There has been a big fuss around React Native (RN) apps compliance with App Store review guidelines for a while now. The big question is: Is Apple supposed to ban React Native and remove apps built with it from its store? We dove deeper into the subject to find out what is going on. Here’s the essence of this debate.
The confusion started from recent rejections of some RN-based application reviews. It became food for thought for some people and so the idea of Apple rejecting RN apps naturally emerged. A multi-threaded discussion was happening on Github about possible causes of such behavior. It was suspected that Apple is restricting the possibility of downloading and executing external JavaScript code (which is possible using RN) as it can change an application’s behavior after Apple review.
So what was the reason behind all those app rejections?
First of all, we have to remember that RN apps are all based on JavaScript and work in JavaScriptCore (JavaScript engine without a browser). It means that they use the underlying native interface in order to render views and to access native iOS features like a camera or disk space.
Some time ago, Apple changed the way they interpret their policy in respect to dynamically loaded Swift/Objective-C code. They recently started to obey the rules they provide in their guidelines which don’t allow for the execution of dynamically loaded native code. It is considered unsafe and may change the behavior of the app after Apple’s review. This led to banning a popular Swift library - Rollout.io which was using this mechanism to deploy updates and patches to native apps.
Going further, some libraries for React Native were also considered “insecure", because they were able to download and execute code from external sources. For example, some people suspect that CodePush and OneSignal may be no longer compliant with the Apple’s guidelines. At the same time, many apps using them managed to go through the review process.
On the other hand, it is clearly stated that there is an exception for applications that are running the downloaded scripts in the built-in Webkit framework or JavaScriptCore, as long as it doesn’t change the primary purpose of the application. And this is actually the case of React Native apps.
There’s no reason to panic if your application uses React Native. There are no circumstances under which Apple would withdraw consent for RN apps, as they would also have to ban other web-mobile frameworks like Ionic, as well as standard Internet browsers, as they all fall into the same category.
React Native is used by companies like Uber, Facebook, Instagram, and Airbnb. Removing those apps from App Store… That would be a struggle!
There’s no official statement from Apple about this case.
UPDATE (04.04.17):
The root cause of the app rejection that caused the biggest fuss has been identified:
Finally, We found out the root cause of the problem. It is not rejected because of the React Native or CodePush. We had our Manufacturer's SDK in our iOS App. They were using Amap ( Alibaba Map ) which was using the JSPatch. Since everything was in the compiled code, We were not able to figure out.
This means that people using services like CodePush don’t have a reason to worry about. Only libraries that are dynamically updating native code (as JSPatch and Rollout do) were the cause of Apple review rejections.
You can read more about this case on GitHub: