Is "connected" a private API? apple told me so.
Appstore was saying I have used a private API when I submit my app :
Performance - 2.5.1
Your app still uses or references the following non-public APIs:
connected
The use of non-public APIs is not permitted on the App Store because
it can lead to a poor user experience should these APIs change.
Next Steps
Please revise your app to remove any non-public APIs. If you have
defined methods in your source code with the same names as the
above-mentioned APIs, we suggest altering your method names so that
they no longer collide with Apple's private APIs to avoid your
application being flagged in future submissions.
Additionally, if you are using third party libraries, please update to
the most recent version of those libraries. If you do not have access
to the libraries' source, you may be able to search the compiled
binary using the "strings" or "otool" command line tools. The
"strings" tool can output a list of the methods that the library calls
and "otool -ov" will output the Objective-C class structures and their
defined methods. These tools can help you narrow down where the
problematic code resides. You could also use the "nm" tool to verify
if any third-party libraries are calling these APIs.
Is this sure? or they made a mistake?
Thank you very much!
Related
Out of educational purposes I'm trying to use Eigen in my pet project. In order to speed the math I included macro EIGEN_USE_BLAS which activates use of blas library.
But I encountered an issue when I tried to upload my project to Testflight. The Apple response to that was:
ITMS-90338: Non-public API usage - The app references non-public
symbols in My-Project: _saxpy_, _sgemm_, _sgemv_, _strmm_,
_strmv_. If method names in your source code match the private Apple
APIs listed above, altering your method names will help prevent this
app from being flagged in future submissions. In addition, note that
one or more of the above APIs may be located in a static library that
was included with your app. If so, they must be removed. For further
information, visit the Technical Support Information at
http://developer.apple.com/support/technical/
I know that Apple has blas library as a part of Accelerate.framework and it should be use strictly through Accelerate API. But the thing is that Eigen also has their own blas included in their source and the library actually has no intention of using Accelerate.framework private guts. So that is why Apple asks me to rename those functions or remove them completely in order to get rid of that inconvenience.
But I'm not even sure that it is possible to do - to tune Eigen and its blas to use alternative names.
Is there maybe a way to solve that issue in some efficient manner? Or maybe I don't know something about Eigen usage in iOS environment?
I was lucky to figure out the problem with few tips from my fellow colleagues and a strong will to get the job done, and now I want to share with you my conclusions.
The problem: Eigen doesn't have BLAS binary provided, it only has it's headers. And when one uses EIGEN_USE_BLAS macro and it actually works, that means that Apple is linking Eigen BLAS functions to their binary - BLAS binary which is a part of Accelerate.framework. The trickiest part is that your project doesn't necessarily should have Accelerate.framework inside. XCode will add necessary files automatically and of course it won't bother to tell you that.
What's weird for me the most here is that using "naked" BLAS provided by Apple's Accelerate.framework is a clear violation because it's private API. So... from my perspective it's kind of XCode violates this rule without my intention and tells me nothing about it. Strange...
So, in order to fix it, you need to build BLAS or OpenBLAS binary (I have built OpenBLAS), add it to the project and link through Other linker flags in Build settings. After that the error is gone and you're able to upload your build to Testflight.
In order to save you some time in building OpenBLAS for iOS, I will leave you few links. I think those would be enough:
http://www.programmersought.com/article/2638161057/ - very clear tutorial on how to build OpenBLAS
https://github.com/xianyi/OpenBLAS/tree/release-0.2.21 - source code of the library
https://github.com/xianyi/OpenBLAS/issues/1531 - discussion where you can find solutions to problems you might encounter
What I found the most confusing part of this whole story is the message from Apple. Here's another copy of that:
ITMS-90338: Non-public API usage - The app references non-public
symbols in My-Project: saxpy, sgemm, sgemv, strmm, strmv. If
method names in your source code match the private Apple APIs listed
above, altering your method names will help prevent this app from
being flagged in future submissions. In addition, note that one or
more of the above APIs may be located in a static library that was
included with your app. If so, they must be removed. For further
information, visit the Technical Support Information at
http://developer.apple.com/support/technical/
I'm not a native English speaker but I feel pretty confident to say that this text is a non-sense and has absolutely nothing to do with the solving of the actual problem.
It says absolutely nothing about the fact that private API was linked to my code and that is the problem. And that I need to provide my own backend for those functions in order to make error disappear. It says about names matching and that altering my names will help to solve the problem, when it clearly will not in my case.
I hope Apple will bring more clarity into this problem and that errors descriptions will have more sense in the future.
I'm having problems with the publication of an App on 'Apple Store; Apple has refused to publish the App because it found references to non-public APIs, specifically: "setMaximumLength :, MaximumLength". Unfortunately, analyzing the source code, I was not able to find the calls to these Apis. How can I solve this problem?
--- APPLE MESSAGE ---
5 PERFORMANCE: SOFTWARE REQUIREMENTS
Performance - 2.5.1
Your app uses or references the following non-public APIs:
setMaximumLength:, maximumLength
The use of non-public APIs is not permitted on the App Store because it can lead to a poor user experience should these APIs change.
--- END OF THE MESSAGE ---
Versione XCode 8.0
Versione Xamarin.Forms2.3.2.127
Xamarin for Visual Studio 4.2
Xamarin.iOS 10
You can use Apple's XCode command line tools, notably strings or otool to look inside binaries and see which may be calling that private API.
Found in this post:
https://discussions.apple.com/thread/3838251?tstart=0:
"Additionally, one or more of the above-mentioned APIs may reside in a static library included with your application. If you do not have access to the library's source, you may be able to search the compiled binary using "strings" or "otool" command line tools. The "strings" tool can output a list of the methods that the library calls and "otool -ov" will output the Objective-C class structures and their defined methods. These techniques can help you narrow down where the problematic code resides."
My app is rejected because of the issue given below. i didnt find "imageWithName" in my code.kindly suggest me what should i do now??
i am searching this from last 2 days but i am not getting where the prblem is...
For info i would like to tell you that i am using google carboard plugin in this only.No ads at all.
Looking foward to your suggestions...
==============================
Performance - 2.5.1
Your app still uses or references the following non-public APIs:
imageWithName:
The use of non-public APIs is not permitted on the App Store because it can lead to a poor user experience should these APIs change.
Next Steps
Please revise your app to remove any non-public APIs. If you have defined methods in your source code with the same names as the above-mentioned APIs, we suggest altering your method names so that they no longer collide with Apple's private APIs to avoid your application being flagged in future submissions.
Additionally, if you are using third party libraries, please update to the most recent version of those libraries. If you do not have access to the libraries' source, you may be able to search the compiled binary using the "strings" or "otool" command line tools. The "strings" tool can output a list of the methods that the library calls and "otool -ov" will output the Objective-C class structures and their defined methods. These tools can help you narrow down where the problematic code resides. You could also use the "nm" tool to verify if any third-party libraries are calling these APIs.
Resources
For information on the "nm" tool, please see the "nm tool" Xcode manual page.
If there are no alternatives for providing the functionality your app requires, you may wish to file an enhancement request.
If you have difficulty reproducing a reported issue, please try testing the workflow described in Technical Q&A QA1764: How to reproduce bugs reported against App Store submissions.
If you have code-level questions after utilizing the above resources, you may wish to consult with Apple Developer Technical Support. When the DTS engineer follows up with you, please be ready to provide:
- complete details of your rejection issue(s)
- screenshots
- steps to reproduce the issue(s)
- symbolicated crash logs - if your issue results in a crash log
please help me!!!
Thanks in advance
our app have been rejected by apple with the following message: (i put in column the location of any api mentioned)
We found that your app uses one or more non-public APIs, which is not in compliance with the App Store Review Guidelines. The use of non-public APIs is not permissible because it can lead to a poor user experience should these APIs change.
We found the following non-public API/s in your app:
BuyFreeWinTicket_marshal___:numbers:os:, (my internal code)
getCellValidationInfo_unmarshal___:ok:, (my internal code)
AddAnimationPointForBall:nextX:nextY:forDuration:, (my internal code)
UIViewController, (?)
addSessionCookie:, (my internal code)
CanDoAutomaticLogin, (my internal code)
activeSessionIfExists, (my internal code)
AddSeperatorsToNumber:, (my internal code)
addRequestToExtendTokenForSession:connection:, (my internal code)
cworksImpression, (?)
AddFilterWithInex:, (my internal code)
ApplySuperKeypad, (my internal code)
applicationDidOpenURL:sourceApplication:, (my internal code)
clearPersistedAppEventData, (?)
canPresentMessageDialog, (?)
applicationDidOpenURL:sourceApplication:, (my internal code)
DeleteOldLogLines, (my internal code)
hideAllHUDsForView:animated:,(my internal code)
ServerRegistrationResponseOk:, (my internal code)
requestForCustomAudienceThirdPartyID:, (?)
automaticallyNotifiesObserversForKey:, (?)
addOrRemovePendingConnection:, (?)
addHEADOperation:, (3rd party ASIHTTPRequest)
NSOperationQueue, (3rd party ASIHTTPRequest)
-DisplayUserSuspendedDialogWithMessage:ReleaseByCaptcha:CaptchaURL:AndReturnTo:, (my internal code)
likeActionControllerForObjectID:, (?)
_parseDialogConfigs:, (?)
BackFromLottoLoginForNag:withEmail:andPassword:, (my internal code)
cacheRefreshDelay, (?)
FBViewController, (3rd party - looks like FB SDK)
deleteUnitTestUser:accessToken:, (?)
FathersAndMothersDisplayMothers:, (my internal code)
addRoundedRectToPath:rect:radius:, (?)
connection:didFailWithError:, (?)
createTokenFromDictionary:, (?)
FBSDKInitializeWithLaunchData:, (3rd party - looks like FB SDK)
fileExtensionsToHandleAsHTML, (3rd party ASIHTTPRequest)
_analyticsParameters, (?)
_copyValueForKey:fromDictionary:toDictionary:, (?)
appCallFromApplinkArgs_v2:applinkArgs:createTimeUTC:originalQueryParameters:, (?)
requestWithUserID:fields:dataSource:session:, (?)
FBGraphObjectPickerViewController, (3rd party - looks like FB SDK)
DisplayErrorConnectingToCheckoutServer, (my internal code)
graphObjectWrappingDictionary: (?)
If you have defined methods in your source code with the same names as the above-mentioned APIs, we suggest altering your method names so that they no longer collide with Apple's private APIs to avoid your application being flagged in future submissions.
Additionally, one or more of the above-mentioned APIs may reside in a static library included with your application. If you do not have access to the library's source, you may be able to search the compiled binary using "strings" or "otool" command line tools. The "strings" tool can output a list of the methods that the library calls and "otool -ov" will output the Objective-C class structures and their defined methods. These techniques can help you narrow down where the problematic code resides.
is that message means that Apple has Private APIs with the same signuture as the APIs mentioned above? (it means they use "-DisplayUserSuspendedDialogWithMessage:ReleaseByCaptcha:CaptchaURL:AndReturnTo:" as private signature - it is not possible)
how could we solve the problem - do we need to change all the above API names?
how could we verify we fix the problem or could we get the same error by myself (i've tried using app sccanner - it didn't find any private Api, and i've tried to use strings and otool but i don't understand what i need to look for)
it would be very helpful if someone could help us on it
about 3rd parties - we use FB SDK (ver 3.19), ASIHTTPRequest
I am working with a fat static library that uses dlopen() to load interal modules(.so) files inside the static library. On stackoverflow, developers says dlopen() is a private API.
In this case is it fine to use dlopen() or being an private API it shouldn't be used in user libraries irrespective of the library nature i.e static/dynamic.
If I can't use the dlopen() then can someone point to any resource for alternative way to accomplish the same task.
Note: This is regarding baresip BSD library. (http://www.creytiv.com/)
Update: The library is first trying to load all configured modules statically and if it fails then it is trying to load them dynamically using dlopen(). so removing the dynamic loading code will resolve my problem.
dlopen is not allowed on the iOS versions < iOS 8. See e.g. here.
Using dlopen with literal parameters has always been OK.
dlopen is documented, so it’s not a private API. Just type man dlopen in your terminal, or see App Extension Programming Guide > Handling Common Scenarios, or Dynamic Library Usage Guideline >1, 2.
If you try to use dlopen with code signed by you but not included in the app reviewed, you are infringing App Review Guidelines 2.5.2:
2.5.2 Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code, including other apps.
and you may get a message like this:
Your app, extension, and/or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with App Store Review Guideline 2.5.2 and section 3.3.2 of the Apple Developer Program License Agreement.
This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.