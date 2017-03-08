Apple Begins Rejecting Apps With 'Hot Code Push' Feature (apple.com) 51
Apple has long permitted "hot code push", a feature that allows developers to continuously deploy changes to their mobile apps and have those changes reflect in their apps instantly. This allowed developers to make quick changes to their apps without having to resubmit the new iteration and get approval from the Apple Store review team. But that's changing now. In response to a developer's query, Apple confirmed that it no longer permits "hot code push." The company told the developer: Your app, extension, and/or linked framework appears to contain code designed explicitly with the capability to change your app's behavior or functionality after App Review approval, which is not in compliance with section 3.3.2 of the Apple Developer Program License Agreement and App Store Review Guideline 2.5.2. This code, combined with a remote resource, can facilitate significant changes to your app's behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes.
Yea but they don't (Score:2, Interesting)
As someone who has worked on ios apps big and small, I will tell you the rules for big orgs are not the same vs small. If they want to "hot push" (ghey btw) a scheduled event in Disney Kigndoms, apple won;t say shit. If you want to "hot push" (ghey btw) an update to some pixel avatar app with 3 users, you get rejected.
Re: (Score:2)
What?
Of course they don't.
You make a new version of the app with all the content a week or whatever before, and allow it to get through whatever review process there is. At a known time, your app starts using those features.
Re: (Score:2)
"Could" is the operative word. By this same logic, every adult male has the tools required to commit rape. Therefore, any time a single adult male is out on the streets after dark without being part of a large group, we must incarcerate him to ensure that he doesn't use those tools for that purpose. See how silly that reasoning sounds when shifted into a different problem space?
Rationally, Apple should penalize developers that abuse this capability to deliberately ship features that they know would be r
Pray I don't change it again (Score:2, Insightful)
Seriously, unless you're part of a big corp with big corp lawyers and money behind you why develop for Apple? You have to buy your way into their walled garden, give up a significant portion of sales to them, and be put through an obscured process to get approval to be published in a store. Which, if you're lucky enough to hit on something that's both novel and popular, is going to fill up with a bunch of clones within days of the first hint of success.
If you're not doing it for the fun of being repeatedly
Re:Pray I don't change it again (Score:5, Informative)
Developers care about eating (Score:2)
You can't eat open source revenues. Most of the open source devs work for some corp or another, after all.
Re: (Score:2)
Why can't the application for accessing said service be a web application that runs in Safari for iOS?
Re: (Score:2)
Aside from that, my Android phone cost more than my wife's iPhone 6 Plus (does more, too). I paid for both. I've paid for a few hundred dollars in apps and more than that in in-app pu
Re: (Score:1)
The reason to develop for them is that Apple has a huge share of the 400m consumers who spend the most on applications.
As an aside, vertical applications don't have this problem. They aren't easy to clone as the developer often has to have business partnership relations with desktop / server / SaaS companies. You often don't have to give up a percentage as the app is included (free).
Re: (Score:2)
400 milli-consumers? Wow that's fucking awesome!
Oh, wait a minute... is it Imperial or Metric consumers?
Re:Pray I don't change it again (Score:4, Interesting)
Let's see:
I'm a one man shop that does App development as a hobby while simultaneously maintaining a full time job. Having someone handle 24/7 hosting and billing and a sort of rudimentary QA on the final product (so the users will trust it better) is something of value. In many cases, costs and time would be prohibitive for a new, small shop to do all these things itself. So they do something for that 30% other than rubber stamp it.
Also, $99 is a pittance - how much do dev kits from Nintendo, Sony and Microsoft cost?
Now another poster pointing out that the rules are different for larger companies that develop on Apple's platform - yes they are. I see competing apps that violate the backgrounding policies (for good reasons) that I could never get away with if I tried.
One example is playing silent audio while streaming via DLNA from the iOS device to prevent the OS from putting the app to sleep after 10 minutes or so. A big company just does it and has done it for years without consequence. Another small developer in my niche needed to do this as well, but was forced by Apple to remove it unless there was a specific function for it. So the developer instead added a useless "visualizer" that made graphic effects to music picked up by the microphone which is then put in the background and hidden - just to get around the rules. I have not added DLNA streaming yet because of these headaches.
Re: (Score:2)
How much is an Apple computer? You can't compare the cost of the license without taking into account the hardware required.
Hot Code Push (Score:2)
Surprised (Score:4, Insightful)
so each new map needs to wait for the app store (Score:2)
so each new map in a game needs to wait for the app store review system to push it out?
Re: (Score:2)
the distinction between code and data can be blurry
Re: (Score:2)
so any game
with map scripts in new maps needs the review
pinball games each new table needs the review
driving games needs a review for a new track
games with levels needs an review to add new levels?
Oh me, oh my... (Score:2)
Recipe for disaster (Score:5, Interesting)
"Apple has long permitted "hot code push", a feature that allows developers to continuously deploy changes to their mobile apps and have those changes reflect in their apps instantly. This allowed developers to make quick changes to their apps without having to resubmit the new iteration and get approval from the Apple Store review team."
Is it just me or does this seem like a recipe for disaster, ripe for abuse in the worst possible ways? And not just by the developer, but by anyone who hacks the developer's tool chain or system.
In other words, you could push the most intrusive, malevolent, destructive code to a user's device at will with no oversight.
Who thought having this capability was a good idea?
Re: (Score:2)
Hot fixes such as this should be limited to enterprise apps only - i.e. apps that don't affect the world.
Was the hot fix permitted for all apps or just enterprise apps? If the former, then it should be definitely be removed.
Re:Recipe for disaster (Score:4, Informative)
Hot fixes such as this should be limited to enterprise apps only - i.e. apps that don't affect the world.
Was the hot fix permitted for all apps or just enterprise apps? If the former, then it should be definitely be removed.
Enterprise apps don't have to go through the review process because they aren't in the App Store in the first place. They're distributed privately, with the enterprise signing each app using a cert and each employee's device being configured to accept apps signed by that cert. Updates can be deployed directly to employee devices, as a result.
As for apps using this feature, I know that a variety of games download content updates outside of the App Store, though if I had to guess, I'd wager that when Plants vs. Zombies 2 and Final Fantasy Record Keeper say they're downloading new content, it's just a package of art assets and the like that the existing executable knows how to parse. If it is arbitrary code, however, I'd also wager that I'll suddenly see those games issuing a lot more frequent updates, given that FFRK pushes out content updates 1-2 times per week as it is.
Re: (Score:2)
In other words, you could push the most intrusive, malevolent, destructive code to a user's device at will with no oversight.
It's called Windows Update
Re: (Score:2)
> In other words, you could push the most intrusive, malevolent, destructive code to a user's device at will with no oversight.
That's absolutely the risk.
> Who thought having this capability was a good idea?
I think it is for online games and other situations where a bug might otherwise mean a server outage until it could go through a code review. It's still a terrible idea.
Anyway, I would suspect that the timing of this is not a coincidence, given the vulnerabilities alluded to in the news recently.
Re: (Score:2)
Is it just me or does this seem like a recipe for disaster, ripe for abuse in the worst possible ways? And not just by the developer, but by anyone who hacks the developer's tool chain or system.
In other words, you could push the most intrusive, malevolent, destructive code to a user's device at will with no oversight.
Who thought having this capability was a good idea?
The same people who invented JavaScript?
Re: (Score:1)
They are worried about the CIA (Score:4, Insightful)
I see that... (Score:2, Troll)
And all of you thought I was crazy for saying it was possible.
so much for supporting iThingies (Score:1)
In one fell swoop, Apple just broke all Meteor apps, and probably any other hybrid framework.
So I suppose we're all supposed to develop iOS apps using Apple-proprietary technologies now? No thanks. I'm old enough to remember the open internet, before the invasion of the phone-pokers.
What I'm trying to wrap my head around is where they draw the somewhat arbitrary line between downloading content and downloading functionality. I mean, any app that connects to the internet has the potential to download