最新消息，我被拒了，直接拒绝，新版本也不行了？

luyud commented 7 years ago

Guideline 2.5.2 - Performance

Your app, extension, or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with App Store Review Guideline 2.5.2 and section 3.3.2 of the Apple Developer Program License Agreement.

This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.

freddiezhao commented 7 years ago

今天早晨刚刚被拒，也是楼主的原因

ningman commented 7 years ago

me too!

fingerplay commented 7 years ago

新版本是做了类名和方法名混淆的？ @freddiezhao @ningman @LuYu001

slemon commented 7 years ago

改了类名都不行了，也被拒

ahhsxp commented 7 years ago

我也是这个原因别拒

YauzZ commented 7 years ago

日了🐶

gin-melodic commented 7 years ago

Apple应该是更新了检测机制，混淆方法失效了。这次从In Review到Reject只有几秒，应该是自动化手段升级了。

ahhsxp commented 7 years ago

@gin7758258 我把JSPatch 去了，依旧被拒,原因还是这个只是用了最新版的Bugly,郁闷了

wesleydotyang commented 7 years ago

@ahhsxp bugly也是用的JSPatch，http://bugly.qq.com/bbs/forum.php?mod=viewthread&tid=2871

ahhsxp commented 7 years ago

@wesleydotyang 只是使用了Bugly的异常上报，没有使用热修复而且是使用了最新版

ningman commented 7 years ago

新版的Bugly不是说移除了JSPatch了吗？

ahhsxp commented 7 years ago

@ningman 恩！里面没有了然后还是被拒一脸懵逼

wesleydotyang commented 7 years ago

@ahhsxp 看来Bugly已被加入黑名单。。。

fingerplay commented 7 years ago

是不是误伤啊，bugly 不集成jspatch的版本不应该被拒啊

withshe commented 7 years ago

我提交的App也被拒了，原因：

Guideline 2.5.2 - Performance

Your app, extension, or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with App Store Review Guideline 2.5.2 and section 3.3.2 of the Apple Developer Program License Agreement.

This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.

Next Steps

To resolve this issue, please perform an in-depth review of your app and remove any code, frameworks, or SDKs that fall in line with the functionality described above and resubmit your app’s binary for review.

引入的是JSPatch 1.7，上一个App更新版本也引入了，审核通过，这一次更新版本就被拒了。。。。