must read Apple's new iPhone/iPad OS 4 developer's agreement

[Dave Farber <dfarber () me com>]

Begin forwarded message:

> From: "Jonathan S. Shapiro" <shap () eros-os org>
> Date: April 9, 2010 6:47:33 PM EDT
> To: dave () farber net
> Subject: Re: [IP] Apple's new iPhone/iPad OS 4 developer's agreement

> [For IP]
>
> The bit about "no downloadable code" has been in place for a long
> time. Apple is taking a very clear position that the iPhone/iPad are
> neither open nor general devices. What these terms mainly show is that
> Apple lacks the core OS technology needed to construct a defensible
> platform. In the absence of that technology, a case can be made that
> the process of audit that Apple has put into place is desirable.
>
> The bit that actually concerns me here is the requirement about
> "original source language" being C, C++, or Objective C. All three of
> these development languages are unsafe, and Apple is actually going so
> far as to *prohibit* (by exclusion) the use of more modern, safe,
> programming language technology. Why should languages like Ada, Java,
> C#, Scheme, O'Caml, or Haskell, any of which are dramatically more
> reliable than the languages listed, be prohibited? Apple doesn't
> market compilers for those other languages, so one speculation is that
> this is about extracting revenue from developers.
>
> In an era when computer vulnerabilities are such a serious threat,
> proscribing the use of safe languages is not merely passive
> negligence. By imposing these terms, Apple *prevents* third-party
> software developers from acting according to the current state of the
> practice in secure software construction.
>
> It does, at least, suggest a great defense for the iPhone/iPad
> software developer: "I wanted to implement a more secure application,
> but I couldn't, because Apple's development and distribution terms
> prohibited that. Don't sue me, sue Apple." Worse, the Apple policy
> justifies the software developer in failing to invest in modern, safer
> language technology: when a major platform doesn't accept safer
> languages, development cost considerations tend to prevent the
> adoption of those languages elsewhere as well.
>
> Anybody who thinks that Apple platforms are secure simply doesn't
> understand what's going on technically. Based on their behavior,
> neither does Apple.
>
>
> Jonathan
>
>
>
> On Fri, Apr 9, 2010 at 1:24 PM, Dave Farber <dfarber () me com> wrote:
> > > From: "Glenn S. Tenney" <tenney () think org>
> > > To: "David Farber" <dave () farber net>
> > > Date: April 09, 2010 03:49:06 PM EDT
> > > Subject: Apple's new iPhone/iPad OS 4 developer's agreement
> > >
> > > ( for IP if you wish )
> > >
> > > I've been reading comments from many iPhone / iPad developers who are
> > > upset with Apple's new terms for the iPhone OS 4 SDK.
> > >
> > > One of those comments notes that someone posted Apple's new iPhone /
> > > iPad developer's agreement and made it public at
> > > http://friendpaste.com/AXqmXukhQtU4Sjzvt8tZT
> > >
> > > It seems that the following is the crux of most of the discussions
> > > I've read (the quote is taken from the above URL's page):
> > >
> > > "3.3.1 Applications may only use Documented APIs in the manner
> > > prescribed by Apple and must not use or call any private
> > > APIs. Applications must be originally written in Objective-C, C, C++,
> > > or JavaScript as executed by the iPhone OS WebKit engine, and only
> > > code written in C, C++, and Objective-C may compile and directly link
> > > against the Documented APIs (e.g., Applications that link to
> > > Documented APIs through an intermediary translation or compatibility
> > > layer or tool are prohibited).
> > >
> > > 3.3.2 An Application may not itself install or launch other executable
> > > code by any means, including without limitation through the use of a
> > > plug-in architecture, calling other frameworks, other APIs or
> > > otherwise. No interpreted code may be downloaded or used in an
> > > Application except for code that is interpreted and run by Apple's
> > > Documented APIs and built-in interpreter(s)."
> > >
> > > --
> > > Glenn Tenney CISSP CISM
> >
> >
> > -------------------------------------------
> > Archives: https://www.listbox.com/member/archive/247/=now
> > RSS Feed: https://www.listbox.com/member/archive/rss/247/
> > Powered by Listbox: http://www.listbox.com



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com