Concerns About the State of App Store Review

/ 20 February 2019 / Alexander Celeste

As an interesting sidebar to our post about SubCalc 3’s release today that will be of interest to fellow developers…

In releasing SubCalc 3 to the App Store we accidentally had a severe bug in it that caused the app to show just a white screen when opened. This was a side-effect of our build process not quite working when preparing the app for submission to the App Store, which is why we didn’t catch it. Shortly after we found out we pulled SubCalc 3.0.0 from the U.S. App Store (because, even with a call to developer support, we couldn’t get Apple to reject the update and leave the working 2.0.1 on the store). We have since fixed the problem and modified our procedures to catch such issues in the future. Always export for ad-hoc distribution the archived app you’re about to submit to the App Store. Install it to your device to be sure that it works as expected. The problem came down to two basic things we failed to do in our build phase script that builds the React app:

  1. We were not quoting paths that were used in our run script build phase. This meant that we were using the wrong paths for where to write out the built React app to. Instead of ending up in the proper product it was in a “mirror” version within the source code when archiving.
  2. We had been using ${BUILT_PRODUCTS_DIR} to access the built product. This failed to give us the product path when being run while archiving the app for App Store submission. Instead what is stable across all build configurations is to use ${CONFIGURATION_BUILD_DIR}.

The thing is, this is among the kind of issues we expect the App Store’s review team to flag for rejecting updates. They let our initial 3.0.0 update out on to the App Store. This means that in their review process they evidently didn’t even bother trying to run our app. I’m not sure if I’m more scared of this as a developer or as a user. How can Apple be 100% sure that apps aren’t doing bad things if they don’t even run them? This feels like a potential security problem waiting to happen, since as users we trust that apps provided from the iOS and Mac App Stores are safe and operate as intended.

Have any other developers of apps for Apple’s devices had a similar experience? I’m all for the speedier (about 3/4 of a day for both SubCalc 3.0.0 and 3.0.1) app review times, or so I thought. But if this is allowing outright broken apps at best, and malicous apps at worst, on to the App Stores then this is a real problem. Users deserve confidence in the software they install, and because I’m also a developer I am especially concious of this as a user. Beyond my own practice as a developer, this experience makes me worried about the overall quality of the apps I use on my devices that ostensibly are coming from a secure and trusted source.