Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How does Apple know you are using private API?

I submitted a binary file to Apple without any source code.

Apart from manually checking the source code how does Apple know what was used and what APIs you have called?

like image 280
Tattat Avatar asked May 16 '10 02:05

Tattat


People also ask

What is a private API Apple?

Private APIs provide a way of accessing parameters or functions that aren't documented in a publicly released software development kit (SDK) or a related project. Developers working for Apple can use its private APIs as needed, but the company's App Store rules disallow third-party developers from doing the same.

How does a private API work?

A private API is an application programming interface that has its application hosted with in-house developers. Private APIs act as front end interfaces to back end data and application functions. The interface provides a point of entry for developers or contractors that are working to develop those functions.

When should I use private API?

Essentially then, the goal of a private API program is to enable internal developers who are building new applications that leverage existing systems. Therefore, the needs and preferences of these devs should drive the decisions made by business managers and interface developers who are implementing the program.


2 Answers

There are 3 ways I know. These are just some speculation, since I do not work in the Apple review team.

1. otool -L

This will list all libraries the app has linked to. Something clearly you should not use, like IOKit and WebKit can be detected by this.

2. nm -u

This will list all linked symbols. This can detect

  • Undocumented C functions such as _UIImageWithName;
  • Objective-C classes such as UIProgressHUD
  • Ivars such as UITouch._phase (which could be the cause of rejection of Three20-based apps last few months.)

3. Listing Objective-C selectors, or strings

Objective-C selectors are stored in a special region of the binary, and therefore Apple could extract the content from there, and check if you've used some undocumented Objective-C methods, such as -[UIDevice setOrientation:].

Since selectors are independent from the class you're messaging, even if your custom class defines -setOrientation: irrelevant to UIDevice, there will be a possibility of being rejected.


You could use Erica Sadun's APIKit to detect potential rejection due to (false alarms of) private APIs.


(If you really really really really want to workaround these checks, you could use runtime features such as

  • dlopen, dlsym
  • objc_getClass, sel_registerName, objc_msgSend
  • -valueForKey:; object_getInstanceVariable, object_getIvar, etc.

to get those private libraries, classes, methods and ivars. )

like image 151
kennytm Avatar answered Oct 11 '22 20:10

kennytm


You can list the selectors in a Mach-O program using the following one-liner in Terminal:

otool -s __TEXT __objc_methname "$1" |expand -8 | cut -c17- | sed -n '3,$p' | perl -n -e 'print join("\n",split(/\x00/,scalar reverse (reverse unpack("(a4)*",pack("(H8)*",split(/\s/,$_))))))' 
like image 40
Robert Diamond Avatar answered Oct 11 '22 20:10

Robert Diamond