Making sense of Apple’s TOS
Hey folks! I wanted to take a moment and share some comments/thoughts about a recently released update from Apple regarding web apps and the iOS App Store.
Recently developers were sent out an email from Apple about Web Based Apps (noted as HTML5 Apps) in the App store. Before we jump into the post, let me just say that this update does not affect Ionic apps in any way. You can read the update on their site here.
When it comes to updates from Apple, everyone seems to take notice, so I figured it would be good to go over this update and answer some potential questions you might have.
What does this mean?
Overall this update does not add any new rules to the App Store TOS (Terms of Service), but changes some wording around to make existing rules clearer in intent. Let’s break down the section.
4.7 HTML5 Games, Bots, etc.
Apps may contain or run code that is not embedded in the binary (e.g. HTML5-based games, bots, etc.), as long as code distribution isn’t the main purpose of the app, the code is not offered in a store or store-like interface, and provided that the software:
(1) is free or purchased using in-app purchase;
(2a) only uses capabilities available in a standard WebKit view (e.g. it must open and run natively in Safari without modifications or additional software);
(2b) your app must use WebKit and JavaScript Core to run third-party software and should not attempt to extend or expose native platform APIs to third-party software;
(3) is offered by developers that have joined the Apple Developer Program and signed the Apple Developer Program License Agreement;
(4) does not provide access to real money gaming, lotteries, or charitable donations;
(5) adheres to the terms of these App Review Guidelines (e.g. does not include objectionable content);
(6) does not support digital commerce. Upon request, you must provide an index of software and metadata available in your app. It must include Apple Developer Program Team IDs for the providers of the software along with a URL which App Review can use to confirm that the software complies with the requirements above.
So what is this section actually saying?
In general this is Apple saying “Hey, don’t load your entire app from a remote server”, at least in summary. This part of the TOS has been around for some time, and for good reasons. Imagine a situation where you download an app from the App Store and at some later point, you go to open it only in some network constrained situation only to be met with long loading times (network requests being made) or the app not loading at all (no network connection). This makes sense from a user experience point of view. Apps should have all their main requirements as part of the binary bundle and should not have to load things over the network in order to function.
Another reason is being able to trust the app. Imagine installing an app that is advertised as a child-friendly app. But, if the app is loading all it’s functionality from a remote server, it could be compromised or be part of some malicious plan. The app could be swapped out for some sort of gambling app or embed crypto-currency miner (as we’ve already seen in other environments like node/npm).
With all this in mind, Apple’s rule here makes a lot of sense.
What does this not mean
As I mentioned earlier, updates from Apple tend to gather a lot of attention and unfortunately create misinformation or FUD. This is update is most likely going to allow some people out there to say “Apple is banning hybrid apps, use this framework instead” or “Apple is banning Ionic, don’t use them”. While they are free to post whatever they want, it’s clear from the TOS that statements like this are simply not true.
This update is not about how your app is built (be it with Ionic or any hybrid technologies), but about how your app is distributed and loaded. Additionally, users of Ionic Appflow’s Deploy feature are not affected, as long as the core functionality of the app remains the same (bug fixes, branding tweaks, and new features are perfectly fine).
I repeat: This update has nothing to do with Ionic apps, but apps that people try to load from a remote server.
Parting thoughts
After some consideration, this update is actually great validation for deploying apps to the web. Apple seems to be stating that if you do not need native features/access, the web is a great target for you to deploy to. This, plus recent Webkit features and Apple shipping a web version of Apple Music really make me feel like Apple is thinking of the web as a first-class platform.
For those who still need certain native features that are not available in Safari/iOS, a native app built with Ionic is a great solution as well! Just be sure to follow the TOS and keep that code local 😃.
Cheers!