Downloaded stacks on iOS

Mark Waddingham mark at livecode.com
Sun Aug 16 16:02:13 CEST 2015


Monte's reading of the clause is the same as mine (given the trouble that section of the agreement has given us over the years I keep a close eye on it).

Basically Apple do not want apps to be able to download executable code which could do anything more than their analysis of the app at submission time can do. By 'anything more' what they are really trying to stop I think is downloaded code accessing any system APIs which the original app did not. The main reason for this I suspect is security.

If apps could download code which could exploit any uncovered flaws or vulnerabilities in any of these apis its a vector for malware.

By restricting downloadable code to things that run on JavaScriptCore they know that code that is downloaded can do no more than the environment it is downloaded into has hooked into. (Of course an app could potentially provide a means for dynamically hooking into system APIs from JavaScript - so it does make me wonder how effective the restriction actually is, and therefore if there is something I'm missing!).

The main problem with JavaScriptCore is that it can't do dynamic compilation to native code to speed things up - a user space app on iOS cannot make memory pages executable. So code run through this library directly will be slower than running in Mobile Safari (no 'nitro' mode).

Since iOS8, however, a WebView (like Mobile Safari) does use Nitro for its JavaScript through a process separation model. Which I suspect is why it is now more practical for many apps to download and use JS for a good deal of their implementation (if they can run in a WebView, at least).

So as far as I can see the current situation is that if you download LiveCode stacks that contain code in your app then it violates the terms of the App Store agreement. If you download JavaScript and execute it through JSC or a WebView you do not (as long as you don't violate the other requirement - that the code does not make your app do something outside its submitted intent).

The technical side is pretty unambiguous as far as I can see - the gray area is the definition of what an apps purpose is and therefore what downloaded code can do without violating another part of the license.

Mark.

Sent from my iPhone

> On 15 Aug 2015, at 04:16, Monte Goulding <monte at sweattechnologies.com> wrote:
> 
> It's not vague at all. It's right there in the article and the only way these guys can do what they are doing is because their apps are JavaScript as I said before. Read the clause it explicitly rules out what you are talking about unless it's JavaScript run in WebKit or JavaScriptCore.
> 
> Sent from my iPhone
> 
>> On 15 Aug 2015, at 12:43 pm, Richard Gaskin <ambassador at fourthworld.com> wrote:
>> 
>> Android has no restriction on this, and the applicability of Apple's guidelines to this seems, as they say, "vague".  I've not found the specific text of the app store dev TOS that prohibits that, and unless it were abused I can't see how it differs much from downloading any binary data.
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode



More information about the use-livecode mailing list