Jspatch is the perfect solution for rejection

?? First of all in this statement, this article is mainly to help the use of Jspatch was refused to want to remove, or did not use jspatch innocent implicated in the small partners. In order to resolve the issue of rejection without violating Apple's rules, if you are looking for a jspatch alternative, you can leave this page.

Jspatch was refused iOS developer Fryer

The cause of the incident, March 8 this year, most of the developers received such a postal seal:

Your app, extension, and/orLinked framework appears to containCode designed explicitly with  theCapability toChange your app ' s behaviororFunctionality AfterAPP Review approval, which is  not inchCompliance withSection3.3. 2  of  theApple Developer Program License Agreement andAPP Store Review Guideline2.5. 2. This code, combined withA remote resource, can facilitate significant changes toYour app ' s behavior compared toWhenitwas initially reviewed for  theAPP Store. While your may notBe using the This functionality currently,itHas thePotential toLoad private frameworks, private methods, andEnable the future feature changes. This includes any code which passes arbitrary parameters toDynamic methods Such asDlopen (), Dlsym (), Respondstoselector:, Performselector:, Method_exchangeimplementations (), and RunningRemote scriptsinchOrder toChange app BehaviororCall SPI, based on  the Contents  of  theDownloadedScript. Evenif  theRemote Resource is  notIntentionally malicious,itCould easily is hijacked via a man in the middle (MiTM) attack, which can pose a serious security vulnerability toUsers ofYour app. Perform aninch-depth Review ofYour app andRemove any code, frameworks,orSDKs thatFallinchLine with  theFunctionality describedabove beforeSubmitting theNext Update forYour app forReview. Best Regardsapp Store Review

At that time, I received a warning, a little confused, close to 20 apps at the same time received a warning, the first time to go online to look at the various materials, find the way of the Great God of miracles, unfortunately, the main road God, at this time a little voice, the title party is a lot of OH. It was not until I finally saw two blogs that I found my way.
http://www.jianshu.com/p/6803d660f67e
http://reactnative.cn/post/3551
According to these two blog self-analysis, Apple this audit jpsacth is not simply by virtue of a point to determine whether you use the thermal rehabilitation function, but according to the following points to form a chain of evidence to determine whether you are using a hot repair function.
1. Network/download function
2. Built-in scripting engine (Jspatch and other scripting tools)
3. Dynamic Access API
In order to ensure that the app is on the shelves, we need to break the chain of evidence that bad apples have ruled us out of compliance.

Network/Download function

?? Our app has Internet connection to download the function of source parts, so we can't get to the point, but I still delete the interface of the hot-repair script and the related code.

Built-in scripting engine (Jspatch and other scripting tools)

?? This through the first piece of a blog know, a push, high-gold map, bugtags,bugly, such as the SDK has hot repair function, we need to be in the app one by one, whether it has hot repair and other functions, in order to insure, I have used the third-party three SDK has been a review several times, I don't have one by one details here, of course, but also excludes the code snippets in our app that have their own implementation of the hot fix feature. This requires that we have self-check the platoon, their own code is the most clear.

Dynamic Access API

?? The so-called Dynamic Access API is a way to access related methods through strings.
After the first step, the second step of the processing, I closed down the JS hot fix script interface; troubleshooting and replacing all third-party SDKs are removed, but are still rejected four times. Reference to the Http://www.wtoutiao.com/p/7cbSPhD.html
Already the two methods mentioned in Apple's warning respondsToSelector:, performSelector: feel that Apple's detection of the dynamic API should be used in conjunction with the two methods to determine the reality. The reference to the eradication of the blog said

比如这么写是没问题的：if([self.delegate@selector(myDelegateMethod)]) {   [self.delegate@selector(myDelegateMethod)];}这么写就可能被打回：NSString *remotelyLoadedString = .... (download from your backend)[self performSelector: NSSelectorFromString(remotelyLoadedString)];

I think there is a need to bypass respondsToSelector:, performSelector: these two methods and replace them with methods that have the same functionality. There's a place in my app that uses code like that.

selector = NSSelectorFromString(selectorStr);        if ([weakSelf respondsToSelector:selector{            SuppressPerformSelectorLeakWarning([weakSelf performSelector:selector withObject:parameter]);        }

This kind of code is easy to be recognized by Apple with thermal rehabilitation function.

I have written two methods as follows:

+ (BOOL) Validatemehodcanrunwithtarget: (ID) Target Selectorstr: (NSString*) selectorstr{unsigned intMethodcount =0; method* methodlist = class_copymethodlist ([target class],&methodcount);Nsmutablearray*methodsarray = [NsmutablearrayArraywithcapacity:methodcount]; for(intI=0; i<methodcount;i++) {Method temp = methodlist[i];        Imp imp = method_getimplementation (temp); SEL name_f = method_getname (temp);Const Char* name_s =sel_getname (method_getname (temp));intarguments = method_getnumberofarguments (temp);Const Char* Encoding =method_gettypeencoding (temp);NSLog(@"Method Name:%@, Number of parameters:%d, encoding:%@",[NSStringSTRINGWITHUTF8STRING:NAME_S], arguments, [NSStringStringwithutf8string:encoding]); [Methodsarray addobject:[NSStringSTRINGWITHUTF8STRING:NAME_S]]; } free (methodlist); for(NSString*methodstr in [methodsarray copy]) {if([Methodstr Isequaltostring:selectorstr]) {return YES; Break; }    }return NO;}

I replaced it with the above method, respondsToSelector but there is one thing that needs to be done, using the method list can only get the instance method, not be able to fetch the class method, so I put the original in the app to determine the class method is converted into an instance method to reality.

As performSelector for the replacement, my side of the reference online, wrote a nsobject category added a new method:

- (ID) Runselector: (SEL) aselector withobjects: (Nsarray*) objects {nsmethodsignature *signature = [ SelfMethodsignatureforselector:aselector];    Nsinvocation *invocation = [Nsinvocation invocationwithmethodsignature:signature]; [Invocation settarget: Self];    [Invocation setselector:aselector]; Nsuinteger i =1; for(IDObject in objects) {IDTempobject = object;    [Invocation Setargument:&tempobject atindex:++i]; } [invocation invoke];if([signature methodreturnlength]) {IDData [Invocation getreturnvalue:&data];returnData }return Nil;}

These two methods are used to destroy the evidence chain that I use the dynamic API to identify the apple. Our app went on smoothly. This is the heart of our own journey and share with you to help solve the problem.

Jspatch is the perfect solution for rejection