How does Apple know you are using private API?

iphone objective-c appstore-approval

I submitted a binary file to Apple without any source code.

Apart from manually checking the source code how does Apple know what was used and what APIs you have called?


There are 3 ways I know. These are just some speculation, since I do not work in the Apple review team.

1. otool -L

This will list all libraries the app has linked to. Something clearly you should not use, like IOKit and WebKit can be detected by this.

2. nm -u

This will list all linked symbols. This can detect

  • Undocumented C functions such as _UIImageWithName;
  • Objective-C classes such as UIProgressHUD
  • Ivars such as UITouch._phase (which could be the cause of rejection of Three20-based apps last few months.)

3. Listing Objective-C selectors, or strings

Objective-C selectors are stored in a special region of the binary, and therefore Apple could extract the content from there, and check if you've used some undocumented Objective-C methods, such as -[UIDevice setOrientation:].

Since selectors are independent from the class you're messaging, even if your custom class defines -setOrientation: irrelevant to UIDevice, there will be a possibility of being rejected.

You could use Erica Sadun's APIKit to detect potential rejection due to (false alarms of) private APIs.

(If you really really really really want to workaround these checks, you could use runtime features such as

  • dlopen, dlsym
  • objc_getClass, sel_registerName, objc_msgSend
  • -valueForKey:; object_getInstanceVariable, object_getIvar, etc.

to get those private libraries, classes, methods and ivars. )


You can list the selectors in a Mach-O program using the following one-liner in Terminal:

otool -s __TEXT __objc_methname "$1" |expand -8 | cut -c17- | sed -n '3,$p' | perl -n -e 'print join("\n",split(/\x00/,scalar reverse (reverse unpack("(a4)*",pack("(H8)*",split(/\s/,$_))))))'

Let's say you want to use some private API; objective C allows you to construct any SEL from a string:

   SEL my_sel = NSSelectorFromString([NSString stringWithFormat:\
@"%@%@%@", "se","tOr","ientation:"]);
    [UIDevice performSelector:my_sel ...];

How could a robot or library scan catch this? They would have to catch this using some tool that monitors private accesses at runtime. Even if they constructed such a runtime tool, it is hard to catch because this call may be hidden in some rarely exercised path.


I imagine they look at all symbols your binary's trying to import (info no doubt easily available to them in the symbol table thereof) and ding you if any of those symbols are found in their "private API list". Pretty easy to automate, in fact.


A executable isn't exactly a black box. If you call out to a library, it's an easy thing to find. This is why I lament the loss of the assembly languages in modern CS educations. =] Tools like ldd will tell you what you have linked in, though I don't remember what incarnation of ldd made it to the mac iPhone dev kit.

Related

How to increment a pointer address and pointer's value?
Real life example, when to use OUTER / CROSS APPLY in SQL
Long-lasting FB access-token for server to pull FB page info
Graphically locate the axes or foci of an ellipse from 5 arbitrary points on its perimeter.
independence of a sum of random variables [duplicate]
Schur stability without the Jordan canonical form
Argue for formula about one-dimensional harmonic oscillator
Prove $\frac{1}{\sqrt{n}}\|A\|_{\infty} \leq\|A\|_{2} \leq \sqrt{m}\|A\|_{\infty} $
Let $X, Y$ be vector fields on a manifold $M$. Show, that $XY$ is not a vector field
$L^1_{\text{loc}}$, Frechet Space and norm-distance
Which types of first-order signatures have proper pseudo-elementary classes?
Prove inequality for vectors in $\mathbb{R}^{n}$