Apple's iOS developer guidelines state:
3.3.2 — An Application may not itself install or launch other executable code by any means, including without limitation through the use of a plug-in architecture, calling other frameworks, other APIs or otherwise. No interpreted code may be downloaded or used in an Application except for code that is interpreted and run by Apple’s Documented APIs and built-in interpreter(s).
Assuming that downloading data - like XML and images, or a game level description, for example - at run-time is allowed (as is my impression?), I am wondering where they draw the line between "data" and "code". Picture the scenario of an app that delivers interactive "presentations" to users (like a survey, for instance). Presentations are added continuously to the server and different presentations are made available to different users, so they cannot be part of the initial app download (which would be the whole point). They are described in XML format, but being interactive, they might contain conditional branching of this sort (shown in pseudo form to exemplify):
<options id="Gender">
<option value="1">Male</option>
<option value="2">Female</option>
</options>
<branches id="Gender">
<branch value="1">
<image src="Man" />
</branch>
<branch value="2">
<image src="Woman" />
</branch>
</branches>
When this XML is interpreted and "played" within the app, the above would be presented in two steps. First a selection screen is shown, where the user can click on either of the two choices ("Male" or "Female"). Next, an image will be [downloaded dynamically] and displayed based on the choice made in the previous step.
Now, from this, it's easy to imagine additional tags, describing further logic still. For example, a containing tag could be added:
<loop count="3">
<options... />
<branches... />
</loop>
The result here being that the selection screen / image screen pair would be sequentially presented three times over, of course.
Or imagine some format describing a level in a game. It is perhaps natural to view that as passive "data", but if it includes, say, several doorways that the user can go through and with various triggers, traps and points attached to them etc - isn't that the same as using a script (or, indeed, interpreted code) - to describe execution sequences, options and their conditional responses?
Assuming that the interpretation engine for the data is already present in the app and that such "presentations" can only be consumed (not created or edited) in the app, how would this fare against Apple's iOS guidelines? Doesn't XML basically constitute a scripting language in this sense (couldn't any program in an interpreted language be described in XML)?
Would it be OK if the proprietary scripting language (ref the XML used above) was strictly sandboxed (how can they tell?) and not given access to the operating system in any way (but able to download content - like a survey or a game level - dynamically as well as upload results - answers or scores - to the authoring server)?
Where does the line go?
Update as of WWDC 2017
Programming tools such as Codea mentioned below are now explicitly allowed to download code. The App Store Guidelines currently say (emphasis mine):
2.5.2 Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code, including other apps. Apps designed to teach, develop, or test executable code may, in limited circumstances, download code provided that such code is not used for other purposes. Such apps must make the source code provided by the Application completely viewable and editable by the user.
There is also this tweet citing more details on the relaxed clauses.
Original
Does your interpreted download allow the user to write infinite loops or recursion?
Apple allow Javascript because they provide the interpreter and can kill your code. I have a feeling I've read that it's a 10 second limit but I couldn't find it on the site with a few minutes searching. (Yes, my self-imposed timeout for writing an answer kicked in.)
I think you're pretty safe if what you do is declarative and doesn't allow obvious looping in the interpreter.
I would also avoid the use of the word "interpreter" in any descriptions visible to Apple including public discussion. Maybe "parser" would be safer.
Codea have skated along the edge of these definitions with their Lua environment and cannot download code. They had to remove a feature for downloading new packages as ".codea" files.
Based on 3.3.2, they could reject an app for this. However, the scarier thing is that you could create the app, get it approved, have it be downloaded and used by many users, and then Apple could pull the app from the store.
Did you ever publish the app you described?
There's a major difference between the Guidelines and actual practice by the App Review team.
The current Guidelines state:
2.7 Apps that download code in any way or form will be rejected
2.8 Apps that install or launch other executable code will be rejected
So, the old ban on interpreted code is gone, and replaced by a ban on apps that could be considered to be IDEs or self-modifying.
However in practice there are a number of apps which do this, hence the difference between theoria and praxis.
You should take a look at what Apple has enabled in iOS7. It is now allowed to download and run JavaScript within your app.
I think what Apple means is your application should not depend in another module, compiled product or executable in order to work that will be downloaded from a website/server and that compiled add-on was not reviewed by Apple.
Basically when I asked something similar they told me something like: "If your application will download another executable compiled code that such a ftp downloader, key decryption tool or something of this kind that was not approved my Apple. You are available to download data or files (such as XML, HTML, PDF files, images) that does not represents an application.
The concept of the differences between 'code' and 'data' has been discussed on SO before.
Please see this answer: https://stackoverflow.com/a/642476/200696
From Apple's perspective, this ban prevents un-reviewed executable content from the app store. It would be trivial to create a program which is approved by Apple, and then downloads executable content that changes the pre-approved behavior.
All I can tell you is I've released products which use XML to script behavior within the app and Apple has always approved them.
Related
This may seem like an odd question, but I'm in the middle of creating an iOS app, and was wondering if there is a way to, in the future, roll out changes to the app without requiring all of the users to download an update.
I've noticed that Snapchat can do this with their filters - new filters are added regularly, without me updating the app.
I've read into 'Cloud code', something Parse had that apparently let you accomplish this. Obviously that's no longer an option.
Also, do Apple even allow this? Seeing as they need to approve every app before letting it onto the App Store, it would seem like they would need to approve any changes first too.
I've thought of strange things like storing a function in a database, then getting the app to download that function and run it - naturally if I were to now change the function in the database, it would change on all users devices instantly. Just how ridiculous is that idea? Thanks!
Depends on how much flexibility you want.
For example, Spotify does this for UI mainly - backend-driven UI, as they call it. They send a kind of layout from the server and convert it to a real iOS layout, based of a predefined mapping. You can find pretty more details in the Spotify's presentation.
Slides: http://www.slideshare.net/JohnSundell/backenddriven-native-uis
Video (more details): http://www.downvids.net/backend-driven-native-uis-john-sundell-and-diego-cristina-ca--777281.html
So actions can also be divided in similar pieces and abstractions, received from the server and interpreted - sort of scripting is needed. You can't compile and run arbitrary functions on the fly.
Hope it'll give you some ideas you can think of.
See Apple's app store review guidelines: https://developer.apple.com/app-store/review/guidelines/ section 2.4.5 (iv). Apps are not supposed to download code or resources to add functionality or significantly change the app from what Apple sees during the review process. And executable memory isn't even writable by sandboxed apps, which makes downloading compiled functions fairly useless. But downloading Javascript that complies with the above guidelines seems to be allowed.
Is it possible to create an API inside an iOS app to let 3rd party developers create app add-on that are downloadable for users inside the app?
I could not find any ressources for this topic online.
I think that's going to go against the app store guidelines if your intention is that the 3rd party developers write code, which will be downloaded and executed.
There's something of a grey area between legitimate uses and illegitimate uses of downloaded code:
Legitimate Example 1: Something like Hopscotch where children are creating simple fun shared games. These can be considered user generated content.
Legitimate Example 2: A game which is driven by scripts allows for the run-time downloading of patches to fix bugs in the scripts or even to add new levels. I believe such usages have been rejected occasionally in the past, but are generally accepted these days.
The relevant guideline from the guidelines is (emphasis mine):
2.5.2 Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code, including other iOS, watchOS, Mac OS X, or tvOS apps.
And the all-encompassing:
We will reject apps for any content or behavior that we believe is over the line. What line, you ask? Well, as a Supreme Court Justice once said, "I'll know it when I see it". And we think that you will also know it when you cross it.
If your idea is to create some sort of app-store within your app-store app, then I would abandon it immediately, because that's going to be way over Apple's line.
That said, you haven't given much detail about your app, so I might have made wrong assumptions about where you're thinking of going.
At first, I will describe my use-case on why I need to add the framework at runtime on iOS.
Let's say I have an app on iOS device. The app requires some 3rd party frameworks to add some external features to it. Now, the features are many. So, the required number of frameworks will be many too. An user may not need lots of features. Just a small set of features. Plus, lots of framework will require a lot of space. The application will be huge in size.
For an example, an user needs only 1 feature. The application provides 100. So, all the other frameworks will definitely be unnecessary.
So, the solution would be to download the frameworks and the necessary files on demand from an online repository, link them on runtime and use them. This would mean the application size would be very small and not bulky with unnecessary stuff.
But does iOS provide that? I have to add an external framework and the necessary files that is not on the app use them on runtime.
Is this possible? Can anyone provide me with some resources on how I can do that?
I have seen some resources on SO and some other sites. The results are not so helpful.
"But does iOS provide that?" - no
"Is this possible?" - partially
"Can anyone provide me with some resources on how I can do that" - unfortunately no
More details: That is certainly not possible out of the box. And it will be firstly a pain in the ass to do achieve what you are trying and (far more important) secondly it will probably not be allowed by Apple. You are not allowed to load new "program code" into the app at runtime. For the simple reason that Apple cannot review what you are about to load. And it would a huge security risk for your users if your backend gets compromised.
What you can do is load resources like images, videos etc. on demand.
You might even be able to come up with some scripting behavior of your app. The server could theoretically deliver code to your app and then your app interprets that code. But that code would not be Swift but some other language that you have to define first. You see where this is going? That is possible while not really doable. And still it might get you rejected anyway.
In particular if you are talking about actual frameworks that include actual binary code is is not possible.
I'm working on the requirements & specifications for a new iOS app intended for use by certain professionals working "in the field". All day long for weeks on end, these folks have a sizable reporting burden to their superiors using standardized forms that track all different kinds of information. Traditionally, those forms are in PDF, and are simply printed and filled out in ink and then shared with the dozens to hundreds of others working the same operation. Sometimes they'll use a PDF with form fields so the data can be typed and then printed as part of the form. Either way, given their workflow, time and stress pressures, and other factors, it's not a very productive way to get the standardized reporting forms done.
The app we're spec'ing would offer an iOS (and Android, if possible -- but secondary or even tertiary requirement at this point) user interface for tracking the data they enter in the field, organizing it in a logical manner for each individual user, and with the press of a button, take all that data and automatically create a PDF file of it using the standardized form.
Of course, the forms are STRICTLY and rigidly standardized in this industry, and any deviation in format, structure, or presentation is simply not tolerable.
So I was approaching the project by thinking the app would maintain an internal repository of the original standardized forms from the accrediting organization, with each possible data area defined as a field. The app would:
open the necessary PDF form for the task at hand;
parse its dictionary to identity the specific data fields;
for every single field, identify the relevant data from the iOS app's own user interface and data tables, and assign that data to the corresponding field from the PDF/dictionary
export the PDF to a NEW PDF file, which the app would either email or store through iCloud, Dropbox, or some other form of file sharing.
The catch with #4 is that that PDF file must remain editable by standard PDF applications on Windows and Mac (Acrobat, Preview, etc.), so all the fields need to remain. And the PDF should be viewable just the same on either Windows or Mac.
Now, at NO time will the PDF (neither the original nor the exported final document) EVER need to be displayed inside the iOS app, nor would it make much sense to be able to do so.
I don't know if any of this is possible. This is our first iOS project, and we've been leaning towards building the app using Moai or Corona or some other framework to save development time and make porting across platforms easier. That said, if it cannot be done using Lua and one of these frameworks (I remain skeptical...they seem HIGHLY geared towards games), we're not opposed to doing it directly in Objective C and building an Android version some time down the road.
But either way, I'm at a loss in assessing whether this is even a practical undertaking. Our requirements are clear, and frankly if this can't be done, the project won't be pursued any further. But I could definitely use some help from you folks in identifying what my options are, whether I can do it in Lua, and what SDK(s) would be most useful in accomplishing this.
Based on what you've said, it seems that there is little reason to do the PDF-based part of the work on the mobile device itself since:
you don't need to display it on the ipad
you plan to email it or store it in the cloud
if you write this for iOS you will have to write again for Android as you've mentioned
Can you simplify the mobile part of your requirement by focusing on the data-collection and validation, then firing off to a server to do the document production? That will give you a lot more flexibility in the tools that you can use to merge the data into PDF docs. If so you could look at creating PDFs or populating the fields from code using something like iText (C# or Java). If you don't want to build your own back end server you could try something like Docmosis Cloud - but that might not allow you to get your precise layouts.
Certainly the catch you mentioned - needing to keep the PDFs editable with their fields is a significant gotcha in all cases. If you could convince the stakeholders that it is better to generate the final documents from your system (generate draft, review, update data, generate again etc) - rather than generating editable documents that you then lose control and tracability over, then you will be miles ahead.
Hope that helps.
Did you consider just generating a new pdf using an image of the form as the background to the pdf and just writing the user's data into the required areas over the form image. Would reduce the complexity of trying to parse the original form PDFs.
That's a point of worthwhile discussion, but one we don't have an ideal answer on. I tend to think of that as the almost perfect scenario -- it'd be considerably easier to develop. There are two key issues with this approach that have made us table it except as a very last resort:
The users of this product would be working in the field. That field could be quite literally anywhere--the streets of Manhattan, a disaster-stricken area with infrastructure that's been severely damaged or even destroyed, or the most war-ravaged third world country. If it were the streets of, say, Manhattan, there's no problem--their iOS or Android device will have 3G or Wi-Fi access just about anywhere they go. In the latter two scenarios (which are arguably more common in this industry), that connectivity may be very limited. The concern is whether the end user's ability to be productive or to see and share data with their colleagues will be too greatly restricted if they don't have a decent signal. To be fair though, even today they often aren't even using mobile devices, forcing them to go back to a headquarters type location or use radios to share information, effectively negating my point here. But if we're not going to significantly increase their productivity in the field, it just gives us pause to think through whether or not we have enough of a value proposition to ask them to fairly significantly change their methods of doing things.
To your latter point, no there's no convincing the stakeholders that this new system is the better approach. Even if there were, it would take years to do so. These forms are a part of a well-defined, decades-old standard used by literally thousands of organizations.
The latest game by Gameloft called Order&Chaos starts with a Checking for Update screen, which indicates that they're able to update certain data without updating the entire binary.
I'm quite certain that they're using some kind of scripting language like Lua in their app and updating these scripts to e.g. change certain values (like buying price of items).
What's your experience with side-loading or updating scripts in your iOS application?
I don't mean loading new graphics or other contents, but game logic like my path finding implementation in Lua.
Apple cleary states that this isn't allowed
3.3.2 An Application may not download or install executable code.
Interpreted code may only be used in
an Application if all scripts, code
and interpreters are packaged in the
Application and not downloaded. The
only exception to the foregoing is
scripts and code downloaded and run by
Apple's built-in WebKit framework.
This happens in most of these applications TinyChef, RestaurantStory, HotelStory, etc..
They update content, but not the core program. Just adds new content or modifies the existing using external files and DB updates from a remote server.
Example, what they do is download new graphics and add a new item to their Desserts table of their DB and finally when they show all their Desserts the new one shows up and its ready to be cooked as if it was in the app from the beginning.
I could elaborate more info if you need.
UPDATE
If you are using lua, you could easily add, say new levels to your games, just by downloading a file containing your level data. Im sure that you are familiar with using external files one per level/item/character with a common format you then parse in your app.
You can have your path finding algorithm in another file as i said, and update (download and replace) that unique file whenever you improve it.
I haven't tried this, yet, but wouldn't it be as easy as querying a server, getting back a string, then parsing that into the database?
That might not violate Apples policy, since it wouldn't be executable code, just delimited text.
You could probably do more complicated stuff that way too. It wouldn't be a whole lot different than DropBox downloading files to your phone so you can view them. But instead of a document file, it would be a 3D object.
I think 3.3.2 clausule is to prevent that anyone can download/buy from appStore an engine like Love2D for iPhone, create games/apps in Lua, download it on the iPhone via web and execute with this engine, because it means develop and deploy apps on iPhone using an intermediate SDK instead of the official SDK, and of course, without paying anything to Apple.
Think about it, you can create your own App Store with this system and that is what Apple wants to prevent. but i think Apple doesn't take care of this type of downloads, where you want to update your own apps logic or levels.