近日,大量含JS-Patch的应用,在苹果应用商店(APP Store)上线审核时遭遇警告,苹果公司认为它的安全漏洞一旦被人利用,用户数据有遭受非法入侵的风险。
针对此,高德开放平台提供了不含JS-Patch的开发包,供开发者下载和使用。
为了您的应用顺利通过苹果商店审核,请您尽快更新高德iOS Foundation SDK至V1.3.4版本。如有使用iOS 定位 SDK,请一并升级到V2.3.0版本。更新地址和方法如下:
开发包CocoaPods更新说明
iOS Foundation SDK V1.3.4
iOS 定位 SDK V2.3.0
iOS Foundation SDK V1.3.4
iOS 定位 SDK V2.3.0
附上苹果公司发出的警告邮件,供您参考。
Dear Developer,
Your app,extension, and/or linked framework appears to contain code designed explicitlywith the capability to change your app’s behavior or functionality after AppReview approval, which is not in compliance with section 3.3.2 of the AppleDeveloper Program License Agreement and App Store Review Guideline 2.5.2. Thiscode, combined with a remote resource, can facilitate significant changes toyour app’s behavior compared to when it was initially reviewed for the AppStore. While you may not be using this functionality currently, it has thepotential to load private frameworks, private methods, and enable futurefeature changes.
This includes anycode which passes arbitrary parameters to dynamic methods such as dlopen(),dlsym(), respondsToSelector:, performSelector:,method_exchangeImplementations(), and running remote scripts in order to changeapp behavior or call SPI, based on the contents of the downloaded script. Evenif the remote resource is not intentionally malicious, it could easily behijacked via a Man In The Middle (MiTM) attack, which can pose a serioussecurity vulnerability to users of your app.
Please perform anin-depth review of your app and remove any code, frameworks, or SDKs that fallin line with the functionality described above before submitting the nextupdate for your app for review.
Best regards,
App Store Review
发表于 2017-3-8 16:24:31
收藏
楼主