Apple rejected - Guideline 2.3.1 & Guideline 2.5.2

My app was rejected recently. The message in the resolution center from Apple is like below:

Guideline 2.3.1 - Performance

We discovered that your app contains hidden features.

Guideline 2.5.2 - Performance - Software Requirements

Your app, extension, or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with App Store Review Guideline 2.5.2 and section 3.3.2 of the Apple Developer Program License Agreement.

This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.

Expo sdkVersion: “32.0.0”.
Not ejected.
Modules used: LinearGradient, Asset, Font, Permissions, takeSnapshotAsync, MediaLibrary, FileSystem, ImagePicker, ImageManipulator, StoreReview
Permissions used: Permissions.CAMERA_ROLL
OTA enabled: true

I’m not sure whether it is caused by the OTA. Now I’m going to disable the OTA, will it be ok?

We’ve deployed an Expo app and plenty of updates before with no issue to the App Store, but the stray rejection like this has me a little nervous (we’re going to deploying a few dozen apps for various clients over the next several months and banking on OTA updates being available). Any suggestions for how to respond to Apple?

Microsoft has a nice summary of why CodePush should be OK by Apple, and I would think the same would apply to Expo: GitHub - microsoft/react-native-code-push: React Native module for CodePush. In particular, it seems like it’d be worth a shot to explain how the Expo app with OTA updates enabled is in compliance with 3.3.2 in the Apple Developer License Agreement:

Interpreted code may be downloaded to an Application but only so long as such code: (a) does not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application as submitted to the App Store, (b) does not create a store or storefront for other code or applications, and (c) does not bypass signing, sandbox, or other security features of the OS.

Of course, they’re explicitly saying you’re in violation of 3.3.2, so who knows…

@waningflow - That message alone doesn’t tell us so much. For example, it’d be helpful to learn what they mean by, “We discovered that your app contains hidden features.” Specifically, what feature is considered hidden in your app?

Probably the most effective path forward is to ask for clarification on how exactly those two guidelines pertain to your app.

1 Like

Hey Keith,

This seems to be an isolated incident as of now so I don’t think there is much grounds to worry or be nervous. We’ve got ~1000 iOS apps being built per day with our build services and so far this is the only report of said reject. If that changes, we’ll be sure to provide updates with the community.

Cheers,
Adam

4 Likes

Thanks, Adam! That’s good to hear! I did do a search on the forums an hour ago, and saw a handful of App Store review rejection questions, but all related to completely different things that were easily-corrected. I suppose, with so many submissions, it’s inevitable that the occasional overzealous reviewer mucks things up a bit every once in a blue moon :slight_smile:.

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.