The App Store checks for hidden functionality.

  1. 3 months ago

    Sam R

    Dec 3 Pre-Release Testers, Xojo Pro Hengchun, Pingtung, Taiwan

    https://twitter.com/vectorpark/status/1069316848540368899

    I am guessing that the App Store now verifies the symbols in the binary and if it find one that it doesn't like, your application is not only rejected; but you can't appeal and your reviews will now take longer. You effectively become second class.

    It could be as simple as a mistyped selector in a declare or plugin.

  2. Emile S

    Dec 4 Europe (France, Strasbourg)
    Edited 3 months ago

    @Sam R You effectively become second class

    I do not case: I am already third class…

    @Sam Rowlands It could be as simple as a mistyped selector in a declare or plugin.

    Apple probably do not want “building trade ex-workers” to upload applications… One day, they will start to ask for CSI degree before allowing XCode / Swift downloads ;-:)

    In the Apple API, is there's an API validator, something like <API_Call_Name>.Exists ?

  3. Christian S

    Dec 4 Pre-Release Testers, Xojo Pro, XDC Speakers Germany

    Maybe it's a scan to check if all action methods in the controller class are linked to buttons on the views?

    I would prefer if I could block some traffic, e.g. block app's internet by domains.
    And maybe Apple could block some ad frameworks for all apps.

  4. Emile S

    Dec 4 Europe (France, Strasbourg)

    A try to void abusive or wrong doing ?

    Good catch Christian.

  5. Christian S

    Dec 4 Pre-Release Testers, Xojo Pro, XDC Speakers Germany

    Well, a weather app should only be allowed to talk to the server from the weather provider.

    And not talk to 10 third party companies tracking me.

  6. Emile S

    Dec 4 Europe (France, Strasbourg)

    @ChristianSchmitz And not talk to 10 third party companies tracking me.

    Approved !

  7. Tim S

    Dec 4 Canterbury, UK

    @ChristianSchmitz Well, a weather app should only be allowed to talk to the server from the weather provider.

    And not talk to 10 third party companies tracking me.

    Isn't that supposed to be fixable for all apps on your machine by using a hosts file?

    Hello? hello? Anyone there?

    NO CARRIER

  8. Tim J

    Dec 4 Pre-Release Testers, Xojo Pro Dehydrating in AZ

    @Tim S Isn't that supposed to be fixable for all apps on your machine by using a hosts file?

    That would require proper system administration knowledge - something that Apple and Microsoft are getting sneakier and sneakier about removing from the system owner's scope of access.

  9. Douglas H

    Dec 4 Pre-Release Testers, Xojo Pro

    @Tim J That would require proper system administration knowledge - something that Apple and Microsoft are getting sneakier and sneakier about removing from the system owner's scope of access.

    And much more practical for macOS or other LAN usage than iOS via carrier access.

  10. 2 months ago

    Sam R

    Dec 15 Pre-Release Testers, Xojo Pro Hengchun, Pingtung, Taiwan

    Okay, so the poor fellow who's had his app rejected for this reason, finally got a resolution from Apple; and an explanation.

    His application was written in Objective-C, and has a lot of custom classes. Apple were reading his selectors (method names) and decided that they didn't like them.

    As we can build custom Obj-C classes in Xojo (via declares or plugins), and custom sub classes of OS supplied classes. This is something to pay attention to if you get the same rejection.

  11. Dave S

    Dec 15 San Diego, California USA

    @Sam R . Apple were reading his selectors (method names) and decided that they didn't like them.

    They decided they didn't like the NAME of the class/function... .Not that they didn't like what it did or did not DO?

    Why (curious/rhetorical) would they care what the developer used as an internal reference, and what on earth might those undesireable names have been?

  12. Beatrix W

    Dec 15 Pre-Release Testers Europe (Germany)

    Here is the relevant part of the tweet:

    An artifact of my AS3-ObjC transpiling is methods with somewhat bizarre (though perfectly valid) signatures, like "+ new::::::::::::" upon which their code-check choked.

  13. Christian S

    Dec 15 Pre-Release Testers, Xojo Pro, XDC Speakers Germany

    We've run into this with private API usage, too.

    Which sometimes ended up hiding the call a bit by building the selector from two strings at runtime...

  14. Emile S

    Dec 16 Europe (France, Strasbourg)

    I had customers who disliked the people’s names I used (they do not provided yet at this time with real contact infos) just because I used politician, names of movie/music stars, etc.

    In the next beta, I used a different approach like Michael G (G for Gotbatchov) and they saw nothing / did not react.

    Yes, I asked them tons of times to send me their contact data so I can implement them in their software. And, all of a sudden, they send it to me (and what a bad list it was)…

    So: perception vs real use. I never let Listbox1 as a reference in a project, I try to use a meaningful method / function / whatever name, never double meaning word (when I know the used word have two different meanings), etc.

    At last, what Notarization is for ?
    (that ?)

  15. Tim J

    Dec 16 Pre-Release Testers, Xojo Pro Dehydrating in AZ

    I also had one of my apps rejected because it turns out that I had mistakenly named one of my methods by the same name as an Apple private API. In that, I also learned than simply changing it by adding TG to the beginning or end of the method name did not clear the automated check. I had to completely obfuscate every call in the project to that method.

  16. Derk J

    Dec 16 Pre-Release Testers, Xojo Pro

    @Tim J I also had one of my apps rejected because it turns out that I had mistakenly named one of my methods by the same name as an Apple private API. In that, I also learned than simply changing it by adding TG to the beginning or end of the method name did not clear the automated check. I had to completely obfuscate every call in the project to that method.

    Apple wan't it's apps, and software to be clear with method names and such because they can simply filter crash reports and maybe other stuff to target specific items in logs.

  17. Tim J

    Dec 16 Pre-Release Testers, Xojo Pro Dehydrating in AZ

    In my case, it was a collision with a private API name. My app wasn't denied because of any name, but because their automation claimed that I was calling a private API.

  18. scott b

    Dec 16 Pre-Release Testers, Xojo Pro local coffee shop

    @Tim J In my case, it was a collision with a private API name. My app wasn't denied because of any name, but because their automation claimed that I was calling a private API.

    is their private API names defined anywhere? or just a submit and hope for the best?

  19. Tim J

    Dec 16 Pre-Release Testers, Xojo Pro Dehydrating in AZ

    @scott b is their private API names defined anywhere? or just a submit and hope for the best?

    I don't know of a list and think you just have to be unlucky. In my case, I was just unlucky. IIRC, I used a pair of extensions to the Window class that I named SmoothResizeVertical and SmoothResizeHorizontal and one or both of those matched a private API call.

  20. Sam R

    Dec 17 Pre-Release Testers, Xojo Pro Hengchun, Pingtung, Taiwan

    @Dave S Why (curious/rhetorical) would they care what the developer used as an internal reference, and what on earth might those undesireable names have been?

    For your security, to make you safer. Apple is protecting the user from malevolent developers.

    @Emile S So: perception vs real use. I never let Listbox1 as a reference in a project, I try to use a meaningful method / function / whatever name, never double meaning word (when I know the used word have two different meanings), etc.

    I once had a function called "youFu##ingPieceOfS##t", which was fine, until an exception occurred in that function and I get sent e-mail reports...

    @Emile S At last, what Notarization is for ?

    Basically it's to put our apps through the same excruciating validation checks as the App Store apps, but we can sell them on our own.

    @scott b is their private API names defined anywhere? or just a submit and hope for the best?

    It would be nice for Apple to properly document it's public API...

    You can turn off function names, so then your custom function names won't trip up Apple's security, however any exceptions won't be able to report the function they were raised from.

  21. Newer ›

or Sign Up to reply!