Message from Apple Review...

Are you using Rollout.io? I'm getting the same message. Trying to figure out what it is. Rollout.io is the closest thing.

we got this message too, please advice us how to fix this

We got this message too, and we also have Rollout SDK in our project, though we are not using it. And do you guys see para 2?

This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior or call SPI, based on the contents of the downloaded script.

Does it means we can't use these methods anymore? Especially respondsToSelector and performSelector, they are quite useful. 

I wonder if this is targeted also at frameworks like MeteorJS and Ionic that allow for your WebView based apps to be updated without review. That always seemed like a pretty pourus (but convienent) solution for app updates.

I also receive this message from apple. And just use framwork of  mixpannel to collect app log, I am not sure is this the same issure

What about React Native apps? 

Not sure what Rollout can do to "fix" this. It seem pretty clear that Rollout's functionality is explicitly not allowed by Apple.

This message worries me slightly, as all our applications make use of a library that relies on method_exchangeImplementations(), however merely for extending the functionality of some classes, nothing like injecting code from a remote resource as rollout.io is doing.

App Store Review Guideline 2.5.2 states the following:

2.5.2 Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code, including other iOS, watchOS, macOS, or tvOS apps.

So applications that have a valid use for dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations() should not be affected by this I hope?

You can start by figuring out which functionality or behaviour of your app and/or the frameworks your are using could cause this.

You are the person who knows your product and code.

You did not even posted minimum information about your product behaviour and libraries you've used.

This is like asking random persons "why my car engine is not starting" and you'de expect the solution right away.

Apparantly the obvious cause would be rollout.io and they noticed that they are working on a fix for this, so until then you are probably stuck.

Rollout is one thing; performSelector is another. I wish Apple's description of the issue were a little clearer about this. If we can't use performSelector that's going to be a challenge. What could be meant by "arbitrary parameters"? Is the "and" in

"... includes any code which passes arbitrary parameters to dynamic methods ..., *and* running remote scripts"

just a continuation of banned things, or is it a boolean and, so you can do all the former as long as you're not running remote scripts?

So as useful as Rollout.io is for those using it, it's a violation of the app review guidelines.  I looked at it when it came out and decided not to get involved partly to avoid buying myself what I thought of as future trouble.

App review guidelines:

• 2.5.2 Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code, including other iOS, watchOS, macOS, or tvOS apps.

The "download" part if that is what Rollout.io does.

Hello everyone,

I think you should know about this : https://9to5mac.com/2017/03/07/apple-cracks-down-on-hot-push-code-sdks/ 

So, If your app is live on store then you should contact to your SDK provider and ask for solution. They might contact to Apple Inc. and find some better support.

Have there been any reports of this affecting reactnative apps?