自iOS 9起,苹果决定阻止sysctl获取运行进程列表 (https://developer.apple.com/videos/wwdc/2015/?id=703)。
在搜索私有API后,我找到了一个名为"THIRDPartyApps"的类,看起来就是我需要的(进程名称和WiFi与WWAN中的数据使用情况)。 但是,我不知道如何检索THIRDPartyApps的列表。
有人知道它是如何工作的吗?
编辑:
通过Symbolication.framework发现2个类:VMUProcList和VMUProcInfo。 在第一个类中,有一个名为allProcInfos的方法,返回一个VMUProcInfo的NSArray。
可以在7.1.2设备上使用(我想它在8.X设备上也可以使用),但在iOS 9设备上不再适用。控制台中会出现一个美丽的错误:
调用sysctl以获取进程列表缓冲区大小失败:操作不允许
这是一个重要的变化:默认情况下,在iOS 9上,应用程序将不再允许启动纯文本HTTP连接,并且必须使用具有最强TLS配置(TLS 1.2和PFS密码套件)的HTTPS:
通过向应用程序的Info.plist添加一些配置密钥,可以取消这些限制并仍然通过纯文本HTTP检索数据。此外,应用程序传输安全似乎仅适用于使用NSURLSession发起的连接。虽然NSURLConnection正在被弃用(迫使每个人都切换到NSURLSession进行HTTP请求),但我想知道通过其他网络API(如NSStream)启动的纯文本连接是否也会失败。
总体而言,这是一个非常好的变化,这甚至可能是将强制要求HTTPS作为App Store政策的第一步。 阻止已安装应用程序的检测
苹果已经关闭了三个隐私漏洞,这些漏洞允许应用程序检测设备上安装的其他应用程序。
The first technique was to use the sysctl() function to retrieve the process table (a remnant of OS X), which includes the list of running Apps. In iOS 9, sysctl() was modified to no longer allow sandboxed Apps to retrieve information about other running processes.
The second technique relied on the UIApplication canOpenUrl method to try known URI schemes implemented by specific Apps, in order to detect if these Apps were installed on the device. This was made famous by Twitter, which used a list of 2500 URI schemes to detect which Apps were installed on the device. In iOS 9, Apps have to explicitly declare which schemes they would like to use in their Info.plist file. For Apps targeting iOS 8 but running on an iOS 9 device, there is also a hard limit of 50 URI schemes that can be checked at most.
There was a third technique which relied on the icon cache being accessible to sandboxed Apps. Although it wasn’t even mentionned in the WWDC video, this privacy leak has also been addressed in iOS 9.
总体来说,关闭这些隐私漏洞对于用户是一个很好的举措,因为一些应用和分析/广告SDK滥用了这些API。