Good temporary solution
Good temporary solution
Posted Jun 28, 2024 15:17 UTC (Fri) by smurf (subscriber, #17840)In reply to: Good temporary solution by sunshinerag
Parent article: Python grapples with Apple App Store rejections
Parsing an app for the string doesn't help. Malicious apps will just obscure the string while people who legitimately ship an URL parser (in Python, itms-services is in the "uses_netloc" list so that the parser returns the result the caller expects) need to add brain-dead patches or other workarounds.
Posted Jun 29, 2024 1:13 UTC (Sat)
by edeloget (subscriber, #88392)
[Link] (2 responses)
Does that mean that the OS should be able to snoop on all application communication? I'm not sure it's a good idea :)
Anyway, checking for an itms-services string is dumb. There are so many ways to not have said string in the binary and yet have a way to rebuild it that ("itms" + "-" + "services" ? rot13 ? base64 ? xor with a simple pattern ?...) that finding the string istelf should be a sign that the developper is not trying to game the verification.
It's not that Apple broke python, or that CPython is broken. It's just plain stupid to even try to match the pattern itself.
Posted Jul 4, 2024 14:36 UTC (Thu)
by hkario (subscriber, #94864)
[Link] (1 responses)
Posted Jul 4, 2024 19:59 UTC (Thu)
by Cyberax (✭ supporter ✭, #52523)
[Link]
That's not quite true. You can use your own TLS implementation, although you might have to apply for an exemption from the ATS requirements.
Good temporary solution
Good temporary solution
Good temporary solution