Interesting People mailing list archives
must read Apple's new iPhone/iPad OS 4 developer's agreement
From: Dave Farber <dfarber () me com>
Date: Fri, 09 Apr 2010 20:19:01 -0400
Begin forwarded message:
From: "Jonathan S. Shapiro" <shap () eros-os org> Date: April 9, 2010 6:47:33 PM EDT To: dave () farber net Subject: Re: [IP] Apple's new iPhone/iPad OS 4 developer's agreement
[For IP] The bit about "no downloadable code" has been in place for a long time. Apple is taking a very clear position that the iPhone/iPad are neither open nor general devices. What these terms mainly show is that Apple lacks the core OS technology needed to construct a defensible platform. In the absence of that technology, a case can be made that the process of audit that Apple has put into place is desirable. The bit that actually concerns me here is the requirement about "original source language" being C, C++, or Objective C. All three of these development languages are unsafe, and Apple is actually going so far as to *prohibit* (by exclusion) the use of more modern, safe, programming language technology. Why should languages like Ada, Java, C#, Scheme, O'Caml, or Haskell, any of which are dramatically more reliable than the languages listed, be prohibited? Apple doesn't market compilers for those other languages, so one speculation is that this is about extracting revenue from developers. In an era when computer vulnerabilities are such a serious threat, proscribing the use of safe languages is not merely passive negligence. By imposing these terms, Apple *prevents* third-party software developers from acting according to the current state of the practice in secure software construction. It does, at least, suggest a great defense for the iPhone/iPad software developer: "I wanted to implement a more secure application, but I couldn't, because Apple's development and distribution terms prohibited that. Don't sue me, sue Apple." Worse, the Apple policy justifies the software developer in failing to invest in modern, safer language technology: when a major platform doesn't accept safer languages, development cost considerations tend to prevent the adoption of those languages elsewhere as well. Anybody who thinks that Apple platforms are secure simply doesn't understand what's going on technically. Based on their behavior, neither does Apple. Jonathan On Fri, Apr 9, 2010 at 1:24 PM, Dave Farber <dfarber () me com> wrote:From: "Glenn S. Tenney" <tenney () think org> To: "David Farber" <dave () farber net> Date: April 09, 2010 03:49:06 PM EDT Subject: Apple's new iPhone/iPad OS 4 developer's agreement ( for IP if you wish ) I've been reading comments from many iPhone / iPad developers who are upset with Apple's new terms for the iPhone OS 4 SDK. One of those comments notes that someone posted Apple's new iPhone / iPad developer's agreement and made it public at http://friendpaste.com/AXqmXukhQtU4Sjzvt8tZT It seems that the following is the crux of most of the discussions I've read (the quote is taken from the above URL's page): "3.3.1 Applications may only use Documented APIs in the manner prescribed by Apple and must not use or call any private APIs. Applications must be originally written in Objective-C, C, C++, or JavaScript as executed by the iPhone OS WebKit engine, and only code written in C, C++, and Objective-C may compile and directly link against the Documented APIs (e.g., Applications that link to Documented APIs through an intermediary translation or compatibility layer or tool are prohibited). 3.3.2 An Application may not itself install or launch other executable code by any means, including without limitation through the use of a plug-in architecture, calling other frameworks, other APIs or otherwise. No interpreted code may be downloaded or used in an Application except for code that is interpreted and run by Apple's Documented APIs and built-in interpreter(s)." -- Glenn Tenney CISSP CISM------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- must read Apple's new iPhone/iPad OS 4 developer's agreement Dave Farber (Apr 09)
- <Possible follow-ups>
- Re: must read Apple's new iPhone/iPad OS 4 developer's agreement David Farber (Apr 10)
- Re: must read Apple's new iPhone/iPad OS 4 developer's agreement Dave Farber (Apr 10)
- Re: must read Apple's new iPhone/iPad OS 4 developer's agreement Dave Farber (Apr 11)