Now that Apple is running some kind of static analysis to automatically check for private API use, a number of people have been caught because of the Three20 library. I use another third-party library (which I compile myself from code) and I would like to automatically audit it for private API use before I submit to Apple, so I can eliminate/re-write those parts.
If I run
nm on my application executable, I get a list of symbols, and I am seeing symbols in there that I don't use. For example I see _AudioServicesPlaySystemSound, and if I search for "AudioServicesPlaySystemSound" in XCode I get no results. Is there any way to automatically discriminate calls to private APIs, for example I notice that Apple has a habit of naming them with an initial underscore.
However: if I deliberately include a call to a private API it doesn't show up in the output of
nm, but it does show up if I run
strings on the binary. Based on this, one idea I had was to compile a huge list of all private API calls into a huge table, and automatically search for them in the strings output. I haven't done that yet.
Does anyone have any tips on how to automatically catch this stuff so I'm only going through the review process once?
You could try running nm on the object files instead of the linked executable:
nm -g -j *.o | sort | uniq
The objects should be in the
You're seeing a reference to
AudioServicesPlaySystemSound because one of the functions you did call in turn calls
Objective C calls won't generally show up in
nm dumps, you'll need to use
otool for that:
otool -ov <object file>
Use this dev tool, App Scanner. It scans your .app file for private API methods. A future release will also check for private API instance variables.