Forem: UIKit_Ninja

Record of iOS Compilation and Debugging in Non-Xcode Environment

UIKit_Ninja — Tue, 14 Apr 2026 08:37:58 +0000

In iOS project development, the action of compilation occurs frequently. After writing a piece of code, you need to build the application to verify the logic; after modifying a UI, you need to recompile to confirm the effect. This cycle repeats continuously throughout the development process.

Recently, while working on a small tool project, I tried a different compilation method: instead of using the original Xcode project, I completed the entire process in an independent iOS development environment. The tool is an IDE called Kuai Xie, primarily aiming to validate its actual performance in Apple development compilation.

The project itself is not complex, but it can cover aspects such as code writing, application compilation, device running, and installation package generation.

Project Initialization and Code Preparation

After opening the Kuai Xie IDE, you can directly enter the project creation interface. It provides several project types, including Swift, Objective-C, and Flutter.

This time, I selected a Swift project. After entering the project name, the IDE generates the project directory, containing basic code files and configuration files.

Opening the entry file allows you to write code directly without additional development environment preparation. The IDE has built-in compilation tools upon installation, so the project is ready for compilation after creation.

To test the compilation process, I wrote a simple function:

Display a piece of text on the page
Provide a button to update the content

When the button is clicked, it calls a method to read local data and refresh the interface.

After saving the code, the editor performs syntax checking. If there are issues, they are marked at the code location.

Executing a Complete Apple Development Compilation

After completing the code, connect the iPhone to the computer.

After selecting the device, the IDE starts executing the compilation task.

In the output panel, you can see the build process, including:

Compiling source code
Building the application
Installing to the device

After the build is complete, the application icon appears on the phone's desktop. Opening the application shows the page displaying normally.

Clicking the button updates the text content to new data, indicating that the code has executed successfully.

Recompilation After Modifying Code

During development, compilation is not performed only once.

I added a piece of logic to the code to output log information when the button is clicked. After saving the file and clicking the run button again, the IDE re-executes the compilation process.

The new application version is installed on the phone. Opening the application and clicking the button shows the updated behavior.

This cycle process is relatively clear:

Modify code → Execute compilation → Install application → Verify results

The entire process is completed within a single tool, without additional packaging or export steps.

Integration Method of Compilation Tools

During use, it can be seen that the Kuai Xie IDE has already integrated a suite of compilation tools internally.

When running, the IDE calls internal tools to complete code compilation and application building. These tools are configured upon IDE installation.

Developers writing code in this environment do not need to install Xcode separately. Compilation and running operations can be completed directly within the IDE.

For development phases requiring frequent application compilation, this method reduces the process of tool switching.

Compilation Testing Under Multiple Project Types

To verify compilation capabilities, I created an Objective-C project.

After project creation, I wrote a simple interface, then connected the iPhone and clicked run; the application could be installed normally on the device.

Next, I created a Flutter project for testing. After compilation, the Flutter page could also be installed on the phone.

In the same IDE, compilation for different types of projects can be completed:

Swift applications
Objective-C applications
Flutter projects

This unified environment is more convenient when maintaining multiple projects.

Building Installation Package for Distribution

After confirming the application functionality, an installation package needs to be generated.

In the Kuai Xie IDE, you can generate application installation files through the build function. The IDE executes compilation and outputs the installation package.

Build logs are displayed in the output panel. If errors occur during compilation, detailed information can be viewed here.

The generated installation files can be used for test distribution or submission to app store review.

Summary of Development and Compilation Process

In this test project, the Apple development compilation process remained relatively straightforward:

Create project → Write code → Compile application → Device run → Modify code → Recompile → Build installation package

These steps are all completed within the same development environment.

For developers, the smoother the compilation process, the easier it is to maintain a continuous development rhythm. Reducing environment configuration and tool switching allows more time to be invested in the code itself.

Reference link: https://kxapp.com/

How to Check iOS App Usage History and Energy Consumption Records?

UIKit_Ninja — Tue, 14 Apr 2026 08:37:04 +0000

In daily development and testing, many performance issues do not occur instantaneously but accumulate over time. For example:

An app becomes significantly more power-hungry after some use.
The battery drains abnormally after running in the background overnight.
The device heats up after frequent use of certain features.

If you only look at the current state, it is often difficult to analyze the cause of these issues. More valuable information is actually the app's usage history and energy consumption records over a period of time.

Below, we will explain how to view iOS app usage history and energy consumption methods based on the troubleshooting process.

Information Provided by the System

iOS's built-in battery statistics can show:

Settings → Battery

Here you can obtain:

App power consumption percentage
Usage duration (foreground / background)

This step is usually used for a preliminary judgment, such as confirming whether a particular app consumes the most power.

However, the problem is that this data is aggregated and lacks details:

Cannot see specific time points
Cannot see which specific hardware components were called
Unable to reconstruct the usage process

When the issue involves what happened during a specific time period, system information is insufficient.

Information Provided During Development

During the development phase, you can use Instruments for analysis, such as Energy Log.

This method is suitable for short-term testing, like a page operation or a feature execution, but it is not ideal for analyzing usage over the past few days.

Viewing Historical Records with iOS Device Management Tools

In project testing, if the issue involves long-term usage or reproduction in user environments, I prefer to use iOS device management tools to view historical records.

Here, I have used Keymob Assistant quite a bit; it can directly read app usage history and energy consumption records on iOS devices.

The key point is that this data is historical, not a real-time snapshot.

Practical Operation: Viewing App Usage History and Energy Consumption

Below is a relatively complete operational process.

Step 1: Connect the Device and Initialize Data

Prepare an iPhone or iPad:

Connect to the computer using a data cable.
Open Keymob Assistant.
Wait for device recognition to complete.

On first use, follow the prompts to obtain historical data (this step is crucial).

Step 2: View App Energy Consumption Ranking

Navigate to:

Usage Records → App Energy Consumption

Here, the energy consumption of all apps on the device will be listed.

You can do several things:

Sort by energy consumption
Quickly identify abnormal apps
Compare resource consumption across different apps

You can see if a particular app is significantly abnormal.

Step 3: View Detailed Data for a Single App

After finding the target app, click Details on the right.

Inside, you can see:

Daily energy consumption trends
Time distribution within a specific day
Hardware components used

Step 4: Analyze Specific Time Periods

Click on the bar chart for a specific day to further break it down:

The app launched at a specific time point
Continuous operation during a certain period
Whether specific hardware was called

For example, you can see:

A significant increase in CPU usage during a certain period
Frequent network or audio usage during a certain period

This information is more valuable than simple battery percentage alone.

Troubleshooting Process

Test feedback indicated that the app was not used much, but the battery drained quickly.

The troubleshooting process was as follows:

Step 1: Check system battery statistics to confirm that the app indeed consumed a lot of power.

Step 2: Open the app energy consumption ranking and find that the app ranked high.

Step 3: View detailed records and discover a long-running record during the early morning of a specific day.

Step 4: Further examine the time period and find that network components were continuously used during that time.

Ultimately, the cause was confirmed: a background task did not stop properly, leading to continuous network requests.

Why I Think Usage History Is More Important Than Real-Time Data

Real-time performance data only tells you what is happening now, but many issues, I believe, require knowing what happened before.

The value of usage history records lies here:

Can align with user feedback timing
Can reconstruct the problem occurrence process
Can discover intermittent issues

Energy consumption issues in iOS apps are often not caused by a single factor but are the result of combined app behavior and hardware usage. Compared to real-time monitoring, historical usage records can provide more complete contextual information.

By combining system battery statistics, development tools, and iOS device historical record tools, you can more clearly reconstruct the resource consumption of apps in real-world usage scenarios.

Guide to iOS submission requirements, review rules, developer prep, and no-Mac cross-platform steps.

UIKit_Ninja — Wed, 10 Dec 2025 10:01:30 +0000

In the process of iOS development and publishing, App Store review is a step that gives many developers headaches. Apple has extremely high standards for app quality, privacy security, and user experience, and any detail that does not meet the requirements may lead to "Rejection".

Understanding App Store submission requirements and mastering the compliant submission process can greatly improve the approval rate and avoid repeated submissions and wasted time.

This article will detail the submission requirements and, combined with the Appuploader tool, demonstrate how to successfully complete the submission on any operating system.

1. Basic Conditions Before Submitting an iOS App

Before submitting for review, ensure the following basic conditions are prepared:

Condition	Description
Apple Developer Account	Must register for the Apple Developer Program ($99/year)
App ID and Signing Certificate	Unique app identifier and verification credentials
IPA File	Packaged installation file
Privacy Policy Link	Must comply with privacy declaration requirements
App Store Screenshots and Information	App display content
Tested and Functional Features	No crashes, freezes, or incomplete modules allowed

These conditions are the foundation of Apple's systematic review; missing any one may lead to rejection.

2. Apple's Official Submission Review Standards (App Store Review Guidelines)

Apple's review rules are clear and detailed, mainly divided into the following five categories:

Category	Core Requirements
1. Safety	App must not contain malicious code, false functionality, or deceptive behavior
2. Performance	Must not crash, must run stably, API calls must be compliant
3. Business	Must comply with Apple's payment rules; virtual goods must use IAP
4. Design	Interface must be aesthetically pleasing, icons clear, user experience consistent
5. Legal	Must comply with GDPR, privacy declarations, and data collection standards

Common reasons for rejection:

Privacy pop-ups do not explain permission purposes (e.g., camera, location);
Use of non-public APIs;
Submission of duplicate apps (judged as "spam");
App content includes promotions or gambling information.

3. Required Materials for App Store

Apple has strict specifications for the format of uploaded content.

Item	Specification Requirements
App Icon	1024×1024 PNG, no alpha channel
Screenshot Sizes	6.5" (1242x2688), 5.5" (1242x2208)
App Name	Maximum 30 characters
Subtitle	Maximum 30 characters
Keywords	Maximum 100 characters
Privacy Policy URL	Must be accessible and content complete

Preparing these materials in advance can avoid repeated modifications during submission.

4. Privacy Policy and Data Compliance Requirements

Since iOS 14.5, Apple has strengthened privacy compliance standards.

Permissions that must be declared:

Location
Camera and Photos
Microphone
HealthKit data
Advertising tracking (IDFA)

When filling out the privacy form in App Store Connect, you must explain:

Whether user data is collected;
Whether it is used for advertising tracking;
Whether third-party SDKs share data.

If the app does not provide a privacy policy link, the review will be directly rejected.

5. Technical Requirements and Packaging Specifications

Before submitting the app, the IPA package must meet the following technical requirements:

Item	Requirements
Minimum OS Version	Recommended to support iOS 13+
64-bit Architecture	Must include arm64 architecture
Package Signing	Must be signed with a valid distribution certificate
Bundle ID	Must match the certificate and provisioning profile
Version Number Management	Must increment with each submission (e.g., 1.0 → 1.0.1)

6. System Limitations and Optimization Solutions for the Upload Process

Traditional Methods (Limited to Mac):

Xcode Upload (requires Mac environment)
Transporter App Upload (only available on macOS)
altool Command Line Tool (deprecated)

These methods are very unfriendly to non-Mac developers, with high costs and complex deployment.

New Solution: Appuploader Command Line Upload

The new Appuploader CLI achieves true cross-platform, no-Mac-required upload, allowing developers to complete uploads on Windows / Linux / macOS systems.

You can also use the graphical interface:

Example command:

appuploader_cli -u ios@team.com -p xxx-xxx-xxx-xxx -c 2 -f ./build/MyApp.ipa

Parameter	Meaning
`-u`	Apple Developer account
`-p`	App-specific password
`-c`	Upload channel (1=old, 2=new)
`-f`	IPA file path

Features:

No dependency on Mac;
Supports old and new upload protocols;
Compatible with App Store Connect automatic validation;
Suitable for automation with Fastlane, Jenkins, GitLab CI.

7. Overview of the App Store Review Process

Stage	Content	Duration
Upload App	Submit IPA and metadata	Instant
Automated Detection	Verify signing, API compliance	A few minutes
Manual Review	Reviewer tests app functionality	1–3 days
Approval	App goes live	Immediately
Rejection (if any)	Check reason and resubmit	Varies

Complying with privacy standards and UI guidelines in advance can significantly improve the approval rate.

8. Common Rejection Issues and Solutions

Rejection Reason	Corresponding Solution
Privacy permissions not explained	Add fields like `NSCameraUsageDescription` in Info.plist
App icon not compliant	Provide 1024×1024 PNG with no transparent background
Insecure network requests	Enable HTTPS requests
Crash issues	Repackage and test on a real device
Keyword violations	Remove sensitive words like brand names, trademarks

9. Automated Compliant Upload Solution (Fastlane + Appuploader CLI)

For team development, you can use Fastlane automation combined with Appuploader upload.

Example script:

fastlane gym --scheme "MyApp" --output_directory "./build"
appuploader_cli -u dev@icloud.com -p xxx-xxx-xxx-xxx -c 2 -f ./build/MyApp.ipa

Advantages:

Automated build + upload;
No manual intervention required;
Available on all platforms;
Highly repeatable, compliant with DevOps process standards.

Apple's iOS submission requirements are strict but transparent; as long as developers follow the specifications and prepare thoroughly, they can pass the review smoothly.

The new Appuploader breaks the system limitations of uploads, allowing developers to easily complete IPA uploads and version releases without a Mac.

Flutter hardening solutions compared, with guidance for a multi-tool cross-platform security setup

UIKit_Ninja — Mon, 08 Dec 2025 10:29:45 +0000

Flutter, as a cross-platform framework, enables rapid development and high performance, but it has always been a "high-risk zone" in terms of security: Dart code is ultimately compiled into intermediate files or dynamic libraries, making it easily decompiled; resource files (such as .json, .js, images) are visible in plain text; and generated .ipa packages are often repackaged or injected with ad SDKs.
This article will compare common Flutter hardening solutions from an engineering perspective, combining Ipa Guard CLI, source code obfuscation, signature verification, and CI processes to build a reusable, auditable, and rollback-capable Flutter App security system.

1. Unique Risk Aspects of Flutter Apps

Attack Surface	Typical Risk	Description
Dart Layer	Decompilation to restore logic	Source code structure can be reverse-engineered via `flutter_decompile`
Native Layer	IPA unpacking and repackaging	Configurations, ad SDKs, and privacy interfaces can be modified
Resource Layer	Plain text resource replacement	Images/fonts/scripts can be replaced or injected with malware
Communication Layer	Certificate and signature verification bypassed	APIs without integrity checks can be forged

Security issues in Flutter are typically not about "whether it can be cracked" but "how low the cost of cracking is." Therefore, the goals are to increase reverse engineering costs, block re-signing and re-listing, and ensure traceability is feasible.

2. Comparison of Mainstream Flutter Hardening Solutions

Solution	Advantages	Disadvantages	Applicable Scenarios
obfuscate-dart (Official Obfuscation)	Simple integration, supports symbol table mapping	Limited obfuscation scope, only for variable and function names in the Dart layer	Scenarios with own source code
ProGuard / R8 (Android)	Automated, mature ecosystem	Not applicable to iOS IPA	Android platform
Ipa Guard (Command Line)	No source code needed, directly obfuscates resources and symbols for IPA products	Requires careful editing of symbol files to prevent crashes	Third-party delivery / No source code scenarios
Custom Integrity Check Module	Flexible and customizable	Requires embedding native code support	Apps with high security and compliance requirements
KMS + CI/CD Control Solution	Strong audit and recovery capabilities	Requires enterprise-level deployment	Large team engineering governance

In multi-platform, multi-team collaboration environments, the optimal solution is often a trinity of "source code obfuscation + product hardening + signature and mapping table governance".

3. Practice of Ipa Guard in Flutter Scenarios

In outsourcing or closed-source scenarios, Flutter applications are often delivered with only the .ipa file. In such cases, Ipa Guard CLI can be used directly to perform obfuscation and resource hardening.

1️⃣ Export Obfuscatable Symbols

ipaguard_cli parse flutter_app.ipa -o sym.json

This command scans symbols and resources within the IPA (including Flutter's .so and resource packages) and generates a sym.json policy file.

2️⃣ Edit the Symbol File

Mark symbols that should not be obfuscated (e.g., FlutterEngine, AppDelegate) as "confuse": false;
Modify "refactorName", ensuring the length remains unchanged and names are not duplicated;
Note the resource references in "fileReferences" (e.g., .dart / .js / .json); before obfuscation, confirm that corresponding references have been synchronously modified or excluded.

3️⃣ Execute Obfuscation and Hardening

ipaguard_cli protect flutter_app.ipa -c sym.json --email flutter@secure.com --image --js -o flutter_prot.ipa

Parameter explanation:

--image: Perturbs image resource MD5;
--js: Obfuscates H5/JS resources (suitable for hybrid projects);
-c: Symbol configuration file;
--email: CLI login account (requires VIP permissions).

4️⃣ Signing and Installation Testing

kxsign sign flutter_prot.ipa -c cert.p12 -p password -m dev.mobileprovision -z signed.ipa -i

Use -i for direct installation during development testing; for official release, use distribution certificates and remove -i.

4. Combined Hardening at Source Code and Product Levels

If partial source code (especially the Dart layer) is accessible, it is recommended to combine with official obfuscation:

flutter build ios --obfuscate --split-debug-info=obf/symbols/

This command renames Dart symbols during the compilation phase and outputs mapping files. Subsequently, use Ipa Guard to obfuscate resources and native symbols in the product .ipa, achieving dual-layer protection.

Combination Advantages:

Dart and ObjC/Swift obfuscation work together to increase overall obfuscation density;
Resource perturbation prevents the IPA from being directly replaced or re-signed;
Dual mapping files support precise symbolization and crash traceback.

5. CI/CD Automated Hardening Pipeline

Encapsulate the above operations into Jenkins or GitLab CI to achieve one-click execution:

stages:
  - build
  - protect
  - sign
build:
  script:
    - flutter build ios --obfuscate --split-debug-info=build/symbols/
protect:
  script:
    - ipaguard_cli parse build/flutter.ipa -o sym.json
    - ipaguard_cli protect build/flutter.ipa -c sym.json --js --image -o build/flutter_prot.ipa
sign:
  script:
    - kxsign sign build/flutter_prot.ipa -c dist.p12 -p $P12_PASS -m dist.mobileprovision -z build/flutter_final.ipa

This way, the team can automatically perform obfuscation, signing, symbolization, and archiving with each new version submission.

6. Mapping Table Governance and Security Compliance

Whether it's the symbol mapping from Dart obfuscation or Ipa Guard's sym.json, they must:

Be uploaded to KMS/HSM for encrypted storage;
Require approval and log records for decryption access;
Have crash symbolization automatically called by CI;
Confirm that corresponding mapping tables can be rolled back before gray release.

For Flutter applications in finance, government, or education, this step is a key focus of compliance audits.

7. Recommended Combinations for Different Project Types

Scenario	Recommended Solution	Remarks
Closed-source Delivery / Outsourced Projects	Ipa Guard CLI + kxsign + Frida validation	Best choice when no source code is available
Self-developed Large Projects	Flutter official obfuscation + Ipa Guard + Jenkins automation	Dual-layer protection, automatic rollback
Security-Sensitive (Finance/Government)	Full-chain (source code + product + KMS governance)	Meets audit and compliance requirements

8. Conclusion

Flutter security hardening should not be the task of a single tool but rather an engineering system of "source-level + product-level + signature and audit." By using official obfuscation to reduce symbol readability, combined with Ipa Guard command-line for resource perturbation and symbol replacement in the .ipa product, and integrating automatic signing and mapping table governance, it not only increases reverse engineering costs but also ensures rollback capability and symbolization.

True security hardening is not about "locking up" but about establishing a system where "locks, keys, and guards" coexist.