最近很多 iOS 开发者收到了以下消息。对 React Native 有影响吗?
Your app, extension, and/or linked framework appears to contain code
designed explicitly with the capability to change your app’s behavior
or functionality after App Review approval, which is not in compliance
with section 3.3.2 of the Apple Developer Program License Agreement
and App Store Review Guideline 2.5.2. This code, combined with a
remote resource, can facilitate significant changes to your app’s
behavior compared to when it was initially reviewed for the App Store.
While you may not be using this functionality currently, it has the
potential to load private frameworks, private methods, and enable
future feature changes. This includes any code which passes arbitrary
parameters to dynamic methods such as dlopen(), dlsym(),
respondsToSelector:, performSelector:,
method_exchangeImplementations(), and running remote scripts in order
to change app behavior or call SPI, based on the contents of the
downloaded script. Even if the remote resource is not intentionally
malicious, it could easily be hijacked via a Man In The Middle (MiTM)
attack, which can pose a serious security vulnerability to users of
your app. Please perform an in-depth review of your app and remove any
code, frameworks, or SDKs that fall in line with the functionality
described above before submitting the next update for your app for
review.
Best Answer-推荐答案 strong>
Apple 最近的行动似乎针对的是即将动态修改 native 代码包的框架。如果您在 RN 项目中使用这种库,那么您可能会受到影响。但是,如果您使用像 Code Push 这样的库,它可以让您修改 js 包,您预计不会受到影响。有一个HN thread关于它。您可以搜索 Microsoft 关键字来阅读。您也可以阅读 this .
关于ios - RN能通过苹果appstore的审核吗?,我们在Stack Overflow上找到一个类似的问题:
https://stackoverflow.com/questions/42661900/
|