13

I read many articles about dynamic library usage including this page "Can you build dynamic library...".

As apple document said, "Frameworks for iOS. iOS developers can now create dynamic frameworks. Frameworks are a collection of code and resources to encapsulate functionality that is valuable across multiple projects. Frameworks work perfectly with extensions, sharing logic that can be used by both the main application and the bundled extensions.", see full page from here.

Taking the security issue as consideration, I got the reject reason of dynamic library before iOS8, see details from "DarkDust's answer". But, how does it "just work" in iOS8? @appstore_reviewers?

Anyway, currently I'm writing a sample demo app and try to upload it to Appstore for review, the main feature is downloading a framework from internet to client and dlopen it. Hope that really "just works"!

Besides, the deployment target is iOS7.0, not sure it could works well in it. I didn't get a so clear understand on differences between "dynamic library" and "framework", I think they are the same and in this thread I mean "Cocoa-touch framework" which could create in Xcode 6.

Some background: I'm trying to build an iOS app which does't contain extension feature, my cocoa-touch framework is for easy expand without uploading a new version as it comes from internet....

UPDATE I published a demo project GMDemo here, will try to upload to Appstore.

UPDATE2 I failed to dlopen my dynamic framework with invalid code signing error after many tries in iOS device. Sorry, no good news here. (Almost forgot to update this question, sorry! BTW)

Community
  • 1
  • 1
Itachi
  • 5,777
  • 2
  • 37
  • 69
  • 1
    First of all, a framework is just a container for a library. It can contain either a static library or a dynamic library. You will not be able to link a dynamic library on iOS 7. Also (I have nothing to support this) I don't expect you to be able to load a dynamic library downloaded from the network. This would be a huge security violation. I imagine Apple allows only loading signed dynamic libraries, that is the ones which are bundled with the app and go through app review process. – Bartek Chlebek Oct 22 '14 at 12:33
  • @BartekChlebek: That's the point of the question: replace speculation with facts :-) It boils down to two questions: 1) Does iOS allow you to load a library outside your app bundle (here: a downloaded library)? That's easy to test, actually; someone just gotta implement this. 2) Even if iOS does allow you to do it, do the App Store rules allow you to do so? In other words, do you get rejected if the reviewer notices you do this? – DarkDust Oct 22 '14 at 13:04
  • @DarkDust 1) iOS will not run unsigned code. Thus you'll be unable to inject a library without going through App Review. 2) iOS does not allow you to do it, but if it did, App Store Review Guidelines 2.7 says `Apps that download code in any way or form will be rejected` https://developer.apple.com/app-store/review/guidelines/#terms-conditions – Bartek Chlebek Oct 22 '14 at 14:06
  • @BartekChlebek: I'm not sure whether `dlopen` did open some loopholes here. Would be nice to have a definitive proof one way or the other. But your citation of the App Store Review Guidelines is already all we need to know as honest developers: we're not allowed to. Please add this as an answer. – DarkDust Oct 22 '14 at 14:12
  • I still suspect that 1)how does the Appstore reviewers confirm whether I overwrite the framework or not, ***what if the overwrite operation won't happen in runtime in most case?*** 2)iOS8 is just released recently, is it possible that the official review guideline didn't update yet? ( I hope so, :D ) @BartekChlebek – Itachi Oct 22 '14 at 14:39
  • 1
    1) you cannot write to bundle and definitely not outside runtime. 2) It's been in fact just updated a few weeks ago. A side note, don't expect that to be possible any time soon. The whole purpose of App Store Review is that the code is verified by Apple. If you could inject whatever you wanted after review, it would defeat the purpose. – Bartek Chlebek Oct 22 '14 at 14:43
  • @Itachi Any update on your attempt? – Du Song Feb 10 '15 at 17:09
  • @DuSong No luck here, see UPDATE2 above. – Itachi Feb 12 '15 at 03:47

2 Answers2

7

App Store Review Guidelines explicitly prohibit that in 2.4.5 Apps that download code in any way or form will be rejected https://developer.apple.com/app-store/review/guidelines/

Bartek Chlebek
  • 1,665
  • 1
  • 16
  • 23
-1

UPDATE3 just use the same code signing!!!

I have test it in ad-hoc environment!

when my dynamic library use the code signing with the same code signing,It works, otherwise,crush!!

Sanzrew
  • 7
  • 1
  • how did you code signing for your dynamic library? did you do it via Xcode? Please share some details, thanks! – Itachi Mar 24 '15 at 09:45
  • 1
    @Itachi same as code signing a project for distribution ! clean the old framework,and build a new one by using the same buddleID、provision file of your hosting project~ – Sanzrew Mar 25 '15 at 09:08