The App Store checks for hidden functionality.

DaveS · December 18, 2018, 1:32am

Still doesn’t make sense… How would this either protect the end-user, or be of “benefit” to a nefarious developer?
If my code said “Call gotoHeck” (or whatever label/selector that Apple doesn’t like) “so what”… a label/selector is simply text that exists in the code to provide an addressable point of execution. I can see if that was a label/selector that somehow refered to a private/protected Apple API location, but that is not what this seems to be about.

A label/selector should be any combination of characters that meet the pre-defined criteria (must start with a letter, no spaces etc etc) and doesn’t duplicate specifed (or in this case unspecified) reserved words or phases.

As you pointed out… “youFu##ingPieceOfS##t”, was “legal” just not socially acceptable

I have a tendency to put

// S##T

in apps to remind me to alter things I may have hard-coded for testing purposes…
So my code is “good to go” when all the “S##T” is removed

Sam_Rowlands · December 18, 2018, 3:17am

My guess is because it’s quicker and easier to read the function symbols than to decompile the application and analyze it’s behavior.

In all honesty, I feel it’s more for the theater of security than actual security; but I can be wrong.

It doesn’t change the fact that this screening is at the very least part of the App Store submission process, and I suspect it’s part of the Notarization process also. I wonder how many actual issues it’s flagged v.s. how many innocent developers it’s wasted their time.

Tim_Jones · December 18, 2018, 2:52pm

And THAT “show” seems to be Apple’s focus for the last few years.

When a Solaris, HP-UX, or A/IX system can be locked down to the point of passing Banking, Sarbanes-Oxley, and HIPAA regulations and security requirements with “simple” Unix owner, group, and permissions settings and ACLs, why do these other OS vendors feel the need to one-up each other while still failing to maintain basic security and making it harder to develop for and use the systems?

DaveS · December 18, 2018, 3:04pm

While I never had to deal with “Banking”, I dealt with the other two for years… And on A/IX systems even. But there were still things that applications had to deal with internally to pass these audits…

Emile_Schwarz · December 18, 2018, 4:31pm

It may be time to modify the way our Functions / Methods get names. Something like:

Smooth_Resize_Vertical[/code] and [code]Smooth_Resize_Horizontal

or more personnal, for Tim:

TJ_Smooth_Resize_Vertical and TJ_Smooth_Resize_Horizontal.

Useful for searches: use the TJ_ prefix and you get your own list

If your complete initials are EARS, skip the idea or remove (the) two (mid) letters ;-

Tim_Jones · December 18, 2018, 5:22pm

And that has always been the case. The point being - as long as the app wasn’t doing something stupid, the OS’ existing security layers served the security requirements very well.

I did add TG_ and _TG and both were still flagged. I actually had to get much more obfuscated and removed the word “Smooth” altogether.