back to article Apple cracks down on iOS terminal apps because they can download code

Two iOS terminal applications popular with developers – a-Shell and iSH – have run into problems with Apple, which has said they breach its App Store Review Guidelines, though iSH has been spared deletion after an appeal. The iSH application is an open-source Linux shell for iOS using a x86 emulator, and at the time of writing …

  1. EnviableOne Silver badge

    Yet another reason iThings are not for the corporate network....

    1. Anonymous Coward
      Anonymous Coward

      You've obviously never run a corporate network, have you?

      1. EnviableOne Silver badge

        I have, this is the last in a long line of Apple arbitarilly changing the goalposts.

        They are consuer devices and always have been, IMHO Android is just as bad, but not as pervasive, Apple's issues stretch across all their products, not just mobile

        stuff on the corp network needs to be capable of doing the job, securely, reliably and efficently.

        thats about a consistant ruleset and playing well with others, neither of which are apple's stong points

        1. anonanonanonanonanon

          job, securely, reliably and efficently.?

          Like stopping users from installing apps that can change their purpose with executable code?

          They're so paranoid about reliability it's one of the reasons apps always have had such restrictions

          Most apps are pretty single purpose too, making them pretty efficient

          1. Warm Braw Silver badge

            If you have to review code before you let it run on your device to ensure its "reliability", there's something seriously wrong with your security model.

            Or it's all about revenue and the "reliability" thing is your anti-trust defence.

            1. K

              > Or it's all about revenue and the "reliability" thing is your anti-trust defence.

              Predominantly the latter, and whilst I despise Apple's model, you can't deny this "choke-hold" has ensured the iPhone remains relatively secure, especially when compared to the thousands of malware/adware/harvester apps that have appeared Google's Play Store.

    2. Mage Silver badge
      Alert

      Re: not for the corporate network

      Developers != typical_corporate_users

      Developers <> typical_corporate_users;

      However it illustrates that it's like buying a cooker or DVD player. Not a general purpose computer. Which might make it MORE suitable for some corporate applications.

    3. K

      What's your point?

      Virtually all Apple products are designed for "consumers", this is clear from the fact, they don't offer a suite of remote management tools (Which is a missed revenue oportunity), and every new release seems to focus on individual security, and tighten/reduce the ability to manage them in a corporate environment.

      As an IT Manager, I initially refused to allow Mac's on the network because of this. But times are changing and we have to adapt. Companies are competing for "Talent" and one of the enticements for attracting talent is to give the new employee the choice of devices, i.e. Android or Apple phone and Windows Ultrabook or Macbook Pro computer.

      I will say this, I've recently experienced this from an end-user perspective. I started a new role as a NetSec Manager, and was issued a top-end Lenovo Laptop (i7, 32GB RAM etc). But the base-image had been loaded up with 15+ different agents that made it unusable (CPU averaging 52% utilisation, fans blaring).

      Then they offered me a Macbook Pro - Which I'm ashamed to say, runs like a dream, simply because the ability to "lock it down" is extremely limited even with JAMF, and the number of agents available for it, is also limited. Personally, I'd preferred a Linux based laptop, but I'll stick with this for now.

      To be fair to my employer, the user-device team recognise things are out of control, and they are trying to strip it back to basics..

    4. J27 Silver badge

      Corporate Apps aren't distributed via the App Store. You buy a license for direct delivery of your line of business apps. Apple doesn't review or really care what you distribute.

  2. alain williams Silver badge

    Who owns the frigging machines ?

    Apple or the person who bought it ?

    1. Mage Silver badge
      Linux

      Re: Who owns the frigging machines ?

      It's like buying a phone or DVD player or Digital Organiser. Not like buying a Mac or PC. Android is actually also very limited.

      If you want something very flexible buy an Android or Windows tablet that can have Linux installed. Some gadgety things even have user accessible Linux, others like some ereaders, routers, TVs etc, not so much.

      At this stage people would know what an iPad or iPhone normally does.

      1. Crypto Monad

        Re: Who owns the frigging machines ?

        Apple apparently haven't noticed that their Safari web browser runs Javascript. You can boot up an entire Linux or Windows virtual machine inside Javascript in a browser: https://bellard.org/jslinux/

        1. newspuppy

          Re: Who owns the frigging machines ?

          I was about to make the same comment.. https://bellard.org/jslinux/ is an incredible achievement.

          Also, by definition of what apple is saying in clause 2.5.2 in its App Store Review Guidelines, which states::

          <QUOTE>

          "Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code which introduces or changes features or functionality of the app, including other apps."

          <END QUOTE>

          every single javascript browser should be removed.

          The idea is noble and good: ensure a safe place for normal punters.

          As any good intention, it is just a path to hell, as one cannot legislate goodness. Too many loopholes.

          1. J27 Silver badge

            Re: Who owns the frigging machines ?

            Apple doesn't allow web browsers in their store. What they do allow is you to build your own front-end for Safari. All the "web browsers" in the store are doing is tacking their own front-end onto a Safari view.

    2. ThomH Silver badge

      Re: Who owns the frigging machines ?

      How many people that buy an iOS device don't know that Apple acts as arbiter of all applications?

      Factor it in, and either buy or don't. The majority don't, a reasonable number of us do.

      1. gobaskof

        Re: Who owns the frigging machines ?

        I am not worried about it for me. Personally I would rather chew my left bollock off than buy an iDevice.

        However, I am worried for the children of parents who think an iPad is a computer. I only "got this way" because I had the ability to experiment on computers as a child. I would wager that a large proportion of the normal population doesn't really understand the difference in the level of control Apple v Google have. You have to go into a sub-menu in Android before you can run custom APKs. How many people do that? Probably few parents will, but innovative and interested teenagers will.

        Freedom to do what you want with your device is important, because those we need to do the most exploring, probably have their tech largely chosen for them or chosen superficially.

        1. Fruit and Nutcase Silver badge
          Alert

          Re: Who owns the frigging machines ?

          Personally I would rather chew my left bollock off than buy an iDevice.

          Why the left? Just curious

          1. Anonymous Coward
            Anonymous Coward

            Re: Who owns the frigging machines ?

            Maybe its the lower dangling one. Easier to reach if you're not so flexible.

          2. gobaskof

            Re: Who owns the frigging machines ?

            Well I might want to have children one day. I am right-handed, stands to reason that I might be right-bollocked too.

            1. Fruit and Nutcase Silver badge
              Joke

              Re: Who owns the frigging machines ?

              that I might be right-bollocked too

              Well, good luck with that and let's hope that things "fire on all cylinders"the remaining. Else you are going to be right bolloxed. Find some other way to do iDevice penance

    3. Anonymous Coward
      Anonymous Coward

      Re: Who owns the frigging machines ?

      YES!!! Iit's finally on record that Apple owns it....

      "... this problem was fundamental, as users can always add back functionality that we remove."

      That's so bad. Just go along with it, that will be helpful to us all to follow those fundamentals.

    4. J27 Silver badge

      Re: Who owns the frigging machines ?

      Apple, that's why walled gardens suck and we should all be calling them out for it.

  3. Anonymous Coward
    Anonymous Coward

    Ignoring those above me....

    Apple have rules for inclusion in the app store. The rules haven't changed, and as one of the developers said, he was fully aware that the app broke the rules.

    However, you should be able to do what you want with them. To a point. If you have freedom to do so, you end up with the virus ridden circus that is android.

    So, Apple's stance of "remove any package that allows you to download packages / code / libraries" I think is a good middle ground

    But, what if you want to develop something? There's this thing called SSH.... SSH into a machine somewhere and do your dev on that. Then you have ultimate freedom to do whatever the hell that you want.

    1. EnviableOne Silver badge

      Re: Ignoring those above me....

      as compared to the virus ridden circus of iThings, that you can't even scan because apple dont make the subsytems available

    2. Richard 12 Silver badge

      Re: Ignoring those above me....

      Safari breaks the rules, as do all iThing apps that use any web-browser components because they embed Safari.

      Javascript downloaded from the Internet...

      The rule itself is literally impossible to apply across the board without breaking all browsers, and therefore Apple have and will continue to allow many apps which break it.

      1. J27 Silver badge

        Re: Ignoring those above me....

        Apple doesn't have to comply with their own rules obviously. Those are just for 3rd parties.

        Additionally, Safari is the only web browser permitted in iOS devices. Anything else that looks like a browser on an iOS device is just a wrapper around Safari. Not allowing 3rd party browsers is also in the Store agreement.

  4. Anonymous Coward
    Anonymous Coward

    Meanwhile on Android...

    ...Termux is running just fine.

  5. OSYSTEM

    No shell for you!

    SSH is obviously a no no, if it is running in a shell (ssh user@example.com "cat script.py" >script.py) :-D

    And of course no NetCat or similar stuff...

    Basically nothing that can connect outside the local device in any way can be allowed. So nothing with scripting allowed at all basically, including Unix shells.

    (Unfortunately for the world, Apple is the only major phone manufacturer with a business of selling phones to users and supporting them.

    Almost all of Googles profit comes from selling user information to advertisers, almost none from developing secure operating systems with privacy controls.

    Android licensees - best case scenario - support the Android phones for three years.)

  6. AnAnonymousCanuck
    Happy

    You Have a Choice

    Not allowed to run a shell. hahahahahahahahahahahahahahaha......

    https://wiki.pine64.org/index.php?title=PinePhone won't run without a shell

    If you want privacy and freedom, make an effort!

    AAC

    1. MrReynolds2U Bronze badge

      Re: You Have a Choice

      looks like fun... hang-about... 30 day device warranty?? WTF??

      https://pine64.com/product/pinephone-community-edition-manjaro-limited-edition-linux-smartphone/

      1. myithingwontcharge

        Re: You Have a Choice

        "looks like fun... hang-about... 30 day device warranty?? WTF??"

        So as well as selling your data to Google, they can break distance selling laws.... :-)

  7. fidodogbreath Silver badge

    iThings are mass-market consumer products

    1. The vast majority of people who buy an iPhone or iPad want a communication appliance that can take good pictures and run consumer games & software, while (mostly) shielding them from complexity and protecting them from themselves.

    2. Part of what you pay for when you buy an iOS device is the ability to take it to any Apple store and get help with it -- even if it's years out of warranty and you don't have AppleCare. You also get 5 or more years of software updates and patches, also with no service contract required.

    Clearly that's a bargain that Apple's target market is OK with.

    That said, it's not for everyone. If app store restrictions chafe on you and you don't mind scrolling through user forums for support, buy an Android. Vive la différence.

  8. mark l 2 Silver badge

    While I understand Apple wanting to restrict what apps can be installed via the App store, they are trying to push devices like the iPad pro as business devices and giving no option to install apps outside of the app store does limit their use compared to a Windows PC.

    1. NetBlackOps Bronze badge

      Yes, that is a problem as without this type of functionality, my iPad doesn't hold a candle to my Dell tablet or my rooted Android tablets.

    2. RM Myers Silver badge

      ...compared to a Windows PC.

      Or any other PC. Is there any general purpose PC operating system that is so locked down?

      1. Richard 12 Silver badge

        Re: ...compared to a Windows PC.

        macOS is getting very, very close.

  9. Kevin McMurtrie Silver badge

    Full circle

    Before iPhone, telcos controlled everything about your phone. The moment the phone registered, all those great features listed on the phone's box were gone by configuration. Maybe you could buy some of these features back for $6 to $50 each per month.

    Apple released the iPhone and stole the massive power of the telcos in an instant. It seems like Apple is setting themselves up to receive the same failure they once delivered.

    1. Anonymous Coward
      Anonymous Coward

      Re: Full circle

      Before GSM, maybe, after GSM, when you could put a sim into any unlocked phone... no.

      1. Anonymous Coward
        Anonymous Coward

        Re: after GSM

        I think you'll find Mr. McMurtrie was talking about the US, where things were/are VERY different

  10. martinusher Silver badge

    Bit weird

    I'm a developer, I don't work on Apple systems but was quite surprised to be working alongside some IT types during the recent election who not only were wannabe developers but also swore by Apple kit.

    (I was just one of the election staff but once one of them learned that a) I was a programmer and b) I know 'C'.(.....fade in "Outer Limits" theme....) I got tapped about how to become a real programmer rather than an IT jockey. That isn't something I could easily tell them but from reading this I'd guess that one way to not go about it was to try to write code on an Apple system unless its for use on another Apple system. Apple appear to have made the system so secure that its useless (but they look so nice.....).

    1. J27 Silver badge

      Re: Bit weird

      It actually requires a lot of work to get things working on iOS devices because of all the restrictions. I've had the misfortune of writing several iOS apps as well as Android versions of those same apps. And when it comes to iOS, you're constantly having to say "no, we can't do that", "Apple only allows you to" and try to work around the pointless restrictions. The only plus is that it packs on the billable hours.

    2. fidodogbreath Silver badge

      Re: Bit weird

      was quite surprised to be working alongside some IT types during the recent election who not only were wannabe developers but also swore by Apple kit

      iOS or Mac, though? Mac OS is mostly BSD under the hood. Like Windows 10, it has an app store but you don't have to use it; you can download and install anything you want. It has a nice GUI shell, but you also have access to the *nix CLI via Terminal.

  11. Anonymous Coward
    Holmes

    Apply sticking plaster

    Use a walled garden, sooner or later you're going to hit a wall.

  12. xeroks

    it's a conflict for Apple.

    They, on the one hand would like iPads to be seen as "professional" and for working. But at the same time, the things that make iPads somewhat simpler to manage are the very things that get in the way of getting any work done.

    I've tried coding on ipad a couple of time: previously using Textastic to code javascript. More recently using pythonista. Coding in both of these these was fine. I could even write and run tests in pythonista.

    The main issue I had was source control. I understand git had to be removed from pythonista because it broke Apples rules ( it allowed people to download code)

    There's a separate git application available now, but you have to import and export each file you change. It's very awkward, and not really usable on a multifile project.

    1. fidodogbreath Silver badge

      Re: it's a conflict for Apple.

      They, on the one hand would like iPads to be seen as "professional" and for working. But at the same time, the things that make iPads somewhat simpler to manage are the very things that get in the way of getting any work done.

      I think the disconnect is that things like coding and network management aren't the kinds of work that Apple positions iOS for. iPad OS can run the crap out of office-type stuff, photo and video editors, drawing, email and comm apps, etc. For a lot of people, that is what they do for work, and they can very much do it on an iPad. El Reg readers...not so much.

      Apple would reply that Macs are their tool for tasks where you need shell and hardware access, running arbitrary code, etc. Using iOS for those applications is like driving a nail with a screwdriver. You might get it done eventually -- if the nail is small and the wood is soft -- but it will not be a great experience.

  13. Big_C

    The Store has to open!

    Apple has to much power and market share.

    I see two options:

    a) Apple opens the Store (and iOS/iPad APIs) for all kinds of apps, with appropriate age/access controls, keeps it 30% or less, and can check for viruses - just like now.

    b) Apple can keep its walled garden but must enable a way to install free 3.Party apps.

    Either way: that should be the device owners choice!

    Every hack/Security issue shows that this approach is not a save situation while blocking many kinds of uses, like emulators etc. Today you cannot even get an i-App that shows eg. deep Sat info fot GPS/Galileo(etc), something my old Palm could do. Or there are no real WLan scanners because of hardware restrictions Apple wants to have (there is a work-around using the Airport app, as long as that remains in the store).

    And Freeware developers must pay to release their Apps?!

    My biggest issue:

    Right now all that privacy talk from Apple is bulls*it, because without a local firewall and/or deep system/API inspection to my likeing any app can send stuff anywhere it wants.

    And EOL devices are hard to use, with no official security upgrades from Apple, but could savely run a custom rom etc.

    I have hope for some US court action, because the EU does afaik nothing.

    1. anonanonanonanonanon

      Re: The Store has to open!

      It kinda is the device owners choice, don't buy one

      Apple built their brand on this model, all along developers (some, not all, but a very vocal set) have complained endlessly, on various issues, from declaring things they thought were vital in smartphones that apple didn't implement, walled gardens, app dev restrictions and that they would never use it.

      Apple still managed to be hugely successful, now those developers want to remove the things that people bought into apple for in the first place so they can have a slice of the pie that they declared would never materialise.

  14. Wyrdness

    Apparently, they've backtracked on this

    According to AppleInsider, " the [iSH] developer advised they had received a call from the App Review team apologizing for the notification, the appeal against the takedown was accepted, and that iSH would not be removed from the App Store."

    1. find users who cut cat tail

      Re: Apparently, they've backtracked on this

      Until the next time, anyway.

  15. Flywheel Silver badge

    Hope they don't touch Pythonista!

    Much too useful to be blocked!

  16. Big_C

    This app install ban has to stop!

    I only see two options:

    a) Apple opens the Store for all kinds of apps, with appropriate age/access controls.

    b) Apple can keep its walled garden but must enable a way to install other apps.

    Either way: that shoul be the owners choice!

    Every hack/Security issue shows that this approach is not a save situation while blocking many kinds of uses, like emulators etc. Today you cannot even get an i-App that shows eg. deep Sat info fot GPS/Galileo(etc), something my old Palm could do. Or there are no real WLan scanners because of hardware restrictions Apple wants to have (there is a work-around using the Airport app, as long as that remains in the store)

    My biggest issue:

    Right now all that privacy talk from Apple is bulls*it, because without a local firewall to my likeing any app can send stuff anywhere it wants.

    And EOL devices are hard to use, with no official security upgrades from Apple, but could savely run a custom rom etc.

    I have hope for some US court action, because the EU does afaik nothing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021