Dynamically Calling Private API Without Being Noticed by the App Store [closed]

Question

Recently I heard quite a few rumors (or true stories?) on how some Chinese iOS developers succeeded in fooling the App Store private API checking system and have their dynamically-calling-private-api apps approved and available in the app store.

So far those stories focused on WebKit private APIs. They stated that they succeeded in getting access to the iPhone user's personal data by calling those private WebKit APIs.

I have to say I'm confused. My question:

• Is their statement logical? (i.e. Is it possible to getting access to the user's data through WebKit private API?)

My thinking on possible ways to achieve the task.

• through the performSelector: method
• through NSInvocation
• through this so-called almighty and mysterious reflection thing

I don't think it's possible myself. But my iOS experience is limited so I'm not that confident in my judgement. Any suggestions are highly welcome. :)

Answer 1

To answer your question, yes their statement is logical. You would likely be able to access user's personal data through a number of private APIs. You don't mention what personal information, so it's not possible to say definitively.

My comment on your thinking about ways to do this: don't, it's not worth the risk to your reputation as a developer, or the client's reputation if this is a work for hire, or the status of your developer account if you're trying to circumvent/violate the terms of service you agreed to with Apple.