Mobile LC Apps Downloading Stacks After installation
mark at livecode.com
Fri Aug 11 07:23:56 EDT 2017
On 2017-08-11 12:20, Jonathan Lynch via use-livecode wrote:
> I know the reviewers at app stores are not always careful, but
> something like an LC player would surely get their notice.
Review, from my understanding, is heavily automated (it has to be - if
you think of the scale of the App Stores these days). However, there is
always a means to get in contact with a human about specific issues
(which can take a while to get escalated with someone who can actually
do something - but at least it is possible).
> They do allow us to import JS, but JS is way more sandboxed than LC.
Yes - this is true - however, as I noticed this morning Apple no longer
have their advisory about allowing arbitrary JS to be downloaded and run
within a WebView. This is simply because you can could build a host app
which gives access to every single OS
API on iOS and make all of them callable from JS (even if the JS bundled
with the app does not use any of it).
So, the point is the language is not the point - what the code running
in the language does is important.
Like Google, Apple are wanting to know precisely what OS APIs your app
is calling at the point of review - so they have some idea of the
surface area of attack for any malicious intent. How much analysis they
currently do, no-one really knows - however the guidelines means that
(in principal) they have reasons to pull any apps very quickly if they
find that they are doing something which is 'not allowed'.
Mark Waddingham ~ mark at livecode.com ~ http://www.livecode.com/
LiveCode: Everyone can create apps
More information about the Use-livecode