Apple is starting to more uniformly enforce a restriction in place since the beginning of the App Store, and is notifying developers pro-actively that it will refuse approval to new apps or updates that include mechanisms to update or alter pre-approved app behavior outside the app store.
Developers, sometimes with apps already approved and for sale, are receiving a notification from Apple informing them of the issue, and advising them to remove offending code prior to the next update. Apple cites two relevant rules in the message, specifically, section 3.3.2 of the Apple Developer Program License Agreement and App Store Review Guideline 2.5.2.
Both rules have been in place since the dawn of the iOS app store. However, popular iOS troubleshooting and update tool, Rollout.io, is impacted by the enforcement and claiming that Apple is interpreting the guidelines in a "more narrow way," which will cause problems with the service.
Rollout allows developers to "push code-level changes" to native iOS apps. This allows for coders to "fix bugs, update configuration data, patch security holes or diagnose issues" without dealing with the sometimes lengthy app store review process.
"We are disappointed that Apple has made this change before we have had an opportunity to address any concerns," Rollout says in a blog post. "We have already reached out to Apple to discuss and are committed to adjusting our offering as needed to remain in compliance under the more narrow interpretation of the guidelines."
App Store review guideline 2.5.2 mandates that "Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code, including other iOS, watchOS, macOS, or tvOS apps."
Apple Developer Program License Agreement section 3.3.2 is similar, and says that an application "may not download or install executable code" and "interpreted code may only be used in an Application if all scripts, code and interpreters are packaged in the Application and not downloaded."
Apple claims that the forbidden frameworks can "easily be hijacked via a Man In The Middle (MiTM) attack" and "can pose a serious security vulnerability to users."
AppleInsider has reached out to Apple for further elaboration of why more strict enforcement of the near-decade-old rule is being applied now, and will update accordingly. While it may be coincidental, the first reports of the stricter enforcement of the app store rules surfaced on March 7, the same day as the WikiLeaks publication of the CIA's iOS, Android, and Windows hacking division.
23 Comments
I imagine that it is due to the leaks. I'm surprised that Apple hasn't enforced it before.
While it will be a pain for some legitimate apps, I have to agree with Apple here.
The only app I've experienced this with is my First Direct (HSBC) banking app, it downloads and updates within the app.
Any other examples of apps (the more popular the better) that actually do this?