Comment by r_singh
8 hours ago
> The App Store doesn't do anything to product you in that sense. It's easy to circumvent...
Interesting, their marketing has customers believe otherwise, so I wouldn't have thought that as a noob in cybersecurity.
I've submitted an app to the iOS App Store in the past, and the process is tedious and doesn't seem superficial (unlike the Play Store process, which was completely autonomous at the time), so that's another reason why I wouldn't have thought it.
Specifically from a HOBBYIST perspective, what bothers me about the App Store is not even the 30% thing, but just... the pain of it all. The rejection horror stories, the "Apple told me to change my app's entire model" stories, the "I can't put this little gadget specifically for me and my family on the App Store" problem, and so on and so on. There's really no home but the web for silly little things.
What bothers me is that despite all of that pain, they still let through a ton of low-effort app clones in their store, which sometimes even come up before the original ones. If you search for GTA you get a ton of lookalikes, some of which even use screenshots of GTA V which clearly aren't the actual game.
You can’t even report behavior that should get an app pulled from the App Store.
I know of multiple apps that have malicious ad networks in them, don’t disclose their ad networks, and have no mechanisms to report the ads inside the ad networks or any of the content to them, they just say the ads are “served by one of our partners”.
Don't forget "apple approved my app already but is now blocking bugfixes until I overhaul the entire thing to appease this new reviewer"
And then repeat that every few months.
The review doesn't guard against malicious code. You can slip through anything you want, just don't trigger the functionality during review and you're golden. People have been doing that for private framework calls since forever.
The protection is in the permission system and sandboxing, which is active regardless of the source of the code.
You only need to pass the app review once, then you're free to deploy over-the-air updates for as long as you'd like. Though you'd need to use a framework like React Native, Ionic, Flutter, etc which supports it. Essentially anything where you can change app code without making any changes to the underlying native code (as that would require going through the app review process again to publish those changes).
> their marketing has customers believe otherwise
The marketing is a lie, Apple's manual review process has failed to catch extremely high-profile trojan horse attacks: https://blog.lastpass.com/posts/warning-fraudulent-app-imper...
> Interesting, their marketing has customers believe otherwise
That's the point of marketing. Making yourself look good, not stating facts.