[iOS IMA SDK] Insecure Usage of NSClassFromString

[Weili Liu]

Hi Team,

Our security scan flagged the Google IMA iOS SDK (version 3.23.0) due to the presence of NSClassFromString calls in the binary.

Since NSClassFromString is inherently insecure, can you reimplement the functionality in safe manner? In the meantime, can you explain how is this method being currently used and if you have additional mitigations in place to alleviate security risks

We need this information to address concerns raised during our security review.

Thanks!