Hello,
Thank you for your continued patience.
We are writing to let you know that we have completed the review of your app. Upon further review, we found that your app does not comply with the following guidelines:
Guideline 2.5.2 - Performance - Software Requirements
Your app, extension, or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with App Store Review Guideline 2.5.2 and section 3.3.2 of the Apple Developer Program License Agreement.
This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.
The next submission of this app may require a longer review time, and this app will not be eligible for an expedited review until this issue is resolved.
Next Steps
- Review the Software Requirements section of the App Store Review Guidelines.
- Ensure your app is compliant with all sections of the App Store Review Guidelines and the Terms & Conditions of the Apple Developer Program.
- Once your app is fully compliant, resubmit your app for review.
Submitting apps designed to mislead or harm customers or evade the review process may result in the termination of your Apple Developer Program account. Review the Terms & Conditions of the Apple Developer Program to learn more about our policies regarding termination.
Guideline 2.3.1 - Performance
We discovered that your app contains hidden features. Specifically, your app includes signs of remote Javascript code downloading support.
The next submission of this app may require a longer review time, and this app will not be eligible for an expedited review until this issue is resolved.
Next Steps
- Review the Performance section of the App Store Review Guidelines.
- Ensure your app is compliant with all sections of the App Store Review Guidelines and the Terms & Conditions of the Apple Developer Program.
- Once your app is fully compliant, resubmit your app for review.
Submitting apps designed to mislead or harm customers or evade the review process may result in the termination of your Apple Developer Program account. Review the Terms & Conditions of the Apple Developer Program to learn more about our policies regarding termination.
Please note that all apps submitted to the App Store are reviewed against the App Store Review Guidelines, including the Developer Code of Conduct. If we find any issues during our review, the review time of your app will be extended.
You can avoid future extended reviews by ensuring your apps don’t attempt to mislead or harm customers or undermine the review process. Be sure to review the App Store Review Guidelines and read the Developer Code of Conduct so you understand our requirements prior to submitting any apps for review.
We hope you will consider making the necessary changes to be in compliance with the App Store Review Guidelines and will resubmit your revised binary.
Best regards,
App Store Review
