Three20 Framework and More on App Store Screening for Private APIs
A little while ago we posted about Apple’s new use of a static analysis tool to find private API calls and reject the apps that make them. Rather than Storm8 or Unity this time, however, it’s former Facebook developer Joe Hewitt’s pioneering Three20 framework that’s getting caught.
Daring Fireball has some details:
One popular open source framework, Joe Hewitt’s Three20 (linked here on DF back in March), played a bit fast and loose with private APIs, and so now there are numerous developers with apps getting flagged for private API calls made from the Three20 framework. This Google Groups thread [link] covers the problem and the work that’s being done to create a branch of Three20 that’s free of private API calls.
Gruber also links to RogueSheep, whose Postage app has gotten caught via Three20, and has some suggestions to help them help Apple help them avoid getting rejected for unintended private API calls in the future:
Making the static analysis tool available to developers would indeed be helpful. But I suspect it wouldn’t work in terms of game theory. Honest developers could make good use of having access to the tool, to help ensure their projects are free of private API violations. But dishonest developers would use the tool to figure out ways to slip private API calls past the checker. Parrish’s second request, for Apple to run the tool against submissions far sooner in the review process, strikes me as a good and reasonable one.
Us as well.
| Tweet |
|
|
Leave a Reply
Note: Comments must be civil, respectful, and on-topic. If a comment does not add to the conversation, if it contains spam advertising, or inappropriate language or content, it will be removed. Comments containing links may be held for moderation. Relax, enjoy, and share in the discussion.
kewl
Setting aside the problem of false positives — something for which anybody who has dabbled in code can appreciate — RogueSheep’s summary claims the rejection came “halfway” through the review process. Even if you buy the questionable game theory-ish argument about keeping developers in the dark, why so long?
Since the static analysis tool is automated and (guess) just peeks through the symbol table in the binary app, why on Earth would Apple not just run this through when the binary is uploaded, and give the developer an immediate warning/list of flagged questionable calls, that they developer could work on while the rest of the review proceeds? It would seem faster for the developers, faster for Apple, and less labor all around.
On the other hand, Hewitt tweeted a couple of interesting points — that apps like Quad Camera and the entire category that has become augemented reality apps would not exist if developers had not (ab)used private APIs to push the state of what is allowed on the App Store.