10

Now that Apple is running some kind of static analysis to automatically check for private API use, a number of people have been caught because of the Three20 library. I use another third-party library (which I compile myself from code) and I would like to automatically audit it for private API use before I submit to Apple, so I can eliminate/re-write those parts.

If I run nm on my application executable, I get a list of symbols, and I am seeing symbols in there that I don't use. For example I see _AudioServicesPlaySystemSound, and if I search for "AudioServicesPlaySystemSound" in XCode I get no results. Is there any way to automatically discriminate calls to private APIs, for example I notice that Apple has a habit of naming them with an initial underscore.

However: if I deliberately include a call to a private API it doesn't show up in the output of nm, but it does show up if I run strings on the binary. Based on this, one idea I had was to compile a huge list of all private API calls into a huge table, and automatically search for them in the strings output. I haven't done that yet.

Does anyone have any tips on how to automatically catch this stuff so I'm only going through the review process once?

Simon Woodside
  • 7,175
  • 5
  • 50
  • 66
  • They object to Three20? That's actually written by the developer that created the Facebook app for iPhone. If your app is rejected because of Three20, the Facebook app should be too... Heh. Just sayin ;-) – Ben Gotow Dec 08 '09 at 01:04
  • Yep... http://groups.google.com/group/three20/browse_thread/thread/c442af6e39a918b0/6d5046771539d139 – Simon Woodside Dec 08 '09 at 02:25
  • 1
    I'd imagine that the next time Facebook submits an update they'll get rejected if they don't use the latest version which complies with Apple policies. – bpapa Dec 08 '09 at 04:26

2 Answers2

6

You could try running nm on the object files instead of the linked executable:

nm -g -j *.o  | sort | uniq

The objects should be in the build/<app>.build/*/<app>.build/Objects-normal sub-directory.

You're seeing a reference to AudioServicesPlaySystemSound because one of the functions you did call in turn calls AudioServicesPlaySystemSound.

Objective C calls won't generally show up in nm dumps, you'll need to use otool for that:

otool -ov <object file>
codelogic
  • 71,764
  • 9
  • 59
  • 54
2

Use this dev tool, App Scanner. It scans your .app file for private API methods. A future release will also check for private API instance variables.

Andrew
  • 2,690
  • 23
  • 27