How to find usage of non-public API in Mac Qt App - macos

Our qtwebkit-based application is rejected by apple after submission to mac app store. One of the reasons for rejection is the usage of non-public API. I've managed found six of them in the source code for qtwebkit. But I have no where to find the rest. I searched through the source code of our application and the entire source code of QT.
The six non-public api I found in qtwebkit source is:
CFHTTPCookieStorageSetCookieAcceptPolicy
CFURLCacheCopyResponseForRequest
CFURLResponseGetMIMEType
CFURLResponseCopySuggestedFilename
CFURLCacheSetMemoryCapacity
CFURLCacheSetDiskCapacity
Here is the full list of violations found by apple:
The use of non-public APIs can lead to a poor user experience should
these APIs change in the future, and is therefore not permitted. The
following non-public APIs are included in your application:
NSAccessibilityCreateAXUIElementRef
NSAccessibilityHandleFocusChanged
NSAccessibilityUnregisterUniqueIdForUIElement NSAppKitPropertyCreator
NSCarbonWindowPropertyTag NSMouseMovedNotification
_NSDrawCarbonThemeBezel _NSDrawCarbonThemeListBox _NSPopUpCarbonMenu3 _NXShowKeyAndMain from the framework: '/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit'
AXTextMarkerCreate AXTextMarkerGetBytePtr AXTextMarkerGetLength
AXTextMarkerGetTypeID AXTextMarkerRangeCopyEndMarker
AXTextMarkerRangeCopyStartMarker AXTextMarkerRangeCreate
AXTextMarkerRangeGetTypeID CTLineCreateWithUniCharProvider
CoreDragGetCurrentDrag CoreDragSetImage from the framework:
'/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices'
GetNativeWindowFromWindowRef TSMGetInputSourceProperty from the
framework:
'/System/Library/Frameworks/Carbon.framework/Versions/A/Carbon'
CFReadStreamSignalEvent _CFAppVersionCheckLessThan
_CFBundleSetDefaultLocalization _CFStringGetUserDefaultEncoding from the framework:
'/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation'
CFHTTPCookieStorageCopyCookiesForURL CFHTTPCookieStorageDeleteCookie
CFHTTPCookieStorageGetCookieAcceptPolicy
CFHTTPCookieStorageSetCookieAcceptPolicy
CFHTTPCookieStorageSetCookies CFURLCacheCopyResponseForRequest
CFURLCacheSetDiskCapacity CFURLCacheSetMemoryCapacity
CFURLRequestCreateMutableCopy CFURLResponseCopySuggestedFilename
CFURLResponseGetExpectedContentLength CFURLResponseGetHTTPResponse
CFURLResponseGetMIMEType CFURLResponseGetURL
CFURLResponseSetExpectedContentLength CFURLResponseSetMIMEType
_CFNetworkHTTPConnectionCacheGetLimit _CFNetworkHTTPConnectionCacheSetLimit _CFURLCacheCopyCacheDirectory _CFURLRequestCreateArchiveList _CFURLRequestCreateFromArchiveList _CFURLResponseCreateArchiveList _CFURLResponseCreateFromArchiveList _CFURLResponseGetSSLCertificateContext _LSGetCurrentApplicationASN _LSSetApplicationInformationItem _kLSDisplayNameKey kCFStreamPropertyCONNECTAdditionalHeaders
kCFStreamPropertyCONNECTProxy kCFStreamPropertyCONNECTProxyHost
kCFStreamPropertyCONNECTProxyPort kCFStreamPropertyCONNECTResponse
kCFURLResponseExpectedContentLengthUnknown from the framework:
'/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices'
NSPopAutoreleasePool NSPushAutoreleasePool from the framework:
'/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation'
CARenderCGDestroy CARenderCGNew CARenderCGRender
CARenderNotificationAddObserver CARenderNotificationRemoveObserver
CARenderServerGetPort CARenderServerStart CARenderUpdateAddContext
CARenderUpdateAddRect CARenderUpdateBegin CARenderUpdateFinish
kCAContextPortNumber from the framework:
'/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore'
If you have defined methods in your source code with the same names as
the above-mentioned APIs, we suggest altering your method names so
that they no longer collide with Apple's private APIs to avoid your
application being flagged in future submissions.
Additionally, one or more of the above-mentioned APIs may reside in a
library included with your application. If you do not have access to
the library's source, you may be able to search the compiled binary
using "strings" or "otool" command line tools. The "strings" tool can
output a list of the methods that the library calls and "otool -ov"
will output the Objective-C class structures and their defined
methods. These techniques can help you narrow down where the
problematic code resides.

I've finally traced down to the location where these so-called privatate apis are called. They are called from inside webkit. webkit uses a webkit system interface library which is directly supplied from apple in the format of compiled static library+header file. More specifically, they are the four files located under the path src\3rdparty\webkit\WebKitLibraries:
libWebKitSystemInterfaceLeopard.a
libWebKitSystemInterfaceLion.a
libWebKitSystemInterfaceMountainLion.a
libWebKitSystemInterfaceSnowLeopard.a
I always wondered if it's really a private api, who else would know how to call it without any documentation? Now it's turned out to be apple itself. Since neither nokia or digia has the source code to these libraries, there is probably nothing they can do about it.
Now isn't it ironic that any qtwebkit-based apps will be rejected by apple due to private api access from libraries created?
Please correct me if I am wrong or miss anything. I really hope I am wrong.

Related

Getting xAPI statements from an xAPI package

I'm trying to get my head around the workings of an xAPI package authored in Rise which has been supplied to me so I can build a test PoC app.
I can see the functions built into the index.html page, and that things like progress and quiz scores are genrated, but where do I find the end-point for a LRS within the package?
I have incorporated the package into a test app I built, but rather than generate and send statements myself I would like use what comes as part of the package.
If I import and play the package in SCORM Cloud, I get generated statements returned.
The only thing I can see is an entry in the tincan.js file, this.recordStores=[] other than that I'm unsure where to go next, any suggestions?
Generally this kind of package implements a set of guidelines that were released with the 0.9 version of the specification (at the time named the Tin Can API and then later changed to xAPI). Those guidelines provide for a packaging and launch mechanism which is what Rise has implemented. The launch mechanism indicates that the endpoint and authentication credentials will be passed on the query string to the launched content where it can retrieve them. The TinCanJS library used by Rise implements functionality to digest the query string and set up objects, those you find in this.recordStores to communicate with the xAPI LRS identified in the query string parameters.
You have two primary options,
Get the query string parameters directly from the launch URL and
process it yourself, potentially using the same global library objects
(TinCan.LRS) already available to get an LRS object that you can
then interact with as you see fit,
Leverage the object already created for you via the this.recordStores list that is already prepared by the package itself
There are pros/cons to both methods and they largely depend on your familiarity with JavaScript and how flexible you need/want to be.

How do I use libproc.h in a modular Swift framework?

I've followed all the steps from other similar questions, and I'm still stuck.
I need to use the function proc_pidpath in libproc.h to get the path of a BSD process by its PID. However, libproc.h is not a modular header, so I can't include it in my umbrella header:
Fair enough; now I try to include it in my module map:
framework module My_Modular_Framework {
umbrella header "My_Modular_Framework.h"
private header "/usr/include/libproc.h"
export *
module * { export * }
}
Well now I get this error-vomit where it seems like it thinks many system modules/headers are within my project:
I can't figure out what else to do. Like I said, I already tried following all the steps of other similar questions without any success. What can be done here? How can I use proc_pidpath? Is there another, more Swift-in-modular-framework friendly way to get a path from a process ID?
I don't want to enable "Allow Non-modular Includes In Framework Modules" because that defeats the purpose of a modular framework.
Since libproc.h and libproc.c are open-source (APSL 2.0) as a part of Apple's Darwin project, you can just include them (under the terms of the license, of course) in your project. Since neither imports any non-modular headers, you can compile it yourself and the compiler won't complain!

What framework access sensitive user data that need NSBluetoothPeripheralUsageDescription key

I have gotten the following message from App Store Connect when trying to upload a new version...
Missing Purpose String in Info.plist File - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSBluetoothPeripheralUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data will be required to include a purpose string.If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs.
But I do not use bluetooth anywhere in the app (no bluetooth code).
Here are the frameworks I use:
CoreText, QuartzCore, CoreLocation, CoreGraphics, Foundation, UIKit, StoreKit, CoreData, MapKit
Any advice?
Open Info Plist file and press on + sign add new key in info.plist of your project and add this NSBluetoothPeripheralUsageDescription and write value "Explain the reasons for Bluetooth".
FacebookSDK is scanning Bluetooth since v 4.33. This is the description I have picked.
Facebook-SDK v4.34 contains Places Kit which contains Bluetooth scanning. This app isn't scanning/using Bluetooth at all.

NoSuchMethodError using Twilio IPMessaging

I'm trying to use Twilio IP Messaging in a simple Xamarin Android project, but unfortunately running into issues with the latest Nuget libraries: Twilio.Common (v. 0.3.4.2) and Twilio.IPMessaging (I tried both 0.15.0.4 and 0.15.0.6).
My setup is complicated by the fact that the online Xamarin samples are obsoleted within the recent library releases --- so instead of calling methods to Initialize the Twilio SDK, my code simply invokes Twilio.IPMessaging.IPMessagingClient.Create. The input parameters are a bit unclear, but reading elsewhere I'm trying to bind using a signature:
IPMessagingClient IPMessagingClient.create(
Context context,
AccessManager accessManager,
IPMessagingClient.Properties clientProperties,
Constants.CallbackListener<IPMessagingClient> listener)
Invoking it this way, I invariably receive an error message: NoSuchMethodError with details:
"no static method \"Lcom/twilio/ipmessaging/IPMessagingClient;.create(Landroid/content/Context;Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)Lcom/twilio/ipmessaging/IPMessagingClient;\"
Any ideas? I like the idea of using Twilio, but between the outdated documentation and unfortunate crashes it's looking simpler to just implement messaging myself.
While I check nugets can you provide more insights
why IPMessagingClient.create(...) and not IPMessagingClient.Create(...)?
Is linker turned on? Turn it off please. Then check.
Signature is
public static IPMessagingClient Create (Context context, Object acess_manager, Object properties, Object listener);

NSURLConnection methods no more available in IOS5

I was looking at the NSURLConnection class which could be used to establish a sync or async connection to an URL and then retrieve its data... a lot of changes have been made to this class with IOS 5 and I've seen they introduced some formal protocols related to authentication or download, but I don't see, for example, if the connection:didReceiveResponse: message (that was previously sent to the delegate and that it is no more available) is still available in some protocols.. How do you implement an async connection and retrieve, for example, HTTP headers as soon as the Response is received? I'm sure there is a way better than using NSURLConnection along with the connection:didReceiveResponse: message.. methods like stringWithContentsOfURL do always load content synchronously? What do you use to implement async downloads in your apps avoiding deprecated methods and reacting to events such as _http response received_m etc ? Do you launch synchronous downloads in background tasks, if possible?
NSURLConnectionDelegate has become a formal protocol (it was an informal protocol in previous versions). In this protocol, the following (non-deprecated) methods are declared:
connection:didFailWithError:
connectionShouldUseCredentialStorage:
connection:willSendRequestForAuthenticationChallenge:
Furthermore, there are two subprotocols that conform to NSURLConnectionDelegate:
NSURLConnectionDataDelegate is used for delegates that load data to memory, and declares the following methods, some of which I’m sure you’ll find familiar:
connection:willSendRequest:redirectResponse:
connection:didReceiveResponse:
connection:didReceiveData:
connection:needNewBodyStream:
connection:didSendBodyData:totalBytesWritten:totalBytesExpectedToWrite:
connection:willCacheResponse:
connectionDidFinishLoading:
NSURLConnectionDownloadDelegate is used for delegates that store data directly to a disk file, and declares the following methods:
connection:didWriteData:totalBytesWritten:expectedTotalBytes:
connectionDidResumeDownloading:totalBytesWritten:expectedTotalBytes:
connectionDidFinishDownloading:destinationURL:
As you can see, you can still use your previous delegates, possibly with some minor modifications.
For more information, see the iOS 4.3 to iOS 5.0 API Differences document and NSURLConnection.h in your local Xcode installation. When a new SDK version is released, it’s not uncommon for the documentation inside the header files to be more reliable than the documentation available on the developer library. It takes a while for the latter to be up-to-date.
I just encountered this same issue. Looks like sending an asynchronous request is more simplified with blocks and NSOperationQueue.
+ (void)sendAsynchronousRequest:(NSURLRequest *)request queue:(NSOperationQueue *)queue completionHandler:(void (^)(NSURLResponse*, NSData*, NSError*))handler
This means that the delegate is now only used for authentication and failure issues.
NO!
They are NOT limited to use for authentication and failure issues if you look carefully through the Apple's library.
Since introducing +(void)sendAsynchronousRequest:queue:completionHandler: to NSConnection class object, Many things which can perform as many NSConnectionDelegate method as before can now be used in formal protocols called "NSConnectionDataDelegate" & NSConnectionDownloadDelegate, opening a new room to add more feature to NSURLConnection methods. (from iOS5 on)
So I think it is an improvement, not limiting their use.
Even I havent found the documentation on the Apple website
https://developer.apple.com/library/ios/#documentation/Cocoa/Reference/Foundation/Classes/NSURLConnection_Class/Reference/Reference.html
https://developer.apple.com/library/ios/#documentation/Foundation/Reference/NSURLConnectionDelegate_Protocol/Reference/Reference.html
It should have been available over here

Resources