私有api检查机制
来源:互联网 发布:karolina kurkova知乎 编辑:程序博客网 时间:2024/05/09 06:57
====================== Q&A Start ====================
Q:How does Apple know you are using private API?
A:
There are 3 ways I know. These are just some speculation, since I do not work in the Apple review team.
1. otool -L
This will list all libraries the app has linked to. Something clearly you should not use, like IOKit and WebKit can be detected by this.
2. nm -u
This will list all linked symbols. This can detect
- Undocumented C functions such as _UIImageWithName;
- Objective-C classes such as UIProgressHUD
- Ivars such as
UITouch._phase
(which could be the cause of rejection of Three20-based apps last few months.)
3. Listing Objective-C selectors, or strings
Objective-C selectors are stored in a special region of the binary, and therefore Apple could extract the content from there, and check if you've used some undocumented Objective-C methods, such as -[UIDevice setOrientation:]
.
Since selectors are independent from the class you're messaging, even if your custom class defines -setOrientation:
irrelevant to UIDevice, there will be a possibility of being rejected.
You could use Erica Sadun's APIKit to detect potential rejection due to (false alarms of) private APIs.
(If you really really really really want to workaround these checks, you could use runtime features such as
- dlopen, dlsym
- objc_getClass, sel_registerName, objc_msgSend
-valueForKey:
; object_getInstanceVariable, object_getIvar, etc.
to get those private libraries, classes, methods and ivars. )
====================== Q&A End =====================Let's say you want to use some private API; objective C allows you to construct any SEL from a string:
SEL my_sel = NSSelectorFromString([NSString stringWithFormat:\@"%@%@%@", "se","tOr","ientation:"]); [UIDevice performSelector:my_sel ...];
How could a robot or library scan catch this? They would have to catch this using some tool that monitors private accesses at runtime. Even if they constructed such a runtime tool, it is hard to catch because this call may be hidden in some rarely exercised path.
tip b:otool -s __TEXT __objc_methname "$1" |expand -8 | cut -c17- | sed -n '3,$p' | perl -n -e 'print join("\n",split(/\x00/,scalar reverse (reverse unpack("(a4)*",pack("(H8)*",split(/\s/,$_))))))'
- 私有api检查机制
- 私有api检查机制
- 私有api
- 私有API
- 私有API
- 私有API
- java 反射机制 之 getDeclaredField 获取私有保护字段, 再setAccessible(true)取消对权限的检查 实现对私有的访问和赋值
- 有关私有API
- 苹果私有API
- iphone 私有api
- iPhone私有API使用
- iOS私有API
- WebView 私有api
- class-dump 私有API
- 私有api用法
- 怎么获得私有api
- 私有API(转)
- 苹果私有api------SpringBoard
- Sparse Autoencoder1-NeuralNetworks
- PL/SQL-FOR UPDATE 与 FOR UPDATE OF的区别
- google Earth与专业GIS区别
- WEB站点性能优化实践(加载速度提升2s)
- Android中ListView圆角实现,仿iPhone中UITableView
- 私有api检查机制
- 二分
- <转>如何用ps制作名片
- USACO Section 1.1 Your Ride Is Here
- 『windows编程』WinSock相关记录
- IOS UIApplication sharedApplication详解
- ORA-00054 解决
- C# 写Excel 的例子(以 OleDb 方式)
- 讲解有关"SELECT FOR UPDATE"的一些概念