问题
Now that Apple is running some kind of static analysis to automatically check for private API use, a number of people have been caught because of the Three20 library. I use another third-party library (which I compile myself from code) and I would like to automatically audit it for private API use before I submit to Apple, so I can eliminate/re-write those parts.
If I run nm on my application executable, I get a list of symbols, and I am seeing symbols in there that I don't use. For example I see _AudioServicesPlaySystemSound, and if I search for "AudioServicesPlaySystemSound" in XCode I get no results. Is there any way to automatically discriminate calls to private APIs, for example I notice that Apple has a habit of naming them with an initial underscore.
However: if I deliberately include a call to a private API it doesn't show up in the output of nm, but it does show up if I run strings on the binary. Based on this, one idea I had was to compile a huge list of all private API calls into a huge table, and automatically search for them in the strings output. I haven't done that yet.
Does anyone have any tips on how to automatically catch this stuff so I'm only going through the review process once?
回答1:
You could try running nm on the object files instead of the linked executable:
nm -g -j *.o | sort | uniq
The objects should be in the build/<app>.build/*/<app>.build/Objects-normal sub-directory.
You're seeing a reference to AudioServicesPlaySystemSound because one of the functions you did call in turn calls AudioServicesPlaySystemSound.
Objective C calls won't generally show up in nm dumps, you'll need to use otool for that:
otool -ov <object file>
回答2:
Use this dev tool, App Scanner. It scans your .app file for private API methods. A future release will also check for private API instance variables.
来源:https://stackoverflow.com/questions/1863764/how-to-detect-avoid-the-use-of-private-apis-in-third-party-libraries