←back to thread

Technical Analysis – Improper Use of Private iOS APIs in Vietnamese Banking Apps

(blog.verichains.io)
90 points quyleanh | 1 comments | 28 Mar 25 07:04 UTC | HN request time: 0s | source
Show context
petesergeant ◴[31 Mar 25 12:35 UTC] No.43534248[source]
So, the post author makes software for checking if bad apps are running on the phone, and is complaining that the banks are using their own home-grown system that they say violates Apple’s rules for checking for malicious apps, rather than doing is safely like the software the author sells does.
replies(2): >>43534580 #>>43534814 #
Onavo ◴[31 Mar 25 13:27 UTC] No.43534814[source]
For these sort of large, well connected, or state owned companies in Asia (banks, big local unicorns etc.), Apple has a lot of carve-outs and exceptions (see do-everything apps that contain mini app stores). They have to play nice else they find themselves "under investigation" or worse lose access to the entire market. There's no rule of law for them to litigate over breach of contract.
replies(2): >>43535705 #>>43535979 #
jjani ◴[31 Mar 25 14:51 UTC] No.43535705[source]
> Apple has a lot of carve-outs and exceptions (see do-everything apps that contain mini app stores)

Which ones are you thinking of? Does Grab operate this way?

The China case is well-known, but that's really its own beast. KakaoTalk (Korea), while more of an 'everything' app than those in the West, is still a far cry from containing a mini app store. A user can't choose to add any new functionality by installing something - it's all included right from the get-go. My (limited) experience with Line (Japan, Taiwan, Thailand) is similar. So I'm curious if there's any non-Chinese apps you can name.

FWIW I'm not arguing against your fundamental premise, would just like to know which do-everything apps you mean.

replies(2): >>43535821 #>>43536278 #
1. ◴[31 Mar 25 15:01 UTC] No.43535821[source]