Is it permited to download javascript code to iPhone - javascript

I have an hybrid application, it's basically a website running from the application folder inside a UIWebview.
The problem is that I was planning to update my website by downloading the whole website from internet and then replacing the old website.
Today I found that Apple now provides the App Store Review Guidelines and among others there are the following rules:
2.7 Apps that download code in any way or form will be rejected
2.8 Apps that install or launch other executable code will be rejected
Because my site has html, css and javascript, does that mean that my app will be rejected or is there any chance to be accepted?
What are your thoughts on that?

From the new text of of the application developer agreement, regarding downloading executable code:
The only exception to the foregoing is scripts and code downloaded and run by Apple's built-in WebKit framework.
This includes javascript and hybrid applications, so you should be fine.
Although, taking all of this into account, why didn't you just allow your app to take advantage of the iPhone webapp stuff? You still get an icon on the home screen, and get rid of the browser chrome without having to get Apple to approve your app.

Related

Is there a way to detect if a specific app is installed on (Android\iOS) device from Javascript?

I want to run JS code on Safari (iOS) or Chrome (Android) to detect for example, if WhatsApp is installed on the device.
I played with:
How to check if an app is installed from a web-page on an iPhone?
and
https://github.com/hampusohlsson/browser-deeplink
But the problem is that if the app is installed on the device - the browser re-directs to the app. I want to stay on the page after the "detection stage", is that possible to do?
Following a few hours of research + consulting with top experts I came to the conclusion that there is no legitimate way of achieving the goal of detecting whether a specific app is installed on the device without having the browser re-direct to the app if it is installed.
In iOS for example, there was an app just removed from the App Store because of violating the rules: SysSecInfo. The app managed to pull list of all running processes for example.
From: https://www.sektioneins.de/en/blog/16-05-09-system-and-security-info.html
See https://developer.apple.com/videos/play/wwdc2015/703/ "App
Detection" starting at 08:34
During this talk they discuss several APIs used to gather information
about processes currently running on your system (around 12:12 in the
video) and claimed to have fixed them. However as so often Apple has
only partially fixed the problems they claim to have fixed. Therefore
they have actually never stopped malicious applications from gathering
information about what other applications run currently on your
device, but only removed access to detail information that is only
relevant for harmless system information tools anyway.
System and Security Info is therefore still able to show the list of
running processes and enriches this list with information from the
codesigning information including the list of entitlements running
processes have.

Debugging-Editing JavaScript files of App's in Gaia-Firefox OS doesn't reflect in the simulator

I have Mozilla Firefox browser 35.0.1 with App Manager tool in the browser.
I installed Firefox OS Simulator 2.0 in the App manager.
There are 2 tabs here, in the tool -Apps and devices
Here in my problem, I choose the CLOCK app. I had some breakpoints and print statements to debug the CLOCK app.
After doing the changes, I saved the CLOCK's Java script files.
I go back to my Firefox simulator in my browser, selected "Add Packaged app" and added my modified java script file.
Here i get a notification in my simulator, that my CLOCK app is installed. !1http://postimg.org/image/903alf1wf/
But i don't see the modifications that i made. If I open the currently installed clock app (which i modified), its blank as shown here !2http://postimg.org/image/w3bezsy3v/
Is there anything I'm missing here or is there any other way to edit the java script files and see the changes reflected in my simulator immediately?
I m a beginner in Gaia development.
Clock is an inbuilt app. You don't need to install this app. It's a pre-installed app.
Are you using GAIA source code? If not, then please clone the GAIA repo from Github. After cloning, make changes to clock app (present in apps folder) and build your GAIA source code. Refer this link.
If you are building GAIA source code on windows, you might face some issues. Follow the steps mentioned here.

Does Apple reject Hybrid app if it loads resources including javascript from remote server?

For some purpose, I use web technology to develop my iOS app. In order to improve the UIWebView performance, I put the resources(including html/css/javascript) locally in app bundle to reduce the loading time.
I also create a thread to check resource update, and download the newer resources if needed. Next time the app can use the resources to render web view.
This solution works well.
But I worried that whether apple will reject my app because I download javascript from remote server. Is there any hybrid app that use similar solution and appear in app store?
You can download and execute javascript, provided that it's being executed by a UIWebView.
This is actually pretty common. If you need an example during a review (you won't), point to any alternate iOS web browser, like Chrome. They download and execute all kinds of web resources, but it's okay because they do it in a UIWebView and Apple trusts UIWebView.
That said, if you download resources that change your app's functionality in a way that would not be appropriate for an App Store product, you're likely to get it pulled and -- if the violation is egregious enough -- you may lose your developer account.
IBM Worklight platform is using similar approach.
You can read more on this thread (and it might give you some answers):
IBM Worklight - is Direct Update allowed by Apple's guidelines for the App Store?

How to run and install EXE file from the web browser using JS without user approve

I want to implement in my website a functionality like in google chrome website, that a user click on a website form and the file will auto download and install itself without any user approve or interferance.
Here is the google chrome website: https://www.google.com/chrome/index.html?hl=iw
I know that they use clickonce technology by ms for IE and oneclick technology by google for all other browsers, but there is a way that i can also use thier code and their technology to run my own files?
I know they also use google update task that runs on windows background but I dont know how to use it with my own files.
As far as I know, this functionality is possible only if the client has .NET Framework (version 4 I guess), and your domain is in the trusted domains list of the user's preferences for this functionality. So this would work only on Windows platform, and your domain need to be added to the mentioned list (what is unlikely to happen I guess). A short answer is NO, you can't do this, if you are not a corporation like Google.
Bonus: You don't need it, users do not like to be tricked, they want to know everything that happens with they computer.
For security reason, you cannot access file from your website. What would happen if a user open a website, and they got some programs installed in their machine? That's gonna be serious problem

What is the best way for a website to check if a user has installed a client app?

Let's say I've got a website that works better if a client has installed and logged into a desktop application. I'd like to be able to do 2 things:
Alter the website if they haven't installed the app (to make it easy for them to find a link to the installer)
If they've installed the app on a couple of machines, determine which machine they are browsing from
I'd like something that works on Windows and OSX, on any of the major browsers. Linux is a bonus.
A few thoughts:
Websites can detect if you've got Flash installed. How does that work and could it be used for both of my goals?
Could I just let the client serve HTTP on localhost and do some javascript requests to fetch a local ID? I know google desktop search did something like this at one point. Is this a standard practice?
Thanks!
You can register a protocol from your desktop application (see this). This can be used, for example, to open your desktop application with arbitrary data from the website. You could then have your desktop app send a HTTP request to your webserver, telling it what machine you are on.
You can have a browser plugin (activex for IE or Netscape plugin for the rest of the browsers) that can communicate with the application. When the webpage is loaded, it can try to instantiate the plugin and if it succeeded, it can use it as a proxy to the application. If it fails, then either the app is not installed or the plugin was explictly disabled by the user. Either way, your website should degrade its functionality accordingly.
Update: Forgot to answer your questions:
Flash does it exactly this way. Flash is a browser plugin that is created by the web pages.
You can have a machine ID generated at the application/plugin install time and your plugin can pass that machine ID to the webpage when it is created.
On the topic of using local webserver:
I would stay away from having a local webserver, mainly because of security considerations. It takes quite a lot of work to make sure your local webserver is locked down sufficiently and there are no XSS vulnerabilities that other malicious websites can exploit to make it do stuff on their behalf.
Plus, having a webserver means that either it has to run as a system-wide process, or if it runs as the user, you can have the website interact with only one user's instance of the application, even though multiple users can be logged on and running it at the same time.
Google Desktop Search suffered from both the XSS security vulnerability (though they fixed it) and the limitation of only one user being able to use it on a machine (I don't know if they fixed this one yet, though chances are they did).
Websites can detect if you've got Flash installed.
Actually, I believe a browser can detect if you have the Flash plugin for the browser installed, and webpages can offer "installed" and "uninstalled" option that the browser can choose.
Otherwise, you are asking for a means, by putting some code in a webpage, of being able to analyze a user's home computer, and report what it learned to you website.
Can you say Major Security Hole?
If you can pick a development environment for the desktop app, then check out AIR from Adobe. It lets you develop desktop applications using either html/javascript, Flash, or Flex.
It has API calls you can use from a browser based flash app to see if the desktop based AIR app is installed, what version, etc. You can even launch it and pass parameters from the web app to the desktop app.
http://www.rogue-development.com/blog2/2008/03/interacting-with-an-air-app-from-a-browser-based-app/
Websites can detect if you've got Flash installed. How does that work and could it be used for both of my goals?
it's quite a bit simple, your browser tries to render some additional files, with some specific formats such as flash .swf and I the browser doesn't find installation, then will be start downloading, or you will get the option to download that program.
Flash also uses AC_RunActiveContent.js please take a look at this js, people usually put this on their webpages
if (AC_FL_RunContent == 0) {
alert("This page requires AC_RunActiveContent.js.");
} else {
AC_FL_RunContent( 'codebase','http://download.macromedia.com/pub/shockwave cabs/flash swflash.cab#version=8,0,0,0','width','981','height','635','id','build5','align','middle','src','build5','quality','high','bgcolor','#ffffff','name','build5','allowscriptaccess','sameDomain','allowfullscreen','false','pluginspage','http://www.macromedia.com/go/getflashplayer','movie','build5' ); //end AC code
}

Categories