Good temporary solution

Posted Jun 29, 2024 1:13 UTC (Sat) by edeloget (subscriber, #88392)
In reply to: Good temporary solution by smurf
Parent article: Python grapples with Apple App Store rejections

> Sorry but that's nonsense. If Apple wants to block apps from opening "itms-services:" URLs then they should teach the OS to not open them in the first place.

Does that mean that the OS should be able to snoop on all application communication? I'm not sure it's a good idea :)

Anyway, checking for an itms-services string is dumb. There are so many ways to not have said string in the binary and yet have a way to rebuild it that ("itms" + "-" + "services" ? rot13 ? base64 ? xor with a simple pattern ?...) that finding the string istelf should be a sign that the developper is not trying to game the verification.

It's not that Apple broke python, or that CPython is broken. It's just plain stupid to even try to match the pattern itself.

Good temporary solution

Posted Jul 4, 2024 14:36 UTC (Thu) by hkario (subscriber, #94864) [Link] (1 responses)

The OS in iDevices already can snoop on all things the applications do, you must use iOS provided services for TLS, that means it's the OS that encrypts the data, not the application.

Good temporary solution

Posted Jul 4, 2024 19:59 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

> you must use iOS provided services for TLS

That's not quite true. You can use your own TLS implementation, although you might have to apply for an exemption from the ATS requirements.