Closed dudu-hinet closed 2 months ago
Apple reply with more information:
Guideline 2.5.2 - Performance - Software Requirements
Your app, extension, or linked framework appears to contain code designed explicitly with the capability to change the app’s behavior or functionality after App Review approval.
This code, combined with a remote resource, can facilitate significant changes to the app’s behavior compared to when it was initially reviewed. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of the app.
Next Steps
We look forward to reviewing your resubmitted app.
Best regards,
App Review
@dudu-hinet how did you let them give you more information? it's been a week and they say "The app contains hidden features. ", and I don't even use anything like code-push or something similar
I just replied to ask more information. They would response in 1 day.
Did they response? @dudu-hinet
@dudu-hinet any update in this issue?
Does this mean that we can no longer use Code Push on iOS ?
Does this mean that we can no longer use Code Push on iOS ?
I think so.
Does this mean that we can no longer use Code Push on iOS ?
No, the Developer Program License STILL allows interpreted code:
https://developer.apple.com/support/terms/apple-developer-program-license-agreement/#b331
Interpreted code may be downloaded to an Application but only so long as such code: (a) does not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application as submitted to the App Store, (b) does not create a store or storefront for other code or applications, and (c) does not bypass signing, sandbox, or other security features of the OS.
See README.md of the repo.
@dudu-hinet, as @pyr0hu mentioned, there have been no changes to the Apple Developer License Agreement, so CodePush is still permitted. Please ensure that you are not using CodePush to make significant changes to your app's behavior or user experience.
Closing this issue.
Steps to Reproduce
Actual Behavior
Rejected with:
Reproducible Demo
CodePush.js:
The binary does not go to upgrade actually since it is the latest version.
Environment
(The more info the faster we will be able to address it!) I removed all CodePush package and re-submit again, and it is passed. I wonder that Apple does not accept CodePush at all without giving any clue.