Apple App Store: Difference between revisions

(3 intermediate revisions by the same user not shown)

Line 109:

==JIT==

~~Safari is allowed to~~ [[wikipedia:Just-in-time compilation|~~just~~-in-time~~]] compile code worldwide~~. ~~The super short version~~ of ~~what that means: it can run JavaScript~~ code ~~''really fast''. All browsers~~, ~~and other runtimes like Microsoft .NET~~, ~~Java~~, Lua ~~use this~~. Ok, ~~fine~~, ~~it's the system web browser~~, ~~it's very carefully written~~ to ~~be secure~~, ~~and it's important~~ to ~~the platform to be doing well in performance benchmarks and all~~ that.

[[wikipedia:Just-in-time compilation|JIT]], which stands for Just-In-Time, is a method of code execution where code, instead of being compiled before being distributed (like an EXE), gets compiled into machine code in real time right before being executed. This method of code execution allows for much faster website loading times, faster emulation, faster program execution (with programs written in JavaScript, Python, Lua...) compared to interpreters, which instead translates code into machine code line by line, which is much, much slower. JIT also employs many more optimization techniques meant to improve performance, but all you need to know is that JIT is much faster than an interpreter.

Apple's [https://apps.apple.com/app/swift-playgrounds/id908519492 Playgrounds] app on iPad ~~is also allowed to JIT~~. It bundles Apple's [[wikipedia:Swift (programming language)|Swift]] compiler, and shares backend code with the version of Playgrounds found in [[wikipedia:Xcode|Xcode]].

Safari is allowed to use JIT to compile code from any site, same with Apple's [https://apps.apple.com/app/swift-playgrounds/id908519492 Playgrounds] app on iPad. Playgrounds bundles Apple's [[wikipedia:Swift (programming language)|Swift]] compiler, and shares backend code with the version of Playgrounds found in [[wikipedia:Xcode|Xcode]].

~~Competing~~ apps like Pythonista (a Python IDE), emulators like Delta and UTM, and terminal environments like iSH, are not allowed to JIT~~. As such~~, ~~they need~~ to ~~rely on inferior~~ performance, potentially ~~from an entirely separate implementation of their compiler/interpreter that may be less proven, because the JIT-less implementation doesn't need to exist on any other platform~~.

Third-party apps like Pythonista (a Python IDE), emulators like Delta and UTM and terminal environments like iSH are not allowed to use JIT, instead having to interpret code, which comes with serious performance degradation and is more computationally expensive, potentially draining more battery.

~~Likely the most clear~~ example is UTM SE. UTM is a port of ~~the~~ [[wikipedia:QEMU|QEMU]] ~~emulator to~~ iOS, allowing ~~you~~ to run ~~desktop~~ OSes ~~(Linux~~, Windows ~~98, XP, classic Mac OS, etc)~~. iPhone hardware ~~is very~~ capable ~~these days and it runs impressively well~~, '~~'if'' you use a hack to enable~~ JIT ~~(which Apple has now patched). "SE" stands for "slow edition" - yes~~, ~~really. If you compare~~ the ~~true version of~~ UTM to ~~the App Store~~ UTM SE ~~app~~, ~~you ''will'' feel the loss in performance. It's impressive~~ UTM ~~even got to be on the App Store at all~~, and ~~the DMA is to thank~~ for it. ~~But~~ Apple ~~is still holding~~ the ~~line on allowing~~ JIT to apps that ~~require~~ that ~~performance~~.

An example of apps being heavily affected by this restriction is UTM. UTM is a port of [[wikipedia:QEMU|QEMU]] for iOS, iPadOS and MacOS, allowing users to create [[wikipedia:Virtual_machine|VMs]] that can run various OSes, for example Microsoft Windows. The iPhone's hardware capable enough to emulate various modern OSes at full speed, but due to Apple's JIT limitation, the team behind UTM had to create UTM SE (slow edition) that doesn't require JIT, but is nowhere near as fast as UTM with JIT, only being capable of running MS-DOS and derivatives at acceptable speeds. While methods that enable JIT for apps other than Safari and Playgrounds exist (some currently working on iOS 18.5, like [https://apps.apple.com/us/app/stikdebug/id6744045754 StikDebug]), Apple does not allow the use of JIT in notarized apps, meaning that apps that support JIT will have to be sideloaded, which comes with its own set of restrictions.

~~While UTM SE releasing at all might seem like a pathway~~ to ~~getting Firefox~~ and ~~Chrome "slow editions" on the App Store, browser~~ engines other than the built-in Apple WebKit/JavaScriptCore are still outlawed.<ref>{{Cite web |title=App Review Guidelines |url=https://developer.apple.com/app-store/review/guidelines/#2.5.6 |url-status=live |access-date=16 Mar 2025 |website=[[Apple Developer]]}}</ref> In the EU, ~~Apple has blessed web browser JavaScript engines~~ with the option to use JIT. The ~~app must~~ be approved for an entitlement, and then must work within APIs provided by Apple for it. As of January 2025, no browsers have been released ~~using this. We were all anticipating proper competition around web browsers on iOS~~, ~~but almost a year later~~, ~~we have nothing~~.<ref>{{Cite web |title=Mozilla says Apple’s new browser rules are ‘as painful as possible’ for Firefox |url=https://www.theverge.com/2024/1/26/24052067/mozilla-apple-ios-browser-rules-firefox |url-status=live |access-date=16 Mar 2025 |website=[[The Verge]]}}</ref>

In the EU, Apple gave web browsers permission to use rendering and JavaScript engines other than the built-in with Apple WebKit/JavaScriptCore, with the option for JS engines to use JIT. The browser still has to be approved by Apple for an entitlement, and then must work within APIs provided by Apple for it. But, as of January 2025, no browsers that use different engines than the built-in ones have been released, mainly due to arbitrarily imposed restrictions, meant to discourage the usage and development of third-party engines.<ref>{{Cite web |title=Mozilla says Apple’s new browser rules are ‘as painful as possible’ for Firefox |url=https://www.theverge.com/2024/1/26/24052067/mozilla-apple-ios-browser-rules-firefox |url-status=live |access-date=16 Mar 2025 |website=[[The Verge]]}}</ref>

However, Apple still does not allow different engines outside of the EU, with or without JIT support.<ref>{{Cite web |title=App Review Guidelines |url=https://developer.apple.com/app-store/review/guidelines/#2.5.6 |url-status=live |access-date=16 Mar 2025 |website=[[Apple Developer]]}}</ref>

==Sandbox==

You might not like app sandboxing, but it's a powerful security feature used on all modern platforms. The reality is very few apps need more than a few basic permissions. [[wikipedia:~~Flatpak~~|~~Flatpak~~]] ~~on Linux~~ also sandboxes apps, and it seems to work great! Still, it's completely fair that there should be processes for doing things beyond what the sandbox allows. You see some of this with permission prompts - does a flashlight app ''really'' need access to your contacts? (Apple has been burned by apps abusing user data before the current permission system was built out.<ref>{{Cite web |last=Bohn |first=Dleter |date=15 Feb 2012 |title=iOS apps and the address book: who has your data, and how they’re getting it |url=https://www.theverge.com/2012/2/14/2798008/ios-apps-and-the-address-book-what-you-need-to-know |url-status=live |access-date=16 Mar 2025 |website=[[The Verge]]}}</ref>)

You might not like app sandboxing, but it's a powerful security feature used on all modern platforms. The reality is very few apps need more than a few basic permissions. [[wikipedia:Docker_(software)|Docker]] also sandboxes apps, and it seems to work great! Still, it's completely fair that there should be processes for doing things beyond what the sandbox allows. You see some of this with permission prompts - does a flashlight app ''really'' need access to your contacts? (Apple has been burned by apps abusing user data before the current permission system was built out.<ref>{{Cite web |last=Bohn |first=Dleter |date=15 Feb 2012 |title=iOS apps and the address book: who has your data, and how they’re getting it |url=https://www.theverge.com/2012/2/14/2798008/ios-apps-and-the-address-book-what-you-need-to-know |url-status=live |access-date=16 Mar 2025 |website=[[The Verge]]}}</ref>)

It can go further than this. As we established in previous sections, an app can be given more access to features of the system using entitlements. These come in a few flavors:

@@ Line 109: / Line 109: @@
 ==JIT==
-Safari is allowed to [[wikipedia:Just-in-time compilation|just-in-time]] compile code worldwide. The super short version of what that means: it can run JavaScript code ''really fast''. All browsers, and other runtimes like Microsoft .NET, Java, Lua use this. Ok, fine, it's the system web browser, it's very carefully written to be secure, and it's important to the platform to be doing well in performance benchmarks and all that.
+[[wikipedia:Just-in-time compilation|JIT]], which stands for Just-In-Time, is a method of code execution where code, instead of being compiled before being distributed (like an EXE), gets compiled into machine code in real time right before being executed. This method of code execution allows for much faster website loading times, faster emulation, faster program execution (with programs written in JavaScript, Python, Lua...) compared to interpreters, which instead translates code into machine code line by line, which is much, much slower. JIT also employs many more optimization techniques meant to improve performance, but all you need to know is that JIT is much faster than an interpreter.
-Apple's [https://apps.apple.com/app/swift-playgrounds/id908519492 Playgrounds] app on iPad is also allowed to JIT. It bundles Apple's [[wikipedia:Swift (programming language)|Swift]] compiler, and shares backend code with the version of Playgrounds found in [[wikipedia:Xcode|Xcode]].
+Safari is allowed to use JIT to compile code from any site, same with Apple's [https://apps.apple.com/app/swift-playgrounds/id908519492 Playgrounds] app on iPad. Playgrounds bundles Apple's [[wikipedia:Swift (programming language)|Swift]] compiler, and shares backend code with the version of Playgrounds found in [[wikipedia:Xcode|Xcode]].
-Competing apps like Pythonista (a Python IDE), emulators like Delta and UTM, and terminal environments like iSH, are not allowed to JIT. As such, they need to rely on inferior performance, potentially from an entirely separate implementation of their compiler/interpreter that may be less proven, because the JIT-less implementation doesn't need to exist on any other platform.
+Third-party apps like Pythonista (a Python IDE), emulators like Delta and UTM and terminal environments like iSH are not allowed to use JIT, instead having to interpret code, which comes with serious performance degradation and is more computationally expensive, potentially draining more battery.
-Likely the most clear example is UTM SE. UTM is a port of the [[wikipedia:QEMU|QEMU]] emulator to iOS, allowing you to run desktop OSes (Linux, Windows 98, XP, classic Mac OS, etc). iPhone hardware is very capable these days and it runs impressively well, ''if'' you use a hack to enable JIT (which Apple has now patched). "SE" stands for "slow edition" - yes, really. If you compare the true version of UTM to the App Store UTM SE app, you ''will'' feel the loss in performance. It's impressive UTM even got to be on the App Store at all, and the DMA is to thank for it. But Apple is still holding the line on allowing JIT to apps that require that performance.
+An example of apps being heavily affected by this restriction is UTM. UTM is a port of [[wikipedia:QEMU|QEMU]] for iOS, iPadOS and MacOS, allowing users to create [[wikipedia:Virtual_machine|VMs]] that can run various OSes, for example Microsoft Windows. The iPhone's hardware capable enough to emulate various modern OSes at full speed, but due to Apple's JIT limitation, the team behind UTM had to create UTM SE (slow edition) that doesn't require JIT, but is nowhere near as fast as UTM with JIT, only being capable of running MS-DOS and derivatives at acceptable speeds. While methods that enable JIT for apps other than Safari and Playgrounds exist (some currently working on iOS 18.5, like [https://apps.apple.com/us/app/stikdebug/id6744045754 StikDebug]), Apple does not allow the use of JIT in notarized apps, meaning that apps that support JIT will have to be sideloaded, which comes with its own set of restrictions.
-While UTM SE releasing at all might seem like a pathway to getting Firefox and Chrome "slow editions" on the App Store, browser engines other than the built-in Apple WebKit/JavaScriptCore are still outlawed.<ref>{{Cite web |title=App Review Guidelines |url=https://developer.apple.com/app-store/review/guidelines/#2.5.6 |url-status=live |access-date=16 Mar 2025 |website=[[Apple Developer]]}}</ref> In the EU, Apple has blessed web browser JavaScript engines with the option to use JIT. The app must be approved for an entitlement, and then must work within APIs provided by Apple for it. As of January 2025, no browsers have been released using this. We were all anticipating proper competition around web browsers on iOS, but almost a year later, we have nothing.<ref>{{Cite web |title=Mozilla says Apple’s new browser rules are ‘as painful as possible’ for Firefox |url=https://www.theverge.com/2024/1/26/24052067/mozilla-apple-ios-browser-rules-firefox |url-status=live |access-date=16 Mar 2025 |website=[[The Verge]]}}</ref>
+In the EU, Apple gave web browsers permission to use rendering and JavaScript engines other than the built-in with Apple WebKit/JavaScriptCore, with the option for JS engines to use JIT. The browser still has to be approved by Apple for an entitlement, and then must work within APIs provided by Apple for it. But, as of January 2025, no browsers that use different engines than the built-in ones have been released, mainly due to arbitrarily imposed restrictions, meant to discourage the usage and development of third-party engines.<ref>{{Cite web |title=Mozilla says Apple’s new browser rules are ‘as painful as possible’ for Firefox |url=https://www.theverge.com/2024/1/26/24052067/mozilla-apple-ios-browser-rules-firefox |url-status=live |access-date=16 Mar 2025 |website=[[The Verge]]}}</ref>
+However, Apple still does not allow different engines outside of the EU, with or without JIT support.<ref>{{Cite web |title=App Review Guidelines |url=https://developer.apple.com/app-store/review/guidelines/#2.5.6 |url-status=live |access-date=16 Mar 2025 |website=[[Apple Developer]]}}</ref>
 ==Sandbox==
-You might not like app sandboxing, but it's a powerful security feature used on all modern platforms. The reality is very few apps need more than a few basic permissions. [[wikipedia:Flatpak|Flatpak]] on Linux also sandboxes apps, and it seems to work great! Still, it's completely fair that there should be processes for doing things beyond what the sandbox allows. You see some of this with permission prompts - does a flashlight app ''really'' need access to your contacts? (Apple has been burned by apps abusing user data before the current permission system was built out.<ref>{{Cite web |last=Bohn |first=Dleter |date=15 Feb 2012 |title=iOS apps and the address book: who has your data, and how they’re getting it |url=https://www.theverge.com/2012/2/14/2798008/ios-apps-and-the-address-book-what-you-need-to-know |url-status=live |access-date=16 Mar 2025 |website=[[The Verge]]}}</ref>)
+You might not like app sandboxing, but it's a powerful security feature used on all modern platforms. The reality is very few apps need more than a few basic permissions. [[wikipedia:Docker_(software)|Docker]] also sandboxes apps, and it seems to work great! Still, it's completely fair that there should be processes for doing things beyond what the sandbox allows. You see some of this with permission prompts - does a flashlight app ''really'' need access to your contacts? (Apple has been burned by apps abusing user data before the current permission system was built out.<ref>{{Cite web |last=Bohn |first=Dleter |date=15 Feb 2012 |title=iOS apps and the address book: who has your data, and how they’re getting it |url=https://www.theverge.com/2012/2/14/2798008/ios-apps-and-the-address-book-what-you-need-to-know |url-status=live |access-date=16 Mar 2025 |website=[[The Verge]]}}</ref>)
 It can go further than this. As we established in previous sections, an app can be given more access to features of the system using entitlements. These come in a few flavors: