search

bang590 / JSPatch

JSPatch bridge Objective-C and Javascript using the Objective-C runtime. You can call any Objective-C class and method in JavaScript by just including a small engine. JSPatch is generally used to hotfix iOS App.
MIT License
11.37k stars 2.25k forks source link

Apple警告邮件 #746

Closed kunwang0916 closed 7 years ago

kunwang0916 commented 7 years ago

统一回复:关于苹果警告 http://blog.cnbang.net/internet/3374/

@bang590 的回复

今天收到Apple的警告邮件。 应用中使用了JSPatch一段时间了,之前的版本是没有问题的。 而且这个通知邮件也不是在提交更新版本审核过程中收到,而是苹果主动发出的。

Dear Developer,

Your app, extension, and/or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with section 3.3.2 of the Apple Developer Program License Agreement and App Store Review Guideline 2.5.2. This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes.

This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.

Please perform an in-depth review of your app and remove any code, frameworks, or SDKs that fall in line with the functionality described above before submitting the next update for your app for review.

Best regards,

App Store Review

no-mark unsubscribe
yudun1989 commented 7 years ago

同样收到警告邮件。 建议不着急上架的先等一下,等先遣部队先踩一下坑。。。

wealon commented 7 years ago

我也收到了同样的邮件

devjiangzhou commented 7 years ago

@bang590 微信读书收到没?

TT-usr commented 7 years ago

同收到了

SolaWing commented 7 years ago

同样收到了...

totzcc commented 7 years ago

+1

wealon commented 7 years ago

昨天发现在appstore 搜索不到了,但是没有下架,今天收到苹果的警告邮件,内容和楼上的一样

iPermanent commented 7 years ago

并没有收到啊,难道我是假开发者账号?

Channe commented 7 years ago

我刚刚收到了这样的邮件

dingyusong commented 7 years ago

早上收到了同样的邮件

MrLiuYS commented 7 years ago

没有收到啊,项目中用到的都只是修改一些小bug. 是不是做大幅度改动的.才会收到?

hujian commented 7 years ago

早上同样收到了这样的邮件

zhudaye12138 commented 7 years ago

占个楼,关注一下

shaveKevin commented 7 years ago

关注,静待回复

daemonchen commented 7 years ago

为什么突然又禁止了~~

poboke commented 7 years ago

关注

applejian commented 7 years ago

会不会是使用过度了呀 我们一般都一个月一个版本 暂时还没收到这个邮件

wuyifan commented 7 years ago

同样收到邮件,关注

393698063 commented 7 years ago

有解决方法吗?

applejian commented 7 years ago

大家都用的哪种方式集成的 我用的是外接自己的服务器这种

rainysweet commented 7 years ago

暂时都只是收到警告,应用还没有下架,你们都下架整改了么?

ghost commented 7 years ago

me too

hujian commented 7 years ago

@rainysweet 只是警告,没有下架,暂时还能搜到

robert1202 commented 7 years ago

暂时没有收到,难道苹果要禁止热修复了么?

KlausLiu commented 7 years ago

我们有4-5款APP都用了,目前没收到邮件,也能搜到。 问个问题:收到邮件的同学,你们的App是仅仅用JSPatch做补丁修复?还是直接用JSPatch做了一些模块功能?

Toothpick2012 commented 7 years ago

淘宝咋办

MrLiuYS commented 7 years ago

收到的是用jspatch开发功能? 还是修改bug啊?

xingxingc commented 7 years ago

我也收到了邮件,在JPEngine.m中确实能够找到邮件中提到的那些方法

monycn commented 7 years ago

没有收到邮件的,到你们的https://itunesconnect.apple.com/ 看一下,说不定有不一样的收获

vedon commented 7 years ago

什么方法,截图看看?参考一下

catcups commented 7 years ago

( ⊙ o ⊙ )啊! 我两个项目都今天上架的,没收到邮件,难道是我JSPatch过期的原因吗

catcups commented 7 years ago

刚去https://itunesconnect.apple.com/ 看了下 警告了这个: 协议信息 The updated Apple Developer Program License Agreement needs to be reviewed. In order to update your existing apps and submit new apps to the App Store, the user with the Legal role (Team Agent) must review and accept the updated agreement in their account on the developer website.

xingxingc commented 7 years ago

就 dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations()这些方法

xiemotongye commented 7 years ago

用了,暂时没有收到

zengyun-hacker commented 7 years ago

=。= 这个issue感觉只有苹果爸爸能解决了?

fanlv commented 7 years ago

1

henshao commented 7 years ago

+1

LynahZ commented 7 years ago

+1

huangzhifei commented 7 years ago

苹果爸爸这是想搞谁了?

huangzhifei commented 7 years ago

@chengwuli125 你危险了

loirou commented 7 years ago

+1

bigyelow commented 7 years ago

respondsToSelector:, performSelector:, method_exchangeImplementations()

这三个方法用得更加广泛,也要去掉?

lixiaoguang-xiaoniu commented 7 years ago

收到这个会和api是不是https有关么?苹果的借口是担心中间人攻击呢~

DamonZPF commented 7 years ago

App 搜不到也是这个原因被屏蔽了么

ivarwei commented 7 years ago

+1

AliThink commented 7 years ago

+1

monkiyang commented 7 years ago

Apple Developer Program License Agreement 3.3.2 An Application may not download or install executable code. Interpreted code may only be used in an Application if all scripts, code and interpreters are packaged in the Application and not downloaded. The only exception to the foregoing is scripts and code downloaded and run by Apple's builtin WebKit framework, provided that such scripts and code do not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application as submitted to the App Store.

App Store Review Guideline 2.5.2 Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code, including other iOS, watchOS, macOS, or tvOS apps.

zhuolaiqiang commented 7 years ago

同样收到

Lision commented 7 years ago

mark 一下

newyu commented 7 years ago

凌晨2点多收到,关注后续解决方案