Mobile LC Apps Downloading Stacks After installation

Ralph DiMola rdimola at
Fri Aug 11 09:52:50 EDT 2017


Thanks for weighing in. I would like to read into those licenses that I
could update my core LCS, but I know in my soul that if I do that it's just
a shoe waiting to drop that could affect not only my license but the entire
LC community. I also feel that when I create an extra button(with stub code)
because a "data" update offers more options that I am staying within the
guidelines and the spirit of the App/Play store rules. I see this as simple
decision. I call it the "Johnny, did you eat a cookie?" scenario. Johnny
says "no" because he did not eat "A" cookie but ate 3 cookies. I am not a 2
year old and know what these rules were intended to prevent.

By the way, I was once rejected because my data update "answer" dialog was
worded as "An app update is available". I explained that it was a data
update and not code and changed the verbiage of the dialog. I then passed
the review. Moral: The review team can look VERY close at any app during

As it was said in Goodfellows... At least, that's how I feel.

Ralph DiMola
IT Director
Evergreen Information Services
rdimola at

-----Original Message-----
From: use-livecode [mailto:use-livecode-bounces at] On Behalf
Of Mark Waddingham via use-livecode
Sent: Friday, August 11, 2017 7:24 AM
To: How to use LiveCode
Cc: Mark Waddingham
Subject: Re: Mobile LC Apps Downloading Stacks After installation

On 2017-08-11 12:20, Jonathan Lynch via use-livecode wrote:
> I know the reviewers at app stores are not always careful, but 
> something like an LC player would surely get their notice.

Review, from my understanding, is heavily automated (it has to be - if you
think of the scale of the App Stores these days). However, there is always a
means to get in contact with a human about specific issues (which can take a
while to get escalated with someone who can actually do something - but at
least it is possible).

> They do allow us to import JS, but JS is way more sandboxed than LC.

Yes - this is true - however, as I noticed this morning Apple no longer have
their advisory about allowing arbitrary JS to be downloaded and run within a
WebView. This is simply because you can could build a host app which gives
access to every single OS API on iOS and make all of them callable from JS
(even if the JS bundled with the app does not use any of it).

So, the point is the language is not the point - what the code running in
the language does is important.

Like Google, Apple are wanting to know precisely what OS APIs your app is
calling at the point of review - so they have some idea of the surface area
of attack for any malicious intent. How much analysis they currently do,
no-one really knows - however the guidelines means that (in principal) they
have reasons to pull any apps very quickly if they find that they are doing
something which is 'not allowed'.

Warmest Regards,


Mark Waddingham ~ mark at ~
LiveCode: Everyone can create apps

use-livecode mailing list
use-livecode at
Please visit this url to subscribe, unsubscribe and manage your subscription

More information about the Use-livecode mailing list