![]() Today's "App Store Improvement Cleanup" announcement makes me think that Apple may want to look into these alternative app update mechanisms since they fundamentally bypass the review process that is in place to guarantee the "quality" of the AppStore. JSON & performSelector it but JavscriptCore-based tools like React Native make it really easy to stay completely off App Review's radar with your whole app. I understand that technically it will always be possible to download a string-based payload in e.g. ![]() The reason I'm pushing for an official position from Apple on this is that I think this poses a clear Privacy/Security threat to the user (Think the stuff Youmi did a while back) & is not compatible with the Privacy stance Apple has been taking in public recently. jsbundle later which allows access to private api methods from within javascript. Just wanted to throw in here that I see lots of client interest in "bypassing app review" & just out of curiosity yesterday I made a React-Native app that will appear innocent on first submission & then download a harmful. A typical React Native app is just an AppDelegate without views, viewcontrollers, models etc. jsbundle from your server & all further app logic/layout is defined from that Javascript bundle. Dont miss to download the new release and find out yourself. You would have to do a fair amount of planning ahead to make sure that you have code in advance for all the expected changes, but this technique, while maybe not 100% acceptable, is far, far better than downloading executable yeah, React Native pretty much means you have a thin native executable (basically a modified AppDelegate) which downloads a. New release for Apples macOS 11 (Big Sur) - Also with fixes for Linux and Windows. ![]() And discover even more ways to personalize your Mac. The best way to solve this problem, in my opinion, is to put several different code pathways inside your app and choose which one you use based on nonexecutable JSON data retrieved from a server. With macOS Sonoma, work and play on your Mac are even more powerful. Also, what about security? What would you do if the host got hacked and someone replaced your legit bundle with something fraudulent or outright malicious? With that out of the picture, you cannot download any executable code without being in clear violation of not only the spirit but also the letter of regulation 3.3.2. If I understand you correctly, React executes that JavaScript itself, which puts you outside the scope of the whole "The only exception to the foregoing…" clause. If you want my opinion, if you're talking about using the native app as simply a container for that interchangeable, executable React content, you're going to be walking on some seriously thin ice. I believe they prefer to consider stuff like this on a case-by-case basis. As for the official Apple stance, I'm not sure there is one.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |