Apple not approving my app

Hello guys, apple is not approving my app. They keep saying it has a switching mechanism which enables remote javascript code downloading for app updates.

I have already disabled the updates and also, I have removed the expo-updates package. Now, in the last review, they said this:

This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes. This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior and/or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.

I dont know what else to do guys. What I should do now? Maybe eject expo? I have no idea.

Obs: My app code does not have any mechanism that allows remote javascript code to be downloaded or executed.

Hi @nxtzbr

Is this a managed app? How are you building it? What Expo SDK version?

I have built the app using Expo, expo is handling all the stuff for me.

I build with expo build:ios

The app is pretty simple actually, there is something with the expo. Im not home now to see the expo version but its from 1/2 months ago (when I initialized the app).

Maybe try building with Expo’s newer eas build to see if that makes a difference to Apple?

• Introduction
• Migrating from “expo build”

Hey @nxtzbr - if you’re comfortable, can you send us your code at secure@expo.dev and we can take a peek to see if we can spot anything?

Jess