There has been a big fuss around React Native (RN) apps compliance with App Store review guidelines for a while now. The big question is: Is Apple supposed to ban React Native and remove apps built with it from its store? We dove deeper into the subject to find out what is going on. Here’s the essence of this debate.
Some time ago, Apple changed the way they interpret their policy in respect to dynamically loaded Swift/Objective-C code. They recently started to obey the rules they provide in their guidelines which don’t allow for the execution of dynamically loaded native code. It is considered unsafe and may change the behavior of the app after Apple’s review. This led to banning a popular Swift library - Rollout.io which was using this mechanism to deploy updates and patches to native apps.
Going further, some libraries for React Native were also considered “insecure", because they were able to download and execute code from external sources. For example, some people suspect that CodePush and OneSignal may be no longer compliant with the Apple’s guidelines. At the same time, many apps using them managed to go through the review process.
React Native itself is safe. However, applications using libraries with the capability to execute external native code may not be compliant with the guidelines.
There’s no reason to panic if your application uses React Native. There are no circumstances under which Apple would withdraw consent for RN apps, as they would also have to ban other web-mobile frameworks like Ionic, as well as standard Internet browsers, as they all fall into the same category.
React Native is used by companies like Uber, Facebook, Instagram, and Airbnb. Removing those apps from App Store… That would be a struggle!
There’s no official statement from Apple about this case.
The root cause of the app rejection that caused the biggest fuss has been identified:
Finally, We found out the root cause of the problem. It is not rejected because of the React Native or CodePush. We had our Manufacturer's SDK in our iOS App. They were using Amap ( Alibaba Map ) which was using the JSPatch. Since everything was in the compiled code, We were not able to figure out.
This means that people using services like CodePush don’t have a reason to worry about. Only libraries that are dynamically updating native code (as JSPatch and Rollout do) were the cause of Apple review rejections.
You can read more about this case on GitHub:
December 12, 2016