Apple appears to relax ban on apps fetching, running extra code – remains aloof as always

Arbitrary exes, no, but friendlier rules for dev tools

Analysis In conjunction with the commencement of its Worldwide Developer Conference and the release of developer builds of planned operating system updates, Apple has revised its Developer Program license agreement, for better or worse.

It could be either, given that Apple itself decides when its rules get applied and how they get enforced. And Apple does not provide guidance to clarify the extent of its rules, at least publicly. The Register asked Apple to explain the new cruelty, and you know how that goes.

However, several software makers who spoke with The Register believe the changes are for the better and will allow a broader range of apps to be created.

Developer Anders Borum, creator of iOS Git client Working Copy, called out the changed wording via Twitter on Monday, suggesting the revised language will help makers of iOS development tools.

The portion of the agreement at issue, Section 3.3.2, outlines the circumstances under which applications can download and run executable code and interpreted code.

Executable code refers to code that can be run directly – compiled binary files – and interpreted code refers to code that must be processed by an interpreter to generate an executable form. Code written in JavaScript, Lua, and Python, for example, is interpreted.

Borum, in an email to The Register, explained that Apple for years has prohibited apps from downloading new behavior as binary code or an interpreted script, presumably as a security precaution.

"For programming environment apps that allow editing and executing programs in some language (Pythonista for Python, Codea for Lua) this is a serious restriction," Borum said. "These apps are allowed to include example programs and they can let the user type in arbitrarily complex programs, but such an app could not make it easy to import source code."

Borum contends this policy has held back iOS apps focused on programming because many of them, in the absence of clear guidance from Apple, have had trouble getting through the App Review process.

"But even more than hurting the existing development apps, these rules have deterred any larger efforts to make development tools on iOS," said Borum. "It is very risky to invest lots of money on a project that might not even be allowed on the App Store. The Swift Playgrounds apps would not be allowed by a third-party developer."

One company that suffered from these rules is, which offered a hot-patching service that allowed developers to inject code into approved apps, to revise interfaces, fix bugs, and implement other changes. In March, Apple began cracking down on hot-patching, a decision that a month later forced to abandon that particular approach and start anew with a service called Rox.

Erez Rusovsky, CEO of Rollout, in an email to The Register, said he wasn't certain whether the revisions would make the old incarnation of Rollout acceptable to Apple.

"This is a difficult question to answer because the changes are open to interpretation, and because Apple has not made itself available to us to clarify its policies," said Rusovsky.

"In fact, we felt that the policy always did allow Rollout and other hot patching solutions, and still should. Apple did not change its guidelines in March when it notified Rollout customers that apps built on our framework would not be allowed in the App Store. In fact, it only reinterpreted the guidelines already in place. The portion of the guidelines that most directly impacts Rollout [Section 3.3.2, along with separate App Store Guidelines, Section 2.5.2] did not change then, or now."

Rusovsky observed that Section 3.3.2 of the Developer Program license agreement previously said apps may not download or install executable code, except through Apple's WebKit or JavaScriptCore, which the disallowed version of Rollout used.

What's new, Rusovsky said, is that Apple no longer specifies allowable Javascript frameworks. "Instead of making an exception only for code downloads via Apple's built-in WebKit framework or JavaScriptCore, Apple now has opened the ability to download code to any Javascript framework," he said.

"The change does seem to loosen the requirement on downloaded code, specifically around the framework and language of the downloaded interpreted code, which means that other scripting languages not using Javascript language are allowed for injection, such as Lua, RubyMotion, and the like."

Next page: Apple's rules

Similar topics

Other stories you might like

  • Heart FM's borkfast show – a fine way to start your day

    Jamie and Amanda have a new co-presenter to contend with

    There can be few things worse than Microsoft Windows elbowing itself into a presenting partnership, as seen in this digital signage for the Heart breakfast show.

    For those unfamiliar with the station, Heart is a UK national broadcaster with Global as its parent. It currently consists of a dozen or so regional stations with a number of shows broadcast nationally. Including a perky breakfast show featuring former Live and Kicking presenter Jamie Theakston and Britain's Got Talent judge, Amanda Holden.

    Continue reading
  • Think your phone is snooping on you? Hold my beer, says basic physics

    Information wants to be free, and it's making its escape

    Opinion Forget the Singularity. That modern myth where AI learns to improve itself in an exponential feedback loop towards evil godhood ain't gonna happen. Spacetime itself sets hard limits on how fast information can be gathered and processed, no matter how clever you are.

    What we should expect in its place is the robot panopticon, a relatively dumb system with near-divine powers of perception. That's something the same laws of physics that prevent the Godbot practically guarantee. The latest foreshadowing of mankind's fate? The Ethernet cable.

    By itself, last week's story of a researcher picking up and decoding the unintended wireless emissions of an Ethernet cable is mildly interesting. It was the most labby of lab-based demos, with every possible tweak applied to maximise the chances of it working. It's not even as if it's a new discovery. The effect and its security implications have been known since the Second World War, when Bell Labs demonstrated to the US Army that a wired teleprinter encoder called SIGTOT was vulnerable. It could be monitored at a distance and the unencrypted messages extracted by the radio pulses it gave off in operation.

    Continue reading
  • What do you mean you gave the boss THAT version of the report? Oh, ****ing ****balls

    Say what you mean

    NSFW Who, Me? Ever written that angry email and accidentally hit send instead of delete? Take a trip back to the 1990s equivalent with a slightly NSFW Who, Me?

    Our story, from "Matt", flings us back the best part of 30 years to an era when mobile telephones were the preserve of the young, upwardly mobile professionals and fixed lines ruled the roost for more than just your senior relatives.

    Back then, Matt was working for a UK-based fixed-line telephone operator. He was dealing with a telephone exchange which served a relatively large town. "I ran a reasonably ordinary, read-only command to interrogate a specific setting," he told us.

    Continue reading

Biting the hand that feeds IT © 1998–2021