App Store Review Guidelines says: "Apps that download code in any way or form will be rejected."
I'd like to make an app using Challenge-Response for authentication. The app has a set of basic algorithms such as SHA-1, SHA-256, MD5, DES, AES and so on. The challenge server makes contains an array of the algorithms' name with random arrangement and a string names A. Client uses the algorithms and the sequence that challenge indicates to manipulate string A, and returns it to the server as the response.
Although all I transfer between server and client is a bunch of strings, but they indeed change the behavior of my app. Should I consider them a form of code? If not, why downloading shell code to execute is forbidden by Apple? I mean, shell code is also a bunch of strings and interpreted by running environment. Where is the essential difference?
Forgive my English :)
You can only review apps and games you've downloaded. You can't leave a review from an enterprise account, like an account for work or school. If any account on your device is part of a beta program for an app, you can't leave a review for that app. You can leave a beta program if you want to write a review.
We review all apps, app updates, app bundles, in-app purchases, and in-app events submitted to the App Store to help provide a safe and trusted experience for users and the opportunity for developers to succeed.
The Biggest Question is Often: Can I Remove a Review or a Rating? Unfortunately, the answer is no. But there are a few things you can do to use the app review ratings to your advantage, and get as many users as possible to download your app.
Through certain promotions or gifts, you may receive a download code for an app. Inserting this code will download an app to your iOS device.
What Apple is worried about and wanting to prevent is applications that get through the approval process (disguised as something benign) and later change their fundamental function.
An extreme example would be an application downloading new, malicious executable code after it has been installed on the user's device.
Apple is using broad wording in order to be able to reject any app that in any way tries to be harmful to the user. It would be impossible to specifically describe every technique and specific way this could happen, so Apple keeps the wording loose.
Apps "download code" in some form or another all the time, consider an application that accesses an API that returns JSON formatted responses. Technically that could be considered code, and it can change the apps behavior (which view to show, what options would be available on a certain view, etc). But an app that access an API in this manner would certainly not be rejected.
From what I can gather from your question, it sounds like you don't have to worry about that particular clause in the guidelines.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With