Apple reject my App, because using private Api - allowsAnyHTTPSCertificateForHost,Why?
Question
We found that your app uses one or more non-public APIs, which is not in compliance with the App Store Review Guidelines. The use of non-public APIs is not permissible because it can lead to a poor user experience should these APIs change.
We found the following non-public API/s in your app:
allowsAnyHTTPSCertificateForHost:
If you have defined methods in your source code with the same names as the above-mentioned APIs, we suggest altering your method names so that they no longer collide with Apple's private APIs to avoid your application being flagged in future submissions.
Additionally, one or more of the above-mentioned APIs may reside in a static library included with your application. If you do not have access to the library's source, you may be able to search the compiled binary using "strings" or "otool" command line tools. The "strings" tool can output a list of the methods that the library calls and "otool -ov" will output the Objective-C class structures and their defined methods. These techniques can help you narrow down where the problematic code resides.
We appreciate that you may have made the precautions in your code for using non-public APIs, however, there is no way to accurately or completely predict how an API may be modified and what effects those modifications may have. For this reason, we do not permit the use of non-public APIs in App Store apps.
If there are no alternatives for providing the functionality your app requires, we encourage you to file an enhancement request. Or, try working with the Apple Developer Technical Support team to explore alternative solutions.
On occasion, there may be apps on the App Store that don't appear to be in compliance with the App Store Review Guidelines. We work hard to ensure that the apps on the App Store are in compliance and we try to identify any apps currently on the App Store that may not be. It takes time to identify these occurrences but another app being out of compliance is not a reason for your app to be.
For discrete code-level questions, you may wish to consult with Apple Developer Technical Support. Please be sure to:
- include the complete details of your rejection issues
- prepare any symbolicated crash logs, screenshots, and steps to reproduce the issues for when the DTS engineer follows up.
For information on how to symbolicate and read a crash log, please see Tech Note TN2151 Understanding and Analyzing iPhone OS Application Crash Reports.
If you have difficulty reproducing this issue, please try testing the workflow as described in https://developer.apple.com/library/ios/qa/qa1764/ Technical Q&A QA1764: How to reproduce a crash or bug that only App Review or users are seeing.
2 answers
solution1
1 2013-09-12 08:08:26
You should be happy that Apple discovered a security risk in your app. What you are doing is completely disabling client side server verification in a SSL/TLS connection. That's really NOT what you want to do - unless for unit testing.
You should fix the security risk, and also NOT follow Prem Kumar's link in his comment - since the suggested code does actually the same (disabling server trust verification), just without using private APIs.
solution2
0 2013-09-12 06:30:39
You maybe using QQ-SDK1.8, it use private API:allowsAnyHTTPSCertificateForHost. And 1.8.1 version has repaired it .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.