This is missing the point of the post you are replying to. Say you identify five closed API dependencies and remove them. Do you resubmit? If you missed any others, you and all your apps might be banned.
If you're sending me code to run on my computer—especially if I'm paying for it—you either need to have glanced at the code yourself or have some reason to trust what's in there (it's from a company you have a business relationship with, it's a major library from a known author that other apps on the store are also using, etc.). Otherwise you're being irresponsible. If you don't have the time to look at the library, don't use it.
Excuse me, are you, the developer, telling me, a user, that you don't know what you're giving me to run on my computer?
You may not have time to do your job properly?
If you're using libraries in your project, it's normal and expected that you know what those libraries are doing and what those libraries depend on. You should know this stuff regardless of what Apple (or anyone else) may require.
If it's in my product, I'm responsible for it, so it needs to be possible for me to audit it, even if I may not be looking too closely.
Maybe not -- maybe you know something about how Apple operates. But clearly they ARE sending responses threatening to do exactly that.
Anecdotally, I have never heard of this happening in non-malicious cases, ever. And I know a couple hundred Mac and iOS developers who would raise a lot of noise if this did happen, so I'm inclined to believe that it doesn't.
They don't, though. And we trust them not to, because it is not reasonable behaviour and it would absolutely not make sense for them to do this.
This is the same.
