关于苹果对热更新的警告邮件的深究
关于苹果对热更新的警告邮件的深究
3月8号大量的使用JSPatch、weex、React Native技术开发者收到了被苹果警告的邮件:
Dear Developer,
Your app, extension, and/or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with section 3.3.2 of the Apple Developer Program License Agreement and App Store Review Guideline 2.5.2. This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes.
This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.
Please perform an in-depth review of your app and remove any code, frameworks, or SDKs that fall in line with the functionality described above before submitting the next update for your app for review.
Best regards,
当时很多人都炸锅了,觉得不能用weex、react native了,而本人也正在学习RN,我也找到了facebook在github上的开发者的辟谣帖,截图如下:
![paste image][image-1]
也就是说,RN更新的并不是native code,而只是js,所以,不用怕,RN继续用,而此次苹果应该针对的是JSPatch的热更新技术。
以下是苹果声明的:
![paste image][image-2]
只要不改变应用的主要功能,就是被允许的。
原帖如下:
[facebook辟谣帖][1]
我也就安心的继续学习RN了,放张美女压压精。。。。。
![paste image][image-3]
[1]: https://github.com/facebook/react-native/issues/12778
[image-1]: http://clockcoder.com/images/1489735622851gz9luoo3.png?imageslim
[image-2]: http://clockcoder.com/images/1489736646742eze47qgw.png?imageslim
[image-3]: http://clockcoder.com/images/14897359174969gcom9xu.png?imageslim