Thursday, July 30, 2020

Tags

Xojo apps rejected from the Mac App Store

Your app uses or references the following non-public APIs: Symbols: _getsectiondata

Thursday, July 30, 2020 - Sam Rowlands

Updated: Thursday, July 30th, 2020

Thomas Tempelmann has linked to the article https://github.com/microsoft/appcenter-sdk-apple/issues/2135 which points out that this a false positive from Apple. Thomas also links to Apple's documentation at https://opensource.apple.com/source/cctools/cctools-949.0.1/include/mach-o/getsect.h.auto.html which proves this to an incorrect rejection reason.

Since then several developers have reported success in submitting their apps, Xojo have also said that this will be corrected in a future build.

Original: July 25th, 2020

Several users have posted in the Xojo forum https://forum.xojo.com/61457-mas-app-rejected-because-uses-non-public-apis-symbols-getsectio about having their latest Mac App rejected by Apple.

Together we've narrowed it down to the Xojo shared library that causing this issue. Some research into the function name indicates that it's used to load data from the Application executable (Which is a Mach-O file), and it appears that this function has been used by Malware.

This affects Xojo 2018r3 ~ Xojo 2019r3.2. I have not tested any prior versions as I currently do not have those installed on my work Mac.

There are two possibilities I see.

  1. If this function is only called as a result as function within Xojo made applications, and we (as a community know what functions they are), I can modify App Wrapper to rename this function. It will mean that calling functions which use this, will crash, so apps would have to be modified to avoid calling those functions.
  2. Xojo will have to strip it from their library, they'll probably need to replace it with something else. Thankfully the Mach-O format has plenty of documentation on the interwebs, and it's binary format, so they write code to replace this function. In fact if Xojo are interested, I have Xojo code which reads Mach-O files, to which they could use if they need to.

At the moment, there's not much we can do, I can patch that function today, but I'm not willing to do so, until I know what the outcome will be. Depending on how long it takes to fix this problem, I may at the very least attempt it and suffer the consequences.

The Ohanaware names & logos are ©2023 Ohanaware Co., Ltd. Registered in Taipei, Taiwan R.O.C. 🇹🇼Page Top