This article was first published on wechat public account [UC RESEARCH and development effectiveness]

The introduction

The biggest pain points of AppStore review can be summarized as three: “high false positive rate”, “vague description” and “slow appeal”. We know that Apple has a very strict approval process, and calls to private apis are absolutely not tolerated. Many developers are terrified of being asked for approval. Why was I rejected when I didn’t use this method? The code has been searched several times to find the relevant character, how to do ah… orz

Know the Apple review rules

Know your enemy and win every battle. To get over the audit mountain, it’s important to know what apple audit really is. So let’s figure out what apple did to us. So the first thing that we submit to Apple is an IPA file, and the bin file in it is a compiled binary executable file called machO in The Apple ecosystem, and the machO format defines various sections, such as a list of referenced libraries, a list of defined classes, a list of methods, a list of protocols, a list of strings, It then records the classes, methods, and actual machine addresses in an address mapping table. Apple can scan these sections for references to non-public apis, classes, and system libraries. Based on UC’s years of experience, Apple will pay special attention to the following points

  • References to private libraries, which should never appear;
  • There are virtual goods in the purchase of products using third-party payment, which is also strictly prohibited;
  • There’s only a declared method name, but no implemented method name, and if it hits, the probability of being rejected is very, very high;
  • All class names must not have the same name as private classes in the system. To reduce the possibility of rejection, change the name instead.
  • All strings that do not have the same name as the private class of the system should not have the same name. To reduce the possibility of rejection, change the name instead.
  • Apple scans the proprietary API library for all firmware versions;
  • Some apps also perform runtime scanning, so apple will find out whatever obfuscations, encrypts, splices you do.

Revealed rock rat iOS pretrial

In order to solve this problem for iOS developers, Rock Rat delved into how to find and deal with these problems. After all, the review process is so long that it’s hard to feel rejected.

  • First, we need to establish a feasible scanning method;
  • Second, we need to collect all known private API libraries;
  • Finally, this proprietary API library needs to be continuously refined and updated

Establish a set of scanning methods

As we know, iOS is self-contained, and many things cannot be separated from macOS system. We need to be platformized and universalized, and first of all, we need to solve the dependence of macOS system. So to eat the parsing out of machO, we’re going to load up the dynamic library, all the method names, all the class names, all the method names that have implementations, all the ASCII strings. These are in the BIN file of IPA, we can read them according to machO format. So how do we do that? First, we decompress the bin file in ipA, and then read the bin of the main module and various plug-ins in turn. Here is a brief description of machO format. The machO file will be divided into multiple segments, and one segment will be divided into multiple blocks, as shown below:








Build a private API library

Using RuntimeBrowser, run in the current mainstream firmware real machine, and export all Frameworks and PrivateFrameworks library, after comparison, finally private API according to the firmware version into the library.

Private API library intelligent upgrade

Once you’ve initialized the private API library, is that all for good? In fact, it is not. On the one hand, the accuracy of the private API library needs to be continuously improved. On the other hand, new private apis need to be continuously added, so as to ensure the effectiveness and accuracy of iOS pre-review. The private API library of The Rock Mouse has established an intelligent learning mechanism, which will collect the records of application rejection in Alibaba, analyze the rejection of private API, actively add new private API, and constantly improve the private API library. At the same time, the white list will be established to improve accuracy.

Free trial rock Rat iOS pre-review

IOS pretrial on Rock Mouse is easy. Just upload the IPA package to be questioned, wait a few minutes, and see the scan results.






Yanshu.effirst.com/product/pre…