Apple appears to relax ban on apps fetching, running extra code – remains aloof as always

Arbitrary exes, no, but friendlier rules for dev tools

Apple's rules

Rusovsky said such frameworks have been in use for a while, but were technically in violation of guidelines. The rules change, he said, legitimizes them.

As of June 5, 2017, Apple now explicitly allows executable code to be downloaded and run by "a programming environment intended for use in learning how to program," subject to four conditions:

  • No more than 80 per cent of the app's viewing area can be taken over by executable code, except as allowed by other Apple rules.
  • The app must make it clear that the user is in a programming environment.
  • The app cannot create a store for selling or distributing code or other apps.
  • All source code must be viewable and editable (no pre-compiled libraries).
Apple dev agreement changes

What's changed in Apple's rules ... Click to enlarge

"The downloaded code rules are something I've been petitioning to change for a while," said High Caffeine Content developer Steven Troughton-Smith in a Twitter DM exchange. "It does look like they're opening it up much further than before."

Borum said that several years ago, Apple relaxed this section of its developer agreement to allow dynamically downloaded JavaScript to be run. "This change made a lot of sense, since any app that included a browser-view showing external websites was basically in violation," he said. "Almost any website has some Javascript running and this was being downloaded and interpreted to render the website."

But Apple's revised wording makes no mention of Javascript at all.

"As far as I can tell the Javascript exception has been removed, which could spell trouble for things like React Native, but on the other hand every app with a browser-view showing external websites would be in violation," Borum observed.

With React Native, a framework that combines native code with Javascript interface components, developers can alter their apps aesthetically and functionally without revisiting the app review queue. That could run afoul of Apple's rules if the primary purpose of the application changed. But it can also be used in accordance with Apple's conditions.

Troughton-Smith said he doesn't believe Apple intends to disallow React Native. "[The revised developer agreement] provides no restrictions as to how apps are built," he said. "It now enables apps to download interpreted code (like JavaScript or Lua) as long as it doesn't completely change the app."

He argues that Apple's concern is spelled out in its clause stressing that downloaded code cannot change an apps primary purpose. "It means an app can update its own code, but it can't go from being one type of app into another type," he said.

"I'm very excited about this change," Troughton-Smith added. "It means great things for apps for developers, which were previously persona non grata, and had limitations on iCloud sync and import/export."

Charlie Cheever, CEO of, a framework for React Native apps, sees the rule revision the same way. "My reading of this is that the new rules allow you to run interpreted code from any programming language as long as it follows the other rules laid out," he said in an email to The Register.

"Lua in particular is popular as a scripting language for games, and there are a number of game engines that could now be extended to allow over-the-air updates for some stuff in ways they couldn't before."

Cheever said Apple appears to be moving away from specific technical requirements to policy-driven requirements.

"While in general, this is a move to a more lenient set of rules, they do seem to have explicitly made some restrictions that might require that developer tools become worse – though it's not clear if that language (no more than 80 per cent of the screen used for user code, etc.) applies to people making tools for teaching programming or to developer tools in general," he said.

Rusovsky said Apple should "make itself available to answer questions about its policies so that developers and vendors don't have to try to interpret the intent of those policies." ®

Sponsored: Detecting cyber attacks as a small to medium business


Biting the hand that feeds IT © 1998–2020