What is done when an urgent fix for an app is needed but updates have to be approved by Apple/Google etc?
-
06-03-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have very little experience in this area, so sorry if I use any incorrect terminology or if this is a stupid/simplistic question in general.
But from what I understand, when a developer wants to push out an update for an app, it has to be approved by Apple/Google which can take up to 2 days. And apparently it even use to be much longer with Apple. So what happens if, for example, a massively popular game on an app store gets found out to have a huge exploit which could lead to players seeing other players credit card details, as an extreme example. Is there a way to bypass these wait times to push out a fix?
And I've heard of server side hotfixes in games before, so I assume these can be done to bypass these approval systems. And if so, doesn't that make the approval system pointless? I understand that hotfixes don't require the user to manually download a new update, but couldn't hotfixes still be used to do malicious things which I assume these approval systems are in place to prevent?
I guess my questions boil down to: Why are these approval systems in place? What can be done if there's a major exploit within a game that cannot be fixed by a hotfix?
Solution
Your multiplayer software consists of client which is on the mobile device and service in internet. The service you host independently on the mobile vendors.
The answer to your question is that you don't rely security on the client. There are many reasons to. It may be obsolete, even if you roll out the update not everybody install it, and it is always possible to reverse engineer the client and write a crafted software which pretends to be the one.
If you implement authorization checks in the service you do not have to wait anybody's approval to deploy it.
OTHER TIPS
Any large scale process with have an escalation and/or exception approval process. The owner of the process then will state the requirements for an expedited publishing process. Typically, you would need to provide a business case explaining the urgency. Often, you will need director or VP level sign off from your own company as well as the owner of the app store.
On the developer end, on every release you should branch. You can then make small changes to that branch so you can re-release with just a bug fix and not all the other churn that might have gotten into the branch as part of regular development.
I got 7.2m hits searching for 'app store expedited publishing', I am sure the individual app store's policies will have more detail on how this can be handled.
The level of service will likely also depend on your level of revenue. If you are Candy Crush likely you already have been given a human on call 24/7 for you to deal with these issues.
