私有api检查机制
2012-01-18 12:33
323 查看
====================== Q&A Start ====================
Q:How
does Apple know you are using private API?
I only submit the binary file to Apple. I didn't submit any source code to Apple.Apart from manually check what you used. How Apple check what
API you have called? How did Apple know?
------------------------------------------------
A:
There are 3 ways I know. These are just some speculation, since I do not work in the Apple review team.
1. otool
-L
This will list all libraries the app has linked to. Something clearly you should not use, like IOKit and WebKit can be detected by this.
2. nm
-u
This will list all linked symbols. This can detectUndocumented C functions such as _UIImageWithName;
Objective-C classes such as UIProgressHUD
Ivars such as
UITouch._phase(which
could be the cause of rejection
of Three20-based apps last few months.)
3. Listing Objective-C selectors, or strings
Objective-C selectors are stored in a special region of the binary, and therefore Apple could extract the content from there, and check if you've used some undocumented Objective-C methods, such as -[UIDevice setOrientation:].
Since selectors are independent from the class you're messaging, even if your custom class defines
-setOrientation:irrelevant
to UIDevice, there will be a possibility of being rejected.
You could use Erica
Sadun's APIKit to detect potential rejection due to (false alarms of) private APIs.
(If you really really really really want to workaround these checks, you could use runtime features such as
dlopen, dlsym
objc_getClass, sel_registerName, objc_msgSend
-valueForKey:;
object_getInstanceVariable, object_getIvar, etc.
to get those private libraries, classes, methods and ivars. )
====================== Q&A End =====================
to be verified:
tip a:
Let's say you want to use some private API; objective C allows you to construct any SEL from a string:
SEL my_sel = NSSelectorFromString([NSString stringWithFormat:\ @"%@%@%@", "se","tOr","ientation:"]); [UIDevice performSelector:my_sel ...];
How could a robot or library scan catch this? They would have to catch this using some tool that monitors private accesses at runtime. Even if they constructed such a runtime tool, it is hard to catch because this call may be hidden in some rarely exercised
path.
tip b:
You can list the selectors in a Mach-O program using the following one-liner in Terminal:
otool -s __TEXT __objc_methname "$1" |expand -8 | cut -c17- | sed -n '3,$p' | perl -n -e 'print join("\n",split(/\x00/,scalar reverse (reverse unpack("(a4)*",pack("(H8)*",split(/\s/,$_))))))'
http://stackoverflow.com/questions/2842357/how-does-apple-know-you-are-using-private-api
相关文章推荐
- 私有api检查机制
- java 反射机制 之 getDeclaredField 获取私有保护字段, 再setAccessible(true)取消对权限的检查 实现对私有的访问和赋值
- 私有api:升级检查版本比较
- 苹果私有API检查工具开源项目
- NGINX 健康检查和负载均衡机制分析
- iPhone开发技巧之私有API--- 用UIWebView访问BASIC认证的页面
- iPhone开发技巧之私有API--- UIBarButtonItem
- WebView 私有api
- android官方Api 理解Activity生命周期的回调机制(适合有基础的人看)
- iOS私有API之wifi扫描和wifi连接
- 双重检查机制被破解的声明
- 一款负载均衡、监控和自动伸缩的解决方案——为基于AWS API的私有云而建
- 如何检查SuperMap iCloudManager是否兼容OpenStack API?
- spark streaming 检查点机制(checkpoint)
- VC控制台内存泄露检查机制
- 26 API-网络编程(网络概述,Socket通信机制,UDP协议发送和接收数据,TCP协议发送和接收数据)
- Qt刷新机制的一些总结(Qt内部画的时候是相当于画在后台一个对象里,然后在刷新的时候调用bitblt统一画,调用window的api并不会影响到后面的那个对象)
- 使用Hadoop打造私有云盘之API操作
- class-dump 私有API
- iOS 私有API调用