[waiwai933]

Even if Apple were to defeat the geofencing trick, it's trivial to hide behavior:

1. Make an API call to your server with the build number of the app.

2. Have that API response control whether the "secret" features are available.

3. Only enable each build's secret features once it's passed review.

4. Profit?

No dynamic/interpreted code required.

And there are sufficient variations on this that I would guess it's reducible to the halting problem and thus undecidable.

[can16358p]

Yup. At the end of the day these logic-bomb-esque mechanisms are unpreventable and just a cat-and-mouse problem.

There should be a way to battle this outside technical measures, like a crowdsourced group of real distributed humans testing apps for anything malicious.

[UncleMeat]

They are not unpreventable.

You can detect both the triggered behavior and "hey this looks like a logic bomb" with static analysis. Yes, you'll never trigger this with some dynamic analysis of the app. But "hey, some code that does things associated with malicious or otherwise bad behavior is guarded behind branches that check for specific responses from the app developer's server" is often enough to raise your eyebrows at something.

[ethbr1]

The static analysis should trigger "Explain why you're doing this" as a criteria for approval.

But that would probably require some actual human code review, which costs $$s.

Apple could offload that to the developer in the form of review surcharges.

[Retric]

No need for human review, they can just reject anything suspicious.

[ethbr1]

I feel like "not suspicious" would eventually become an impossible bar.

You'd find a code pattern that was being used, and declare it suspicious.

Rinse and repeat, as people are still going to try getting around the rules.

Eventually you're left with some weird subset of a subset of a language that's legal to write iOS apps in.

[Retric]

In this case suspicious code is anything that achieves a fairly narrow subset of possible outcomes so I doubt it would come up much.

It’s a common fallacy to assume infinite worlds result in every possible world but 1, 10, 100, … is an infinite series but is only covering ~0% of possibilities.

[UncleMeat]

Okay, but this is now a policy and procedure choice. The original claims were that these are undetectable.

[paulryanrogers]

This cannot as easily catch targeted attacks, which only send the malicious payload to certain people or niche groups.

[can16358p]

Definitely can't.

Though that's another story, targeted attacks will always find a way to slip through.

This method can protect the general public a bit more compared to the current "screening".

[ChrisMarshallNY]

> a crowdsourced group of real distributed humans testing apps for anything malicious

I guarantee they would get sued/attacked into oblivion, within a year or two. Look at what happens to Krebs. He gets SWATted, all the time.

They would need some good backing, and have to be subject to fairly stringent controls, themselves.

[saagarjha]

Sued by whom?

[ChrisMarshallNY]

If they have false positives, or even real positives on outfits with lawyers on speed-dial.

You see that stuff all the time, with even officially-sanctioned enforcement agencies. Amateurs won't have a chance.

[Version467]

Yeah. It's really really hard to prevent actors from coming up with clever ways to circumvent the automatic checks. But that just means that apple needs to play the cat-and-mouse game. That's what they always say their cut is for, no?

[layer8]

1–3 could be replaced by having the app check its own app store listing.

More generally, any update check (is there a newer version available?) can double as a “is this version still in app review?” check.

[gwright]

One of the reasons that Apple does a bit of due diligence during the onboarding of a developer and establishing a developer agreement is to ensure they can reliably take legal action against developers that abuse the system.

The possibility of being banned from the Apple App Store ecosystem and/or legal reprisals is one way to deter unwanted behavior that can't be blocked through technical means.

[fennecbutt]

So due diligence is what their supposedly expensive to run online services to justify app store taking a huge cut is actually called then, huh.

[toddmorey]

I think AI is close to the point where synthetic users will be indistinguishable from real ones. To mitigate the techniques above and elsewhere in this thread, I think Apple will quickly move towards making the review process both highly automated and continuous.

It really means we need to lean into what ecosystem and government pressure we can apply to ensure the terms are sensible and fair because it will become nearly impossible to hack around them. (I do think many of these hacks are clever, I just don't think they will be enduring.)

[grahamjameson]

I find your comment overly optimistic. Review processes are already highly automated and effective, but even as they advance there will always (short of AGI) be (1) effective tricks to mask behavior from analysis and (2) a need for a human in the loop to verify findings.

I do agree that we need to continue to apply pressure to tear down walls around the garden as a means of protecting code as speech, including the ability to distribute and run it on our devices without burden.