我们收到了苹果如下通知:是不是和MUI这套框架有关,如果有关有没有什么解决方法?
Dear Developer,
Your app, extension, and/or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with section 3.3.2 of the Apple Developer Program License Agreement and App Store Review Guideline 2.5.2. This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes.
This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.
Please perform an in-depth review of your app and remove any code, frameworks, or SDKs that fall in line with the functionality described above before submitting the next update for your app for review.
Best regards,
3 个回复
猫猫猫猫 - 用户已离线
邮件里提到的方法,个推模块和native.js模块有使用到。
会飞的羊 (作者)
我们app没有用到wgt和wgtu更新啊,为什么还会收到这种通知信呢?
会飞的羊 (作者)
个推模块我们可以去掉,native.js是MUI推荐的吧,我们以后不能用了么?
DCloud_heavensoft
不是不能用,很多使用了Native.js的也没下架。不太清楚苹果的规则。但不要在远程页面使用Native.js,不要使用Native.js调用苹果不推荐使用的api
2017-03-10 12:14
会飞的羊 (作者)
不要在远程页面调用,你的意思是我们有些内嵌的htm5页面是在我们服务器上的,这些页面不要用native.js么?
2017-03-10 12:25