Why does Apple only allow for Static Frameworks on iOS?
-
02-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Clearly Apple has the ability to create dynamically loaded libraries (known as frameworks) for iOS, as they ship several with XCode (such as UIKit). App developers only have the ability to create static libraries, or at best, trick Xcode into thinking it's loading a framework when it's actually loading a static library, this is known as creating a fake framework, some of the drag-and-drop convenience, but none of the dynamic loading benefits.
What is Apple's reasoning for keeping dynamic frameworks from app developers? It seems like it would ease using external libraries considerably, since developers wouldn't have to rely on finicky linker flags or open-source library dependency chains.
I see a common reason is security. Why then does Apple allow it on OSX and not iOS? Isn't security a requirement there as well?
EDIT: This is no longer relevant as of iOS 8. Apple has added support for dynamic frameworks.
Solution
One of Apple's criteria for accepting a program is whether or not it makes calls to unsupported Apple API's (or other bad stuff). By requiring static linking, they can prove that the software does not make such calls. Allowing dynamic linking would allow any kind of behavior to be added later, which pretty much invalidates their approval process.
Apple allows dynamic linking in OSX because, well, Macintoshes are real computers, not tablet devices, and the users of real computers expect them to be programmable in this fashion. The market for tablets and phones is quite different from that of desktop and laptop computers. Computers are production devices; users expect to be able to produce products on them, including writing programs that do what they want, how they want. This was never the expectation of tablet devices, which are consumption devices.
The whole point of tablets and the Apple Store was to create a closed environment to protect consumers from pedestrian viruses, and the like (well, and to allow Apple to collect 30% of all software sales made through their store).
OTHER TIPS
The reason is security as mentioned in this Stack Overflow question:
The reason is security: since a dynamic library can be loaded and unloaded at runtime you could download additional executable code and load it (think plug-in). This could get compromised by a hacker and then having malicious code executing on your phone is a very bad thing. It would also make it possible to add unapproved features to an approved app. In short: in this environment, Apple considers dynamic linking to be a Pandoras box that must be strictly controlled, otherwise it could compromise security and I agree that it does make sense on the phone.
