I want my app to make urgent security updates without going through Apple's review process. I am not trying to do this for all my updates, or circumvent Apple's reasonable review requirements. All it would have to do is push a .swift file to the client, which would be accessed somewhere in the app.
I definitely know there is a way to do it in JavaScript, as I already made a mechanism of the same type in a React Native. I used this approach, but I don't think there is an equivalent for iOS from what I've heard.
There definitely is a solution, as I've heard many devs doing this (for less, um... valid reasons) but I can't find it.
You cannot do this, for both technical and policy reasons. Apple expressly forbids you from delivering new code to your apps's outside of the app store process.
The other part of it is that your apps run compiled object code, not source code. Aside from the iPad Swift playgrounds app, there is no Swift compiler on the user's devices.
Javascript is a horse of a different color. That's an interpreted language, and is designed to be delivered and run dynamically.
Related
This question is not really technical in nature but it is clearly answerable with yes/no and so I hope its fine if I ask it here on StackOverflow.
My scenario is as follows: In order to share code between iOS and Android I'm using C++ for much of the app's logic. I'm about to start writing network code for both platforms and I plan to utilize OpenSSL or one of its derivates (LibreSSL / BoringSSL) to be able to do HTTPS calls.
OpenSSL/LibreSSL/BoringSSL would be statically linked into my app and periodically be updated by releasing a new app version.
However, I'm unsure about whether Apple would accept such an app in its app store or not. As far as I know they take a closer look at what is inside the app and I want to prevent a situation where all code is written but eventually rejected when attempting to publish the app to the app store.
I'm looking for a clear yes/no answer whether Apple accepts such apps nowadays (2019). Preferably this answer is coming from someone who actually knows the answer i.e. from someone having done the same recently (2018/2019).
Did anyone recently succeed in publishing such an app into Apple's app store?
Not only does Apple allow this, that's exactly how one is supposed to use OpenSSL in an iOS app. The operating system doesn't provide OpenSSL for the apps, so the apps need to bring their own one.
You'll probably need to declare the use of encryption to comply with encryption export regulations. It is, however, required even when using the system encryption like TLS.
I am using the solution provided here to open my containing from the share extension. It doesn't seem to use any private API way to do that despite that it is fragile.
Will Apple reject my App if I use it? Anybody has an approved app that open containing app from share extension? If so, what is the right way to do it?
Any pointer is appreciated .
Though there are loads of questions on how to open containing/parent app from share extension, none actually talk whether the proposed solution/hack will be approved by apple or not in detail.
One such example is
Share Extension to open containing app
suggests that Share extensions are not supposed to open the container app.
While browsing some time back, I rather found a very interesting thread discussing the same topic here
https://forums.developer.apple.com/thread/27295
The thread questions, whether the hack of traversing UIResponder chain to open the parent app using openURL will be allowed by apple or not? (Precisely the same idea shown in your posted link as well).
Though the thread again does not provide clear answer as, whether it will be approved by apple or not but points out a very valid concern and warning
The fact that +[UIApplication sharedApplication], and hence -openURL:, is not available to extensions should be an important hint here.Ignoring that restriction and looking up the symbols via the Objective-C runtime is not a good idea.
Clearly, thread suggests (implicitly, by not clearly stating the fact that apple will reject the app with such hack) that though apple will approve the app for now, it will only be a temporary solution.
Now this finally leads to the answer:
Answer:
In a recent apple event held # Bangalore, I had an opportunity to meet the developers of extension team # apple. I told them that I have been using the above mentioned hack to open the app from share extension will this be allowed by apple?
His answer:
`UIResponder`
is not a private entity, hence usage of UIResponder will not violate the private API usage condition hence apps which are using the above hacks are still being approved by apple. But the fact that, your code parses through the UIResponder chain to trigger the openURL is very costly and not suggested/preferred.As Apple seems to be aware of developer using it, they might start rejecting the app in future. (Must say, he wasn't sure of the last point, apple rejecting app in future hence highlighting might)
He also happened to mention about usage of WebView to open the app which developers used quite sometime back as well. Which is no longer working.
Conclusion:
Yes you can submit the app which opens the parent app from extension using above hack but being completely aware of the fact that this is only a temporary solution and apple expects you to write completely independent share extensions
Question is Answered for current iOS version of iOS11. The answer might lose its validity with future releases of iOS
Many iOS developers received the following message recently. Does it has any impact on React Native?
Your app, extension, and/or linked framework appears to contain code
designed explicitly with the capability to change your app’s behavior
or functionality after App Review approval, which is not in compliance
with section 3.3.2 of the Apple Developer Program License Agreement
and App Store Review Guideline 2.5.2. This code, combined with a
remote resource, can facilitate significant changes to your app’s
behavior compared to when it was initially reviewed for the App Store.
While you may not be using this functionality currently, it has the
potential to load private frameworks, private methods, and enable
future feature changes. This includes any code which passes arbitrary
parameters to dynamic methods such as dlopen(), dlsym(),
respondsToSelector:, performSelector:,
method_exchangeImplementations(), and running remote scripts in order
to change app behavior or call SPI, based on the contents of the
downloaded script. Even if the remote resource is not intentionally
malicious, it could easily be hijacked via a Man In The Middle (MiTM)
attack, which can pose a serious security vulnerability to users of
your app. Please perform an in-depth review of your app and remove any
code, frameworks, or SDKs that fall in line with the functionality
described above before submitting the next update for your app for
review.
The recent action by Apple seems to target frameworks that are about to modify native code bundles on the fly. If you are using this kind of library in your RN project then you might get effected. But if you are using a library like Code Push which lets you modify js bundle, you are not expected to get effected. There is a HN thread about it. You can search for Microsoft keyword to read about. You can also read this.
I have a rather long app, about 20 pages and some of the code should probably be re-coded, my first app with Xcode and I learned a lot along the way. I could add a few objects to replace string arrays etc and make the code more readable. I was wondering if Apple looks at all the code when submitting to the app store or if they just want it to work with no errors. So I guess the question is ... should I 'fix' my code before submitting it?
I don't think Apple can access your code unless they can decode your binary app back to source somehow (It is very difficult to do that). They do perform some testings on your binary project (such as networking) and play around your app a little bit to check if your function provided is valid and works as described without any serious bug.
As long as your app works and does not violate any of the App Store Review Guidelines you should be fine, you can check the Review guidelines here to get more information about the review process and what Apple expects from your app.
I have never developed for iPhone, but I have developed an HTML5 web application.
I would like to submit to the Apple store a free app whose job would be to just open up the HTML5 webapp in the mobile browser.
Do you think it will be likely that such an app can be accepted? Can you please provide links or evidence?
Is it possible to ask this question to the Apple team so that I am not going to waste $99? If so, how?
If your app has native web views pulling internal HTML5 information, you might be able to sneak it by some of the app reviewers, but a good portion will say that there is not enough native Apple code in the app. They are sticklers for that.
I have, on a few occasions, gotten away with adding push notification, saying it HAS to be an app, and can't rely on users going to the website since they need push (even though I never intended on pushing anything out), but Apple has caught on to this.
Ultimately, you need to use Apple code in xCode, and you need to use a lot of it.