Your app, extension, and/or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with App Store Review Guideline 2.5.2 and section 3.3.2 of the Apple Developer Program License Agreement.
This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.
您的应用程序,扩展,和/或链接的框架似乎包含代码明确设计的能力,应用程序审查批准后更改您的应用程序的行为或功能,这是不是在App Store审核指南2.5.2和3.3.2节的苹果开发者计划许可协议规。
此代码与远程资源相结合,可以促进应用程序的行为的显着变化相比,当它最初审查的应用程序商店。虽然您可能不使用此功能当前,它有可能加载私有框架,私有方法,并启用未来的功能变化。这包括任何代码,通过任意的参数,如dlopen(),dlsym(),respondstoselector动态方法,performselector:,method_exchangeimplementations(),为了运行远程脚本来改变应用程序的行为和/或调用SPI,基于下载的脚本的内容。即使远程资源没有恶意,它很容易被劫持,通过中间人(MITM)攻击,这可能对你的应用程序的用户的一个严重的安全漏洞。
有谁碰到过?我确实没有什么jspatch框架行为啊