Languages

Menu
Sites
Language
App Rejected for using C Linux API but other app in the Tizen Store is allowed to use it. Like what?

I'm using some C API in my App. They are not Tizen API, The C API are well documented and not even maintained by Tizen. But Samsung Team rejected the app saying I'm using C API not present in Tizen. Does Samsung Review Team even bother to check it's an open sourced library freely available without any copyrights issues? And why does Samsung allow other app to use it but not mine? Samsung Moderator, can you please answer that question without removing the post from here? Samsung Review Team needs to be more technical if they're going to pass a technical judgement on the apps they're reviewing. Learn some C and try and JFGI before rejecting it. This should be a warning sign for all developers not to waste their time on Samsungs' Tizen development. SO much f*(8jd waste of time and energy. This is ridiculous.

View Selected Answer

Responses

24 Replies
Carsten Haitzler

Basically there is a whitelist of .so's (share libraries) and symbols (functions, global variables ...) from those .so's you are allowed to link to. Use anything outside of that whiteliest and your app will be rejected. In some cases this is sensible, though not well documented or explained.

For instance, there are exposed symbols in some libraries (I've personally written and exposed them), BUT they are not in public header files OR they are behind #ifdef guards in headers in them with a clear "this is an unstable API that will change", but they are used internally between libraries etc. so using such symbols would be a recipe for your app likely breaking in future. There is also the case of things like Xlib. X itself is not exposed in Tizen mostly because it's been on the cards to move to Wayland and Tizen 3 has done just that. Using anything of this nature in an app would be an instant recipe for "won't work in future" as no one wants to keep X11 compatibility for the next 10 years (e.g. via Xwayland) and ship all the x libraries and so on... so the message is "don't use this stuff".

There of course are other libraries around that may be there in Tizen as an artefact of a dependency of another library, so if you usethem and in future they are removed... your app will break. Basically such libraries are not supported because otherwise Tizen is locked down to having EVERYTHING it has now even if that library or API was not explicitly chosen, but was just implicitly there. This is more of a grey area. On one side it's sensible to be conservative, but on the other it's harshly limiting developers.

The bigger problem at hand is that Tizen has not been developed by (and here I mean people making the architecture and policy decisions) the people who come from a Linux background, and so the idea of a bigger ecosystem made up of components of open source (some stable and high quality, some less so) is scary, foreign or weird to them, and so there is a general fear of exposing/adopting or dealing with it. This then impacts you as (for example) you can't use some library that is there and you know is well supported by it's upstream developers. I understand where you come from. Trust me.

This is something that does indeed need to change and improve. Why don't you drop into #tizen on irc.freenode.net and have a chat. :)

Yo Shakya

Hello Carsten, I'm so very grateful to you. I was losing faith in this Tizen thing so fast. My weekend has been completely ruined by this rejection and the Review Team does not even tell me the real reason for rejection, nor can I open the "core_whitelist.txt" file the Review Team sends so I have absolutely no clue what's happening with my app. 

I will definitely drop in the IRC forum, but it would be so great if that core_whitelist.txt is made available here in the forum for the sake of other developers. 

I'm trying to develop App Lock screen which is similar to the app present on Tizen Store called "App Locker". Now the developers of that app are ex-Samsung employees, and they are NOT platform partners. They are using same "undocumented"-by-Tizen APIs but they are allowed to put their app in the Tizen Store. My point is Samsung should treat all it's developers equally. Just because they are ex-Samsung employees is not sufficient reason for them to have there app on the Tizen Store while others are not. TBH this is a hypocricy on behalf of Samsung. 

I've never been so irrirated in my life for "rejection" - not even in personal relationships lol This app, trust me, I have been working on every day until 3am and I wake up at 9am for my day job as iOS engineer. I have been putting 5 hours on week days and almost 18-20 hours over weekend for the past 3 months. So this rejection is really making me frustrated. :( 

How can I appeal the decision to Review Team? Nobody replies to my emails on support, or I get exactly same messages each time. 

 

Mark as answer
Carsten Haitzler

I have no idea who actually approves apps... nor do I know where the whitelist is. I'd have to do some deep hunting. Trust me - even inside Samsung it's often a mystery and it's fragmented across countries, divisions and whatever. There is no central command as such that knows and controls all these things. So When you get some bafflement even from peolpe at Samsung... this is why. Have some patience... some of us are nice and you can find us lurking about the internets... :)

FYI there are "tricks" to get past all the API whitelist stuff... they are not Tizen specific... they just require you know your way around Linux/UNIX well enough to hide your usage... :) I might imagine at least some apps that get published do this. Hint: dlopen(). :) But you will have to handle your own runtime errors... make sure you do.

But to be clear... I know nothing about App Locker or what it does... but I do know my way around Linux and exactly what I'd do the moment I hit a blocker I want to get past. I want to help and frankly I feel your pain and agree with you in princpal. I think this whitelist causes more pain than it probably avoids. There should be some kind of warning about moving off into incompatible API land, but you should be left to "on your own", not totally blocked. It should be just a warning with some note "if you want to know why you get this warning, please go to X and post a message, ask and someone will talk to you and discuss your situation and why you may not want to do what you are doing and offer alternatives or explanations". It seems a lot more friendly to me... :)

But on the other hand... I personally actually dislike the idea of custom 3rd party screen lock apps, screensaver apps and even custom home screens or "live wallpaper apps". I have reasons based on security and just consistent platform & product design. If you wanted to do a Tizen device of your own and provide your own look & feel of a UI environment, then that is where these elements should/would be provided/customized, but not "ad-hoc" by 3rd party apps. This is more a design ethos than a technical issue, but then I'd be encouraging people to do custom derivative "Desktop environments" for Tizen (Desktop, Palmtop, TV etc.) where they then get to integrate all these class of components together in a cohesive look and feel. It should then become easier to do such derivatives in some formally supported way. Either way I suspect you'd be far more satisfied by a nice debate here on the merits of such a design direction than just an app rejection. :) You'd get to at least influence a real human being and make your case... :)

Peter Wegner

Don't beat me. I saw "Bo A.... Version 1.0...

 

So my question... Your app is rejected first time? Or you have tried several times... with no luck.

I know many Developers need minimum second attempt... or third or...

 

I never used such kind of Apps... please excuse. I will check "App Locker" and search if more apps of this genre are floating around... or "App Locker" is unique.

 

Best Regards

Peter Wegner

Btw.

Thank you very much to tell your story. With app description and hint for the available app in Store.

So it is easier to understand...

 

First I thought you have created Video Calling app or Terminal/Shell application with Partner or Platform priv... without being Partner or Platform...

 

Maybe it is possible to create your app fully valid for Tizen Store, with few changes... and public Cert/Priv...

 

Need some time to "compare" App Locker...

 

 

Best Regards

Peter Wegner

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<manifest xmlns="http://tizen.org/ns/packages" api-version="2.3" package="org.tizen.applock" version="1.1.2">
    

    <profile name="mobile"/>
    <ui-application appid="org.tizen.applock" exec="applock" multiple="false" nodisplay="false" taskmanage="true" type="capp">
        <label>App Locker</label>
        <icon>lock.png</icon>
    </ui-application>
    <ui-application appid="org.tizen.applockinput" exec="applockinput" multiple="false" nodisplay="true" taskmanage="false" type="capp"/>
    <service-application appid="org.tizen.applockservice" auto-restart="true" exec="applockservice" multiple="false" nodisplay="true" on-boot="true" taskmanage="false" type="capp"/>
    <privileges>
        <privilege>http://tizen.org/privilege/systemsettings</privilege>
        <privilege>http://tizen.org/privilege/appmanager.launch</privilege>
        <privilege>http://tizen.org/privilege/notification</privilege>
        <privilege>http://tizen.org/privilege/packagemanager.info</privilege>
    </privileges>
    <feature name="http://tizen.org/feature/screen.size.normal.480.800">true</feature>
    <feature name="http://tizen.org/feature/screen.size.normal.720.1280">true</feature>
</manifest>


-----------------------

Snippet from Manifest... I have only removed authors line...

Seems for me nothing really special

 

Special is names from authors.

:)

I mean this is best reason, why they can do this. If they are from Samsung (Tizen) Team...

 

The question for you is only.

If they really used something "magically" or... you only think they did...

 

 

Maybe fix first the other problems... reading full rejection comments... like:

core_whitelist.txt

 

Can you maybe open with HEX Editor and check if this "document" is maybe encrypted... or special Format...

Sometimes easy look at Header gives hint... why you can't read something...

 

Best Regards

Peter Wegner

core_whitelist.txt

Tried to find infos about this Document... with simple Google search... Found this:

https://forum.unity3d.com/threads/tizenstore-undocumented-apis-is-detected-white-list.447704/

 

Best Regards

 

 

Yo Shakya

Right right, I wanted to have the complete list of the blacklisted apis, idea being I would know at the time development whether the APIs I'm using are valid or not. 

Example, bundle_str() is a "valid" function declared in bundle.h. The comments for that function in the header bundle.h does not tell me if that api is "undocumented". Now, to me, an API is "undocumented" if the comments specifically says that "please don't use this function as it is undocumented" or "don't touch this function, it's a poison." But if you see the actual comments for that function, you would see something like below (Tizen Studio 1.1.0, SDK 2.3)

However, Samsung Review rejected my app saying that function is "undocumented". Running the "API analysis/privileges" does not help as it told me my code is innocent. This tends to make life of developers difficult, because unless I haven't submitted the app in advance to have it run through Samsung Review teams' "Undocumented Machinary", I can't detect the fate of my app, unlike iOS or Android app (where I can almost most certainly tell if my iOS app will be rejected or not if I use a given function).

I have created a big rants about the documentation issues in Native forum a few days ago. 

p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px 'Eco Sans Mono'; min-height: 14.0px} p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px 'Eco Sans Mono'; color: #4e9072} p.p3 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px 'Eco Sans Mono'} span.s1 {color: #931a68} span.s2 {color: #006141} span.Apple-tab-span {white-space:pre}

 

/**

 * @internal

 * @brief Adds a string type key-value pair into a given bundle.

 * @since_tizen 2.3

 * @param[in]    b    The bundle object

 * @param[in]    key    The key

 * @param[in]    val    The value

 * @return        The operation result

 * @retval BUNDLE_ERROR_NONE    Success

 * @retval BUNDLE_ERROR_INVALID_PARAMETER    Invalid parameter

 * @retval BUNDLE_ERROR_KEY_EXISTS    Key already exists

 * @retval BUNDLE_ERROR_OUT_OF_MEMORY    Out of memory

 * @pre            @a b must be a valid bundle object.

 * @see            bundle_add_str()

 @code

 #include <bundle.h>

 bundle *b = bundle_create(); // Create new bundle object

 bundle_add(b, "foo_key", "bar_val"); // add a key-val pair

 

 bundle_free(b);

 @endcode

 */

API int                bundle_add(bundle *b, const char *key, const char *val);

 

Peter Wegner

http://unity928.rssing.com/chan-30531769/all_p1476.html

 

""""

and here's what is inside core_whitelist.txt :
std::__throw_out_of_range_fmt(char const*, ...)[mygamename]

Other info:
- Unity 5.5.0f3

"""

 

No idea, if your App is Unity and you got similar Info...

 

Best Regards

 

Yo Shakya

Thanks Carsten and Peter for your replies. And Peter, yes it's called Bo App Lock. :) The app is intended to lock any other app that user of the device intends to protect. The reason I know App Locker is using the same APIs is because there simply is no other way to do it. :) I tried using "Recently Used Apps" API of Tizen but that API is available only from sdk 2.4 and I wanted my app to be supported on 2.3 as well as (just like the other app does). And I don't know the developers of other app and I found that they are ex-Samsung by looking at there LinkedIn profiles. And that was the biggest hint for me to dig deeper into Tizen code to find out how could we monitor when an app gets launched. 

The only different thing in my manifest file is that I specifically ask for download and internet privileges so that I can keep the service running in the background. I tried giving the package id a name prefixing with "org.tizen" like the other app does, but my current prefix seems to be doing great. My app works perfectly fine in its objective except the rejection part. :) 

@Carsten yes, I thought about using dy thing but I don't have the white_list api so I'm not sure if that dy is also part of undocumented apis and might get rejected as well. But I'm gonna try it. I really wanna put it on Tizen Store for the developers' challenge currently going on. 

And I totally agree about the locking apps - screen locks or app locks - are more vulnerable to security. But my objective really is to have some fun and learn Tizen EFL in the process and who knows if the app is in top 100 downloads I will get 10k :) :) 

Carsten Haitzler

Well dlopen/sym could technically be imported into your app as statically-inlined code with some effort, as all they do is open+mmap+parse the EFL file, find symbols and otherwise do linking fixups of pointers etc... :) Banning dlopen/sym etc. would ban any application that may use it's own module/plugin system to break up its own development and it'd be easily worked around as i just mentioned so all it'd do is create pain with no gan or guarantees. :)

Please stop by #tizen, or if you want to talk about EFL stuff specifically come by #e and #edevelop on the esame IRC network :) I do know #e and #edevelop are far more active than #tizen. We're all a friendly bunch generally. Documentation may be limited but you'll get a lot more personal help from people... :)

Yo Shakya

Hi Carsten, I'm in #tizen chat room right now. I've decided to give my app another shot after writing a wrapper "function-pointers-to-symbols" for the offending APIs. I'll resubmit my app again maybe tomorrow. So far, all my unit tests have passed using the above approach. So keeping fingers crossed. (: And again, I'm - and for that matter all third party developers here - are very grateful to engineers like you who are willing to help others on this forum. And I apologize for my previous rants on this forum lol 

Carsten Haitzler

Oh... I was having dinner and I was now fixing my raspberry pi wayland env... i'm back online now but I think a bit late. I think your timezone and mine are ... badly aligned. Try again in the evening your time (early not late) and things will align much better :)

I hope it goes through...

Yo Shakya

Update : I just re-submitted the app after "fixing" all the concerns. However, I purposely disabled the main functionality of the app to see if the review team would object for the same apis again. Fingers crossed. Goodnight. It's 3:36am here in San Francisco :)

Victor Sindeev

Good luck with your app

Yo Shakya

Thank you all to your support and feedback and suggestions, I was successful in getting some of undocumented apis, maintained by other upstream developers, in my app. I put 50% of such APIs as-is in my code, and converted other 50% via other route. Those other 50% of APIs were not flagged by review team as reason for rejection so that's a good news. I also found that lot of apps/services within Tizen source code are using similar tricks. E.g "resourced" and "deviced" components for those who wanna have more clue. Search for "freezer" in resourced code (:

I will put a full working version of the app after writing unit tests for the new code and running a quick round of black testing. Will keep things updated here . Happy Monday!

Peter Wegner

Thanx for feedback.

 

Best Regards

Yo Shakya

Update: I just submitted the app again, this time taking care of all undocumented apis. I still don't want the app to be approved since I'm polishing the UI, but at least the rejection shouldn't be because of any undocumented APIs i.e. the below assertion should hold valid. lol too nerdy? (:

BO_ASSERT( rejection != g_undcumented_apis );

Yo Shakya

Here is the latest update. The app got rejected but not due to undocumented APIs but other smaller bugs. I've fixed them and re-submitted it again. Looks like it may pass validation soon. (:

For those interested, here is the page showing the preview of the app. 

https://www.facebook.com/Bo-App-Lock-1850455418547861/

 

http://www.facebook.com/1850455418547861/photos/a.1850455561881180.1073741826.1850455418547861/1850455525214517/?type=1&theater

Thanks and kind regards,

~Viren

Yo Shakya

Big thanks to Carsten and Peter and others for their valuable feedback and hints. Bo App Lock just got approved. Wonderful news! (:

Victor Sindeev

Why you use black screen in screenshots? :)

Peter Wegner

Congratulation and thanx for feedback.

 

Best Regards

Yo Shakya

Black screens are some bug in their system because I had put legit screen shots earlier. I will fix them tonight though. Thanks for notifying here. (:

Carsten Haitzler

Hey man. Sorry - I've been away for a few days. Good to hear things aremoving along. Please remember to hang out and poke us and ask questions. Tizen is not perfect. It could be better. If I could, I'd change a complete mountasin of things today, but that's not how things work. :( The least I can do is reach out and listen to your issues and help you as much as I can and try change things for the future... I'll try at least. :)