Guideline 2.4.5(i) - Performance
Your app uses one or more entitlements which do not have matching functionality within the app. Apps should have only the minimum set of entitlements necessary for the app to function properly. Please remove all entitlements that are not needed by your app and submit an updated binary for review, including the following:
For links to essential video and documentation to learn how to sandbox your application, please see App Sandboxing.
Commonly added entitlements that many apps don’t need include:
“com.apple.security.network.server”
Apps that initiate outgoing connections (for example, to download new content from your server) only need to include “com.apple.security.network.client”. The server entitlement is only necessary for apps that listen for and respond to incoming network connections (such as web or FTP servers).
My app uses https for web queries to youtube. Did I perhaps just mark something wrong in AppWrapper or in the MAS submission form? In AppWrapper report it does list an “executable concern” as “Frameworks SSLSocketdyLib” but I don’t know what that actually means. I am using HTTPSecureSocket in one method.
if you’re just accessing the internet, you only need the client option. So I’d say unselect “Server” under “Network access”, and unless you really do access the user’s Downloads folder, you can probably just set that “none”.
Sorry but i’m not seeing what to change in Capabilities. If i don’t have both Server and Client checked it will not work. Is it under Temporary Entitlements or something?
[quote]oddly, when I uncheck Server it will not do the YouTube search. For that method I’m using
[/quote]
In the Metas (in the ‘server’ entitlement) I explained that I needed it, otherwise I could not get the app work as expected and described in Meta-Description. And they never questioned/question it.
Yes, that is what I would do after adding a well-worded explanation about server entitl. necessary to achieve the app’s functions described.
And if you get rejection again, make an appeal. Usually they let it pass.
Here is the explanatory note in the server entitlement of an app of mine: “Necessary to allow users to changed PASV (in the Preferences) and download from FTP servers. Without this entitlement, the app would crash.”
In you case, I’d write something like, "Necessary to allow users to access/download from YouTube etc. etc. Without this entitlement, the app would not work as advertised in “Description”.
Good luck.
That is not a sandboxing / entitlements error. I would recommend switching to the new framework Xojo.Net.HTTPSocket to handle SSL and a few other things automatically. I have had success with new framework sockets and the YouTube API. In general APIs are much more friendly to the new framework socket.
One thing to note is that the new socket cannot be used synchronously, you may need to change your design (I noticed above you make a synchronous request by including the timeout).
will the xojo.net.httpsocket work on Mac? assumed that was Windows only. my app is made for Mac right now, but I plan to port it to Windows too if there is enough interest.
From what I read xojo.net.httpsocket work on all targets. I’m using that on a program that connects to a server and download JSON data running on Mac and Windows.
It looks like xojo.net.httpsocket may work for my purposes, however, when I try plugging a variable in for the url, it gives me an error when i try to compile. I tried it on the FeedBin example:
dim thisVersion as string
thisVersion = "v2"
FBSocket.Send("GET", "https://api.feedbin.com/"+thisVersion+"/subscriptions.json")
and i get: “There is more than one item with this name and it’s not clear to which this refers.”
FBSocket.Send(“GET”, “https://api.feedbin.com/"+thisVersion+"/subscriptions.json”)
I also tried substituting a variable for the whole url (which I had planned to do) with the same results.
dim myURL as string
myURL = "https://api.feedbin.com/v2/subscriptions.json"
FBSocket.Send("GET", myURL)
The url needs to be dependent on what the user enters into a text field, so it can’t just be a constant.
Xojo.Net.HTTPSocket is from the new framework. The new framework uses Text as a datatype, not String.
myURL and thisVersion need to be Text and not String.
thanks for the help with xojo.net.httpsocket. I got it to work, and it worked without the server entitlement in AppWrapper, but when i submitted it, they dinged me still for com.apple.security.files.downloads.read-write
I realized i was still using HTTPSecureSocket for one method that downloads files, so I switched that to xojo.net.httpsocket as well. It works, but now when I wrap the app, it no longer works if I don’t have Server (allow incoming connections) checked in AppWrapper, when it did work without that before. I don’t know what went wrong all of a sudden. I have no instances of HTTPSecureSocket in my app anymore. Just kind of perplexed why it suddenly stopped working without the Server setting checked.
I figured it out. i was using a shell script to test internet connection and that was causing it to not run when I had Server entitlement unchecked in AppWrapper. I substituted the shell script for a little http call posted by Michel Bujardet in another thread and it works great now. Hopefully I can get it accepted this time. https://forum.xojo.com/5104-checking-internet-connection/0
Thanks again for all your help and patience with me (an old art major turned s/w developer)! I wouldn’t have been able to do anything if I hadn’t discovered RealBasic 11 years ago, then RealStudio, and now XOJO and of course all the help I’ve gotten from you folks here on the forum. you guys rock!
