Guideline 2.5.2 - Performance - Software Requirements


Your app, extension, or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with App Store Review Guideline 2.5.2 and section 3.3.2 of the Apple Developer Program License Agreement.

This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.

The next submission of this app may require a longer review time, and this app will not be eligible for an expedited review until this issue is resolved.

分隔线----------------------------------------------------------------------------------------------翻译！

您的应用程序、扩展或链接框架似乎包含明确设计的代码，该代码具有在App Review批准后更改应用程序的行为或功能的能力，这不符合App Store Review Guideline 2.5.2和Apple Developer Program Lice的第3.3.2节。NSE协议。



与最初为App Store检查应用程序相比，此代码与远程资源结合可以促进应用程序行为的显著变化。虽然您当前可能没有使用此功能，但是它有可能加载私有框架、私有方法并启用将来的特性更改。这包括将任意参数传递给动态方法的任何代码，如dlopen()、dlsym()、respondsToSelector:、performSelector:、method_exchangeImplementations()，以及运行远程脚本，以便根据下载的脚本的内容更改应用程序行为和/或调用SPI。即使远程资源不是故意恶意的，它也可能很容易通过中间人（MiTM）攻击被劫持，这会给应用程序的用户造成严重的安全漏洞。



下一次提交此应用程序可能需要更长的审查时间，并且此应用程序将没有资格进行快速审查，直到这个问题得到解决。