Comments on: “Find and Call” Trojan

By: Michael Tsai

Michael Tsai — Sun, 29 Jul 2012 22:32:26 +0000

@Ölbaum I get the impression that it’s the older folks who complain more about the review process. I remember compiling software for the original Palm device—when it was called the Pilot. I’m actually not sure that the rules are the same for everyone.

By: Ölbaum

Ölbaum — Sun, 29 Jul 2012 22:19:50 +0000

I think if the small yet very vocal portion of developers who do nothing but complain about the review process were old enough to have owned a Palm OS device, we would hear a different tune. Stop complaining, the rules are the same for everyone. Or continue to complain but start acknowledging every time you install an app and it doesn't break your phone.

By: Michael Tsai

Michael Tsai — Fri, 06 Jul 2012 14:18:15 +0000

@bob Their internal tools got confused, and they kept rejecting my app because they thought it used Java!

By: Jesper

Jesper — Fri, 06 Jul 2012 09:55:08 +0000

This is one quadrant. Here are the others: 2. Some people are making money on apps that do nothing but, say, enable Emoji keyboards. They pretend that they "install SMS smileys!" and Apple let their lies stand. 3. Some people are making awful, buggy apps. 4. Some people can't be making useful apps because they don't rub Apple the right way. They can't include useful features and they have to go through Apple to make money. It's as hard as ever to justify the policy with anything else than "Apple just wants to control this, okay?". What little protection you get from extra review obviously doesn't weigh up other downsides or maintain quality.

By: bob

bob — Fri, 06 Jul 2012 07:33:15 +0000

"even then it's hard to review the code since developers don't share the source with Apple."

Well, sharing the source code with Apple is probably the next step.

Anyway, the real problem is that the review team is not technically qualified to review what an application is doing.

And, when they use Apple's internal tools to check what an application is doing during its execution, they do not understand what these tools report. Trying to explain to them, politely, that they are plain wrong is a dead-end. Because, you know, they know better than you what your application does.

By: Michael Tsai

Michael Tsai — Fri, 06 Jul 2012 03:34:57 +0000

@Michel Exactly. That’s why some of us have been critical of the review process all along. I read about apps and updates submitted more than a month ago, important bug fixes delayed for weeks—and for what? It’s not possible for Apple to protect users.

By: Michel Fortin

Michel Fortin — Fri, 06 Jul 2012 03:30:23 +0000

There's no way the review process will protect against malicious intent. For all we know, sending the contact list might be trigged by a flag from the developer's server, and that flag could be off until the app is effectively in the store. The reviewer would never have a chance to catch what was going on. I'm not saying this is how this app passed. But if it was, Apple certainly couldn't catch it short of doing an extensive code review, but even then it's hard to review the code since developers don't share the source with Apple.