expo: AppStore: Binary Rejected
Hello guys!
I’m trying to submit my application to the App Store. I got a rejection with the message:
From Apple
2. 5 Performance: Software Requirements
Guideline 2.5.2 - Performance - Software Requirements
Your app, extension, or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with App Store Review Guideline 2.5.2 and section 3.3.2 of the Apple Developer Program License Agreement.
Specifically, it would be appropriate to remove any and all remote code importing or dynamic content updating features from this app before resubmitting for review. We look forward to reviewing your revised submission.
This code, combined with a remote resource, can facilitate significant changes to your app’s
behavior compared to when it was initially reviewed for the App Store. While you may not be
using this functionality currently, it has the potential to load private frameworks, private
methods, and enable future feature changes. This includes any code which passes
arbitrary parameters to dynamic methods such as dlopen(), dlsym(),
respondsToSelector:, performSelector:, method_exchangeImplementations(), and
running remote scripts in order to change app behavior and/or call SPI, based on the
contents of the downloaded script. Even if the remote resource is not intentionally malicious,
it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious
security vulnerability to users of your app.
The next submission of this app may require a longer review time, and this app will not be eligible for an expedited review until this issue is resolved.
Next Steps
- Review the Software Requirements section of the App Store Review Guidelines.
- Ensure your app is compliant with all sections of the App Store Review Guidelines and the Terms & Conditions of the Apple Developer Program.
- Once your app is fully compliant, resubmit your app for review.
Submitting apps designed to mislead or harm customers or evade the review process may result in the termination of your Apple Developer Program account. Review the Terms & Conditions of the Apple Developer Program to learn more about our policies regarding termination.
If you believe your app is compliant with the App Store Review Guidelines, you may submit an appeal. Alternatively, you may provide additional details about your app by replying directly to this message
I used the 27 Expo SDK and my package.json is:
{
"name": "*******",
"version": "1.0.1",
"private": true,
"devDependencies": {
"jest-expo": "^28.0.0",
"react-native-scripts": "1.14.0",
"react-test-renderer": "16.3.1"
},
"main": "./node_modules/react-native-scripts/build/bin/crna-entry.js",
"scripts": {
"start": "react-native-scripts start",
"eject": "react-native-scripts eject",
"android": "react-native-scripts android",
"ios": "react-native-scripts ios",
"test": "jest"
},
"jest": {
"preset": "jest-expo"
},
"dependencies": {
"expo": "^28.0.0",
"lodash": "^4.17.10",
"moment": "^2.22.2",
"native-base": "^2.4.5",
"react": "16.3.1",
"react-native": "https://github.com/expo/react-native/archive/sdk-28.0.0.tar.gz",
"react-native-expandable-section-list": "^1.0.7",
"react-native-share": "^1.0.27",
"react-native-vector-icons": "^4.6.0",
"react-native-webview-messaging": "^1.2.3",
"react-navigation": "~2.3.1",
"socket.io-client": "^2.1.1",
"uuid": "^3.2.1"
}
}
My app.json is:
{
"expo": {
"name": "*****",
"icon": "./assets/icon.png",
"splash": {
"backgroundColor": "#ffffff",
"resizeMode": "contain",
"image": "./assets/splash.png"
},
"version": "1.0.1",
"sdkVersion": "28.0.0",
"ios": {
"bundleIdentifier": "****",
"buildNumber": "1"
},
"android": {
"package": "****",
"config": {
"fabric": {
"apiKey": "***",
"buildSecret": "***"
}
}
}
}
}
I guess I got an Apple Rerection due to a “arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector … etc”. But as I understand correctly it’s a basic functionality of RN and exists in all RN based applications.
I read a guide but still don’t understand what my next steps are…
App screens:
| 1 | 2 | 3 | 4 |
|---|---|---|---|
 |
 |
 |
 |
Thank you!
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 17 (3 by maintainers)
Having this (or at least a related) issue too with expokit.
We’ve been back and forth with the app store to no avail over mangled selectors in our submitted binary. We’ve disassembled the binary in question and can’t find the mangled selector(s) they’ve highlighted which is pretty frustrating as we can’t pinpoint the issue to any specific library. By a process of elimination we can’t see any other library/process this issue could be coming from.
Anyone else having this issue?
No, that was not the message we received. I can’t access it anymore, but it said something like:
(This is from memory).
I wrote back to them something like:
which is true.
Hi @AndyMoreland can you share a bit more about how you noted Apple that you use expo?
I got rejected with the following message, probably caused by the same issue?
Hi,
I was able to pass review with disabled OTA feature. Thank you for the help!
Hi there @bushev, you’re right, that is a very specific message from Apple which seems to reference an OTA update.
I think probably the best idea in this case would be to disable OTA completely in your app. You can do this by setting the
updates.enabledkey tofalseinapp.jsonand rebuilding the binary. (docs)At the moment we are not aware of any other cases where Apple has mentioned this API. We intend for all aspects of the Expo SDK to be compliant with Apple review guidelines. Let us know if you run into trouble after disabling updates, and sorry this is causing a delay for you.