According to a series of Twitter updates from Iconfactory developer Craig Hockenberry and John Gruber of Daring Fireball, Apple is now using an automated software tool to check for the use of private API calls in new App Store submissions.
After Hockenberry stated that it “wouldn’t surprise [him] if the [App Store] review process now includes a step where they pass your binary through something that checks for framework use,” Gruber responded, saying that “Apple recently started running apps through a static analysis tool to look for private API calls,” adding that while he doesn’t know exactly what it flags, he does “believe that it is a serious tool, not simplistic.” The iPhone SDK Developer Agreement has always prohibited the use of private APIs, which, unlike public APIs, are subject to change and are sometimes used to access features Apple does not want to make available to third-party developers.
This new system will likely make it easier for Apple to find these private API calls in third-party applications, as the software can scan the app’s codebase for the calls, while a human tester would either have to stumble upon, and recognize, use of the APIs during hands-on testing, or find the API call in a manual search of the app’s code.
