应对iOS热更新警告 高德发布升级包
近日,大量含JS-Patch的应用,在苹果应用商店(APP Store)上线审核时遭遇警告,苹果公司认为它的安全漏洞一旦被人利用,用户数据有遭受非法入侵的风险。针对此,高德开放平台提供了不含JS-Patch的开发包,供开发者下载和使用。
为了您的应用顺利通过苹果商店审核,请您尽快更新高德iOS Foundation SDK至V1.3.4版本。如有使用iOS 定位 SDK,请一并升级到V2.3.0版本。更新地址和方法如下:
开发包CocoaPods更新说明http://lbs.amap.com/api/ios-sdk/guide/create-project/cocoapods#update-sdk
iOS Foundation SDK V1.3.4开发包下载地址http://lbs.amap.com/api/ios-sdk/download
iOS 定位 SDK V2.3.0开发包下载地址http://lbs.amap.com/api/ios-location-sdk/download
iOS Foundation SDK V1.3.4更新日志 http://lbs.amap.com/api/ios-sdk/changelog?tab=4
iOS 定位 SDK V2.3.0更新日志 http://lbs.amap.com/api/ios-location-sdk/changelog
附上苹果公司发出的警告邮件,供您参考。
Dear Developer,Your app,extension, and/or linked framework appears to contain code designed explicitlywith the capability to change your app’s behavior or functionality after AppReview approval, which is not in compliance with section 3.3.2 of the AppleDeveloper Program License Agreement and App Store Review Guideline 2.5.2. Thiscode, combined with a remote resource, can facilitate significant changes toyour app’s behavior compared to when it was initially reviewed for the AppStore. While you may not be using this functionality currently, it has thepotential to load private frameworks, private methods, and enable futurefeature changes.This includes anycode which passes arbitrary parameters to dynamic methods such as dlopen(),dlsym(), respondsToSelector:, performSelector:,method_exchangeImplementations(), and running remote scripts in order to changeapp behavior or call SPI, based on the contents of the downloaded script. Evenif the remote resource is not intentionally malicious, it could easily behijacked via a Man In The Middle (MiTM) attack, which can pose a serioussecurity vulnerability to users of your app.Please perform anin-depth review of your app and remove any code, frameworks, or SDKs that fallin line with the functionality described above before submitting the nextupdate for your app for review.
Best regards,
App Store Review offcn9999 发表于 2017-3-9 11:17
Foundation SDKV1.3.4 不支持pod更新吗?pod只到1.3.3啊
好像现在还不能pod到1.3.4,也可能我用的方法不对 amap_47453308 发表于 2017-3-9 09:57
AMap2DMap-NO-IDFA 4.6.0 upate 一下,基础包为 AMapFoundation-NO-IDFA, 1.3.4应该是没有JSPatch的 ...
对,1.3.4的应该没有使用 yutiandesan 发表于 2017-3-9 09:36
基础包无IDFA的版本使用JSPatch没呢?
基础包无idfa的也使用了JSPatch了,我的应用就收到警报了
amap_tel_565bd2a7935b058349 发表于 2017-3-9 14:13
pod更新不到1.3.4啊,我更新的是1.3.2的
手动导的包是1.3.4的
pod更新不到1.3.4啊,我更新的是1.3.2的 高德的反应速度好快... Foundation SDKV1.3.4 不支持pod更新吗?pod只到1.3.3啊 本帖最后由 amap_47453308 于 2017-3-9 10:08 编辑
AMap2DMap-NO-IDFA 4.6.0 upate 一下,基础包为 AMapFoundation-NO-IDFA, 1.3.4应该是没有JSPatch的 基础包无IDFA的版本使用JSPatch没呢?