ios-jsc

ios-jsc copied to clipboard

We were running to the issue where the generated metadata for iOS contained references to AdSupport.framework causing the App being rejected by Apple (or at least causing our customer to not proceed with the review process because of unclassified code usage)

It would be good to allow users to blacklist certain modules/frameworks form the SDK or better whitelist those modules/frameworks actually used.

We had to remove the AdSupport.framework completely form the SDK (by removing the users access rights) to prevent the app containing references to it.

For reference we got that in itunes connect:

Ensure that you select the correct answer for Advertising Identifier (IDFA) usage. If your app does contain the IDFA and you select No, the binary will be permanently rejected and you will have to submit a different binary.

and a grep -Hirn ASIdentifierManager platforms/ios showed that Apple is right about the usage.

the generated metadata for iOS contained references to AdSupport.framework causing the App being rejected by Apple

@Buuhuu Generated metadata for an arbitrary framework/library is not something that can lead to App Store rejection, no matter which is the framework. Basically, generating metadata for additional framework just adds more info to the metadata section which increases its size. This is not something that is forbidden by Apple. Actually, metadata for all SDK frameworks (including AdSupport.framework) is always included in the app, no matter if they are actually used or not. Keep in mind that even after removing the explicit reference to AddSupport.framework from your project, the metadata generator still include metadata for the framework APIs.

It seems, that ASIdentifierManager is used by some native code, maybe a third-party framework or plugin. Try to find out where (and why) ASIdentifierManager is used in your app and make sure you select the correct answer to the following question asked by Apple on App Store submission: A possible rejection reason is that Apple may think that your answer is incorrect.

P.S.: The iOS runtime does not use any APIs from АdSupport.framework.

What the metadata generator is doing is adding it (AdSupport.framework includes) to the umbrella header file and, as far as I understood the implementation, this header is used to generate the metadata binary. The metadata binary was the only file (beside some typescript declaration files) having a reference to the ASIdentifierManager. Even though its not using any API from there, Apple is right asking for its usage as the symbols are definitively referenced in the binary.

The issue isn't actually about getting the App rejected by Apple but having our (enterprise) customer to answer this question - who in our case wasn't willing to do so. So Still I'm honestly sure it makes sense to provide a white/blacklist approach for frameworks to include or not. (Even if in a default project setup that might be all/none respectively.)

Having a look at the code I can see there is something already but unfinished https://github.com/NativeScript/ios-metadata-generator/blob/1797b9e9e5e547f9a8a03dca17add9a6440ab7d4/src/HeadersParser/Parser.cpp#L128

+ as you said this could lead to a smaller app footprint as well.

@Buuhuu I actually like the idea to add support for blacklisting some SDK frameworks. If you really want to optimize your app size, this is an easy-to-enable opportunity, so I find your request to be absolutely valid.

On your particular case, I verified that Apple always ask the question about Advertising Identifier usage when submitting an app to the App Store. I even tested it with blank Objective-C application and still both the question and the following warning message appear:

Ensure that you select the correct answer for Advertising Identifier (IDFA) usage. If your app does contain the IDFA and you select No, the binary will be permanently rejected and you will have to submit a different binary.

In case, you don't really use Advertising Identifier in your app, the recommended approach is to just answer with No.

In case, you don't really use Advertising Identifier in your app, the recommended approach is to just answer with No.

What according to our customer didn't work (it was always going back to the same question). Anyway I'm willing to contribute something here (once I find the time to get the build setup running on my machine).

I think at the moment the build already specifies the tooling to link to in the command build parameters. Couldn't that be used to create a whitelist instead of a blacklist? If so the metadata generator could simply go through those arguments and include frameworks the build uses.

@Buuhuu We don't know all used frameworks at build time. Currently, it is not required because the iOS Runtime loads all used framework dynamically.

My proposal is to still generate metadata for the whole iOS SDK but add the ability to explicitly exclude some frameworks. This way, by default, you still don't have to add linker flags or change configurations when using some SDK framework for a first time in your app.

The app/package.json file seems to be a good candidate for such a configuration? What do you think?

Ok I didn't expect that magic to happen (from my c/c++ experience this is considered black magic :D)

Anyway app/package.json sound reasonable for that, I agree. + its the less invasive approach for that topic.