Apple appears to relax ban on apps fetching, running extra code – remains aloof as always

Arbitrary exes, no, but friendlier rules for dev tools


Analysis In conjunction with the commencement of its Worldwide Developer Conference and the release of developer builds of planned operating system updates, Apple has revised its Developer Program license agreement, for better or worse.

It could be either, given that Apple itself decides when its rules get applied and how they get enforced. And Apple does not provide guidance to clarify the extent of its rules, at least publicly. The Register asked Apple to explain the new cruelty, and you know how that goes.

However, several software makers who spoke with The Register believe the changes are for the better and will allow a broader range of apps to be created.

Developer Anders Borum, creator of iOS Git client Working Copy, called out the changed wording via Twitter on Monday, suggesting the revised language will help makers of iOS development tools.

The portion of the agreement at issue, Section 3.3.2, outlines the circumstances under which applications can download and run executable code and interpreted code.

Executable code refers to code that can be run directly – compiled binary files – and interpreted code refers to code that must be processed by an interpreter to generate an executable form. Code written in JavaScript, Lua, and Python, for example, is interpreted.

Borum, in an email to The Register, explained that Apple for years has prohibited apps from downloading new behavior as binary code or an interpreted script, presumably as a security precaution.

"For programming environment apps that allow editing and executing programs in some language (Pythonista for Python, Codea for Lua) this is a serious restriction," Borum said. "These apps are allowed to include example programs and they can let the user type in arbitrarily complex programs, but such an app could not make it easy to import source code."

Borum contends this policy has held back iOS apps focused on programming because many of them, in the absence of clear guidance from Apple, have had trouble getting through the App Review process.

"But even more than hurting the existing development apps, these rules have deterred any larger efforts to make development tools on iOS," said Borum. "It is very risky to invest lots of money on a project that might not even be allowed on the App Store. The Swift Playgrounds apps would not be allowed by a third-party developer."

One company that suffered from these rules is Rollout.io, which offered a hot-patching service that allowed developers to inject code into approved apps, to revise interfaces, fix bugs, and implement other changes. In March, Apple began cracking down on hot-patching, a decision that a month later forced Rollout.io to abandon that particular approach and start anew with a service called Rox.

Erez Rusovsky, CEO of Rollout, in an email to The Register, said he wasn't certain whether the revisions would make the old incarnation of Rollout acceptable to Apple.

"This is a difficult question to answer because the changes are open to interpretation, and because Apple has not made itself available to us to clarify its policies," said Rusovsky.

"In fact, we felt that the policy always did allow Rollout and other hot patching solutions, and still should. Apple did not change its guidelines in March when it notified Rollout customers that apps built on our framework would not be allowed in the App Store. In fact, it only reinterpreted the guidelines already in place. The portion of the guidelines that most directly impacts Rollout [Section 3.3.2, along with separate App Store Guidelines, Section 2.5.2] did not change then, or now."

Rusovsky observed that Section 3.3.2 of the Developer Program license agreement previously said apps may not download or install executable code, except through Apple's WebKit or JavaScriptCore, which the disallowed version of Rollout used.

What's new, Rusovsky said, is that Apple no longer specifies allowable Javascript frameworks. "Instead of making an exception only for code downloads via Apple's built-in WebKit framework or JavaScriptCore, Apple now has opened the ability to download code to any Javascript framework," he said.

"The change does seem to loosen the requirement on downloaded code, specifically around the framework and language of the downloaded interpreted code, which means that other scripting languages not using Javascript language are allowed for injection, such as Lua, RubyMotion, and the like."

Next page: Apple's rules

Other stories you might like

  • Despite global uncertainty, $500m hit doesn't rattle Nvidia execs
    CEO acknowledges impact of war, pandemic but says fundamentals ‘are really good’

    Nvidia is expecting a $500 million hit to its global datacenter and consumer business in the second quarter due to COVID lockdowns in China and Russia's invasion of Ukraine. Despite those and other macroeconomic concerns, executives are still optimistic about future prospects.

    "The full impact and duration of the war in Ukraine and COVID lockdowns in China is difficult to predict. However, the impact of our technology and our market opportunities remain unchanged," said Jensen Huang, Nvidia's CEO and co-founder, during the company's first-quarter earnings call.

    Those two statements might sound a little contradictory, including to some investors, particularly following the stock selloff yesterday after concerns over Russia and China prompted Nvidia to issue lower-than-expected guidance for second-quarter revenue.

    Continue reading
  • Another AI supercomputer from HPE: Champollion lands in France
    That's the second in a week following similar system in Munich also aimed at researchers

    HPE is lifting the lid on a new AI supercomputer – the second this week – aimed at building and training larger machine learning models to underpin research.

    Based at HPE's Center of Excellence in Grenoble, France, the new supercomputer is to be named Champollion after the French scholar who made advances in deciphering Egyptian hieroglyphs in the 19th century. It was built in partnership with Nvidia using AMD-based Apollo computer nodes fitted with Nvidia's A100 GPUs.

    Champollion brings together HPC and purpose-built AI technologies to train machine learning models at scale and unlock results faster, HPE said. HPE already provides HPC and AI resources from its Grenoble facilities for customers, and the broader research community to access, and said it plans to provide access to Champollion for scientists and engineers globally to accelerate testing of their AI models and research.

    Continue reading
  • Workday nearly doubles losses as waves of deals pushed back
    Figures disappoint analysts as SaaSy HR and finance application vendor navigates economic uncertainty

    HR and finance application vendor Workday's CEO, Aneel Bhusri, confirmed deal wins expected for the three-month period ending April 30 were being pushed back until later in 2022.

    The SaaS company boss was speaking as Workday recorded an operating loss of $72.8 million in its first quarter [PDF] of fiscal '23, nearly double the $38.3 million loss recorded for the same period a year earlier. Workday also saw revenue increase to $1.43 billion in the period, up 22 percent year-on-year.

    However, the company increased its revenue guidance for the full financial year. It said revenues would be between $5.537 billion and $5.557 billion, an increase of 22 percent on earlier estimates.

    Continue reading

Biting the hand that feeds IT © 1998–2022