How malware gets into the App Store and why Apple can't stop that

Information Security *Development for iOS *Development of mobile applications *Reverse engineering *Swift *

Only after I had published a post detailing three iOS 0-day vulnerabilities and expressing my frustration with Apple Security Bounty Program, I received a reply from Apple:

We saw your blog post regarding this issue and your other reports.

We apologize for the delay in responding to you. We want to let you know that we are still investigating these issues and how we can address them to protect customers. Thank you again for taking the time to report these issues to us, we appreciate your assistance.

Please let us know if you have any questions.

Indeed, I do have questions. The same ones that you have ignored. I'm gonna repeat them. Why was the fix for analyticsd vulnerability quietly included in iOS 14.7 update but not mentioned on its security content list? Why did you promise to include it in the next update's list but broke your words not once but trice? Why do you keep ignoring these questions?

After my previous post, some people have expressed doubts that such code can make its way into the App Store. It's understandable why they think this way. That's because Apple makes people believe that the App Store is safe by repeating it over and over. Moreover, they claim that they disallow alternative stores and application sideloading to keep users safe and otherwise they would be in great danger. Android has alternative stores and unrestricted sideloading, and have you heard about any kind of security problems with Android recently? I haven't. But it the last few months alone there were so many reports about security and privacy issues on Apple platforms. And the real reason that Apple doesn't allow any alternatives to the App Store is that they receive 30% commission on all purchases made inside any app and it's a tremendously lucrative business for them. They also enact censorship by choosing to allow or disallow any app into the App Store based purely on subjective opinions of their employees and managers.

So in this article I'm going to dispute the claim that the App Store is safe, voice my complaints about the App Store review process and provide a detailed explanation (including source code) how malicious apps on the App Store conceal their functionality from the App Store review team and are able to sneak into the App Store.

Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program

Information Security *Development for iOS *Development of mobile applications *Reverse engineering *

I want to share my frustrating experience participating in Apple Security Bounty program. I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page. When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update. There were three releases since then and they broke their promise each time.

Read more to learn the specifics of 0-day vulnerabilities.

React Native: The First Choice of Mobile App Developers and Businesses

Development for iOS *Development of mobile applications *Development for Android *Mobile applications design *

Let’s discuss why mobile app developers select React Native for application development over other cross-platform frameworks.

While few users continue to work with the Native development approach, those who want to succeed in their business have started exploring new opportunities. One such occasion in this technically advanced world is to turn toward cross-platform frameworks.

Out of 2.8 million apps available on the Google play store and 2.2 million apps in Apple App Store, there is a growing need for cross-platform applications. The significant advantage of a cross-platform mobile application is that it helps businesses save development costs. This is where React Native comes into action.

In the middle of this, if you are a businessman and thinking of hiring mobile app developers and there is a continuously running debate in your mind “React Native vs Native” then this post is for you.
Confusing extensions in Swift

Development for iOS *Swift *Development for MacOS *Development for Linux *
This post is a little bit the information aggregator. If you find a mistake, you could write to me about it I really appreciate that. Have a nice read.

Example with JSONDecoder

What would happen if we run the following piece of code?

struct Test<T>: Codable where T: Codable {
    enum CodingKeys: String, CodingKey {
        case value
    let value: T
    let info: String

extension Test {
    init(from decoder: Decoder) throws {
        let container = try decoder.container(keyedBy: CodingKeys.self)
        self.value = try container.decode(T.self, forKey: .value)
        self.info = "Default init(from decoder:)"

extension Test where T == String {
    init(from decoder: Decoder) throws {
        let container = try decoder.container(keyedBy: CodingKeys.self)
        self.value = try container.decode(T.self, forKey: .value)
        self.info = "Custom init(from decoder:)"

let data = #"{"value":"Hello, World!"}"#.data(using: .utf8)!
let object = try? JSONDecoder().decode(Test<String>.self, from: data)

Try thinking for 5 seconds about the result.

The result
        value: "Hello, World!", 
        info: "Default init(from decoder:)"

What App Stores can you consider except Apple App Store and Google Play Store? Here are 6 Alternative App Stores

Development for iOS *Development for Android *Games monetization *Games promotion *

Recently Epic Games’ Fortnite was removed from the Apple App Store and Google Play Store. The main reason being Epics bypassing of in-app purchases instead of using the officially sanctioned system for both platforms. While it is still possible for you to download Fortnite directly, this large scale case brings to light the duopoly of Apple and Google in the mobile market.

For most developers, these two stores account for almost all of their revenue and userbase. While Epic Games will be fine to go without, for the time being, what about the other 99% of developers who rely on these two stores for distributing and monetizing their apps. In this article, we’ll provide some of the alternative stores available for both developers and consumers for finding or distributing apps.

For one reason or another, you may have found yourself wondering, ‘where are some other places I can go to find and download new apps and games for my mobile device’? Or ‘are there any other marketplaces for me to share my apps’?

Sberbank Online iOS testing

Сбер corporate blog Development for iOS *Mobile applications testing *
Theory of testing is usually differs from practice. Today we want to talk about our practical experience in testing application's code which is used by millions of iOS users and about the difficult path that our team finished in order to achieve stable code.

Let’s imagine: the developers successfully convinced themselves and the business of the need to cover the code with tests. Over time, in the project were created more than a dozen thousand unit- and more than a thousand UI-tests. Such a large test base araised several problems, and we successfully found the solution for them.
Here Are The Most Popular Video Conference APIs To Be Considered For Your Mobile & Web Apps

Development for iOS *Development of mobile applications *Development for Android *API *Video conferencing
As the world rearranges into virtualized societal norms, the most convenient and simplified interaction for businesses or socially has come from video-based apps.
According to statista, the growth in download of video conferencing apps as of March 2020 with respect to countries are as follows

Video conferencing App / Country Hangouts Meet Houseparty Ms Teams Zoom
USA 30 8 11 4
France 23 30 16 2
Germany 15 26 11 17
Spain 64 2360 15 27
Italy 140 423 30 55

Now, this has turned the attention of developers and start up companies to build their video chat app. However, it's quite a challenging task to search for the best video conferencing API and SDK providers in the market.
How to cook reactive programming. Part 1: Unidirectional architectures introduction

Development for iOS *Functional Programming *Xcode *Swift *Mobile applications design *

Recently I wrote an article What is Reactive Programming? iOS Edition where in a simple way I described how to build your own Reactive Framework, and helped you to understand that no-one should be scared by the reactive approach. The previous article could now be named How to cook reactive programming. Part 0., since this is a continuation. I would recommend reading the previous article if you are not familiar with the reactive programming concepts.

Custom instruments: When signpost is not enough

Сбер corporate blog Development for iOS *Development of mobile applications *Swift *Mobile applications testing *
In our previous article, we discussed the reasons of unit-tests’ instability and how to make them stable. Now let’s look through a new tools for debugging and profiling which were introduced by Apple in iOS 12 — the framework os_log and instrument for performance analysis os_signpost.


In one of the sprints, we were tasked with implementing the generation of a pdf-document on the client-side. We completed the task. But we wanted to make sure the effectiveness of the technical nuances of the decision. Signpost helped us with this. Using it we increased he document’s displaying speed several times.

To learn more about os_signpost application technology, see where it can help you and how it has already helped us, go further forward.
What is Reactive Programming? iOS Edition

Development for iOS *

There are many articles about Reactive Programming and different implementations on the internet. However, most of them are about practical usage, and only a few concern what Reactive Programming is, and how it actually works. In my opinion, it is more important to understand how frameworks work deep inside — spoiler: nothing actually complicated there — rather than starting to use a number of traits and operators meanwhile shooting yourself in the foot.

So, what is RxSwift Combine Reactive programming?

Signpost: When Breakpoints are not Enough

Сбер corporate blog Development for iOS *Xcode *Swift *Mobile applications testing *

Instruments for Apple's Xcode is a tool for performance analysis of an iOS application. In 2018 Apple introduced Custom Instruments — an opportunity to expand the standard set of instruments for application profiling. When existing tools are not enough, you can create new ones yourself — it will collect, analyze and display the data the way you need.

The Worst Mistakes In Mobile App Development

Development for iOS *Development of mobile applications *Development for Android *Business Models Software

Alright, so you have just planned to hire developers for a Mobile App which could potentially steer your business ahead. The reasons for your decision would be quite obvious on the surface. Mobile App development is a core part of today’s businesses. It provides a near-perfect platform to serve customers through the portable devices they own.

But it’s easy to be a sheep! If you really try to understand this market, you’ll realize that more than half of the apps fail to earn revenue, and a significant amount of them barely cross 1,000 downloads. As per a Gartner report, it was found that barely 0.01 percent apps will find financial success by the year 2018.
How 5G's Acceleration will move through the Mobile App Development Space?

Website development *Development for iOS *Development of mobile applications *Development for Android *Development for IOT *
5G ( Fifth Generation Wireless Cellular Network) is not just a possibility anymore. The forthcoming of 2020 has unfold avenues for 5G browser capabilities in smartphones.

With the recent 5G rollout, it has been predicted that over 1.4 billion devices will be running on the 5G network by 2025 — accounting for 15% of the global total.

Source: Google Images
Get Moving with Xamarin.Forms 4.4

Microsoft corporate blog Development for iOS *Development of mobile applications *Development for Android *Xamarin *
We were speaking with a customer last year that builds dozens of mobile applications every year. They said, «We cannot remember the last time we made a mobile app that did NOT include a carousel view.» Many of you have expressed almost identical sentiments to us. So, we are very pleased to introduce a new CarouselView control in Xamarin.Forms 4.4.0. Along with this we also have IndicatorView for displaying the pages or items in the carousel. As well as SwipeView for providing contextual actions to any element in a CollectionView. The release theme of getting things moving would not be complete without showcasing the new GIF animation support for images. Let’s begin right there.

Cloud-based WebRTC streaming on DigitalOcean

Flashphoner corporate blog Website development *Programming *Development for iOS *Development for Android *

Popular cloud hosting DigitalOcean has recently launched its new marketplace selling preconfigured images that can help to quickly deploy an application server. It’s much like AWS, but DO is for those already using this provider’s services. Let’s see how to deploy a simple server for WebRTC streaming with a DO account for a $10/month fee based on Flashphoner WebCallServer and how such a server can be of use.

How to Implement Tinder Swipe Cards in SwiftUI

Programming *Development for iOS *Development of mobile applications *Swift *
In June, we heard about SwiftUI for the first time — a totally new way of creating and working with UI elements in iOS and macOS (also iPadOS) apps. It felt like Christmas in the summer. It's new, it's declarative, it's sexy! And now, just a few weeks after iOS 13 has been released, we can start to use SwiftUI in all our projects. Let's learn how to use this amazing tool that Apple gave us, to create the classic Tinder-esque Swipe Cards.

In this article, I would like to show you how to achieve a Tinder-like card view and behavior (swipe to action), with just a few lines of code.

To achieve this, we need to do the following things, in order:

  • Create UserView
  • Create NavigationView
  • Create BottomBarView
  • Create SwipeView
  • Put all this together inside ContentView

So let's get started.
MacOS 10.15 no longer supports 32-bit apps. What can you do?

PVS-Studio corporate blog Programming *Development for iOS *C++ *

Picture 2

On October 7, 2019, Apple released a new version of its Mac operating system, macOS Catalina. Version 10.15 contains many changes and improvements. One of the significant is the complete phasing out of 32-bit applications. As a developer of such macOS apps, what can you do? That's right, port the app to the 64-bit platform. Will the application work properly from the first attempt? Perhaps, it's possible. Depends on the complexity and amount of the code. But most likely, developers will face a lot of non-obvious errors, which can previously detected using PVS-Studio.
Modern Environment for React Native Applications

Programming *Development for iOS *Development for Android *ReactJS *TypeScript *
In this article, we will consider the process of setting up a React Native environment using expo-cli, Typescript, and Jest.
Typescript will help us avoid development mistakes and write a more efficient mobile application.

Modern tools allow integrating Typescript into the development environment. We can also use VS Code that supports Typescript.

Integration with React Native will give us the opportunity to use the auto-completion service, code navigation, and refactoring.

Expo is a toolkit that simplifies the creation of native React applications. This tutorial will give you an idea of how you can quickly create native React applications using Expo.

