Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to check if your iOS app code is using an api that is not allowed on the app store?

I know that there are some restricted api's or code that are not allowed to be in your app when you submit it to the app store.

How do you know what they are? Is there a way to check your app before you submit it to ensure you have not used such api's?

It is probably better to avoid this problem at the design stage, than trying to fix it later, so I was wondering if there is any tool in Xcode, or document to determine this.

like image 671
Rahul Iyer Avatar asked Mar 14 '12 03:03

Rahul Iyer


People also ask

Is there an API to access iOS App store data?

The best API for accessing Android and iTunes App Store data is https://www.appmonsta.com.

How do I enable unauthorized apps in iOS?

Tap Settings > General > Profiles or Profiles & Device Management. Under the "Enterprise App" heading, you see a profile for the developer. Tap the name of the developer profile under the Enterprise App heading to establish trust for this developer. Then you see a prompt to confirm your choice.

Can I see the code of an iOS app?

Yes, iOS apps are compiled, so the source code isn't included. You could try to decompile the app, but what you get isn't going to be the same as the source code that the author wrote. Thank you a lot by the answer.


2 Answers

The way Apple intends for you to do this is to use XCode's Validation feature. When you're submitting an app, you build for achiving (or Archive from the XCode menu). Then, you open up Organizer to see the archive you just created. At this point, you can press the Validate button in Organizer. That will perform a validation, without actually submitting the app. It will tell you if you're using Private APIs. Depending on how you use them, it might identify what the violation is:

Organizer screenshot

There's definitely ways that code can fool this validation step, and "get away" with using Private APIs until the reviewer looks at the bundle. But, as far as I know, those ways would all be intentional methods of hiding Private API usage, and it sounds like you're trying to discover accidental usage.

If you fail this Validation test, then you might want to use something like AppScanner, mentioned in alan duncan's answer. But, for completeness, I wanted to make sure people knew that this Validation step is available in XCode, and checking for Private API usage is one of the things it's doing before you submit (and have to wait a few days to be told what you did wrong). Also, even if you don't use the Validate button in Organizer, but just use Submit, the tool is performing a Validation for you. The only difference is whether the bundle actually gets uploaded to iTunes Connect.

like image 130
Nate Avatar answered Oct 17 '22 00:10

Nate


If you stick to documented interfaces as suggested above, you're fine. The only issue is with third-party libraries whose implementation may be opaque to you.

There is a Mac app called AppScanner that scans from private API usage. I have no experience with it, though.

like image 33
FluffulousChimp Avatar answered Oct 17 '22 00:10

FluffulousChimp