The Solution is Simple
A developer obtains a “Live Update Service Certificate” from Apple.
Apple verifies the code was signed with a valid certificate
Apple examines the code with its code analyzer and approves it..
Apple strips the existing certificate and re-signs the code with Apple’s own certificate.
The newly signed code is sent back to the developer. All these steps can and should be done without human intervention
The developer sends Apple’s signature to the Live Update Service.
The Live Update Service sends the both the code and signature to live devices.
iOS framework authenticates that the code was indeed signed by Apple using their public key.
The Benefits are Clear
Developers able to use third party vendors like CloudBees Feature Management, Microsoft CodePush and others to fix production issues in real time.
Apple or the developer can revoke the “Live Update Service Certificate” at any time.
Apple can examine and analyze all JS code that is pushed (just as in the full app version approval process) and reject it if needed.
The entire flow is automatic and fast - after all, if it wasn’t, it would defeat the purpose!
We are realistic. We don’t expect you to implement a solution like this immediately. However, we do urge you to consider the benefits of this approach. We at CloudBees Feature Management are committed to partnering with you and with developers to deliver a safe, bug free experience to all. Thank you! Eyal Keren Co-founder and CTO of CloudBees Feature Management.io