Apple backtracks on App Store removal threat for Unix shell iOS apps
Developers of Linux and Unix shells have received warnings from Apple that their iOS apps violate App Store Review Guidelines, with the threat of termination from the App Store said to be reversed in at least one instance.
A shell is a tool that enables users to perform command-line operations on a device, which usually doesn't offer that sort of functionality, such as the lack of a terminal in iOS. These terminal emulator apps like a-Shell and iSH enable the use of many Unix commands in iOS, which can be useful for developers and power users.
However, according to a series of tweets on Sunday, it seems that the two apps have come under fire from Apple's App Store team for seemingly violating the App Store Review Guidelines. The iSH Twitter account advised it was informed by Apple it would be removing the app from the App Store on Monday.
Hours later, the developer advised they had received a call from the App Review team apologizing for the notification, the appeal against the takedown was accepted, and that iSH would not be removed from the App Store.
As to why the app was rejected, iSH suggested it could be related to section 2.5.2 of the App Store Review Guidelines, as it put out a request for feedback from other developers enduring the same trouble. In response, a-Shell advised it had received a "similar notice of termination" a few days prior, but the appeal was still pending.
Section 2.5.2 deals with the self-containment of apps within their bundles, and to not read or write data outside its designated container area, nor to "download, install, or execute code." As shell apps may have the capabilities to run scripting, it could be this element that is being picked up by the review process.
In a full blog post, iSH developers Theodore Dubois, Saagar Jha, and Martin Persson explain the removal threat was due to the team believing the app was "not self-contained and has remote package updating functionality," with a request to remove the offending items and other remote network commands. It was thought that iSH was a "security concern" if it allowed users to import code into the app.
"We believe iSh is fully compliant with the App Store Review Guidelines," wrote Saagar, with Apple thought to have misunderstood or misinterpreted the app, its own guidelines, or "the consequences of what they are asking." Saagar suggested that a consistent enforcement of this "incorrect interpretation" would ensure the "removal of all scripting apps" from the App Store.
The a-Shell tweet further advises it was requested to remove access to the unix commands "curl, pip, and wasm" for the app to stay in the App Store. The curl command handles data transfers over a network, pip is used to install Python packages, and wasm relates to WebAssembly, a code that could be run in web browsers.
Apple updated its App Store Review Guidelines on August 31, including a new element that allowed developers to challenge the guidelines themselves, with the potential to make Apple change some of its review rules. A challenge has already been successfully logged with Apple by Guardian VPN, which wanted more flexibility in how it charges for auto-renewing subscriptions.
A shell is a tool that enables users to perform command-line operations on a device, which usually doesn't offer that sort of functionality, such as the lack of a terminal in iOS. These terminal emulator apps like a-Shell and iSH enable the use of many Unix commands in iOS, which can be useful for developers and power users.
However, according to a series of tweets on Sunday, it seems that the two apps have come under fire from Apple's App Store team for seemingly violating the App Store Review Guidelines. The iSH Twitter account advised it was informed by Apple it would be removing the app from the App Store on Monday.
Hours later, the developer advised they had received a call from the App Review team apologizing for the notification, the appeal against the takedown was accepted, and that iSH would not be removed from the App Store.
We got a call this evening from someone who runs App Review. They apologized for the experience we had, then told us they've accepted our appeal and won't be removing iSH from the store tomorrow. We'll stay in contact with them to work out details.
-- iSH (@iSH_app)
As to why the app was rejected, iSH suggested it could be related to section 2.5.2 of the App Store Review Guidelines, as it put out a request for feedback from other developers enduring the same trouble. In response, a-Shell advised it had received a "similar notice of termination" a few days prior, but the appeal was still pending.
Section 2.5.2 deals with the self-containment of apps within their bundles, and to not read or write data outside its designated container area, nor to "download, install, or execute code." As shell apps may have the capabilities to run scripting, it could be this element that is being picked up by the review process.
In a full blog post, iSH developers Theodore Dubois, Saagar Jha, and Martin Persson explain the removal threat was due to the team believing the app was "not self-contained and has remote package updating functionality," with a request to remove the offending items and other remote network commands. It was thought that iSH was a "security concern" if it allowed users to import code into the app.
"We believe iSh is fully compliant with the App Store Review Guidelines," wrote Saagar, with Apple thought to have misunderstood or misinterpreted the app, its own guidelines, or "the consequences of what they are asking." Saagar suggested that a consistent enforcement of this "incorrect interpretation" would ensure the "removal of all scripting apps" from the App Store.
The a-Shell tweet further advises it was requested to remove access to the unix commands "curl, pip, and wasm" for the app to stay in the App Store. The curl command handles data transfers over a network, pip is used to install Python packages, and wasm relates to WebAssembly, a code that could be run in web browsers.
Apple updated its App Store Review Guidelines on August 31, including a new element that allowed developers to challenge the guidelines themselves, with the potential to make Apple change some of its review rules. A challenge has already been successfully logged with Apple by Guardian VPN, which wanted more flexibility in how it charges for auto-renewing subscriptions.
Comments
1) Why did Apple make a mistake and threaten the developer?
2) Why did the developer not get a proper justification and citing of the specific rule violated?
3) Why is it some apps are fine for years but then all of a sudden are violating a rule, even if the rules haven't changed?
4) Why is Apple not being especially careful considering the antitrust investiv
If the rules weren't so overly complex and in many cases vague, maybe the App Store reviewers wouldn't keep making mistakes. Though I'm sure at times Apple just doesn't like what an app is doing, even if it's not explicitly breaking a rule. So they use a vague rule as a reason to remove it. They really need to stop being so blazé with the enforcement, this is literally someone's livelihood they're destroying at the click of a button. Each of these cases only strengthens the antitrust investigations into Apple, and increases the likelihood Apple will be forced to allow third party app stores. One step in the right direction is the ability to challenge the rules, however.
I wish Apple defenders would cut them some slack here. It would be one thing if we were talking about companies whose real goal is to force Apple to allow their app store - Epic Games - or have questionable business models in this tech era - Spotify - or are simply upset because they put all their eggs the iOS development basket instead of embracing a multiplatform approach 10 years ago because iOS was where all the cool kids who got invited to the interesting parties were ... only to now find out that making a living on iOS among all the cutthroat competition is actually harder than it was on Windows 15 years ago (everybody else). I can understand their gripes, even if I disagree with them, in some cases vehemently. But what I am curious about is why are Apple defenders taking their side?
Apple defenders are the ones who should know how difficult it is managing a global app store with millions of apps and doing so in a manner where security and privacy are the main goals as opposed to maximum platform openness and flexibility. I care about openness and flexibility and am willing to take personal responsibility for my own security and privacy issues. That is why I prefer Android and ChromeOS. But for a controlled platform that makes privacy and security their main concerns, do you have any idea how big a problem terminal and shell applications can be? If you don't, go poke around a couple of security blogs. You would find tons of potential issues in less than an hour even if you know absolutely nothing about network, operating system or application security. If these people want to create terminal apps, then by all means submit them to the ChromeOS, Android, Windows 10, Ubuntu and Fedora app stores. So long as their apps don't contain malware payloads or improperly escalate privileges, they will have free reigns on those open platforms. But if you are going to submit a terminal app or anything like it on iOS or any other platform that prioritizes security then you are going to absolutely, positively, justifiably expect the app reviewers to subject your app to double, triple, quadruple scrutiny.
If you want an app store more like Android then for goodness sakes then please just buy an Android device. Some pretty decent Samsung tablets are on sale for Black Friday as we speak and the most successful ChromeOS device in history also has the Google Play Android app store and is on sale right now too. Otherwise, give Apple the freedom to run their app store as they see fit because right now they are the only real "security and privacy" game in town, and even though it isn't what I personally want for my products, I want that option to remain on the marketplace for those who do want and need it.
Fancy cellphones were THE status symbol in the Philippines just like cars were in the USA. People would brag about their new Nokia model just like we would brag about our new BMW. And of course they used them, texting like madmen and women. I couldn’t help but notice that my sweet women would be more in love with their phones than they were with me. So I played along with the gag and treated Celly the cellphone like she was a member of the family. It got some laughs.
Turns out it was a bit worse than that. The virus promised sexy jokes. When you pulled them up it called special expensive numbers. The virus ran out a bill of over $300, and unlike 976 numbers in the USA there was no option to take them off of the bill. You were stuck paying them. As a result she had to cancel her service since she did not have the money or anywhere near it.
Worse yet it spread by sending itself to everyone in your address book. And her best friend had the same model phone as her, so she wound up getting the virus and staring at some remarkably vulgar pics. It cooled their friendship for about a week, until we all figured out what was going on. Fortunately most of the people it sent the virus to didn’t have that model phone so it resulted in confusion and nothing more.
Ever since that ordeal I have had enormous sympathy for companies that felt they had to control the software running on their devices. It is just too vulnerable to scams. And of course it is even more so today.