
JavaScript Injection Approval Process for IOS - ekeren
https://rollout.io/blog/open-letter-to-apple-secure-javascript-injection-ios/
======
mstolpm
Sorry, but rollout.io knew the rules and got caught red-handed.

Do developers wish for a solution to circumvent Apples review process for
"updates and bug fixes"? Maybe. Should users be happy about a "solution" that
allows developers to manipulate the behavior of apps without any consent from
the user and any review process at all, just by opening the app? I really
don't think so.

I'm not happy with the "solution" rollout.io and others created and stop
using/buying any app that I know is actively using these frameworks.
Dynamically loading content is fine, modifying the app logic is not and can
potentially lead to theft of user data, ad injection or even adding IOS
devices to bot nets while the app is running.

~~~
bioshock
What do you think happen with all hybrid platforms ? I.e react native,
Cordova, ionic , other , they all load js assets remotely.

Even w/o hybrid platform, developers today are loading js assets remotely, and
basically inject new code - All THE TIME.

what Apple did is just flagging the ones that are most upfront about it, but
everyone can do it, hence the rollout suggestion IMHO

~~~
ekeren
This is exactly what we are referring to in the suggestion

------
base123
Not that it really matters but the platform we use does a codepush, exactly
like rn, does not mess with object c etc and was flagged, removing said
feature still gets flagged and ios will not reply back, it's very frustrating

------
pozon
Must have.

------
bukati
Awesome. Thank you!

------
gabrielamram
Nailed it!

