App rejection post upgrade from min version iOS 12 to iOS 17 citing syscall presence

Question

Created Apr ’25

Replies 2

Boosts 0

Participants 2

Dear Community,

We are facing an issue in our production App where we recently upgraded app min version from iOS 12 to iOS 17 in order to integrate a private API Entitlement. Due to upgrade, app review is rejecting the same app citing syscall presence like mentioned below :

• syscall: open_dprotected_np • syscall: getsockname • syscall: fork • syscall: modwatch

They suggested using strings command and otool command to find such syscalls presence but we were not able to find any such syscall presence.

We are on Cordova platform (hybrid application) and are using Mobile First Platform (MFP8).

If anyone has faced such an issue, please help us in finding these syscalls so that we can take action on them.

Regards, Aditya

Boost

Answer 1

DTS Engineer OP

Apple

Apr ’25

Recommended

@manumayank The best way I have found is to use grep on an archive version. Is that the instructions you got?

Open /Applications/Utilities/Terminal
Type the following on the command-line to change to the directory where the application binary is:

cd ~/Library/Developer/Xcode/Archives/<date of your archive>/<your archive>

For example,

cd ~/Library/Developer/Xcode/Archives/2020-03-09/SampleApp 3-9-20, 11.47 AM.xcarchive

To search for open_dprotected_np, type the following on the command-line:

grep -R open_dprotected_np *

should provide you a result like:

Binary file dSYMs/SampleApp.app.dSYM/Contents/Resources/DWARF/SampleApp matches

To point you into the right direction. Do you have any result?

Albert Pascual   Worldwide Developer Relations.

1

Answer 2

manumayank OP

Apr ’25

Dear Team,

We tried the same as suggested but still we are not able to find anything. We ran the below command inside the xcarchive folder. PFB the details :

find .
-type f ( -perm +111 -o -name ".framework" -o -name ".appex" -o -name ".dylib" -o -name ".bundle" )
! -path ".dSYM/"
-exec sh -c 'file "{}" | grep -q "Mach-O" && echo "🔍 Checking: {}" && otool -tv "{}" | grep -E "bl.*_(fork|exec|open|socket|getsockname|modwatch|open_dprotected_np)"' ;

🔍 Checking: ./Products/Applications/myApp.app/myApp 0000000100195f7c bl 0x100a76c3c ; symbol stub for: _iconv_open 000000010022f088 bl 0x100a76fe4 ; symbol stub for: _socket 0000000100562570 bl 0x100a76fe4 ; symbol stub for: _socket 00000001006c3dd0 bl 0x100a76f24 ; symbol stub for: _open 🔍 Checking: ./Products/Applications/myApp.app/Frameworks/FisdomSDK.framework/FisdomSDK 🔍 Checking: ./Products/Applications/myApp.app/Frameworks/IBMMobileFirstPlatformFoundation.framework/IBMMobileFirstPlatformFoundation 0000000000067324 bl 0xd30bc ; symbol stub for: _open 00000000000ba2ac bl 0xd30bc ; symbol stub for: _open 🔍 Checking: ./Products/Applications/myApp.app/Frameworks/SDWebImage.framework/SDWebImage 00000000000184e0 bl _sd_executeCleanupBlock 0000000000018704 bl _sd_executeCleanupBlock

Please suggest if any changes needs to be done or any other command can be used.

Regards, Aditya

0