Archive for August 9, 2024

Friday, August 9, 2024

Collect Cards Bypassing App Review via CodePush

Filipe Espósito:

A peculiar app called “Collect Cards: Store box” has been available on the App Store for over a year. The App Store description doesn’t say much about it, while the screenshots show a simple interface with what appears to be an app for managing photos and videos.

But in reality, when users download the app, it turns into a pirate streaming platform, with content from Netflix, Disney+, Amazon Prime Video, HBO Max, and even Apple TV+.

Although this app has gone unnoticed all this time, it recently reached the top #2 of the most downloaded free apps in the App Store in Brazil.

Filipe Espósito:

Following the publication of our article, Apple removed the app. However, it seems that the developers have once again tricked the company into approving not just one, but multiple pirate streaming apps on the App Store.

Filipe Espósito (via Hacker News):

In our original report, we explained that these apps use geofence to prevent anyone at Apple from seeing what the app is actually capable of. But by analyzing the code of these apps, we now have a better idea of how this happens.

As we guessed, these apps share the same code base – even if they are distributed by different developer accounts. They’re built on React Native, a cross-platform framework based on JavaScript, and use Microsoft’s CodePush SDK which allows developers to update parts of the app without having to send a new build to the App Store.

[…]

After Apple approves the app with its basic functionalities, developers use CodePush to update it with anything they want. The app then reveals its true interface in “safe” locations.

John Gordon:

200+ apps per reviewer per 40h. So basically 5-10min apiece. Most of the 100K are crap or worse.

Dave B.:

Why does Apple allow those fake games on the App Store?

It’s infuriating and gives Apple a really bad look.

Previously:

Deluge of Fake Mac App Store Reviews

Jeff Johnson:

There are a bunch of fake Mac App Store reviews for the Safari extensions Wipr, Dark Reader, and Vinegar. They are #1, 3, and 5 top paid.

Vinegar, at least, is a legit good app.

Jeff Johnson (Mastodon):

I’ve now checked the reviews for all of the current top 40 paid apps in the Mac App Store, and 8 of those apps have a large number of fake reviews during the period of June 11 through July 19. What the 8 apps have in common, besides the top paid list and the fake reviews, is that they’re all relatively cheap, from $1.99 to $4.99 USD in price. Note that only buyers can leave App Store ratings and reviews for upfront paid apps, which makes this deluge of fake reviews especially odd.

[…]

The question is, why are we seeing all of these fake reviews around the same time across multiple top paid Mac App Store apps? I don’t have an answer to this question. My pet conspiracy theory is that all of the fake reviews were purchased by a single developer as a cover for their app. If a bunch of apps have fake reviews, then the fake reviews for the developer’s one app don’t stand out as much, and there’s plausible deniability. But that’s only my theory, with no proof. I could be wrong. One thing is clear, however: Apple has completely failed to prevent, detect, or remove this deluge of fake reviews in the Mac App Store. There has been no curation.

Jeff Johnson:

The fake Mac App Store reviews continue. From Monday, there are now a bunch of fake reviews on the #1 top paid app Magnet.

Ric Ford:

Apple has proven unable (or unwilling) to reliably police its own proprietary App Stores for bad/fake apps as well as fake reviews. Thankfully, a few people outside Apple are at least flagging the problems.

Previously:

Update (2024-08-13): Christina Warren:

Meanwhile, while Apple enshittifes macOS and tries to force everyone to use the absolute ghetto that is the piece of shit Mac App Store, they also approve fake apps. So miss me with this “annoying and bad notifications are b/c Apple cares about user safety.” No. You cannot have it both ways. You cannot claim the only way to release safe and reliable apps is through a terrible App Store and also approve predatory fake apps through said App Store.

Chris Coleman:

I helped a friend run a Facebook page that we had built up to about 12,000 people — until my friend downloaded a fake “Pages Manager” app for iOS that stole his entire Facebook account and became the owner of the page.

Jeff Johnson:

The App Store, everyone.

Apple Pressures ByteDance and Tencent Over IAP

Tim Hardwick:

Apple is putting pressure on Tencent and ByteDance to make significant changes to two of China’s most popular apps in order to remove loopholes that circumvent Apple’s typical 30% commission, Bloomberg reports.

The loopholes are linked to mini-apps that allow users of Tencent’s social-messaging app WeChat and ByteDance’s short-video app Douyin to play games, hail taxis, and make online purchases without leaving the app.

Apple reportedly told both companies they need to prevent mini-app creators from including links to outside payment systems that circumvent its commission system.

They also want to ban in-app chats because they would make it possible to send payment links.

Tim Sweeney:

Apple divides “Super Apps” into several categories that it restricts differently, to force each to stay in its lane and not expand into a source of real competition to Apple: games with user generated content; apps containing mini apps; stores (EU only); and web browsers.

Games with user generated content are taxed and limited by ambiguous rules that require user content to not add functionality not in the base game, a hopelessly vague notion that would prohibit Roblox, if fully enforced.

The Super App junk fee change isn’t written in the terms. It’s a reinterpretation of a long standing policy described in Bloomberg and dozens of other publications today. (See Kodak-Newcal on the risks of acknowledging a significant adverse change in terms.)

Previously:

Update (2024-08-15): Chance Miller:

Speaking to investors this week, Tencent’s Chief Strategy Officer James Mitchell said that the company is in talks to enable in-app purchase support, but there are questions about whether the two sides will come to terms:

“We want to make it available on terms that we think are economically sustainable, that are also fair. And so that’s a discussion that’s underway, and we hope that the discussion leads to a positive outcome,” Mitchell said. “But in the event that discussion doesn’t progress, then the current status quo continues.”

Today’s comments from Mitchell mark the first time that Tencent has acknowledged its talks with Apple.

I guess “current status quo” refers to the current version of the app, since Apple won’t let them update it.

Update (2024-09-09): Tim Hardwick:

Apple has approved an update to WeChat for the upcoming iPhone 16, signaling a potential thaw in relations between the tech giant and Tencent, the Chinese company behind the massively popular messaging app. The development, reported by Bloomberg, comes as Tencent and Apple continue negotiations over revenue-sharing agreements for WeChat’s mini-games ecosystem.

Allowing iOS PC Emulator Apps to Download Games

Apple:

Updated 4.7 to clarify that PC emulator apps can offer to download games.

They’ve also changed the notarization guidelines:

4.7 Mini apps, mini games, streaming games, chatbots, plug-ins, and game emulators Apps may offer certain software that is not embedded in the binary, specifically HTML5 mini apps and mini games, streaming games, chatbots, and plug-ins. Additionally, retro game console and PC emulator apps can offer to download games.

[…]

4.7.2 Your app may not extend or expose native platform APIs to the software without prior permission from Apple.

4.7.3 Your app may not share data or privacy permissions to any individual software offered in your app without explicit user consent in each instance.

This fixes the problem where apps in the App Store were allowed to do more than those outside of it.

Juli Clover:

The guideline previously said that console emulator apps could include the option to download games, but it did not explicitly cover PC emulators.

[…]

UTM SE was the first PC emulator app to be allowed on the App Store , but the guideline changes today will streamline the approval process for similar apps.

See also: App Store Review Guidelines History.

Paul Hudson:

New app review guidelines – does this mean I can finally (legally) get a good DOS game emulator for iPad? Give me Detroit, Space Crusade, Theme Hospital, Dungeon Keeper, and more 🤩

Steve Troughton-Smith:

App Store policy changes re PC emulators are baby steps; I don’t think I want to buy another iPad that doesn’t have a way to robustly virtualize a desktop operating system. If Apple’s too scared to put macOS on it, just give us the frameworks and let developers virtualize Windows and Linux.

Davide Di Stefano:

It’s really sad to think that the M1 chips has powerful emulation capabilities that can’t be even accessed from iPadOS 😓

I’m also out of this platform for this and other reasons (zero development capabilities, no multi-user support)

Previously: