Mac App Store Private API Rejection: Electron 5.0.10

[thomasdao]

• [x] I have read the Contributing Guidelines for this project.
• [x] I agree to follow the Code of Conduct that this project adheres to.

Issue Details

• Electron Version: 5.0.10

Rejection Email

ITMS-90338: Non-public API usage - The app contains or inherits from non-public classes in Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework: CAContext, CALayerHost, NSAccessibilityRemoteUIElement, NSNextStepFrame, NSThemeFrame, NSURLFileTypeMappings . If method names in your source code match the private Apple APIs listed above, altering your method names will help prevent this app from being flagged in future submissions. In addition, note that one or more of the above APIs may be located in a static library that was included with your app. If so, they must be removed. For further information, visit the Technical Support Information at http://developer.apple.com/support/technical/

[thomasdao]

I downgrade Electron to 5.0.9 and still get rejection email.

[JustinPierce]

I got this rejection this morning for Electron 5.0.4, and also for 5.0.10. I think something has changed on Apple's end.

[lubo08]

Big show stopper for me. I need an urgent solution. please help.

[MarshallOfSound]

List of private APIs detected:

• _fileport_makefd
• _fileport_makeport
• CAContext
• CALayerHost
• NSAccessibilityRemoteUIElement
• NSNextStepFrame
• NSThemeFrame
• NSURLFileTypeMappings

Please only comment on this issue if your rejection email has APIs that are not in the list above. If you just comment +1 your comment will be removed. If you are also experiencing this rejection please react to this issue with 👍 to indicate so.

[mytran]

Developer relations responded and stated that they believe that the problem was on issue on their end and they will look into it. I checked tonight and my previously rejected builds are available now in App Store Connect.

[ogi1982]

I just checked as well and my previously rejected build (Electron 4.2.9) is also available on store.

[MarshallOfSound]

Thanks @gaodeng , @mytran and @ogi1982 for that new information. It sounds like apple got a few reach-outs and either corrected their system or whitelisted the framework temporarily. Still waiting to hear back as to what exactly happened.

I'll leave this open till at least next week where hopefully we'll have more info

[thomasdao]

I can now upload my build with Electron 5.0.10 to the Store as well. I'll probably leave to @MarshallOfSound to close this ticket :)

[ffflorian]

My app using Electron 4.2.12 was just rejected because of the following APIs:

CAContext
CALayerHost
NSNextStepFrame
NSThemeFrame
NSURLFileTypeMappings

[iwodoudou]

Electron 5.0.11

Your app uses or references the following non-public APIs:

CAContext CALayerHost NSAccessibilityRemoteUIElement NSNextStepFrame NSThemeFrame NSURLFileTypeMappings

[JCBsystem]

electron : 6.0.10

Guideline 2.5.1 - Performance - Software Requirements Your app uses or references the following non-public APIs:

CAContext CALayerHost NSAccessibilityRemoteUIElement NSNextStepFrame NSThemeFrame NSURLFileTypeMappings

[aydogankaragoz]

electron 3.0.2

Your app app links against the following non-public framework(s):

CAContext CALayerHost NSURLFileTypeMappings

[JCBsystem]

@MarshallOfSound is there anything we can do to help ? i don't have the skills to fix this my self

[JCBsystem]

@zcbenz looks like you have done patches before can you do a new one for these ?

sorry for stressing but i have important update to my app that needs to be deployed

[mytran]

Try appealing and state that you're using Electron and those APIs are internal to Electron: https://developer.apple.com/contact/app-store/?topic=appeal

[yegor-slate]

Updated to latest electron v7.0.0 and got rejection again.

[JCBsystem]

@mytran don't think do an appeal will help more than maybe once better try to fix this

i see its a patch file in the code base patches\chromium\mas_no_private_api.patch

if we somehow can add the APIs there I have not figure out yet how to do it

and for those that know how to do this. If they don't have time to fix it maybe we can sponsor them? time is money :)

If everyone that needs this to be fixed donated some $ I guess it will stack up and maybe will speed up this fix

[gurugeek]

rejected today electron 6.0.12 and also with 7.0.0

Your app app links against the following non-public framework(s):

CAContext CALayerHost NSAccessibilityRemoteUIElement NSNextStepFrame NSThemeFrame NSURLFileTypeMappings

does it work with Electron 5 ?

[gurugeek]

I informed Apple about my app using electron etc. and received this:

"Hello,

Thank you for providing this information.

Regarding 2.5.1, your app uses or references the following non-public APIs. If you do not have access to your binary or unsure how to remove the APIs in question, please contact your service provider for technical supports."

[jacoolee]

3.0.0-beta.5 mas version rejected as well for private apis:

CAContext CALayerHost NSURLFileTypeMappings

Just a week ago, we just successfully pass apple's audit using the same mas version. I am wondering does the old electron-v3.0.0-beta.5-mas-x64.zip file got rebuild on the download server side or zip file never modified while Apple changes their private api strategy or both? any hints you guys, coz this is really frustrating and annoying.

[JCBsystem]

Apple change their private api strategy i have been doing weekly updates for the last month without problems

we need to fix this sadly i don't have the skills to fix it myself i have been some digging and looks like these files have private api calls

https://chromium.googlesource.com/chromium/src/+/HEAD/components/remote_cocoa/app_shim/native_widget_mac_nswindow.h https://chromium.googlesource.com/chromium/src/+/master/net/base/platform_mime_util_mac.mm https://chromium.googlesource.com/chromium/src.git/+/72.0.3626.80/content/browser/ns_view_bridge_factory_impl.mm https://chromium.googlesource.com/chromium/src.git/+/62.0.3178.1/content/browser/compositor/gpu_output_surface_mac.mm https://chromium.googlesource.com/experimental/chromium/src/+/lkgr/ui/base/cocoa/remote_layer_api.h https://chromium.googlesource.com/experimental/chromium/src/+/lkgr/ui/base/cocoa/remote_layer_api.h

and here's how to do a patch file :) https://www.youtube.com/watch?v=QtXj9tt-RUE

now we only need to set up the dev environment and try to remove / comment out the apis

sounds easy ..........

[alicerunsonfedora]

Also am getting the same issue with 6.0.11 when attempting to build hyperspacedev/hyperspace:

Your app includes a version of an SDK from Electron that violates the App Store Review Guidelines. The version of the Electron SDK you are using in your app attempts to hide the use of private APIs. This is a violation Section 2.5.1 of the App Store Review Guidelines.

Found private class usage: CAContext CALayerHost NSAccessibilityRemoteUIElement NSNextStepFrame NSThemeFrame NSURLFileTypeMappings

I don't know if this is related, but I think this is also causing a crash on the app as well with an "Operation not permitted" error.

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes:       0x0000000000000001, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Illegal instruction: 4
Termination Reason:    Namespace SIGNAL, Code 0x4
Terminating Process:   exc handler [3221]

Application Specific Information:
dyld: launch, running initializers
/usr/lib/libSystem.B.dylib
Could not set sandbox profile data: Operation not permitted (1)

[JCBsystem]

@nornagon can you help us with this ? i see you have done similar stuff before

[gurugeek]

@JCBsystem and all. I would be very careful in changing anything just to get through Apple. Their latest message said:

"Continuing to use or conceal non-public APIs in future submissions of this app may result in the termination of your Apple Developer account, as well as removal of all associated apps from the App Store."

I don't want to see any of my other apps compromised so I hope in an official fix ini the future (if possible at all).

May be one of the moderators/maintainers can escalate this (and relabel since it effects Electron 6 and Electron 7 too, tried with 7.0.1 too).

[buu700]

I just started having the same issue. Our app was originally accepted about a month ago, but attempting to submit an update failed.

Unsure of the exact Electron version offhand, but it's whatever the latest cordova-electron depends on.

(Also thanks @gurugeek for calling attention to this on HN.)

[zcbenz]

It seems that Apple has put more private APIs on their blacklist. And to clarify, all these APIs are being used by Chromium.

[gurugeek]

@buu700 you are welcome! I think this is a pretty big deal for all using electron directly or indirectly. So hopefully there will be an (official) solution soon.

[buu700]

Yeah, it'd be ridiculous if Electron were effectively deprecated on macOS so casually with no warning. Hopefully there's a realistic way to address this in Electron and/or Chrome, or Apple is willing to be flexible with this.

[zcbenz]

The fileport_makefd and fileport_makeport APIs are used by mojo (Chromium's IPC library) and seem impossible to remove, but they do not seem to appear on recent reports so it is probably fine keeping them for now.

The CAContext and CALayerHost APIs have been used by Chromium since at least 5 years ago, there are only a few places using them but they are in the core graphics code, it should be possible to remove them but we have to figure out what they actually do first.

The other NS APIs should be easy to remove though: NSAccessibilityRemoteUIElement NSNextStepFrame NSThemeFrame NSURLFileTypeMappings

[gaodeng]

Slack has been updated recently, how did they pass the review, does anyone know?

[buu700]

The @cyph update I submitted was rejected three days ago, and it looks like @gurugeek's rejection was two days ago, so I guess Slack just barely made the cutoff?

[humphrey]

Mozilla recently published a good write up on why they started using the undocumented CALayer API in Firefox 69. The TLDR is that that these private API's allowed them to get up to 3x better battery usage in Firefox. The article also mentioned that Chrome uses these Core Animation API's.

This issue doesn't directly effect me, nor do I understand it. But I thought I would share the above article in case it help y'll work out the root cause the issue.

[zcbenz]

Would anyone be interested in validating the Electron binary for me? My Apple Developer subscription has expired and I don't want to go bother buying it again 😃 .

The binary is based on 7.0.1 Release build with debugging symbols: https://drive.google.com/open?id=1RwWd9U-yfpWpn6OhDO1duTXfnRXKIPxL

The changes can be found at mas-patch-remote-layer-7-0-x branch. Currently I have disabled all reported calls except for fileport_makefd and fileport_makeport, so it is possible that the binary gets rejected again.

[JCBsystem]

@zcbenz Great work! will try to upload in a day or two need to finish some change my self first :)

thank you again!

[JCBsystem]

did a scan with otool -ov like Apple sugets before there was CAContext 1 hit CALayerHost 1 hit NSAccessibilityRemoteUIElement 3 hit NSNextStepFrame 2 hit NSThemeFrame 2 hit NSURLFileTypeMappings 1 hit

then new mas-patch-remote-layer-7-0-x build hade 0 hits :) looks good

before fileport_makeport 0 hits fileport_makefd 0 hits after fileport_makeport 0 hit fileport_makefd 0 hit

[JCBsystem]

Using strings the other tool Apple suggested i got one hit for CAContext 'Frame had neither valid CAContext nor valid IOSurface.' it looks look like an exception msg or similar dont know how picky Apple are

before fileport_makeport 3 hits fileport_makefd 2 hits after fileport_makeport 1 hit fileport_makefd 0 hit

[ivandroid]

My app has just been rejected because of private API calls (Electron v. 4.0.4). Apple suggested the following resolutions:

"To resolve this issue, please either remove the Electron SDK entirely from your app, or revise your app to utilize version 3.0.0-beta.7, 2.0.8, 1.8.8, or 1.7.16 of the Electron SDK. Once you have made one of those changes, resubmit your binary for review."

Downgraded to 3.0.0-beta.7. Let's see what happens...

[MarshallOfSound]

"To resolve this issue, please either remove the Electron SDK entirely from your app (I was shocked reading this), or revise your app to utilize version 3.0.0-beta.7, 2.0.8, 1.8.8, or 1.7.16 of the Electron SDK. Once you have made one of those changes, resubmit your binary for review."

This sounds suspiciously like a targeted whitelist of Electron versions. Let me do some digging and see what I can find.

[gurugeek]

@ivandroid was the message of today? Can you also post the list of the API calls that were flagged by Apple ? Perhaps Apple decided to be more explicit and gave you at least some guidance. Yesterday was a much tougher message. @MarshallOfSound thanks for looking into this. It would be good to know if 3.0.0.-beta7 meets these requirements.

[ivandroid]

@ivandroid was the message of today? Can you also post the list of the API calls that were flagged by Apple ? Perhaps Apple decided to be more explicit and gave you at least some guidance. Yesterday was a much tougher message. @MarshallOfSound thanks for looking into this. It would be good to know if 3.0.0.-beta7 meets these requirements.

Yes, I've got the rejection message today.

CAContext CALayerHost NSNextStepFrame NSThemeFrame NSURLFileTypeMappings

[yegor-slate]

Same answer from appeal

_Your app includes a version of an SDK from Electron that violates the App Store Review Guidelines. The version of the Electron SDK you are using in your app attempts to hide the use of private APIs. This is a violation Section 2.5.1 of the App Store Review Guidelines.

Additional Notes:

To resolve this issue, please either remove the Electron SDK entirely from your app, or revise your app to utilize version 3.0.0-beta.7, 2.0.8, 1.8.8, or 1.7.16 of the Electron SDK. Once you have made one of those changes, resubmit your binary for review.

We hope you will consider making the necessary changes to be in compliance with the App Store Review Guidelines and will resubmit your revised binary._

[anh1979]

HI guys, also encountering this problem currently (first macOS submission to App Store, so I got no idea what to do about it and just listen here ;-)). Message in AppStore:

Guideline 2.5.1: Apps may only use public APIs. CAContext CALayerHost NSNextStepFrame NSThemeFrame NSURLFileTypeMappings

I am using electron v4.2.10.

[thomasdao]

I tried with the Electron binary that @zcbenz posted in https://github.com/electron/electron/issues/20027#issuecomment-549295886, still get the same rejection letter like below. Look like Apple is rejecting based on the version of Electron.

Your app includes a version of an SDK from Electron that violates the App Store Review Guidelines. The version of the Electron SDK you are using in your app attempts to hide the use of private APIs. This is a violation Section 2.5.1 of the App Store Review Guidelines.

Found private class usage:
CAContext
CALayerHost
NSAccessibilityRemoteUIElement
NSNextStepFrame
NSThemeFrame
NSURLFileTypeMappings

[ivandroid]

A 3.0.0-Beta.7 build has been rejected. :(

Found private class usage: CAContext CALayerHost NSURLFileTypeMappings

[emutime]

Also encountering this problem currently, electron v4.2.6

Guideline 2.5.1 - Performance - Software Requirements

Your app uses or references the following non-public APIs:

CAContext CALayerHost NSNextStepFrame NSThemeFrame NSURLFileTypeMappings

Any official solution ?

[MarshallOfSound]

@thomasdao That's interesting, looks like they aren't even flagging private APIs. They've just flagged electron framework versions. 🤔

[JCBsystem]

@thomasdao did you scan your build before submitting it using 'otool -ov' and strings?

[thomasdao]

@JCBsystem how do you scan the build? I used Electron Builder and not too sure which file to scan, I tried with both .app and .pkg file and the command showed error.

What I did was that I downloaded the electron binary file from the link @zcbenz gave, replace that with the local file in node_modules folder then build. I may miss some steps, if you have other suggestions please let me know so I can retry again, thanks!

[JCBsystem]

@thomasdao open a console from 'xxx.app/Contents/Frameworks/Electron\ Framework.framework/Versions/A' then run otool -ov Electron\ Framework > ../../../../../../dump.txt and strings Electron\ Framework > ../../../../../../dump1.txt

open the dump files and do a search for the api keys

or send me the app and i will test it for you :)

[thomasdao]

@JCBsystem thanks for the instruction. The dump files are at https://drive.google.com/file/d/1POwnOX_jMcahUi4beBdo7viKjaeey8PY/view?usp=sharing, I think it still contains private API. Probably simply replacing the Electron binary in node_modules does not really remove the private API in final build. If you have any suggestion I can retry submitting to Apple.