iOS Hidden Program functionality

[xArtx]

Hi Guys,
Bit of a sneaky idea.
What if you wrote a program that you wanted to install on other phones,
but couldn't release to the app store, so you wrote a simple game that
used all of the frameworks that the original program uses, and say, for
example, if a certain file existed in the documents directory, the simple
game program becomes another program (the original program).

So in effect you deploy a simple free game to the app store,
anyone can download and play it, but then you could run your original
program that is now signed on any phone.

Any flaws?

I understand the filename would have to be dynamically generated for that example,
but the functionality could be triggered in a number of ways.

Not something I want to do, but have given thought.
Cheers, Art.

 

[firewood]

Apple has removed several apps that turned out to have hidden functions not in the app description, or other Easter Eggs that violate their guidelines, from the App store. Developers have also lost their $99 account for various developer agreement violations.

 

[ArtOfWarfare]

It seems to me all it takes is to just keep it a secret. Don't publish anything publicly about it and only tell select trustworthy people about it. I'm not actually endorsing it, just saying that it seems completely possible to me.

 

[jnoxx]

Totally possible. But apple will banhammer you so hard you won't know what hit you Apple does not like anything that doesn't commit to their rules, and even if it's not completely in the rules, they will still do whatever they want.. :/
So you can try, but you're not gonna last long, i'd say it like that.
Look at the Bluetooth on/off app, the app that could skip the review process, and so on and so on

 

[PhoneyDeveloper]

The SDK agreement requires that you tell Apple about any easter eggs. If nobody knew about it then sure you could do it. I'm sure that Apple isn't aware of every feature in every app that's submitted to the app store. But if nobody knows about it what's the point? And if it's interesting and people find out about it then Apple will find out about it. Who knows what they'll do but the list of things they can do probably includes things you'd rather they didn't do.

 

[xArtx]

The SDK agreement requires that you tell Apple about any easter eggs. If nobody knew about it then sure you could do it. I'm sure that Apple isn't aware of every feature in every app that's submitted to the app store. But if nobody knows about it what's the point? And if it's interesting and people find out about it then Apple will find out about it. Who knows what they'll do but the list of things they can do probably includes things you'd rather they didn't do.

With the secrecy thing....
One example is if you wrote a corporate program with a personal dev account.
So a small company can install a program on all of their employees phones without
the whole company apple agreement thingy...

 

[Duncan C]

With the secrecy thing....
One example is if you wrote a corporate program with a personal dev account.
So a small company can install a program on all of their employees phones without
the whole company apple agreement thingy...

That's different.

You're talking about using your 100 device limit and ad hoc builds to distribute software to a small company? You'd probably get away with that, but I belive it's a violation of your developer agreement.

There is also the enterprise development program, which lets you build and release apps to users inside your company without having to publish them to the store.

 

[jnoxx]

With the secrecy thing....
One example is if you wrote a corporate program with a personal dev account.
So a small company can install a program on all of their employees phones without
the whole company apple agreement thingy...

Yeah, normally i'd opt to go for the Entreprise Enrollment Duncan C. mentioned, but to get the enrollment it takes a long time of calling/faxing etc, it used to be only for big companies, and you had to enlist in some special list, but those rules nocked down a bit, because you can get it in alot smaller companies too.
It's 300$ a year instead of 100$, but you can setup your own appstore within the company. If you are not opting for something like this, maybe you should look at building the IPA once and using testflight or a iphone management tool where you can remotely configure users iphones (yes, that does exist).

 

[1458279]

I wonder where the line is drawn between 'easter egg' and undocumented functionality.
If you have a complex app, there's no reason to document every function. Example might be a spread sheet. Say it had the ability to import data straight from an RSS feed into a template driven macro sub-language...

The complete documentation could be volumes, I don't think you would be required to document every thing the app does.


As apps get more complex, this will be more of an issue.


On the other hand, if you wrote some code that Apple wouldn't allow if the knew it was there, they would clearly be upset.

Actually with all the threads about the approval process, it seems like this might be a straight forward way to slide thru the process.

 

[thewitt]

If you attempt to conceal another app within your publicly declared app and Apple catches you, I guarantee you will be banned from developing iOS apps for life.

 

[xArtx]

If you attempt to conceal another app within your publicly declared app and Apple catches you, I guarantee you will be banned from developing iOS apps for life.

That much seems obvious, and I think you imply it's not worth the risk,
which, in the end, I agree with.
There's some investment if you really want to write for the platform....
and more again if you weren't previously a Mac user.

I like a consensus view on my speculation though.
I don' think they could see didly of what your C code is doing as long as
you didn't staticly declare any English words into the binary that were supposed to be hidden.

 

[thewitt]

All you need is for one person to complain or just post a comment on your app. You don't need for Apple to discover your subterfuge on their own.

They take the App Store very seriously.

 

[1458279]

All you need is for one person to complain or just post a comment on your app. You don't need for Apple to discover your subterfuge on their own.

They take the App Store very seriously.

Sometimes I wonder: http://itunes.apple.com/tw/app/downloader-pro/id482342523?mt=8

How in the world would this app ever make it past approval?

----------

That much seems obvious, and I think you imply it's not worth the risk,
which, in the end, I agree with.
There's some investment if you really want to write for the platform....
and more again if you weren't previously a Mac user.

I like a consensus view on my speculation though.
I don' think they could see didly of what your C code is doing as long as
you didn't staticly declare any English words into the binary that were supposed to be hidden.

Years ago, a client decompiled my program, didn't pay me, found a new developer. It wasn't iOS or ObjC.

I don't know all the details, but I remember talking with the company the made a product to defeat decompiling, he told me the process was pretty straight forward. Apple might have the tools to look deep into your app, I don't know what strings/ constants/ vars/ etc are visible, but if your concerned about that, I'd do some tricks to hid things.