[mwcampbell]

I notice that no off-the-shelf web view wrappers (e.g. PhoneGap/Cordova) or non-web-view JavaScript frameworks (Titanium, NativeScript) are in this list. Would Xamarin, RoboVM, or RubyMotion be detectable with this method? Or can we safely assume that all of the top 100 apps are native ObjC or Swift?

[NateLawson]

The approach Ryan used was to look at ObjC classes, but you're right that many SDKs and tools don't show up there.

We actually scan millions of apps from the app stores. Here's a public view of the top 500 in US, and if you choose the cross-platform category, you can see apps like this. For example, "Pac-Man 256" is rank 28 (Unity), Amazon is rank 30 (Cordova), etc.

https://sourcedna.com/stats/

It's actually very difficult to accurately match code written in so many different languages as compilers discard a lot of the info you need. I spent a lot of time researching and evaluating different ways to fingerprint libraries, as well as reconstruct the boundaries of internal modules when there weren't any symbols.

We match code by using a similarity search across all components we've ever seen. Since code written in C can be compiled to x86 or ARM, we disassemble the code into an intermediate language. Then we reconstruct control-flow graphs, data dependencies, and other platform-independent features. We index these in a custom search engine, which allows quick lookup and matching.

It's very difficult, but ultimately a really fun problem to solve. Most of our engineers got started with exactly the exercise Ryan did here. :-)

[eljimmy]

I would expect that if an app is popular enough to be in the top 100 then it most likely has the bankroll to pay for native devs.

I can't imagine ever seeing a non-native app in the top 100 with the exception of maybe ReactNative-based apps which is a bit of a grey area since it compiles into native.

[NateLawson]

There are many non-native apps in the top 100. Cordova is popular for business apps (Amazon and Walgreens both use it, for example). Unity (C#) is extremely popular for games because they built an awesome dev environment and it compiles to native, thanks to Mono's translation layer.

I agree that React Native is great, and you will be seeing a lot more apps using it, especially as their Android version comes out.

[dionidium]

I work on an SDK that's used by a lot of companies you've heard of. My experience is that a significant minority of them are using Xamarin/Cordova/Appcelerator and that we're asked if we support them more often now than we were a year ago. (Anecdotal, obviously.)

[eljimmy]

Do you have some examples? Not doubting you, I'd genuinely like to take a look at them.

[NateLawson]

Sure, just look at our public view of the data. It's limited to the top 500 free apps in the US. Choose category "cross-platform" and then compare iOS vs. Android. List of apps and the SDKs in each is at the bottom.

https://sourcedna.com/stats

[bjacobel]

There are many reasons a business might choose to develop a web-wrapped iOS application besides not having the "bankroll to pay for native devs."

[mwcampbell]

React Native apps aren't compiled ahead-of-time to native code; they use JavaScriptCore on both iOS and Android. Should be very easy to detect.

[akiselev]

I don't see why Xamarin wouldn't be detectable but I don't think it would appear as a separate library. Due to the impedance mismatch between C# and ObjC, Xamarin has to generate proxies and wrappers as well as deal with some abstraction leaks.

However, iOS (afaik) doesn't quite have shared libraries like you would have on a Linux server and there's no point in creating a separate ObjC library that would add bloat to each Xamarin binary because the C#-to-ObjC transpiler can selectively generate the wrappers/proxies during compilation. Xamarin might not even use a code generator to do that because you can just include all the ObjC code with the transpiler and copy-paste include them into the project at will.

[NateLawson]

Xamarin on iOS works in a similar way to Unity. They both use the Mono AOT compiler (ahead of time translation) to convert C# to native ARM code. It's not a JIT environment, like on Android. Miguel de Icaza is one of the founders of Xamarin and the Mono OSS project.

However, Mono isn't composed of ObjC classes so it's harder to detect just by looking at that list like the author did here. Xamarin does have a few ObjC components (such as XamarinNSThreadObject) since it adds a support library to the environment.

We actually match the structure of the code (control flow subgraphs), as well as other items like data references, so we get a more accurate view than you do just looking at class names.

You're right that each native or ObjC library you use with Xamarin has a plugin that exports a C# interface. It will be interesting to see how this evolves and if Xamarin will come up with a way of auto-generating these interfaces better.

[ivm]

Unity is not using Mono AOT anymore:

http://blogs.unity3d.com/2015/05/06/an-introduction-to-ilcpp...