Re: collection of applications
On 13 Oct 2013, at 11:29 PM, Maxthon Chan xcvi...@me.com wrote: method call -[UIApplication _terminate], it is private but since your apps are in-house you are not bind to the rules Strictly speaking, this is not so. The Enterprise license (when I last looked at it about a year ago) requires that in-house applications conform to the criteria for App Store review. What you're referring to is not a total exemption from the rules, but the unlikelihood you will be caught, or that Apple will take much trouble if you are. Many of the rules reflect Apple's need to have its products make a good impression on the people who paid extra money for a good experience. If you run the battery life of an Apple customer's iPhone down to two hours, that damages the iPhone's reputation with the user and his friends, regardless of whether the user is part of a captive audience. We had a project in the acquisition stage that would have synthesized all of a device's sensor data into a conjecture of the mental state of the user. (It was a professor's research project, what do I know.) We knew it was creepy. Our Apple field engineer has his ear to the ground. I got an email from him saying that while every technique we were considering, separately, was technically feasible, the privacy implications were such that if we went ahead, Apple could shut us down, and would. I was relieved. It was not relevant that the application was to be distributed in-house, nor that all users would have signed iron-clad consent agreements, nor that they'd be completely free not to install it. The concern, as I understood it, was that people would hear that iPhones could spy on them. Quite aside from its being wrong, which I think was the main thing on the engineer's mind. One of the nice things about writing software for Apple devices is that what you can do is also — usually and broadly speaking — the right thing to do. As for private API: It's not smart. Apple's engineers know what the interactions and prerequisites of its private API are. If the prerequisites change, they can adjust to them and not worry about being out of step with the OS — their code _is_ the OS. As with being caught on your in-house applications, you're relying on luck. And you're not supposed to kill an application out from under the user. That's why there is no API for it. [Please don't protest that this isn't reasonable or fair (which usually boils down to feeling entitled to do what you want without interference from The Man), or that you haven't had any trouble yet, or that you don't believe you ever will; and therefore it shouldn't apply to you. It just is. It's not that it's immoral, it's just that to a nonzero degree, it's unwise.] — F ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
On 13 Oct 2013, at 11:45 PM, Maxthon Chan xcvi...@me.com wrote: Maybe you have to tell your management that it is technically infeasible to do so in iOS without jailbreaking. Either you bake them all in/use separate SpringBoard icons or the dynamic libraries will not be loaded in vanilla iOS device without black magic. Jailbreaking hasn't deterred some of our potential clients, who were determined to get what they wanted, jailbreaking be damned. Our network carries data the disclosure of which is a felony. I had to explain that we simply could not make a policy of bringing computers that had been rooted by God-knows-who inside our security wall. Management isn't 100% likely to shy away from security disasters, but it makes more weight than jailbreaking's being technically inadvisable. — F ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
I am saying in-house apps deployed in an ad-hoc fashion. (also, you can use exit(3) which is a public POSIX API but it is less elegant) If the apps have the same developer ID, you can also use a shared keychain. I did that for a few App Store apps that shares a login. On Oct 14, 2013, at 22:49, Fritz Anderson fri...@manoverboard.org wrote: On 13 Oct 2013, at 11:29 PM, Maxthon Chan xcvi...@me.com wrote: method call -[UIApplication _terminate], it is private but since your apps are in-house you are not bind to the rules Strictly speaking, this is not so. The Enterprise license (when I last looked at it about a year ago) requires that in-house applications conform to the criteria for App Store review. What you're referring to is not a total exemption from the rules, but the unlikelihood you will be caught, or that Apple will take much trouble if you are. Many of the rules reflect Apple's need to have its products make a good impression on the people who paid extra money for a good experience. If you run the battery life of an Apple customer's iPhone down to two hours, that damages the iPhone's reputation with the user and his friends, regardless of whether the user is part of a captive audience. We had a project in the acquisition stage that would have synthesized all of a device's sensor data into a conjecture of the mental state of the user. (It was a professor's research project, what do I know.) We knew it was creepy. Our Apple field engineer has his ear to the ground. I got an email from him saying that while every technique we were considering, separately, was technically feasible, the privacy implications were such that if we went ahead, Apple could shut us down, and would. I was relieved. It was not relevant that the application was to be distributed in-house, nor that all users would have signed iron-clad consent agreements, nor that they'd be completely free not to install it. The concern, as I understood it, was that people would hear that iPhones could spy on them. Quite aside from its being wrong, which I think was the main thing on the engineer's mind. One of the nice things about writing software for Apple devices is that what you can do is also — usually and broadly speaking — the right thing to do. As for private API: It's not smart. Apple's engineers know what the interactions and prerequisites of its private API are. If the prerequisites change, they can adjust to them and not worry about being out of step with the OS — their code _is_ the OS. As with being caught on your in-house applications, you're relying on luck. And you're not supposed to kill an application out from under the user. That's why there is no API for it. [Please don't protest that this isn't reasonable or fair (which usually boils down to feeling entitled to do what you want without interference from The Man), or that you haven't had any trouble yet, or that you don't believe you ever will; and therefore it shouldn't apply to you. It just is. It's not that it's immoral, it's just that to a nonzero degree, it's unwise.] — F ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
You can use a repo and package limiting tool on jailbroken devices, and make sure that only whitelisted packages/repos are accessible. Also, for those sensitive data, something like TLS/IPSec will help a lot. On Oct 14, 2013, at 22:59, Fritz Anderson fri...@manoverboard.org wrote: On 13 Oct 2013, at 11:45 PM, Maxthon Chan xcvi...@me.com wrote: Maybe you have to tell your management that it is technically infeasible to do so in iOS without jailbreaking. Either you bake them all in/use separate SpringBoard icons or the dynamic libraries will not be loaded in vanilla iOS device without black magic. Jailbreaking hasn't deterred some of our potential clients, who were determined to get what they wanted, jailbreaking be damned. Our network carries data the disclosure of which is a felony. I had to explain that we simply could not make a policy of bringing computers that had been rooted by God-knows-who inside our security wall. Management isn't 100% likely to shy away from security disasters, but it makes more weight than jailbreaking's being technically inadvisable. — F ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
RE: collection of applications
Hello Chan and other guys, Thank you a lot for your answers. Yes I'm planning to create a portal (enterprise in the meaning that all our apps could be used/called from one app). Chan, your reply was interesting especially regarding - Also external binaries can be used - there is an App Store app called iSSH that carried its own signed version of PuTTY cross compiled for iOS. How they could call external binaries? I assume binaries are not visible on springboard (no any external app icons exists) Thanks, Ruf -Original Message- From: ChanMaxthon [mailto:xcvi...@me.com] Sent: Friday, October 11, 2013 10:41 PM To: Jens Alfke Cc: Rufat A. Abdullayev; Cocoa-dev Subject: Re: collection of applications Seem to me that you are considering making an enterprise single sign-on portal. Of course you can combine everything into a single app, but a more graceful solution can exist. Just to correct a misunderstanding, iOS dyld can load dynamic libraries if carried as part of the application bundle (and there is a hack that allows on-the-fly patching of the in-memory libdyld to load libraries downloaded from any arbitrary address, but that involves lots of black magic and Apple can reject it if found out.) Also external binaries can be used - there is an App Store app called iSSH that carried its own signed version of PuTTY cross compiled for iOS. As mentioned, you can launch other apps by URL schemes. This is also a method of inter-app communication as you can encode data into the URL string. You can design a family of apps that requires a SSO and a SSO portal. When a client app is launched directly it redirects the user to the SSO portal, telling the portal who called it. The portal then redirects the user back to the app with whatever information needed for the session to continue after authentication. It seem to me that Facebook used this scheme in the wild (that is, Facebook app is the SSO portal and apps using Facebook SDK is signing on using Facebook app itself.) Sent from my iPad On 2013年10月11日, at 12:31, Jens Alfke j...@mooseyard.com wrote: On Oct 10, 2013, at 8:44 PM, Rufat A. Abdullayev rufa...@agbank.az wrote: I also saw another approach they give a link to app store from application and downloaded other app from App Store separately but managed them from another app like a service ... It’s a pity that I could not get more details on implementation! Do you mean just launching another app programmatically? You can definitely do that; the typical way involves having the app register a custom URL scheme. But the other apps are just regular apps, not services or anything hidden. ?Jens ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/xcvista%40me.com This email sent to xcvi...@me.com ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
On Oct 13, 2013, at 21:06 , Rufat A. Abdullayev rufa...@agbank.az wrote: Yes I'm planning to create a portal (enterprise in the meaning that all our apps could be used/called from one app). I'm not sure how relevant this is, but it may be that creating a portal will get your app rejected. Look at the app store submission guidelines, section 2.8 and (especially) 10.4. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
App Store rules does not apply to in-house enterprise apps. On Oct 14, 2013, at 12:13, Quincey Morris quinceymor...@rivergatesoftware.com wrote: On Oct 13, 2013, at 21:06 , Rufat A. Abdullayev rufa...@agbank.az wrote: Yes I'm planning to create a portal (enterprise in the meaning that all our apps could be used/called from one app). I'm not sure how relevant this is, but it may be that creating a portal will get your app rejected. Look at the app store submission guidelines, section 2.8 and (especially) 10.4. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/xcvista%40me.com This email sent to xcvi...@me.com ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
NSTask. Also you can use traditional UNIX fork/exec to execute the secondary binary. However the secondary must be a command-line binary not an application bundle. On Oct 14, 2013, at 12:06, Rufat A. Abdullayev rufa...@agbank.az wrote: Hello Chan and other guys, Thank you a lot for your answers. Yes I'm planning to create a portal (enterprise in the meaning that all our apps could be used/called from one app). Chan, your reply was interesting especially regarding - Also external binaries can be used - there is an App Store app called iSSH that carried its own signed version of PuTTY cross compiled for iOS. How they could call external binaries? I assume binaries are not visible on springboard (no any external app icons exists) Thanks, Ruf -Original Message- From: ChanMaxthon [mailto:xcvi...@me.com] Sent: Friday, October 11, 2013 10:41 PM To: Jens Alfke Cc: Rufat A. Abdullayev; Cocoa-dev Subject: Re: collection of applications Seem to me that you are considering making an enterprise single sign-on portal. Of course you can combine everything into a single app, but a more graceful solution can exist. Just to correct a misunderstanding, iOS dyld can load dynamic libraries if carried as part of the application bundle (and there is a hack that allows on-the-fly patching of the in-memory libdyld to load libraries downloaded from any arbitrary address, but that involves lots of black magic and Apple can reject it if found out.) Also external binaries can be used - there is an App Store app called iSSH that carried its own signed version of PuTTY cross compiled for iOS. As mentioned, you can launch other apps by URL schemes. This is also a method of inter-app communication as you can encode data into the URL string. You can design a family of apps that requires a SSO and a SSO portal. When a client app is launched directly it redirects the user to the SSO portal, telling the portal who called it. The portal then redirects the user back to the app with whatever information needed for the session to continue after authentication. It seem to me that Facebook used this scheme in the wild (that is, Facebook app is the SSO portal and apps using Facebook SDK is signing on using Facebook app itself.) Sent from my iPad On 2013年10月11日, at 12:31, Jens Alfke j...@mooseyard.com wrote: On Oct 10, 2013, at 8:44 PM, Rufat A. Abdullayev rufa...@agbank.az wrote: I also saw another approach they give a link to app store from application and downloaded other app from App Store separately but managed them from another app like a service ... It’s a pity that I could not get more details on implementation! Do you mean just launching another app programmatically? You can definitely do that; the typical way involves having the app register a custom URL scheme. But the other apps are just regular apps, not services or anything hidden. ?Jens ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/xcvista%40me.com This email sent to xcvi...@me.com ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
RE: collection of applications
Hi Quincey Thank you for noticing that. One say: 2.8 Apps that install or launch other executable code will be rejected Your app, again, can't mess with the system and install other apps. Enterprise apps can however do that with a dedicated special Apple certificate. And another: 10.4 Apps that create alternate desktop/home screen environments or simulate multi-app widget experiences will be rejected This one came at the release of the iPad. Apple doesn't want the iPad to be like a desktop computer. Regarding: http://appadvice.com/appnn/2010/09/apples-app-store-review-guidelines-annotated-explained So only enterprise apps could install apps, right? From: Quincey Morris [mailto:quinceymor...@rivergatesoftware.com] Sent: Monday, October 14, 2013 8:14 AM To: Rufat A. Abdullayev Cc: Cocoa-dev Subject: Re: collection of applications On Oct 13, 2013, at 21:06 , Rufat A. Abdullayev rufa...@agbank.azmailto:rufa...@agbank.az wrote: Yes I'm planning to create a portal (enterprise in the meaning that all our apps could be used/called from one app). I'm not sure how relevant this is, but it may be that creating a portal will get your app rejected. Look at the app store submission guidelines, section 2.8 and (especially) 10.4. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
RE: collection of applications
The problem is all our apps are with GUI So probably I will not be able to use NSTask in that case From: Maxthon Chan [mailto:xcvi...@me.com] Sent: Monday, October 14, 2013 8:23 AM To: Rufat A. Abdullayev Cc: Jens Alfke; Cocoa-dev Subject: Re: collection of applications NSTask. Also you can use traditional UNIX fork/exec to execute the secondary binary. However the secondary must be a command-line binary not an application bundle. On Oct 14, 2013, at 12:06, Rufat A. Abdullayev rufa...@agbank.azmailto:rufa...@agbank.az wrote: Hello Chan and other guys, Thank you a lot for your answers. Yes I'm planning to create a portal (enterprise in the meaning that all our apps could be used/called from one app). Chan, your reply was interesting especially regarding - Also external binaries can be used - there is an App Store app called iSSH that carried its own signed version of PuTTY cross compiled for iOS. How they could call external binaries? I assume binaries are not visible on springboard (no any external app icons exists) Thanks, Ruf -Original Message- From: ChanMaxthon [mailto:xcvi...@me.com] Sent: Friday, October 11, 2013 10:41 PM To: Jens Alfke Cc: Rufat A. Abdullayev; Cocoa-dev Subject: Re: collection of applications Seem to me that you are considering making an enterprise single sign-on portal. Of course you can combine everything into a single app, but a more graceful solution can exist. Just to correct a misunderstanding, iOS dyld can load dynamic libraries if carried as part of the application bundle (and there is a hack that allows on-the-fly patching of the in-memory libdyld to load libraries downloaded from any arbitrary address, but that involves lots of black magic and Apple can reject it if found out.) Also external binaries can be used - there is an App Store app called iSSH that carried its own signed version of PuTTY cross compiled for iOS. As mentioned, you can launch other apps by URL schemes. This is also a method of inter-app communication as you can encode data into the URL string. You can design a family of apps that requires a SSO and a SSO portal. When a client app is launched directly it redirects the user to the SSO portal, telling the portal who called it. The portal then redirects the user back to the app with whatever information needed for the session to continue after authentication. It seem to me that Facebook used this scheme in the wild (that is, Facebook app is the SSO portal and apps using Facebook SDK is signing on using Facebook app itself.) Sent from my iPad On 2013年10月11日, at 12:31, Jens Alfke j...@mooseyard.commailto:j...@mooseyard.com wrote: On Oct 10, 2013, at 8:44 PM, Rufat A. Abdullayev rufa...@agbank.azmailto:rufa...@agbank.az wrote: I also saw another approach they give a link to app store from application and downloaded other app from App Store separately but managed them from another app like a service ... It’s a pity that I could not get more details on implementation! Do you mean just launching another app programmatically? You can definitely do that; the typical way involves having the app register a custom URL scheme. But the other apps are just regular apps, not services or anything hidden. ?Jens ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.commailto:Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.comhttp://lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/xcvista%40me.com This email sent to xcvi...@me.commailto:xcvi...@me.com ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
You can use a model like this, with a SSO portal app and a bunch of apps that requires it: When the portal itself is casually brought up, terminate itself. (method call -[UIApplication _terminate], it is private but since your apps are in-house you are not bind to the rules) When an app that requires SSO is brought up, use a URL-based scheme to switchover to the portal for credentials, and switch back to proceed operations. On Oct 14, 2013, at 12:26, Rufat A. Abdullayev rufa...@agbank.az wrote: The problem is all our apps are with GUI So probably I will not be able to use NSTask in that case From: Maxthon Chan [mailto:xcvi...@me.com] Sent: Monday, October 14, 2013 8:23 AM To: Rufat A. Abdullayev Cc: Jens Alfke; Cocoa-dev Subject: Re: collection of applications NSTask. Also you can use traditional UNIX fork/exec to execute the secondary binary. However the secondary must be a command-line binary not an application bundle. On Oct 14, 2013, at 12:06, Rufat A. Abdullayev rufa...@agbank.az wrote: Hello Chan and other guys, Thank you a lot for your answers. Yes I'm planning to create a portal (enterprise in the meaning that all our apps could be used/called from one app). Chan, your reply was interesting especially regarding - Also external binaries can be used - there is an App Store app called iSSH that carried its own signed version of PuTTY cross compiled for iOS. How they could call external binaries? I assume binaries are not visible on springboard (no any external app icons exists) Thanks, Ruf -Original Message- From: ChanMaxthon [mailto:xcvi...@me.com] Sent: Friday, October 11, 2013 10:41 PM To: Jens Alfke Cc: Rufat A. Abdullayev; Cocoa-dev Subject: Re: collection of applications Seem to me that you are considering making an enterprise single sign-on portal. Of course you can combine everything into a single app, but a more graceful solution can exist. Just to correct a misunderstanding, iOS dyld can load dynamic libraries if carried as part of the application bundle (and there is a hack that allows on-the-fly patching of the in-memory libdyld to load libraries downloaded from any arbitrary address, but that involves lots of black magic and Apple can reject it if found out.) Also external binaries can be used - there is an App Store app called iSSH that carried its own signed version of PuTTY cross compiled for iOS. As mentioned, you can launch other apps by URL schemes. This is also a method of inter-app communication as you can encode data into the URL string. You can design a family of apps that requires a SSO and a SSO portal. When a client app is launched directly it redirects the user to the SSO portal, telling the portal who called it. The portal then redirects the user back to the app with whatever information needed for the session to continue after authentication. It seem to me that Facebook used this scheme in the wild (that is, Facebook app is the SSO portal and apps using Facebook SDK is signing on using Facebook app itself.) Sent from my iPad On 2013年10月11日, at 12:31, Jens Alfke j...@mooseyard.com wrote: On Oct 10, 2013, at 8:44 PM, Rufat A. Abdullayev rufa...@agbank.az wrote: I also saw another approach they give a link to app store from application and downloaded other app from App Store separately but managed them from another app like a service ... It’s a pity that I could not get more details on implementation! Do you mean just launching another app programmatically? You can definitely do that; the typical way involves having the app register a custom URL scheme. But the other apps are just regular apps, not services or anything hidden. ?Jens ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/xcvista%40me.com This email sent to xcvi...@me.com ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
Rule 2.8 disallow you execute code that is foreign to your application bundle but use of auxiliary executables are still allowed, in the example of iSSH app. On Oct 14, 2013, at 12:23, Rufat A. Abdullayev rufa...@agbank.az wrote: Hi Quincey Thank you for noticing that. One say: 2.8 Apps that install or launch other executable code will be rejected Your app, again, can't mess with the system and install other apps. Enterprise apps can however do that with a dedicated special Apple certificate. And another: 10.4 Apps that create alternate desktop/home screen environments or simulate multi-app widget experiences will be rejected This one came at the release of the iPad. Apple doesn't want the iPad to be like a desktop computer. Regarding: http://appadvice.com/appnn/2010/09/apples-app-store-review-guidelines-annotated-explained So only enterprise apps could install apps, right? From: Quincey Morris [mailto:quinceymor...@rivergatesoftware.com] Sent: Monday, October 14, 2013 8:14 AM To: Rufat A. Abdullayev Cc: Cocoa-dev Subject: Re: collection of applications On Oct 13, 2013, at 21:06 , Rufat A. Abdullayev rufa...@agbank.azmailto:rufa...@agbank.az wrote: Yes I'm planning to create a portal (enterprise in the meaning that all our apps could be used/called from one app). I'm not sure how relevant this is, but it may be that creating a portal will get your app rejected. Look at the app store submission guidelines, section 2.8 and (especially) 10.4. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/xcvista%40me.com This email sent to xcvi...@me.com ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
RE: collection of applications
Thanks Chan, Our top management also would like all other apps that will be called by that main app to be hidden from springboard… i.e. no app icons are visible on the desktop. I could only do it by converting other apps binaries to dynamic library and include that into main app bundle From: Maxthon Chan [mailto:xcvi...@me.com] Sent: Monday, October 14, 2013 8:30 AM To: Rufat A. Abdullayev Cc: Jens Alfke; Cocoa-dev Subject: Re: collection of applications You can use a model like this, with a SSO portal app and a bunch of apps that requires it: When the portal itself is casually brought up, terminate itself. (method call -[UIApplication _terminate], it is private but since your apps are in-house you are not bind to the rules) When an app that requires SSO is brought up, use a URL-based scheme to switchover to the portal for credentials, and switch back to proceed operations. On Oct 14, 2013, at 12:26, Rufat A. Abdullayev rufa...@agbank.azmailto:rufa...@agbank.az wrote: The problem is all our apps are with GUI So probably I will not be able to use NSTask in that case From: Maxthon Chan [mailto:xcvi...@me.com] Sent: Monday, October 14, 2013 8:23 AM To: Rufat A. Abdullayev Cc: Jens Alfke; Cocoa-dev Subject: Re: collection of applications NSTask. Also you can use traditional UNIX fork/exec to execute the secondary binary. However the secondary must be a command-line binary not an application bundle. On Oct 14, 2013, at 12:06, Rufat A. Abdullayev rufa...@agbank.azmailto:rufa...@agbank.az wrote: Hello Chan and other guys, Thank you a lot for your answers. Yes I'm planning to create a portal (enterprise in the meaning that all our apps could be used/called from one app). Chan, your reply was interesting especially regarding - Also external binaries can be used - there is an App Store app called iSSH that carried its own signed version of PuTTY cross compiled for iOS. How they could call external binaries? I assume binaries are not visible on springboard (no any external app icons exists) Thanks, Ruf -Original Message- From: ChanMaxthon [mailto:xcvi...@me.com] Sent: Friday, October 11, 2013 10:41 PM To: Jens Alfke Cc: Rufat A. Abdullayev; Cocoa-dev Subject: Re: collection of applications Seem to me that you are considering making an enterprise single sign-on portal. Of course you can combine everything into a single app, but a more graceful solution can exist. Just to correct a misunderstanding, iOS dyld can load dynamic libraries if carried as part of the application bundle (and there is a hack that allows on-the-fly patching of the in-memory libdyld to load libraries downloaded from any arbitrary address, but that involves lots of black magic and Apple can reject it if found out.) Also external binaries can be used - there is an App Store app called iSSH that carried its own signed version of PuTTY cross compiled for iOS. As mentioned, you can launch other apps by URL schemes. This is also a method of inter-app communication as you can encode data into the URL string. You can design a family of apps that requires a SSO and a SSO portal. When a client app is launched directly it redirects the user to the SSO portal, telling the portal who called it. The portal then redirects the user back to the app with whatever information needed for the session to continue after authentication. It seem to me that Facebook used this scheme in the wild (that is, Facebook app is the SSO portal and apps using Facebook SDK is signing on using Facebook app itself.) Sent from my iPad On 2013年10月11日, at 12:31, Jens Alfke j...@mooseyard.commailto:j...@mooseyard.com wrote: On Oct 10, 2013, at 8:44 PM, Rufat A. Abdullayev rufa...@agbank.azmailto:rufa...@agbank.az wrote: I also saw another approach they give a link to app store from application and downloaded other app from App Store separately but managed them from another app like a service ... It’s a pity that I could not get more details on implementation! Do you mean just launching another app programmatically? You can definitely do that; the typical way involves having the app register a custom URL scheme. But the other apps are just regular apps, not services or anything hidden. ?Jens ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.commailto:Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.comhttp://lists.apple.com/ Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/xcvista%40me.com This email sent to xcvi...@me.commailto:xcvi...@me.com ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your
RE: collection of applications
That's interesting! How could I call auxiliary executables ? Are they visible on springboard? I need to dig more into that From: Maxthon Chan [mailto:xcvi...@me.com] Sent: Monday, October 14, 2013 8:35 AM To: Rufat A. Abdullayev Cc: Quincey Morris; Cocoa-dev Subject: Re: collection of applications Rule 2.8 disallow you execute code that is foreign to your application bundle but use of auxiliary executables are still allowed, in the example of iSSH app. On Oct 14, 2013, at 12:23, Rufat A. Abdullayev rufa...@agbank.azmailto:rufa...@agbank.az wrote: Hi Quincey Thank you for noticing that. One say: 2.8 Apps that install or launch other executable code will be rejected Your app, again, can't mess with the system and install other apps. Enterprise apps can however do that with a dedicated special Apple certificate. And another: 10.4 Apps that create alternate desktop/home screen environments or simulate multi-app widget experiences will be rejected This one came at the release of the iPad. Apple doesn't want the iPad to be like a desktop computer. Regarding: http://appadvice.com/appnn/2010/09/apples-app-store-review-guidelines-annotated-explained So only enterprise apps could install apps, right? From: Quincey Morris [mailto:quinceymor...@rivergatesoftware.com] Sent: Monday, October 14, 2013 8:14 AM To: Rufat A. Abdullayev Cc: Cocoa-dev Subject: Re: collection of applications On Oct 13, 2013, at 21:06 , Rufat A. Abdullayev rufa...@agbank.azmailto:rufa...@agbank.azmailto:rufa...@agbank.az wrote: Yes I'm planning to create a portal (enterprise in the meaning that all our apps could be used/called from one app). I'm not sure how relevant this is, but it may be that creating a portal will get your app rejected. Look at the app store submission guidelines, section 2.8 and (especially) 10.4. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.commailto:Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.comhttp://lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/xcvista%40me.com This email sent to xcvi...@me.commailto:xcvi...@me.com ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
That is NOT visible on Springboard and they have to be command-line executables. So not much use actually. On Oct 14, 2013, at 12:39, Rufat A. Abdullayev rufa...@agbank.az wrote: That’s interesting! How could I call “auxiliary executables” ? Are they visible on springboard? I need to dig more into that From: Maxthon Chan [mailto:xcvi...@me.com] Sent: Monday, October 14, 2013 8:35 AM To: Rufat A. Abdullayev Cc: Quincey Morris; Cocoa-dev Subject: Re: collection of applications Rule 2.8 disallow you execute code that is foreign to your application bundle but use of auxiliary executables are still allowed, in the example of iSSH app. On Oct 14, 2013, at 12:23, Rufat A. Abdullayev rufa...@agbank.az wrote: Hi Quincey Thank you for noticing that. One say: 2.8 Apps that install or launch other executable code will be rejected Your app, again, can't mess with the system and install other apps. Enterprise apps can however do that with a dedicated special Apple certificate. And another: 10.4 Apps that create alternate desktop/home screen environments or simulate multi-app widget experiences will be rejected This one came at the release of the iPad. Apple doesn't want the iPad to be like a desktop computer. Regarding: http://appadvice.com/appnn/2010/09/apples-app-store-review-guidelines-annotated-explained So only enterprise apps could install apps, right? From: Quincey Morris [mailto:quinceymor...@rivergatesoftware.com] Sent: Monday, October 14, 2013 8:14 AM To: Rufat A. Abdullayev Cc: Cocoa-dev Subject: Re: collection of applications On Oct 13, 2013, at 21:06 , Rufat A. Abdullayev rufa...@agbank.azmailto:rufa...@agbank.az wrote: Yes I'm planning to create a portal (enterprise in the meaning that all our apps could be used/called from one app). I'm not sure how relevant this is, but it may be that creating a portal will get your app rejected. Look at the app store submission guidelines, section 2.8 and (especially) 10.4. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/xcvista%40me.com This email sent to xcvi...@me.com ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
RE: collection of applications
Yeah really! What a pity :( So only URL scheme or included libraries From: Maxthon Chan [mailto:xcvi...@me.com] Sent: Monday, October 14, 2013 8:41 AM To: Rufat A. Abdullayev Cc: Quincey Morris; Cocoa-dev Subject: Re: collection of applications That is NOT visible on Springboard and they have to be command-line executables. So not much use actually. On Oct 14, 2013, at 12:39, Rufat A. Abdullayev rufa...@agbank.azmailto:rufa...@agbank.az wrote: That's interesting! How could I call auxiliary executables ? Are they visible on springboard? I need to dig more into that From: Maxthon Chan [mailto:xcvi...@me.com] Sent: Monday, October 14, 2013 8:35 AM To: Rufat A. Abdullayev Cc: Quincey Morris; Cocoa-dev Subject: Re: collection of applications Rule 2.8 disallow you execute code that is foreign to your application bundle but use of auxiliary executables are still allowed, in the example of iSSH app. On Oct 14, 2013, at 12:23, Rufat A. Abdullayev rufa...@agbank.azmailto:rufa...@agbank.az wrote: Hi Quincey Thank you for noticing that. One say: 2.8 Apps that install or launch other executable code will be rejected Your app, again, can't mess with the system and install other apps. Enterprise apps can however do that with a dedicated special Apple certificate. And another: 10.4 Apps that create alternate desktop/home screen environments or simulate multi-app widget experiences will be rejected This one came at the release of the iPad. Apple doesn't want the iPad to be like a desktop computer. Regarding: http://appadvice.com/appnn/2010/09/apples-app-store-review-guidelines-annotated-explained So only enterprise apps could install apps, right? From: Quincey Morris [mailto:quinceymor...@rivergatesoftware.com] Sent: Monday, October 14, 2013 8:14 AM To: Rufat A. Abdullayev Cc: Cocoa-dev Subject: Re: collection of applications On Oct 13, 2013, at 21:06 , Rufat A. Abdullayev rufa...@agbank.azmailto:rufa...@agbank.azmailto:rufa...@agbank.az wrote: Yes I'm planning to create a portal (enterprise in the meaning that all our apps could be used/called from one app). I'm not sure how relevant this is, but it may be that creating a portal will get your app rejected. Look at the app store submission guidelines, section 2.8 and (especially) 10.4. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.commailto:Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.comhttp://lists.apple.com/ Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/xcvista%40me.com This email sent to xcvi...@me.commailto:xcvi...@me.com ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
URL schemes or just bake in. On Oct 14, 2013, at 12:45, Rufat A. Abdullayev rufa...@agbank.az wrote: Yeah really! What a pity L So only URL scheme or included libraries From: Maxthon Chan [mailto:xcvi...@me.com] Sent: Monday, October 14, 2013 8:41 AM To: Rufat A. Abdullayev Cc: Quincey Morris; Cocoa-dev Subject: Re: collection of applications That is NOT visible on Springboard and they have to be command-line executables. So not much use actually. On Oct 14, 2013, at 12:39, Rufat A. Abdullayev rufa...@agbank.az wrote: That’s interesting! How could I call “auxiliary executables” ? Are they visible on springboard? I need to dig more into that From: Maxthon Chan [mailto:xcvi...@me.com] Sent: Monday, October 14, 2013 8:35 AM To: Rufat A. Abdullayev Cc: Quincey Morris; Cocoa-dev Subject: Re: collection of applications Rule 2.8 disallow you execute code that is foreign to your application bundle but use of auxiliary executables are still allowed, in the example of iSSH app. On Oct 14, 2013, at 12:23, Rufat A. Abdullayev rufa...@agbank.az wrote: Hi Quincey Thank you for noticing that. One say: 2.8 Apps that install or launch other executable code will be rejected Your app, again, can't mess with the system and install other apps. Enterprise apps can however do that with a dedicated special Apple certificate. And another: 10.4 Apps that create alternate desktop/home screen environments or simulate multi-app widget experiences will be rejected This one came at the release of the iPad. Apple doesn't want the iPad to be like a desktop computer. Regarding: http://appadvice.com/appnn/2010/09/apples-app-store-review-guidelines-annotated-explained So only enterprise apps could install apps, right? From: Quincey Morris [mailto:quinceymor...@rivergatesoftware.com] Sent: Monday, October 14, 2013 8:14 AM To: Rufat A. Abdullayev Cc: Cocoa-dev Subject: Re: collection of applications On Oct 13, 2013, at 21:06 , Rufat A. Abdullayev rufa...@agbank.azmailto:rufa...@agbank.az wrote: Yes I'm planning to create a portal (enterprise in the meaning that all our apps could be used/called from one app). I'm not sure how relevant this is, but it may be that creating a portal will get your app rejected. Look at the app store submission guidelines, section 2.8 and (especially) 10.4. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/xcvista%40me.com This email sent to xcvi...@me.com ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
Maybe you have to tell your management that it is technically infeasible to do so in iOS without jailbreaking. Either you bake them all in/use separate SpringBoard icons or the dynamic libraries will not be loaded in vanilla iOS device without black magic. On Oct 14, 2013, at 12:37, Rufat A. Abdullayev rufa...@agbank.az wrote: Thanks Chan, Our top management also would like all other apps that will be called by that main app to be hidden from springboard… i.e. no app icons are visible on the desktop. I could only do it by converting other apps binaries to dynamic library and include that into main app bundle From: Maxthon Chan [mailto:xcvi...@me.com] Sent: Monday, October 14, 2013 8:30 AM To: Rufat A. Abdullayev Cc: Jens Alfke; Cocoa-dev Subject: Re: collection of applications You can use a model like this, with a SSO portal app and a bunch of apps that requires it: When the portal itself is casually brought up, terminate itself. (method call -[UIApplication _terminate], it is private but since your apps are in-house you are not bind to the rules) When an app that requires SSO is brought up, use a URL-based scheme to switchover to the portal for credentials, and switch back to proceed operations. On Oct 14, 2013, at 12:26, Rufat A. Abdullayev rufa...@agbank.az wrote: The problem is all our apps are with GUI So probably I will not be able to use NSTask in that case From: Maxthon Chan [mailto:xcvi...@me.com] Sent: Monday, October 14, 2013 8:23 AM To: Rufat A. Abdullayev Cc: Jens Alfke; Cocoa-dev Subject: Re: collection of applications NSTask. Also you can use traditional UNIX fork/exec to execute the secondary binary. However the secondary must be a command-line binary not an application bundle. On Oct 14, 2013, at 12:06, Rufat A. Abdullayev rufa...@agbank.az wrote: Hello Chan and other guys, Thank you a lot for your answers. Yes I'm planning to create a portal (enterprise in the meaning that all our apps could be used/called from one app). Chan, your reply was interesting especially regarding - Also external binaries can be used - there is an App Store app called iSSH that carried its own signed version of PuTTY cross compiled for iOS. How they could call external binaries? I assume binaries are not visible on springboard (no any external app icons exists) Thanks, Ruf -Original Message- From: ChanMaxthon [mailto:xcvi...@me.com] Sent: Friday, October 11, 2013 10:41 PM To: Jens Alfke Cc: Rufat A. Abdullayev; Cocoa-dev Subject: Re: collection of applications Seem to me that you are considering making an enterprise single sign-on portal. Of course you can combine everything into a single app, but a more graceful solution can exist. Just to correct a misunderstanding, iOS dyld can load dynamic libraries if carried as part of the application bundle (and there is a hack that allows on-the-fly patching of the in-memory libdyld to load libraries downloaded from any arbitrary address, but that involves lots of black magic and Apple can reject it if found out.) Also external binaries can be used - there is an App Store app called iSSH that carried its own signed version of PuTTY cross compiled for iOS. As mentioned, you can launch other apps by URL schemes. This is also a method of inter-app communication as you can encode data into the URL string. You can design a family of apps that requires a SSO and a SSO portal. When a client app is launched directly it redirects the user to the SSO portal, telling the portal who called it. The portal then redirects the user back to the app with whatever information needed for the session to continue after authentication. It seem to me that Facebook used this scheme in the wild (that is, Facebook app is the SSO portal and apps using Facebook SDK is signing on using Facebook app itself.) Sent from my iPad On 2013年10月11日, at 12:31, Jens Alfke j...@mooseyard.com wrote: On Oct 10, 2013, at 8:44 PM, Rufat A. Abdullayev rufa...@agbank.az wrote: I also saw another approach they give a link to app store from application and downloaded other app from App Store separately but managed them from another app like a service ... It’s a pity that I could not get more details on implementation! Do you mean just launching another app programmatically? You can definitely do that; the typical way involves having the app register a custom URL scheme. But the other apps are just regular apps, not services or anything hidden. ?Jens ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/xcvista
RE: collection of applications
Thank you a lot, guys! I highly appreciate your help! Cheers, Ruf From: Maxthon Chan [mailto:xcvi...@me.com] Sent: Monday, October 14, 2013 8:46 AM To: Rufat A. Abdullayev Cc: Quincey Morris; Cocoa-dev Subject: Re: collection of applications URL schemes or just bake in. On Oct 14, 2013, at 12:45, Rufat A. Abdullayev rufa...@agbank.azmailto:rufa...@agbank.az wrote: Yeah really! What a pity :( So only URL scheme or included libraries From: Maxthon Chan [mailto:xcvi...@me.com] Sent: Monday, October 14, 2013 8:41 AM To: Rufat A. Abdullayev Cc: Quincey Morris; Cocoa-dev Subject: Re: collection of applications That is NOT visible on Springboard and they have to be command-line executables. So not much use actually. On Oct 14, 2013, at 12:39, Rufat A. Abdullayev rufa...@agbank.azmailto:rufa...@agbank.az wrote: That's interesting! How could I call auxiliary executables ? Are they visible on springboard? I need to dig more into that From: Maxthon Chan [mailto:xcvi...@me.com] Sent: Monday, October 14, 2013 8:35 AM To: Rufat A. Abdullayev Cc: Quincey Morris; Cocoa-dev Subject: Re: collection of applications Rule 2.8 disallow you execute code that is foreign to your application bundle but use of auxiliary executables are still allowed, in the example of iSSH app. On Oct 14, 2013, at 12:23, Rufat A. Abdullayev rufa...@agbank.azmailto:rufa...@agbank.az wrote: Hi Quincey Thank you for noticing that. One say: 2.8 Apps that install or launch other executable code will be rejected Your app, again, can't mess with the system and install other apps. Enterprise apps can however do that with a dedicated special Apple certificate. And another: 10.4 Apps that create alternate desktop/home screen environments or simulate multi-app widget experiences will be rejected This one came at the release of the iPad. Apple doesn't want the iPad to be like a desktop computer. Regarding: http://appadvice.com/appnn/2010/09/apples-app-store-review-guidelines-annotated-explained So only enterprise apps could install apps, right? From: Quincey Morris [mailto:quinceymor...@rivergatesoftware.com] Sent: Monday, October 14, 2013 8:14 AM To: Rufat A. Abdullayev Cc: Cocoa-dev Subject: Re: collection of applications On Oct 13, 2013, at 21:06 , Rufat A. Abdullayev rufa...@agbank.azmailto:rufa...@agbank.azmailto:rufa...@agbank.az wrote: Yes I'm planning to create a portal (enterprise in the meaning that all our apps could be used/called from one app). I'm not sure how relevant this is, but it may be that creating a portal will get your app rejected. Look at the app store submission guidelines, section 2.8 and (especially) 10.4. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.commailto:Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.comhttp://lists.apple.com/ Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/xcvista%40me.com This email sent to xcvi...@me.commailto:xcvi...@me.com ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
What I mean is that technically you can do it without jailbreak, but that would involve black magic (that is, abuse the app sandbox to create one single rwx mapping which is required for JIT hence allowed under limitation on iOS) and run the risk of being rejected by Apple. I know some security expert released a method of loading signed dynamic library from outside the application bundle (in his case, downloaded from some server) on vanilla iOS (vanilla in contrast to a jailbroken system) and from my personal experience a dynamic-linked OpenSSL worked on my test environment. This is taking the thread off topic so I think this is it. On Oct 12, 2013, at 11:22, Jens Alfke j...@mooseyard.com wrote: On Oct 11, 2013, at 7:57 PM, Maxthon Chan xcvi...@me.com wrote: This is not new - it existed since iPhone OS 1.0. However by saying “can load dynamic libraries” does not mean you can actually use it in production code. Apple does not allow any dynamic libraries exist in App Store packages (“Nobody but Apple can put dynamic libraries onto iOS device) so the dynamic library support is pretty much restricted to jailbreak community. Oh. I wouldn’t count this as something that iOS can do, then, not in any realistic sense. And discussion of jailbroken features is not allowed on this list anyway. —Jens ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
Seem to me that you are considering making an enterprise single sign-on portal. Of course you can combine everything into a single app, but a more graceful solution can exist. Just to correct a misunderstanding, iOS dyld can load dynamic libraries if carried as part of the application bundle (and there is a hack that allows on-the-fly patching of the in-memory libdyld to load libraries downloaded from any arbitrary address, but that involves lots of black magic and Apple can reject it if found out.) Also external binaries can be used - there is an App Store app called iSSH that carried its own signed version of PuTTY cross compiled for iOS. As mentioned, you can launch other apps by URL schemes. This is also a method of inter-app communication as you can encode data into the URL string. You can design a family of apps that requires a SSO and a SSO portal. When a client app is launched directly it redirects the user to the SSO portal, telling the portal who called it. The portal then redirects the user back to the app with whatever information needed for the session to continue after authentication. It seem to me that Facebook used this scheme in the wild (that is, Facebook app is the SSO portal and apps using Facebook SDK is signing on using Facebook app itself.) Sent from my iPad On 2013年10月11日, at 12:31, Jens Alfke j...@mooseyard.com wrote: On Oct 10, 2013, at 8:44 PM, Rufat A. Abdullayev rufa...@agbank.az wrote: I also saw another approach they give a link to app store from application and downloaded other app from App Store separately but managed them from another app like a service ... It’s a pity that I could not get more details on implementation! Do you mean just launching another app programmatically? You can definitely do that; the typical way involves having the app register a custom URL scheme. But the other apps are just regular apps, not services or anything hidden. ―Jens ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/xcvista%40me.com This email sent to xcvi...@me.com ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
On Oct 11, 2013, at 11:40 AM, ChanMaxthon xcvi...@me.com wrote: Just to correct a misunderstanding, iOS dyld can load dynamic libraries if carried as part of the application bundle Oh? Is this a new thing? In a past project I worked on (in 2011) we had to go to a fair bit of trouble to work around this restriction, so I know it used to exist. So does this mean I can package my iOS library as a real dynamic framework the way I can on Mac OS? —Jens ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
This is not new - it existed since iPhone OS 1.0. However by saying “can load dynamic libraries” does not mean you can actually use it in production code. Apple does not allow any dynamic libraries exist in App Store packages (“Nobody but Apple can put dynamic libraries onto iOS device) so the dynamic library support is pretty much restricted to jailbreak community. Multiple jailbreaks and jailbreak packages used this ability. On Oct 12, 2013, at 7:18, Jens Alfke j...@mooseyard.com wrote: On Oct 11, 2013, at 11:40 AM, ChanMaxthon xcvi...@me.com wrote: Just to correct a misunderstanding, iOS dyld can load dynamic libraries if carried as part of the application bundle Oh? Is this a new thing? In a past project I worked on (in 2011) we had to go to a fair bit of trouble to work around this restriction, so I know it used to exist. So does this mean I can package my iOS library as a real dynamic framework the way I can on Mac OS? —Jens ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
On Oct 11, 2013, at 7:57 PM, Maxthon Chan xcvi...@me.com wrote: This is not new - it existed since iPhone OS 1.0. However by saying “can load dynamic libraries” does not mean you can actually use it in production code. Apple does not allow any dynamic libraries exist in App Store packages (“Nobody but Apple can put dynamic libraries onto iOS device) so the dynamic library support is pretty much restricted to jailbreak community. Oh. I wouldn’t count this as something that iOS can do, then, not in any realistic sense. And discussion of jailbroken features is not allowed on this list anyway. —Jens ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
On Oct 10, 2013, at 3:42 AM, Rufat A. Abdullayev rufa...@agbank.az wrote: One approach is to include apps in another app as a static library. Pls kindly share ideas about any other approaches? I don’t think there are any other approaches: * You can’t hide applications from the Springboard. All apps are visible. * You can’t bundle the apps’ binaries inside your main app and start them up, because 3rd party apps can’t launch processes. * You can’t bundle the apps as dynamic libraries and load them in your process, because 3rd party apps can’t contain their own dynamic libraries.* —Jens * Does anyone know the reason for this limitation? It seems arbitrary. I can understand why you can’t spawn processes (it prevents fork-bombs and similar attacks) but what damage can be caused by a bundled dylib? Sure, you can change your build process to make the dylib static, but I’ve had trouble with complex 3rd party code [i.e. the Erlang interpreter/runtime] that has a heavy dependency on dynamic library loading. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
On 10 Oct 2013, at 11:12 AM, Jens Alfke j...@mooseyard.com wrote: Does anyone know the reason for this limitation? It seems arbitrary. I can understand why you can’t spawn processes (it prevents fork-bombs and similar attacks) but what damage can be caused by a bundled dylib? Sure, you can change your build process to make the dylib static, but I’ve had trouble with complex 3rd party code [i.e. the Erlang interpreter/runtime] that has a heavy dependency on dynamic library loading. I can only speculate, but: If you can call out to a dynamic library, wouldn't that make it possible to download a library and execute unapproved code? Apple's not happy with downloadable executables other than JavaScript in the WebKit sandbox. I don't know enough about HFS+ and dyld on iOS to know if it's possible to stop that. — F ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
On Oct 10, 2013, at 9:38 AM, Fritz Anderson fri...@manoverboard.org wrote: I can only speculate, but: If you can call out to a dynamic library, wouldn't that make it possible to download a library and execute unapproved code? Apple's not happy with downloadable executables other than JavaScript in the WebKit sandbox. Good point, but that’s avoidable by restricting dyld to only paths within the app’s bundle, which is immutable. (I don’t know for certain, but this seems like something the sandbox can enforce.) —Jens ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
RE: collection of applications
I also saw another approach they give a link to app store from application and downloaded other app from App Store separately but managed them from another app like a service ... It’s a pity that I could not get more details on implementation! And I would like to learn out how it could be possible -Original Message- From: cocoa-dev-bounces+rufataa=agbank...@lists.apple.com [mailto:cocoa-dev-bounces+rufataa=agbank...@lists.apple.com] On Behalf Of Fritz Anderson Sent: Thursday, October 10, 2013 8:39 PM To: Jens Alfke Cc: Cocoa-dev Subject: Re: collection of applications On 10 Oct 2013, at 11:12 AM, Jens Alfke j...@mooseyard.com wrote: Does anyone know the reason for this limitation? It seems arbitrary. I can understand why you can’t spawn processes (it prevents fork-bombs and similar attacks) but what damage can be caused by a bundled dylib? Sure, you can change your build process to make the dylib static, but I’ve had trouble with complex 3rd party code [i.e. the Erlang interpreter/runtime] that has a heavy dependency on dynamic library loading. I can only speculate, but: If you can call out to a dynamic library, wouldn't that make it possible to download a library and execute unapproved code? Apple's not happy with downloadable executables other than JavaScript in the WebKit sandbox. I don't know enough about HFS+ and dyld on iOS to know if it's possible to stop that. — F ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/rufataa%40agbank.az This email sent to rufa...@agbank.az ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: collection of applications
On Oct 10, 2013, at 8:44 PM, Rufat A. Abdullayev rufa...@agbank.az wrote: I also saw another approach they give a link to app store from application and downloaded other app from App Store separately but managed them from another app like a service ... It’s a pity that I could not get more details on implementation! Do you mean just launching another app programmatically? You can definitely do that; the typical way involves having the app register a custom URL scheme. But the other apps are just regular apps, not services or anything hidden. —Jens ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com