Does apple view the actual source code when approving apps?

iphone app-store appstore-approval
22,255

Solution 1

While none of us have access to the internal review process (which appears to be continuously changing), there are a few things that can be said based on the responses that people have received.

First, Apple has no access to your source code, so they do not review that. You submit a binary as part of an application bundle, along with your other application resources.

They do, however, appear to scan your application's binary for certain symbols that indicate the use of private APIs. A number of applications started crashing after iPhone OS updates because they used these private APIs, so Apple has been cracking down on this.

There are plenty of applications on the store that have memory leaks or other performance issues. I know that I've submitted versions of my applications that had subtle leaks (since fixed) and had no problems with review. Therefore, it does not appear that they do any sort of performance testing or profiling.

The only place where a memory leak causes a problem doing review is when that memory leak gets so bad that the application crashes when the reviewer is testing it. If your application crashes at any point during the review process, it will be rejected.

Beyond that, they have a checklist of user interface elements that they check for proper usage of (no persistent selections on table view rows, etc.). If your application deviates significantly from the Human Interface Guidelines when using these standard UI elements, you may get rejected.

Apple is very careful about copyright, particularly with their own images and artwork, so you may run into trouble if you use copyrighted material improperly.

Most of the rejection reasons you will face are preventable by making your application stable and by following platform guidelines, but some are not. Certain classes of applications have been rejected due to their intended use, and again the classes of applications that are allowed on the store change on a regular basis. This can add frustration and uncertainty when dealing with the App Store, but the vast majority of application types will never run into problems (as can be seen in the diversity of applications currently available).

Solution 2

try to use otool -L binary yourself and you can see immediately if a private API framework got used...

Solution 3

Apple does not care about leaks and profiling information for your App. The Operating system is able to kill your app if that gets out of hand. What they actually do is manually run your App and check if it follows some of Apples guidelines. In an automated process they extract symbols, selectors and strings from your binary and check those for usage of private APIs.

You might want to try nm -u on your (simulator) binary.

Solution 4

No, they only have access to the binary code that you send them.

They can run this through profilers checking for memory leaks and the like.

Solution 5

They do not have access to your source; it is not part of what you send to them. They test the binary you send them for leaks and such. I think they also check what data your app sends out to make sure it isn't doing anything egregiously bad (sending passwords or the like).

Share:
22,255
some_id
Author by

some_id

Updated on October 16, 2020

Comments

  • some_id
    some_id over 3 years

    How exactly does apple approve apps? Is the actual source code viewed?

  • MacMark
    MacMark over 12 years
    This is wrong. Apple has access to your source code: When you submit the app, the API usage is analyzed on your machine by Apple's developer tools and send to Apple before the App is submitted.
  • Brad Larson
    Brad Larson over 12 years
    @MacMark - No, they don't, and that's not what happens. You build a binary on your machine and send them just that binary. Binaries compiled from Objective-C can retain symbols within them for the methods that they call, so these can be dumped and scanned. Additionally, it is possible that Apple could run your binary within their own specially constructed frameworks and see when that binary calls out to things it shouldn't. Given the reports of false positives by people with methods that happened to match Apple's private ones, the symbol scanning approach is the most likely.
  • Brad Larson
    Brad Larson over 12 years
    @MacMark - At no point in this process does Apple take in your own source code, and API usage is not analyzed on your local machine. They have a helper now in Xcode that can send your binary off to be validated on Apple's servers, but they are not scanning your local code.
  • MacMark
    MacMark over 12 years
    You did not recognize the "analyzing API usage" before the submit?
  • Brad Larson
    Brad Larson over 12 years
    @MacMark - Where do you see that? When I build and archive an application, it just does the normal compile / link / codesign cycle (optionally with my local use of the Clang static analyzer to look for faults in my code, but none of that is communicated to Apple in any way), resulting in an archived, codesigned binary. What is then submitted to Apple is that finished binary. Last time I submitted a binary, it did server-side validation on it. Even if they moved some of this analysis locally, it's still just looking at your binary, not any source code.
  • MacMark
    MacMark over 12 years
    I saw it before upload in Xcode and/or Application Loader. This means it would be possible to check the source code since the check happens on my machine. But checking the application binary for API usage is easier for a machine so they don't want to check the source code.
  • Fattie
    Fattie almost 10 years
    HI MacMark, pretty sure you're just mistaken on this one. BL has explained the situation.
  • Fattie
    Fattie almost 10 years
    Regarding Apple being careful about copyright. "And how." Here's an example... You know when you have "a photo" in any app or on the web, it's common to use an icon that looks like an old-days "Polaroid". You know, sort of a square with a rectangle along the bottom. In fact if you just happen to use that sort of photo-looking iconography in an app - it will be rejected since that IP belongs to Polaroid group worldwide!
  • Qix - MONICA WAS MISTREATED
    Qix - MONICA WAS MISTREATED over 5 years
    @MacMark I'm super late to the game here, but remember that you can view which symbols are imported by a binary without needing the source. This is most likely what Apple is scanning for.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Can I hide or make my iphone Application unsearchable on the App Store?
iPhone reachability checking
iOS installing apps without app store
Make an iPhone specific app work on iPad to meet Apple requirements
iPhone only app rejected for not running on iPad
Just got my app rejected because it ask the user to register on startup
How to make ios App Store link with parameters?
How to install app from TestFlight via itunesconnect as an internal tester in ios?
New iTunes Connect: How to resubmit after "Metadata rejected"
How long before an app review shows up in iTunes Connect?