Apple cracks down on iOS terminal apps because they can download code Two iOS terminal applications popular with developers – a-Shell and iSH – have run into problems with Apple, which has said they breach its App Store Review Guidelines, though iSH has been spared deletion after an appeal. The iSH application is an open-source Linux shell for iOS using a x86 emulator, and at the time of writing …
I have, this is the last in a long line of Apple arbitarilly changing the goalposts.
They are consuer devices and always have been, IMHO Android is just as bad, but not as pervasive, Apple's issues stretch across all their products, not just mobile
stuff on the corp network needs to be capable of doing the job, securely, reliably and efficently.
thats about a consistant ruleset and playing well with others, neither of which are apple's stong points
job, securely, reliably and efficently.?
Like stopping users from installing apps that can change their purpose with executable code?
They're so paranoid about reliability it's one of the reasons apps always have had such restrictions
Most apps are pretty single purpose too, making them pretty efficient
> Or it's all about revenue and the "reliability" thing is your anti-trust defence.
Predominantly the latter, and whilst I despise Apple's model, you can't deny this "choke-hold" has ensured the iPhone remains relatively secure, especially when compared to the thousands of malware/adware/harvester apps that have appeared Google's Play Store.
What's your point?
Virtually all Apple products are designed for "consumers", this is clear from the fact, they don't offer a suite of remote management tools (Which is a missed revenue oportunity), and every new release seems to focus on individual security, and tighten/reduce the ability to manage them in a corporate environment.
As an IT Manager, I initially refused to allow Mac's on the network because of this. But times are changing and we have to adapt. Companies are competing for "Talent" and one of the enticements for attracting talent is to give the new employee the choice of devices, i.e. Android or Apple phone and Windows Ultrabook or Macbook Pro computer.
I will say this, I've recently experienced this from an end-user perspective. I started a new role as a NetSec Manager, and was issued a top-end Lenovo Laptop (i7, 32GB RAM etc). But the base-image had been loaded up with 15+ different agents that made it unusable (CPU averaging 52% utilisation, fans blaring).
Then they offered me a Macbook Pro - Which I'm ashamed to say, runs like a dream, simply because the ability to "lock it down" is extremely limited even with JAMF, and the number of agents available for it, is also limited. Personally, I'd preferred a Linux based laptop, but I'll stick with this for now.
To be fair to my employer, the user-device team recognise things are out of control, and they are trying to strip it back to basics..
It's like buying a phone or DVD player or Digital Organiser. Not like buying a Mac or PC. Android is actually also very limited.
If you want something very flexible buy an Android or Windows tablet that can have Linux installed. Some gadgety things even have user accessible Linux, others like some ereaders, routers, TVs etc, not so much.
At this stage people would know what an iPad or iPhone normally does.
I was about to make the same comment.. https://bellard.org/jslinux/ is an incredible achievement.
Also, by definition of what apple is saying in clause 2.5.2 in its App Store Review Guidelines, which states::
<QUOTE>
"Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code which introduces or changes features or functionality of the app, including other apps."
<END QUOTE>
every single javascript browser should be removed.
The idea is noble and good: ensure a safe place for normal punters.
As any good intention, it is just a path to hell, as one cannot legislate goodness. Too many loopholes.
I am not worried about it for me. Personally I would rather chew my left bollock off than buy an iDevice.
However, I am worried for the children of parents who think an iPad is a computer. I only "got this way" because I had the ability to experiment on computers as a child. I would wager that a large proportion of the normal population doesn't really understand the difference in the level of control Apple v Google have. You have to go into a sub-menu in Android before you can run custom APKs. How many people do that? Probably few parents will, but innovative and interested teenagers will.
Freedom to do what you want with your device is important, because those we need to do the most exploring, probably have their tech largely chosen for them or chosen superficially.
Apple have rules for inclusion in the app store. The rules haven't changed, and as one of the developers said, he was fully aware that the app broke the rules.
However, you should be able to do what you want with them. To a point. If you have freedom to do so, you end up with the virus ridden circus that is android.
So, Apple's stance of "remove any package that allows you to download packages / code / libraries" I think is a good middle ground
But, what if you want to develop something? There's this thing called SSH.... SSH into a machine somewhere and do your dev on that. Then you have ultimate freedom to do whatever the hell that you want.
Safari breaks the rules, as do all iThing apps that use any web-browser components because they embed Safari.
Javascript downloaded from the Internet...
The rule itself is literally impossible to apply across the board without breaking all browsers, and therefore Apple have and will continue to allow many apps which break it.
Apple doesn't have to comply with their own rules obviously. Those are just for 3rd parties.
Additionally, Safari is the only web browser permitted in iOS devices. Anything else that looks like a browser on an iOS device is just a wrapper around Safari. Not allowing 3rd party browsers is also in the Store agreement.
SSH is obviously a no no, if it is running in a shell (ssh user@example.com "cat script.py" >script.py) :-D
And of course no NetCat or similar stuff...
Basically nothing that can connect outside the local device in any way can be allowed. So nothing with scripting allowed at all basically, including Unix shells.
(Unfortunately for the world, Apple is the only major phone manufacturer with a business of selling phones to users and supporting them.
Almost all of Googles profit comes from selling user information to advertisers, almost none from developing secure operating systems with privacy controls.
Android licensees - best case scenario - support the Android phones for three years.)
1. The vast majority of people who buy an iPhone or iPad want a communication appliance that can take good pictures and run consumer games & software, while (mostly) shielding them from complexity and protecting them from themselves.
2. Part of what you pay for when you buy an iOS device is the ability to take it to any Apple store and get help with it -- even if it's years out of warranty and you don't have AppleCare. You also get 5 or more years of software updates and patches, also with no service contract required.
Clearly that's a bargain that Apple's target market is OK with.
That said, it's not for everyone. If app store restrictions chafe on you and you don't mind scrolling through user forums for support, buy an Android. Vive la différence.
Before iPhone, telcos controlled everything about your phone. The moment the phone registered, all those great features listed on the phone's box were gone by configuration. Maybe you could buy some of these features back for $6 to $50 each per month.
Apple released the iPhone and stole the massive power of the telcos in an instant. It seems like Apple is setting themselves up to receive the same failure they once delivered.
I'm a developer, I don't work on Apple systems but was quite surprised to be working alongside some IT types during the recent election who not only were wannabe developers but also swore by Apple kit.
(I was just one of the election staff but once one of them learned that a) I was a programmer and b) I know 'C'.(.....fade in "Outer Limits" theme....) I got tapped about how to become a real programmer rather than an IT jockey. That isn't something I could easily tell them but from reading this I'd guess that one way to not go about it was to try to write code on an Apple system unless its for use on another Apple system. Apple appear to have made the system so secure that its useless (but they look so nice.....).
It actually requires a lot of work to get things working on iOS devices because of all the restrictions. I've had the misfortune of writing several iOS apps as well as Android versions of those same apps. And when it comes to iOS, you're constantly having to say "no, we can't do that", "Apple only allows you to" and try to work around the pointless restrictions. The only plus is that it packs on the billable hours.
was quite surprised to be working alongside some IT types during the recent election who not only were wannabe developers but also swore by Apple kit
iOS or Mac, though? Mac OS is mostly BSD under the hood. Like Windows 10, it has an app store but you don't have to use it; you can download and install anything you want. It has a nice GUI shell, but you also have access to the *nix CLI via Terminal.
They, on the one hand would like iPads to be seen as "professional" and for working. But at the same time, the things that make iPads somewhat simpler to manage are the very things that get in the way of getting any work done.
I've tried coding on ipad a couple of time: previously using Textastic to code javascript. More recently using pythonista. Coding in both of these these was fine. I could even write and run tests in pythonista.
The main issue I had was source control. I understand git had to be removed from pythonista because it broke Apples rules ( it allowed people to download code)
There's a separate git application available now, but you have to import and export each file you change. It's very awkward, and not really usable on a multifile project.
They, on the one hand would like iPads to be seen as "professional" and for working. But at the same time, the things that make iPads somewhat simpler to manage are the very things that get in the way of getting any work done.
I think the disconnect is that things like coding and network management aren't the kinds of work that Apple positions iOS for. iPad OS can run the crap out of office-type stuff, photo and video editors, drawing, email and comm apps, etc. For a lot of people, that is what they do for work, and they can very much do it on an iPad. El Reg readers...not so much.
Apple would reply that Macs are their tool for tasks where you need shell and hardware access, running arbitrary code, etc. Using iOS for those applications is like driving a nail with a screwdriver. You might get it done eventually -- if the nail is small and the wood is soft -- but it will not be a great experience.
Apple has to much power and market share.
I see two options:
a) Apple opens the Store (and iOS/iPad APIs) for all kinds of apps, with appropriate age/access controls, keeps it 30% or less, and can check for viruses - just like now.
b) Apple can keep its walled garden but must enable a way to install free 3.Party apps.
Either way: that should be the device owners choice!
Every hack/Security issue shows that this approach is not a save situation while blocking many kinds of uses, like emulators etc. Today you cannot even get an i-App that shows eg. deep Sat info fot GPS/Galileo(etc), something my old Palm could do. Or there are no real WLan scanners because of hardware restrictions Apple wants to have (there is a work-around using the Airport app, as long as that remains in the store).
And Freeware developers must pay to release their Apps?!
My biggest issue:
Right now all that privacy talk from Apple is bulls*it, because without a local firewall and/or deep system/API inspection to my likeing any app can send stuff anywhere it wants.
And EOL devices are hard to use, with no official security upgrades from Apple, but could savely run a custom rom etc.
I have hope for some US court action, because the EU does afaik nothing.
It kinda is the device owners choice, don't buy one
Apple built their brand on this model, all along developers (some, not all, but a very vocal set) have complained endlessly, on various issues, from declaring things they thought were vital in smartphones that apple didn't implement, walled gardens, app dev restrictions and that they would never use it.
Apple still managed to be hugely successful, now those developers want to remove the things that people bought into apple for in the first place so they can have a slice of the pie that they declared would never materialise.
I only see two options:
a) Apple opens the Store for all kinds of apps, with appropriate age/access controls.
b) Apple can keep its walled garden but must enable a way to install other apps.
Either way: that shoul be the owners choice!
Every hack/Security issue shows that this approach is not a save situation while blocking many kinds of uses, like emulators etc. Today you cannot even get an i-App that shows eg. deep Sat info fot GPS/Galileo(etc), something my old Palm could do. Or there are no real WLan scanners because of hardware restrictions Apple wants to have (there is a work-around using the Airport app, as long as that remains in the store)
My biggest issue:
Right now all that privacy talk from Apple is bulls*it, because without a local firewall to my likeing any app can send stuff anywhere it wants.
And EOL devices are hard to use, with no official security upgrades from Apple, but could savely run a custom rom etc.
I have hope for some US court action, because the EU does afaik nothing.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
