什么样的下载代码违反App Store审核指南？ [英] What kind of downloaded code violates App Store Review Guideline?

问题描述

App Store评论指南说：以任何方式或形式下载代码的应用都将被拒绝。

App Store Review Guidelines says: "Apps that download code in any way or form will be rejected."

我想使用Challenge-制作应用验证响应。该应用程序具有一组基本算法，如SHA-1，SHA-256，MD5，DES，AES等。挑战服务器包含算法名称的数组，其中包含随机排列和字符串名称A.客户端使用算法和质询指示的序列来操作字符串A，并将其作为响应返回给服务器。

I'd like to make an app using Challenge-Response for authentication. The app has a set of basic algorithms such as SHA-1, SHA-256, MD5, DES, AES and so on. The challenge server makes contains an array of the algorithms' name with random arrangement and a string names A. Client uses the algorithms and the sequence that challenge indicates to manipulate string A, and returns it to the server as the response.

虽然我在服务器和客户端之间传输的是一堆字符串，但它们确实改变了我的应用程序的行为。我应该将它们视为一种代码吗？如果没有，为什么Apple禁止下载shell代码执行？我的意思是，shell代码也是一堆字符串并由运行环境解释。基本区别在哪里？

Although all I transfer between server and client is a bunch of strings, but they indeed change the behavior of my app. Should I consider them a form of code? If not, why downloading shell code to execute is forbidden by Apple? I mean, shell code is also a bunch of strings and interpreted by running environment. Where is the essential difference?

原谅我的英语：）

推荐答案

Apple担心并希望阻止的是那些通过审批流程（伪装成良性）并随后改变其​​基本功能的应用程序。

What Apple is worried about and wanting to prevent is applications that get through the approval process (disguised as something benign) and later change their fundamental function.

一个极端的例子是在用户的设备上安装新的恶意可执行代码之后，应用程序下载新的恶意可执行代码。

An extreme example would be an application downloading new, malicious executable code after it has been installed on the user's device.

Apple正在使用广泛的措辞，以便能够拒绝任何应用程序任何方式试图对用户有害。不可能具体描述每种技术和具体方式，因此Apple保持措辞宽松。

Apple is using broad wording in order to be able to reject any app that in any way tries to be harmful to the user. It would be impossible to specifically describe every technique and specific way this could happen, so Apple keeps the wording loose.

应用程序下载代码以某种形式或其他形式全部时间，考虑一个访问返回JSON格式响应的API的应用程序。从技术上讲，它可以被视为代码，它可以改变应用程序行为（显示哪个视图，某个视图上可用的选项等）。但是以这种方式访问​​API的应用程序肯定不会被拒绝。

Apps "download code" in some form or another all the time, consider an application that accesses an API that returns JSON formatted responses. Technically that could be considered code, and it can change the apps behavior (which view to show, what options would be available on a certain view, etc). But an app that access an API in this manner would certainly not be rejected.

从我的问题中我可以收集到的，听起来你不必担心关于指南中的特定条款。

From what I can gather from your question, it sounds like you don't have to worry about that particular clause in the guidelines.

这篇关于什么样的下载代码违反App Store审核指南？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！