Rollout to Prevent Private API Usage, Enforcing App Store Guidelines.

ophir | April 4, 2016

Rollout’s mission is to bridge the disconnect between developers and their live apps. With Rollout, developers can instantly deploy code-level changes to native iOS apps in production, allowing mobile companies to mitigate production quality and performance issues.

Rollout’s solution was created to shorten the update cycle in cases where time is of the essence, such as diagnosing and fixing bugs or pushing dynamic configuration data.

Rollout is fully committed to being compliant with App store guidelines, and preventing abuse of our technology in order to hide non-compliant code from the App review process.

As such, we are updating our SDK to prevent calls to non-public Apple APIs as per the following App Store Review Guideline:

Apps that use non-public APIs will be rejected

Our version is:

Patches that use non-public APIs will be rejected

We know it’s very simple to push code dynamically via other mechanisms in order to bypass the review process; this can be done in 20 lines of code using Obj-C NSInvocation class, which is a public API. A hacker can easily include malicious code in their app without using Rollout, though we want to make sure that code which calls private Apple APIs, and would have been rejected in the review process, won’t work in Rollout.

Rollout’s SDK is already running on 35 million devices and has proven invaluable for preventing app downtime, increasing app rating and improving user experience.

We don’t want to make it any easier for hackers.

If you have any questions, please contact us as support@rollout.io