informa
/
Vulnerabilities/Threats
News

Apple Web App Slowdown Prompts Conspiracy Theories

Some developers fear Apple is deliberately crippling Web apps, but others attribute the issue to technical and security problems.
Apple claims that its new Nitro JavaScript engine in iOS 4.3 runs JavaScript twice as fast as iOS 4.2. But Web developers have noticed that Nitro's acceleration is only available inside mobile Safari. Web applications that have been saved as a home screen object and are then run in fullscreen mode and apps that access the Web through the UIWebView API in iOS don't benefit from Nitro acceleration.

In other words, JavaScript in Web apps running in fullscreen mode executes more than two times slower than JavaScript processed by mobile Safari.

Given Apple's abandoned plan to ban a variety of third-party programming technologies last year and its Flash vendetta, some Web developers see the performance gap as a deliberate effort by Apple to undermine Web apps.

Apple did not respond to a request for comment, but most developers weighing in on the matter appear to be satisfied that the issue is either a bug or due to an unresolved security issue related to just-in-time (JIT) compilation.

The issue has reportedly been submitted to Apple, which doesn't make its bug database public, and has also been submitted to Open Radar, a public, unofficial bug database for iOS and Mac OS X.

"I don't believe this is a deliberate attempt to hinder PhoneGap, HTML5, Web apps or even pseudo-browsers (such as SkyFire)," said developer Maximiliano Firtman in an e-mail. "I don't work at Apple, so I can not be sure; but from my point of view this is just a bug, or a 'missing feature.'"

Firtman says that a source at Apple recently told him that while Safari and UIWebView, which is used in third-party development frameworks like PhoneGap, share the same WebKit engine, Safari is not using UIWebView internally. "That means that Safari and UIWebView are two different things inside the framework, so Nitro can be inside Safari and not inside UIWebView," he said.

Firtman adds that if Apple disabled Nitro for third-party apps due to security concerns, he has to wonder whether Safari is secure enough.

Given that both the desktop and mobile versions of Safari were hacked last week during the Pwn2Own contest at CanSecWest, despite a substantial patch from Apple hours before the competition, it's a fair question to ask.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5