Risk

4/9/2010
01:49 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Apple Bans Some iPhone Development Tools

Developers are struggling to understand whether anything other than Apple's development tools will be allowed.

In conjunction with the release of a beta version of its forthcoming iPhone 4.0 SDK on Thursday, Apple dropped a bombshell: It revised its iPhone Developer Program License Agreement in a way that appears to ban most third-party development tools.

The salient sentence in the changed portion of the License Agreement, Section 3.3.1, reads as follows:

Applications must be originally written in Objective-C, C, C++, or JavaScript as executed by the iPhone OS WebKit engine, and only code written in C, C++, and Objective-C may compile and directly link against the Documented APIs (e.g., Applications that link to Documented APIs through an intermediary translation or compatibility layer or tool are prohibited).

What these words mean, specifically Apple's interpretation of the language and the steps the company will take to enforce its interpretation, remains open to question. As written, Apple appears to deny programmers the right to write code for its iPhone, iPod touch, and iPad in any language other than Objective-C, C, C++, or JavaScript.

It could be argued that "applications" are not the same as "source code," which would mean that Apple is only concerned with compiled code. But Mark Methenitis, an attorney with The Vernon Law Group, said in an e-mail, "[The phrase 'originally written'] makes it problematic for any software that allows the code to be written in another language before moving to the iPhone platform. To me, originally written means before compilation."

Apple did not respond to repeated requests for further information.

The new agreement has incensed some developers, specifically those who rely on third-party development tools. Complaints about the contractual language have prompted Apple to lock discussion threads on its developer forums and to direct developers to communicate with the company through its developer contact page.

Frustrated developers, denied any official clarification, have again taken to protesting by way of bug reports. "Current SDK terms reduce desirability of iPhone OS as development platform," is the title of one recent bug report posted on Open Radar, a site set up to create a public repository of bug reports submitted to Apple -- something the company does not make public. The developer calls the terms "unprecedented" and "overreaching" and asks that they be changed.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18913
PUBLISHED: 2019-03-21
Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location with...
CVE-2018-20031
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor ...
CVE-2018-20032
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon t...
CVE-2018-20034
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor ...
CVE-2019-3855
PUBLISHED: 2019-03-21
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.