Closed muellerberndt closed 7 years ago
anantshri
commented
7 years ago I agree apple might not be interested in this if its an apple employee but someone already submitting to apple who tried somethings like these got rejected but without those got selected might be a good candidate to write those sections.
but i agree difference in requirement might be a way to go.
sushi2k
commented
7 years ago Agree, there should be a differentiation between Android and iOS.
I don't think we will get any information from Apple about this (even if we contact some Apple staff directly that we know). The submission process to the Apple Store is a black box and also totally random and I don't think Apple will change this. Think about Stefan Essers "SysSecInfo" app, that got rejected because it shows a process list and shows if your device is jailbroken/affected by malware. For other Apps it's ok using it, if the company that was publishing it is big enough but not for Stefan Esser. Therefore this process doesn't seem to be deterministic. I think this can only be a try and error game by sharing experience from App developers that got the experience and this should also be clearly mentioned at the beginning of the chapter, that these protection mechanisms might lead to a rejection of the App (at least for iOS, don't know about the play store).
muellerberndt
commented
7 years ago For now, V8 doesn't seem to require anything that directly contradicts app store policies. I'll keep it in mind when designing the detailed test cases in the MSTG.
On iOS, some implementations of the software protection requirements in L3-L4 will cause issues with Apple's approval process. How do we tackle this problem?
Some ideas:
It might also be necessary to have different requirements between iOS and Android. What do you think?