At some point in the past, I was facing the following error when trying to distribute an application that makes use of WebKit:
Your app contains non-public API usage. Please review the errors, correct them, and resubmit your application. The app links to non-public libraries in Payload...: /System/Library/PrivateFrameworks/WebKit.framework/WebKitThe solution I found back then was to load WebKit.framework dynamically at runtime as suggested here
if (FYBFoundationVersionNumber >= NSFoundationVersionNumber_iOS_8_0) {#if TARGET_IPHONE_SIMULATOR NSString *frameworkPath = [[NSProcessInfo processInfo] environment][@"DYLD_FALLBACK_FRAMEWORK_PATH"]; if (frameworkPath) { NSString *webkitLibraryPath = [NSString pathWithComponents:@[frameworkPath, @"WebKit.framework", @"WebKit"]]; dlopen([webkitLibraryPath cStringUsingEncoding:NSUTF8StringEncoding], RTLD_LAZY); }#else dlopen("/System/Library/Frameworks/WebKit.framework/WebKit", RTLD_LAZY);#endif}This was find for several years until I got the following message from the App Store Review team:
2. 5 Performance: Software Requirements Guideline 2.5.2 - Performance - Software Requirements Your app, extension, or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with App Store Review Guideline 2.5.2 and section 3.3.2 of the Apple Developer Program License Agreement. This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app. Important Information As a result of violating this guideline, your app’s review has been delayed. Future submissions of this app, and other apps associated with your Apple Developer account, will also experience a delayed review. Deliberate disregard of the App Store Review Guidelines and attempts to deceive users or undermine the review process are unacceptable and is a direct violation Section 3.2(f) of the Apple Developer Program License Agreement. Continuing to violate the Terms & Conditions of the Apple Developer Program will result in the termination of your account, as well as any related or linked accounts, and the removal of all your associated apps from the App Store. We want to provide a safe experience for users to get apps and a fair environment for all developers to be successful. If you believe we have misunderstood or misinterpreted the intent of your app, you may submit an appeal for consideration or provide additional clarification by responding directly to this message in Resolution Center in iTunes Connect.
My question is: is it safe now to remove this hack and load WebKit normally at compile time? Or will I get the first error message that I was getting years ago when submitting my application?