To date, the launch of the App Store has been one of Apple’s biggest successes when it comes to the iPhone and iPod touch, but not everything is joy and happiness in Cupertino. The app store has also attracted strong criticism because of its erratic approval process over which not a week goes by without new incidents .
One of the most recent cases is Lyrics, an application developed by Jelle Prins capable of showing us the lyrics of the songs in our library. Apple initially rejected it on the grounds that some of its lyrics contained insults or obscene language , so Prins incorporated a filter and got the approval of the apple company.
But Prins added more than just a filter, secretly introducing an easter egg into his application, a hidden feature that allows you to unlock forbidden letters by entering the “About” page, sliding your finger down three times and selecting the option to disable the filter. “For Apple, it’s virtually impossible to discover Easter eggs because they can’t actually see the source code. In theory, a developer can take advantage of this to provide users with any kind of content they want” , says Prins.
Part of the problem is that Apple manually reviews each application, and given the enormous number that are launched each day the time they can spend on these analyses is quite limited. According to Prins, his server logs show that only one Apple employee used the application before it was approved (Lyrics works in conjunction with an online database) and all he did during his analysis was search for a series of forbidden words and check if it worked when he connected to the Internet. A few days later, the application was approved and available on the App Store.
Obviously, it is technically possible for Apple to discover these hidden functions, but to do so they would have to devote more resources to inspection and may even ask the developers to put their hands on their source code , a measure that would not be welcomed with open arms.
From the point of view of user security , an unscrupulous developer could hide some function that takes pictures or records our conversations without notice, but in general the iPhone API is quite secure and would “only” leave a few areas compromised: the audio, the camera and the address book. If it came to extremes like this, Apple would only have to remove the applications and blacklist their developers so the fire could be contained as quickly as it emerged.