Hacker News new | past | comments | ask | show | jobs | submit login
App Updates for HTML5 Apps (developer.apple.com)
64 points by DeusExMachina 37 days ago | hide | past | web | favorite | 71 comments



Note that this probably has less of an impact than you’d think:

> Apps may contain or run code that is not embedded in the binary (e.g. HTML5-based games, bots, etc.), as long as code distribution isn’t the main purpose of the app, the code is not offered in a store or store-like interface, and provided that the software (1) is free or purchased using in-app purchase; (2) only uses capabilities available in a standard WebKit view (e.g. it must open and run natively in Safari without modifications or additional software); your app must use WebKit and JavaScript Core to run third-party software and should not attempt to extend or expose native platform APIs to third-party software; (3) is offered by developers that have joined the Apple Developer Program and signed the Apple Developer Program License Agreement; (4) does not provide access to real money gaming, lotteries, or charitable donations; (5) adheres to the terms of these App Review Guidelines (e.g. does not include objectionable content); and (6) does not support digital commerce.

You’re free to make a web app as long as you don’t try to sell things through it.


>(4) does not provide access to real money gaming, lotteries, or charitable donations

Why is that?

I also don't understand how is Kickstarter allowed when not everything they have are physical goods.


Too much opportunity for fraud and phishing, as well as regulatory jurisdictional reasons. Apple can look at all the HTML in the app, but can't dependably look at the remote HTML that could change later.

So they can try to make sure a gambling app does some sort of geolocation, they can't tell if the web site will do that.

(How reliable reviewing can really be is a separate question).


My guess is that it involves complex jurisdictional things.

Money Transfer Method A is not permitted in City/County/State/Nation B.

Person A lives in City/County/State/Nation B and is not able to download Money Transfer Method A app that is acting correctly as an app. Everything is in order.

Person A lives in City/Country/State/Nation B and downloads an app that provides an HTML gateway to Money Transfer Method A. Apple can't control that. But Apple gets the heat from City/Country/State/Nation B for enabling the money transfer through an app in its App Store.


A native app would have this issue and wouldn’t be b locked. Native apps would call some web api to transact, which isn’t reviewable by apple.

As for the heat you describe I think you may be influenced by tv/movies usually a company like apple has a law enforcement contact. Police or prosecutors would contact apple and that’s it. I assure you law enforcement and apple have a regular open channel. Apple doesn’t bend over backwards but do comply as you have to in any country


They can't just say "kickstarter are bad now" because their reasoning will definitely be audited in court and it won't stand up to scrutiny.


> as you don’t try to sell things through it

Why? Why does Apple insist on playing middleman, if not for totalitarian control over all commerce on the platform? How is this not monopolistic anti-trust behavior?


The above statement is not correct. You’ve always been free to sell non digital goods through the App Store. For instance, you can buy anything through the Amazon app that is actually shipped to you.

Can you set up your own independent shop in Walmart and sell stuff?


> Can you set up your own independent shop in Walmart and sell stuff?

With permission, sure. I see people selling girl scout cookies, kettle corn, etc in the entry to Walmart all the time.


Try doing that with a for profit business....


[flagged]


And do you have a point? I corrected a factual error.


Apple wants to earn more money by taking a cut from your transactions. Few people are ready to share their profits unless forced to do so. It's not monopolistic behavior, because Apple does not hold a monopoly in any market.


When you look at the smartphone market for apps, I think you could make a pretty good argument that there is monopolistic behavior between the two giants, Apple and Google. Call it a duopoly or what have you. The fact that both stores have very similar policies regarding revenue share (70/30) seems to support this.

Both stores having the same exact revenue share may just be a consequence of there being a duopoly, or it may be more nefarious where active collusion has occurred between the two. Remember when Apple and Google got caught a few years back colluding against labor? https://www.cnet.com/news/apple-google-others-settle-anti-po...

Now, yes, Android does allow you to download apps outside the Play Store, but not by default. Microsoft was able to make a similar argument with Internet Explorer and Windows with it's monopoly cases. If you are one of a few large powerhouses like Fortnight or Tinder, you may be able take advantage of being able to bypass Play Store.


Except the very important market of App distribution on iOS.


Is that a high enough bar to be a monopoly in an important legal sense, though? One could easily switch to Android.

If I’m the only person that sells WalterGR’s apple tart appetizers, then I have a monopoly on that. But one could easily buy an them elsewhere...

Not trying to do reductio ad absurdum. One could think of an example between apple apps and Apple’s app store.


I’m not providing my opinion on Apple’s policies; I’m just surfacing them because the linked article doesn’t make them clear.


You’re free to make a web app as long as you don’t try to sell things through it.

The clarification made it less clear. You’ve always been able to sell physical goods through the App Store.


I assumed that was already known, but I think it's good to have your reminder for those who aren't aware of this.


What exactly is Apple's role in the sale of digital goods? You made a comparison to selling via Walmart, which is a false equivalency.

The app store can easily work like podcasts aggregating RSS feeds from developers, it's just that Apple has forcefully inserted itself into the transaction


The entire premise of the App Store, permissions and sandboxing is that users should be able to download anything from the App Store willy nilly and know that it won’t do the same type of invasive crap that can happen on Windows and Macs.

The App Store is not a flea market. Podcasts can’t install malware, eat battery life, invade privacy, etc.

I’m very careful about what I install on my personal computers. I install all sorts of crap on my iOS devices with some type of assurance about knowing what they can and can’t do.


1. Sandboxing doesn't need apple's app store, it's manual policy enforcement and arbitrary anti competitive rejections. Many, many sandboxes have existed with well documented permissioning systems that don't need anointing by manual reviewers.

2. Speaking of flea markets and the false equivalency of the app store to a Walmart, Walmart doesn't require banning flea markets but the app store (Apple) bans sideloading. Walmart and flea markets coexist peacefully.

3. Just because you enjoy being chaparoned on iOS, doesn't mean everyone does. Go ahead and enjoy willy-nilly installs from the app store, but don't block user's choice to circumvent Steve Jobs' image of the universe

The truth is that Apple doesn't play a role in the sale of digital goods, or meaningfully increase security outside automated sandboxing. The real premise of the app store is totalitarianism and greed


Sandboxing doesn't need apple's app store, it's manual policy enforcement and arbitrary anti competitive rejections. Many, many sandboxes have existed with well documented permissioning systems that don't need anointing by manual reviewers.

Where is an example of that actually working in the consumer market? How has that worked out for Android?

2. Speaking of flea markets and the false equivalency of the app store to a Walmart, Walmart doesn't require banning flea markets but the app store (Apple) bans sideloading. Walmart and flea markets coexist peacefully.

Android and iOS also coexist. If you care about “freedom” you are free to use Android like 80%+ of the rest of the smart phone market.

Just because you enjoy being chaparoned on iOS, doesn't mean everyone does. Go ahead and enjoy willy-nilly installs from the app store, but don't block user's choice to circumvent Steve Jobs' image of the universe

And it’s your choice to buy an Android device....


Then use android.

Those of us happy with the trade off will remain on Apples platform.


> Then use android.

This. It should be so simple, use the platform that best caters to your requirements. Instead, people are happier to bitch and moan about the tactics of a company we've been able to understand for the past 12 years rather than just use and evangelise the platform that best suits their needs.


Is anything stopping people from going all-in HTML5 and not even worry about having a presence in the app store?


Sadly, Apple almost seems to purposefully keeps mobile Safari buggy for HTML5 apps. You might think, why not install Firefox or Chrome on iOS then? Well, turns out Apple only allows those apps to use an outdated version of Safari as their browser engine.

Here's a regression that appeared in iOS 10, which affects HTML5 games. https://stackoverflow.com/questions/37808180/disable-viewpor...


Apple almost seems to purposefully keeps mobile Safari buggy for HTML5 apps

Then your HTML5 app is broken.

Back before there was an App Store, when all "apps" were web apps, I wrote one of the first non-Apple weather apps for the iPhone. It included animated radar, weather alerts, hurricane tracking, and even streaming audio from a real meteorologist. And this was more than a decade ago, on bog-standard launch-day iPhones. It was even featured by Apple back when it had a directory of iPhone web apps.

Mobile web apps could be really incredible with today's technology, if so many of them weren't crammed with unnecessary/lazy/stupid garbage.


[flagged]


Despite the outcry on HN, few users care about Apple’s “walled garden”.


iOS with its total walled garden and curated App Store is great for non-computer-people.

What we're seeing is the bifurcation of computing into devices and software for computer aficionados, programmers, hobbyists, and others who want a "real computer" and devices and software for people who don't know much about computers and don't really care about them beyond using them for communication, entertainment, etc.

I don't see anything inherently wrong with that as long as the stuff you can hack is still around and readily available. As it stands that's definitely true. I can still buy laptops and desktops that I can run anything I want on, and a Raspberry Pi 4 is $40.

Curiously Apple's other machine and OS, the Mac, straddles both worlds. You can use a Mac almost like an iOS device with apps from the App Store, or you can use it almost the way you'd use a Linux desktop.


And there is a lot to be said about purpose built devices. I enjoy the experience of my Apple TV much more than the Mac Mini I had connected to my TV in 2006.

I’m debating about getting either a NAS that is powerful enough to transcode to run Plex or an Nvidia Shield as a dedicated Plex server.


> Apps that provide core features and functionality dynamically with web technology like HTML5 are best delivered to everyone in Safari, rather than through the curated App Store

The various financial/banking/utility apps I use at best provide maybe half their functionality directly. Some really egregious examples of apps that are mostly HTML5 are myAT&T and the Discover card apps. The Discover card app is 100% useless w/o a network. Ditto the AmEx app. Actually, all eight finance/banking apps I have on my phone are useless w/o a network.


I don't use those apps so I'm curious what functionality would you expect out of them if they didn't have network access?

When I use any banking apps I'm looking at transactions or making transfers both of which require internet access by their nature (queuing up transfers for later or showing stale transactions seems like a bad idea).


Without network access, I can still see recent messages I sent in Messages, recent email in the Mail app, and so forth. I would expect to see the most recent data the app had available to it. In addition, I expect these apps to work over a low-bandwidth connection. The Discover card app is useless without an LTE connection.

But that isn't even my main complaint, it's that these apps are mostly paper-thin wrappers around a web site and bounce you into a web view for much of their functionality.


There's no reason you couldn't have the branch locator work offline. Maybe the ATM locator too.

It might be useful to have the most recent transactions, like a check register/quicken; sync when you can. Setting up a queued transfer doesn't seem that unreasonable -- as long as it makes sanity checks when it's actually processed.


I had a lot of financial clients during the early days of ios and android. All the ones that dipped their toes into native apps back then have migrated back to html wrappers. Some I remember had concerns about unencrypted storage of user data, others had concerns about increased platforms for vulnerability testing. I think ultimately these guys try to reduce risk and cost related to tech, even if it would improve their customer experience.


Majority of the Chinese app eco-system is based on this HTML5, including WeChat mini-apps and Alibaba's Alipay and Taobao apps.

I hope Apple apply this guideline equally to all developers and do not Grant exceptions to WeChat or others in China being a bigger market.

Since WeChat mini-apps in HTML5 is a very large eco-system in China with its own security risks, let's see how this works in reality.


It has always seemed like Apple has granted exceptions to this policy for any influential entities outside of the IT industry as long as they don’t compete with Apple.

Apps for brick-and-mortar organizations, such as banks and retailers, are a good example. They’re all almost exclusively simple wrappers around a practically unusable website. Many of them work worse in the wrapper than in a browser; for example, bank statement downloads are often broken.


Not going to happen. Apple has a very realpolitik approach to it's totalitarianism. China is not an adversary Apple can take on, by it's own internal judgement. Hence, iCloud China runs on Chinese government controlled cloud with possibly full access to data. Hence, WeChat and co. will never be meted out the same draconian polices that companies without state patronage get.


It sounds like web apps are fine as long as the code is part of the package and isn't loaded after the fact? If so, I don't see a problem. Without this policy it would be impossible for them to enforce any other app policies.


Does it mean mobile apps built with Ionic frameworks are not allowed?


This seems to be less about the language the code is written in and more about whether the code is contained within the app bundle. So an Electron/Cordova/whatever app that runs JS from the local bundle will still be OK, while loading the code from a remote server will not.


I was curious about the Deploy feature of Ionic as it's a nice selling point. Their site does say this:

Push live code changes. Outside the App Stores.

Deploy allows you to send live app updates and code changes directly to users and testers, without going through the App Stores. Changes to JavaScript, HTML, and CSS files are included in the service, and fully compliant with Apple and Android requirements.

Curious how they're able to push live changes to apps and stay in compliance of these rules.

link to Deploy page: https://ionicframework.com/pro/deploy


I take this to mean that apps that are just a chrome for a website will no longer be approved. I also wonder if they’re targeting apps that use services like CodePush.

> This means that the core features and functionality of the app must be contained within the binary of the software, rather than made possible by referring users outside of the approved app, including through the use of HTML5.


Good. The „app“ for my mobile carrier is entirely a web view, to the point that I got a „please download our app“ banner within the app. Until recently it wasn’t even updated to support anything bigger than a 4.7“ iOS device. So the website pinned to the springboard provided a better experience than the app


Sorry, this is completely off topic, but let me guess - you are German? That style of quote isn’t used in English.


Yep. I usually don't use this style, but didn't pay attention to my phone's smart quotes thing where it selects the "correct" quotes style


Sounds like it would, unless maybe the app took special care to allow only modification of some harmless parts.


Does this include native shopping apps, but that use a web view for the checkout flow? Can’t quite wrap my head around the wording.


Are Electron style apps banned because "core features and functionality of the app must be contained within the binary of the software"?


In what way would that not be the case for an "electron style" app?


I think those should be ok as long as you are bundling all the assets with your app rather than loading them from a server (which is how Electron generally operates).


So basically any form of real money payment/purchase hybrid app is banned or just gaming ones?


I’m literally about to launch an app that has a crowdsourcing feature -


Good riddance.

Either native or mobile web.


"(6) does not support digital commerce"

Apple appears to be outright stating they wont allow competition from other market sources. I say it's about time for the anti-trust suits to begin in earnest.


Does anyone know if this is related to the announcement regarding the exploit targeting the Uyghur community reported by Project Zero?


Apple stated that those vulnerabilities were fixed in February, so I doubt that this has anything to do with that.


Apologies, I meant the PR announcement rather than the vulnerability itself.


Thank you for protectief me and the rest of the World from fraudsters and conpanies that trick you info buying things and make it reeeaaaslllyy difficult to cancel any subscription


It’s 2019. Apple still uses the term HTML5.


Compared to...?

SPA/PWA/specific non-native solution entirely based on JS?


Unless HTML6 happens and is adopted, which I doubt, calling it HTML5 is just kind of pointless; I really don't care if people say HTML5, but I say HTML because that's what it is, and adding on '5' doesn't provide any useful information since all browsers support HTML version 5 by default and without the need to specify it.


Okay interesting, so thats not what Apple was referring to

Its a suite of best technologies that have little to do with the version of html supported by a browser

This gives a lot of insight into this whole comment thread


Just HTML. There is no versioning, it’s a “living standard.”


HTML5 is more a shorthand for "modern web technologies" nowadays. It's not just HTML.


Which is rather silly, since HTML5 isn't "modern" in contrast to a lot of the things we call "modern" in the world of software development. I don't believe there's anyone who honestly thinks of non-modern web technologies when they hear "HTML" without the 5, except maybe someone who hasn't done any web development in over a decade.


Trust me, nobody in the web development community uses HTML5 as a shorthand for that.


Unless you are trying to pull a "No True Scotsman", I'm just going to prove you wrong by presenting myself as the counter-example.

HTML is just the markup language, excluding CSS and JS.

HTML5 is the basket of technologies that make "modern" web apps possible.


That was true maybe 5–10 years ago. I’m saying that this term is no longer used today, in 2019. Do you seriously still use it in discussions with your colleagues, on social media, etc.?


I'd be more likely to use "web app", "web platform" or "web technology" among developers. However, I never use the term "HTML" to refer to that.

Among non-developers, using the term HTML5 is definitely common. To them, it's basically the distinction between "before Flash" and "after Flash".


Not anymore as it became ubiquitous for the things people actually develop in the webdev community, but it is still the term for what is being described

I see your confusion and frustration now, just a misunderstanding




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: