Discuss how those "transformation bags" in the Apple Store are on the shelves

News 2023-06-25 03:45:23 views: null

What is a "Transformation Pack"

Transformation package, as the name suggests, is a package that can transform, that is, after the user downloads the app from the Apple Store, the app will become another completely different app in some way.

Most of the business of "transformation bag" is not a formal business, because if it can be officially put on the shelves, there is no need to spend so much trouble. This type of application must be because Apple does not allow it to be put on the shelves, because it cannot be passed through the normal on-shelf process. Apple reviewed it, so developers have figured out such a "transformation strategy".

To use a popular old saying, the transformation bag is "selling dog meat with sheep's tricks". Later, "sheep's head" and "dog meat" are also used to refer to these two parts of the product.

Early launch strategy of "transformation packs"

In the early days, when Apple did not pay enough attention to this type of product, it was not difficult for the transformation bag to take the risk of putting it on the shelves.

  1. For the sheep's head part, the basic choices are particularly simple applications such as stickers and flashlights.
  2. Embed all the logic of the dog meat part in the code.
  3. A switch is embedded in the code. This switch can be a server switch, and some will directly use a time switch, or it is easier to switch when the process is started for the second time.
  4. Code obfuscation, configuration file encryption, this part is commonplace.

This strategy was rampant in the early days. Although it would be discovered and blocked by Apple's review or re-examination, it was extremely rampant in the market because of the high rate of listing and the large returns.

However, with the upgrade of Apple's supervision, the above simple methods are becoming less and less effective, and the listing rate is getting lower and lower (but it will not become 0, the reason everyone understands is the metaphysics of Apple's review). Therefore, the developers of the Transformation Pack have made a lot of targeted evolutions.

Counterattack against switch checks

Everyone knows that Apple's investigation of "hidden features" (Contract 2.3.1) is becoming more and more strict, and it may even cause a large number of innocent developers to be accidentally injured. So many people are aggrieved. Why do I just introduce a third-party library? You suspect that I have hidden features. My server has a logic for selecting different display schemes according to the language. You also say that I have hidden features, but those transformation packages can openly display them. on the shelves?

I have to say that in terms of understanding Apple, the old drivers who turned into bags are better.

First of all, you must know that in order to combat hidden features, Apple’s monitoring focuses on the data sent by the server, the configuration file when the program is running, and the branch judgment in the program logic.

Therefore, the current "transformation strategy" of the transformation package has rarely used the server switching, time switching, and restart switching in the past. And use the popular one now: easter egg switching.

The so-called easter egg switching is just like the easter eggs or secret skills implanted in video games. You must trigger certain conditions and perform certain operations to trigger (for example: Contra's up, up, down, down, left, right , Left, Right, B, A, B, A).

For example, a certain application is just an ordinary product display application. After the user clicks the home button 10 times, then kills the process and restarts, the product is transformed into a pirated video site.

You said, whether Apple can find out like this, maybe it can, but by designing a reasonable "secret technique", the probability of not being discovered will definitely increase.

Some people want to say, it is hidden so deep, how can users find it? Just because "dog meat" is too fragrant, developers will take the initiative to share it, and users will spread it spontaneously, and eventually a decent traffic can be formed.

Counterattack against invalid code

Many developers have encountered such a situation of being rejected by Apple because too many third-party libraries have been implanted, or there are many codes that are not needed for the time being, but they are not deleted and left in the application body for future use. Wake up at any time at any time, but was rejected by Apple suspected of having a "hidden function".

So the question is, why can the transformation package pass without being detected?

In fact, excluding the case of overpacking by luck, many smarter developers have adopted the strategy of "making invalidity effective".

Let me give you an example. Suppose your application code contains a lot of player logic, but the product functions have nothing to do with the player. If it is recognized by Apple machines or human flesh, it is difficult not to be suspected. But if you change your mind: let the product itself have player logic, wouldn't the problem be solved?

The developer adopts this solution. Assuming that the sheep’s head part is a product display application, and the dog’s head part is a video station, then let the product display of the sheep’s head part have a product video display function, so that the implanted code will be Doesn't look suspicious anymore.

This is also the reason why the "sheep head" part of the current transformation bag is slightly richer than in the past. On the one hand, it is too simple and easy to trigger the "Regulation 4.1" that triggers the review. On the other hand, it is also to enrich the functions and cover the "dog meat ".

Cunning Rabbit with Three Caves, One Meat and Multiple Vegetables

In order to maximize the benefits, the developers of the transformation package are certainly not satisfied with only putting one package on the shelves, so exchanging the same dog meat for multiple sheep heads is what they will inevitably do.

However, this approach is very different from the traditional understanding of the vest bag, because the sheep's head can be of various irrelevant categories, which makes it impossible for Apple to identify it based on the similarity of the sheep's head.

As for the dog meat part, code obfuscation, interface renaming and other means can be used to make them irrelevant at the binary level. Coupled with the cover of the sheep's head in the code volume, it is very difficult to be caught.

Still taking the pirated video site as an example, assuming that its dog head is a product display app, then the next dog head can be replaced with a todo efficiency tool. Because product display and todo efficiency tools are almost irrelevant, it is unlikely to be treated by Apple as 4.3, and the code part of the pirated video changes the interface name to confuse the code internally, which avoids machine judgment to the greatest extent. For the product display app For the two sheep-headed parts of todo and efficiency app, developers can do their best in code stacking, so that the logic is small but the amount of code is huge (because they don't care about quality at all). In order to maximize the cover effect.

Are Transformation Bags Really Safe?

not. Even the people who make the transformation bag know that their reason for doing it is nothing more than: to take risks.

As the severity of Apple's review increases, the living space of the transformation package will only be continuously squeezed. But just like you are chasing after each other in the animal world, the review is upgrading, and developers are also changing their ways to bypass the upgrade. The gray area may always exist, but the more standardized the market is, the smaller and smaller the living space is.

In the end, the ones who are innocently injured can only be honest product developers.

This is also the purpose of writing this article. Only by knowing yourself and the enemy can you win all battles. Sort out how the transformation package is put on the shelves, not to encourage everyone to make transformation packages, because this is not worth encouraging, but to understand the ins and outs of Apple’s review rules, so that we can purposefully avoid various hidden pits and let ourselves Passed the package smoothly.

read more

What should Apple developers do when they find out that their products have been plagiarized?

Why are those "unscrupulous bags" on the shelves?

Talk about multilingual and ASO optimization and minefields in iOS overseas apps

Guidelines for Joining the Mobile Developers Alliance

Guess you like

Origin blog.csdn.net/madaxin/article/details/127905377
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com