私有api检查机制

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝ Q&A Start ＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

Q：How
does Apple know you are using private API?

I only submit the binary file to Apple. I didn't submit any source code to Apple.
Apart from manually check what you used. How Apple check what
API you have called? How did Apple know?

－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－

A：

There are 3 ways I know. These are just some speculation, since I do not work in the Apple review team.

1.

otool
-L

This will list all libraries the app has linked to. Something clearly you should not use, like IOKit and WebKit can be detected by this.

2.

nm
-u

This will list all linked symbols. This can detect

Undocumented C functions such as _UIImageWithName;

Objective-C classes such as UIProgressHUD

Ivars such as

UITouch._phase

(which
could be the cause of rejection
of Three20-based apps last few months.)

3. Listing Objective-C selectors, or

strings

Objective-C selectors are stored in a special region of the binary, and therefore Apple could extract the content from there, and check if you've used some undocumented Objective-C methods, such as

-[UIDevice
setOrientation:]

.

Since selectors are independent from the class you're messaging, even if your custom class defines

-setOrientation:

irrelevant
to UIDevice, there will be a possibility of being rejected.

You could use Erica
Sadun's APIKit to detect potential rejection due to (false alarms of) private APIs.

(If you really really really really want to workaround these checks, you could use runtime features such as

dlopen, dlsym

objc_getClass, sel_registerName, objc_msgSend

-valueForKey:

;
object_getInstanceVariable, object_getIvar, etc.

to get those private libraries, classes, methods and ivars. )
＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝ Q&A End ＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

to be verified:
tip a:

Let's say you want to use some private API; objective C allows you to construct any SEL from a string:

SEL my_sel = NSSelectorFromString([NSString stringWithFormat:\
@"%@%@%@", "se","tOr","ientation:"]);
[UIDevice performSelector:my_sel ...];

How could a robot or library scan catch this? They would have to catch this using some tool that monitors private accesses at runtime. Even if they constructed such a runtime tool, it is hard to catch because this call may be hidden in some rarely exercised
path.
tip b:
You can list the selectors in a Mach-O program using the following one-liner in Terminal:

otool -s __TEXT __objc_methname "$1" |expand -8 | cut -c17- | sed -n '3,$p' | perl -n -e 'print join("\n",split(/\x00/,scalar reverse (reverse unpack("(a4)*",pack("(H8)*",split(/\s/,$_))))))'

http://stackoverflow.com/questions/2842357/how-does-apple-know-you-are-using-private-api