[lloeki]

> We are contacting Apple in order to get further clarification on why Rollout doesn't fall under the clause that lets developers push JS to live apps as long as it does not modify the original features and functionality of the app.

As a security-conscious user, live patching is awful. Nothing guarantees me that the benign app I've been granting various permissions to doesn't get altered by a fourth party adversary through coercion or hacking and gets wiretapped by a malicious dynamic payload.

[Nexxxeh]

Nothing guarantees that. There have been RCE exploits on iOS.

One could argue that live patching allowed companies to fix or mitigate security problems faster than Apples (awful) app store policy (and timescale) would otherwise allow.

[nothrabannosir]

Nothing guarantees nothing. Life is ephemeral and we're all going to die.

Yet, we can say that code review by a third party is better for trust of that code, than no code review by a third party.

"Nothing guarantees" may have been strong. but "the set of attack vectors and their relative efficacy increases " doesn't roll off the tongue quite as nicely.

[jclardy]

Replace "code review" with automated static analysis and a 5 minute run through of the app and you are spot on.

[test1235]

> we're all going to die

That's guaranteed, at least ...

[glenneroo]

Unless "The Singularity" (and subsequent mind-uploading) actually pans out.

[misnome]

That only delays the inevitable.

[Ajedi32]

[Till the sun runs down][1]

[1]: http://multivax.com/last_question.html

[ballenf]

A large number of apps will become abandoned apps at some point. And if one of those relies on code from a third party that has now turned malicious?

Your argument does sound good, but it's a double-edged sword.