Will Apple reject Cordova applications that download additional JavaScript

Question

all.

My team has been toying with the idea of developing an iOS app using Cordova, and recently, we've been looking into offloading as much of the main JavaScript as possible to our server, in an attempt to speed up fixing critical bugs.

The idea would be to have:

1. the native app containing all HTML, CSS, plugins and Cordova files
2. the main JavaScript added to the pages as external scripts from a server
3. a device-ready function for each page that will set up and start the main JavaScript once it's available

I have seen comments that Apple could be trusting of code that runs in a webview, but it does seem like projects like this could be a security issue.

I am aware of other questions and the like that touch on this, but I feel that the context was always different.

Thanks!

Answer 1

A year ago apple changed the iOS Developer Program Agreement to allow download of code, see the Section 3.3.2

3.3.2 An Application may not download or install executable code. Interpreted code may only be used in an Application if all scripts, code and interpreters are packaged in the Application and not downloaded. The only exception to the foregoing is scripts and code downloaded and run by Apple's built-in WebKit framework, provided that such scripts and code do not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application as submitted to the App Store.

So, as you are using cordova, and cordova uses WebKit framework, if you don't change the main purpose of the Application, you won't be rejected