Bad news, developers: Apple Mac App Store tells cross-platform Electron apps to get lost

Programmers who reoffend risk permanent exile from the fondleslab empire

Developers of apps built with the cross-platform Electron framework say that Apple has started rejecting their applications during its Mac App Store review process, and has threatened cancellation of Apple Developer Accounts for repeated rules violations.

The issue was first raised in August and only affects Electron apps seeking Mac App Store Distribution. The problem received widespread attention following a developer blog post on Sunday.

Apple's App Store Review Guidelines have long specified that applications may use only public APIs. The phone-and-computer maker maintains private APIs for its own usage, but it doesn't support them for third-parties.

The off-limits APIs singled out by Apple include: CAContext, CALayerHost, NSAccessibilityRemoteUIElement, NSNextStepFrame, NSThemeFrame, and NSURLFileTypeMappings, among others.

Despite Apple's warning, those making macOS apps sometimes risk crafting code that interacts with private APIs because they can distribute such apps themselves, outside of the Mac App Store.

The Chromium project, the open source foundation of Google's Chrome browser, is one prominent code base that talks to Apple's private APIs. And Electron apps include Chromium as a runtime library.

Electron has a number of drawbacks – builds tend to be large and memory-hungry, for instance – but the advantage of being able to use familiar web technology to create a single code base that can generate builds for macOS, Linux, and Windows outweighs the downsides in many cases.

Apple hasn't previously rejected Electron-based applications for private API usage – at least not on a consistent basis – so presumably something has changed in Apple's review process.

The Register asked Apple to explain what's going on but the Cupertino crew did not respond to a request for comment. Whatever prompted the change, a rule long ignored is now being enforced, at least for Electron apps.

We also asked Google whether it intends to move away from private APIs in Chromium. Again, no response.


Here's how we made a no-fuss RSS vulture app using trendy Electron


What makes this particularly alarming for developers is that some have received a warning threatening excommunication from Apple's walled garden if rules violations persist in subsequent app submissions: "Continuing to use or conceal non-public APIs in future submissions of this app may result in the termination of your Apple Developer account, as well as removal of all associated apps from the App Store."

The API clampdown recalls several months in 2010 when a draft of Apple's iOS 4.0 rules disallowed iOS apps that relied on programming languages other than Objective-C, C, C++, or JavaScript. Following criticism from the developer community, Apple adopted more flexible requirements. But the way things have been going in terms of security concerns – e.g. app notarization – it seems doubtful that Apple will relent.

The iPhone maker's heightened concern about Electron raises questions about whether future updates to widely used Electron-based desktop apps, such as Slack, will get flagged by Apple's reviewers.

Developers reporting rejections have indicated that Apple has recommended specific outdated Electron builds that it finds acceptable. These include versions 3.0.0-beta.7, 2.0.8, 1.8.8, or 1.7.16 of the Electron SDK, which is presently at version 7.0.1.

Contributors to the open source Electron project have been working to disable calls to the offending APIs, so a forthcoming Electron update may address Apple's requirements. ®

Other stories you might like

Biting the hand that feeds IT © 1998–2022