType, setNavigationDelegate:, setProcessPool:, targetFrame, userContentController

I upgraded to the latest Cordova CLI, Platforms, Xcode, no joy. Same error submitting via Xcode and or xcrun.

Other people are having this problem as well: https://developer.apple.com/forums/thread/127678

I believe Apple changed something that is causing Cordova apps to be rejected.

Command or Code

Environment, Platform, Device

MacOS 12.3.1 Xcode 3.4.1

Version information

Cordova 11.0.0 android 10.1.2 ios 6.2.0 cordova-plugin-splashscreen 6.0.1 cordova-plugin-statusbar 3.0.0

Checklist

• [x] I searched for already existing GitHub issues about this
• [x] I updated all Cordova tooling to their most recent version
• [x] I included all the necessary information above

[dpogue]

It sounds like this is affecting Cordova, Capacitor, Flutter, and ReactNative, and probably others as well.

Cordova iOS does not use any private APIs by default, and none of the Apache plugins do either, specifically to avoid running into this problem. (3rd party plugins might use private APIs, but we have no control over that)

This sounds like the issue is 100% on Apple's side, but I'll leave this open until we have some sort of resolution.

[shankari]

I got a similar error for an app built on a platform that has been used for multiple apps before (https://github.com/e-mission/e-mission-phone/)

ITMS-90338: Non-public API usage - The app references non-public selectors in NREL OpenPATH: applicationNameForUserAgent, dataTypes, initWithFrame:configuration:, isMainFrame, navigationType, setProcessPool:, targetFrame, transform:, userContentController. If method names in your source code match the private Apple APIs listed above, altering your method names will help prevent this app from being flagged in future submissions. In addition, note that one or more of the above APIs may be located in a static library that was included with your app. If so, they must be removed. For further information, visit the Technical Support Information at http://developer.apple.com/support/technical/

I went through and searched for each supposedly private API listed, and all of them bar transform are related to the cordova libraries. Although, are they really flagging transform as a private API?!!

• applicationNameForUserAgent: CDVWebViewEngine, CDVWKInAppBrowser, CDVWKWebViewEngine
• dataTypes: lots of javascript, CDVWKInAppBrowser
• initWithFrame:configuration: CDVWebViewEngine, CDVWebViewUIDelegate, CDVWKInAppBrowser, CDVWKWebViewEngine. There are other calls to initWithFrame but without the configuration parameter,
• isMainFrame: CDVWebViewUIDelegate
• navigationType: CDVWebViewEngine, CDVIntentAndNavigationFilter, CDVWKWebViewEngine
• setProcessPool: not found
• targetFrame: CDVWebViewUIDelegate, CDVWKInAppBrowser
• transform: lots of javascript matches, OIDExternalUserAgentIOSCustomBrowser (from JWT), GDTCORTransformer (from GoogleDataTransport)
• userContentController: CDVWebViewEngine, CDVWKInAppBrowser, CDVWKWebViewEngine

[shankari]

I then checked the first three methods above against the apple documentation and they seem to be documented, public APIs in the webkit framework.

• applicationNameForUserAgent: https://developer.apple.com/documentation/webkit/webview/1408381-applicationnameforuseragent (public, deprecated)
• dataTypes: called on WKWebsiteDataRecord, https://developer.apple.com/documentation/webkit/wkwebsitedatarecord/1538007-datatypes?language=objc (public)
• initWithFrame:configuration: called on WKWebView, https://developer.apple.com/documentation/webkit/wkwebview/1414998-initwithframe?language=objc (public)

It looks like Apple's "non-public API usage" is not accounting for the public API for the WKWebView code, so it is breaking consistently for CordovaLib.

@dpogue are the cordova maintainers already in contact with Apple? Or should I file a tech support ticket?

[dpogue]

@dpogue are the cordova maintainers already in contact with Apple? Or should I file a tech support ticket?

We have no direct contact with Apple, but I imagine they are getting lots of reports since this seems to affect almost every iOS app.

[shankari]

FYI:

Developer Technical Support will be supporting WWDC and won't be reviewing requests from June 4 to 12, 2022.

And of course they rolled out this feature on June 6.

🙄 🤦

[paulocoutinhox]

Hi,

Message from Apple: "The issue has been resolved on the app validation backend. Please try resubmitting. Sorry for the trouble."

Thanks.

[shankari]

I can confirm that it worked on resubmission.

[dpogue]

Glad to hear. I'm going to mark this issue as closed :)