back to article Apple appears to relax ban on apps fetching, running extra code – remains aloof as always

In conjunction with the commencement of its Worldwide Developer Conference and the release of developer builds of planned operating system updates, Apple has revised its Developer Program license agreement, for better or worse. It could be either, given that Apple itself decides when its rules get applied and how they get …

  1. Steve Davies 3 Silver badge

    WWDC is a great place

    for these answers. Taking place at the moment.

    Oh wait, Apple don't speak to the press unless it is the ones they like. El Reg is not on their 'like' list.

  2. m0rt Silver badge

    In other news...

    ...blah.

    Apple annoy me these days. I guess it is because they really believe their own bullshit. Whereas the other tech companies just hope we believe theirs...

  3. Black Rat

    Ah Bisto..

    So Apple can can say their updated OS is totally secure, pull out our fingernails we still can't unlock the device. Yet any three letter agency with the clout to alter the DNS registry can quietly insert code remotely into any vulnerable app on a suspects phone.

    1. DougS Silver badge

      Re: Ah Bisto..

      How do you figure that? The only code it could insert is stuff like Javascript that shouldn't (unless there's a security bug in Apple's Javascript interpreter) be able to do anything nasty. Ditto for other frameworks like Lua. It isn't as though they're going to allow downloading arbitrary .so files and dynamically loading them into the executable.

      This change seems rather common sense, because you've always been able to execute arbitrary Javascript - you point Safari at a site containing it!

  4. Adrian 4 Silver badge
    WTF?

    Odd

    In a week in which I've read about a collection of Android apps that break security by loading additional code at runtime, it seems a little bizarre for Apple to start permitting it.

  5. Ian Joyner Bronze badge

    Self-modifying code

    Self-modifying code is known to be a bad thing. Yes, it might be used for some good purpose. But it can result in horrible messes that are difficult to debug. Then much worse it can be used for nefarious purposes that undermines a user's security.

    Apple is right to treat this with all seriousness and make security the rule. Other companies make laissez faire the rule and some misguided notion of freedom.

    It is here that often the Unix used by Apple (Mach-based Darwin) is compared with Linux. The fundamental security problem is how processes communicate. In Linux they can communicate directly, unchecked. This achieves speed, but not security. That is good in a well-managed server system, but not for end users.

    Mach-based Darwin examines all the inter-process calls - they must be brokered through Mach. However, this results in slower IPC. So, very cleverly, Apple makes exceptions to the rule for really well-known processes to directly communicate with each other.

    Relaxing the ban on fetching new code is just an example of that - making an exception to the rule of security in well-known cases.

    I hope that answers some of the other negative comments made here to which I resist responding for now.

    1. sabroni Silver badge

      Re: So, very cleverly, Apple makes exceptions to the rule

      Securing something then drilling holes in it because it's too slow isn't clever, it's insecure. MS used to do very similar things to favour their own products over third parties. I don't remember it ever being called clever when they did it....

      Also, there's a big difference between a patching mechanism and code that dynamically modifies itself while running. It's the code that dynamically modifies itself that is nearly always a shit idea. Patching software to remove bugs/vulnerabilities is considered a good thing by most users.

      1. Ian Joyner Bronze badge

        Re: So, very cleverly, Apple makes exceptions to the rule

        >>Securing something then drilling holes in it because it's too slow isn't clever, it's insecure. MS used to do very similar things to favour their own products over third parties<<

        No, Apple carefully considers the exceptions. MS just did it for ... well who knows why?

  6. david 12 Bronze badge

    My reading of this is...

    My reading of this is watching a 1950's analysis of Soviet Russia.

  7. J J Carter Silver badge
    Big Brother

    Kewl...

    All your apps are belong to us

  8. sabba

    Apple seem to be damned whatever they do...

    If they don't allow download and execution of code they are accused of being too draconian. Conversely, if they do allow it and something goes awry they are also castigated.

    Personally, I'd go with not allowing hot-patching. As noted elsewhere, this often causes more problems than it solves. I'd rather not have to rely wholly on developer' ethics or QA diligence.

  9. anonymous boring coward Silver badge

    Security is one issue.

    Another is modifying previously reviewed Apps to do something different than expected. (Which may be related to security, or just massively annoying, such as draining the battery.)

    At least my i-thing stuff doesn't suddenly drain the battery for no apparent reason, whereas with my Android things there is no such guarantee. Apps misbehave on a regular basis -some I can't even kill with blunt force (and just the constant need to monitor their behaviour is a major pain).

    1. Ian Joyner Bronze badge

      >>Security is one issue.

      Another is modifying previously reviewed Apps to do something different than expected<<

      Security and correctness are very closely related topics.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019