Unity issuing fix for App Store security flaw

Unity issuing fix for App Store security flaw

By Rob Crossley

November 16th 2009 at 12:48PM

Company co-founder and CEO issues response on Develop news story comments section

The CEO at Unity Technologies has announced the group is issuing a fix to iPhone game developers hit by an unexpected publishing ban from Apple.

Last week Apple began refusing to publish a number of iPhone games on the App Store due to security scares regarding API calls. It emerged that those prohibited games were developed using the highly popular Unity platform.

Unity’s chief executive David Helgason, upon reading the news on Develop, posted a response in the comments section.

“When [publishing ban] problem emerged we spent day and night working on a fix,” he said, “which is now being sent to iPhone developers who could be hit by this.

“The whole thing only took days and only a good handful of apps will be delayed because of this (another 350 or more are still happily live in the App Store).”

Games that can make API calls on the iPhone can potentially extract user data – a security issue which Apple is outright refusing to ignore.

iPhone developer Storm8 was recently accused of illegally harvesting phone numbers through one of its Apps using such API calls.

As Apple discovered that the Unity engine could potentially make such API calls, it began to refuse the application of certain Unity-developed iPhone games. It is widely regarded that the Unity engine’s potential use of API calls is an innocent mistake.

Said Helgason: “No problem had ever been raised over these [API calls] (which were used in a completely harmless way of course) for over a year so we thought we were in full compliance.”

Now, due to the swift fix issued by Unity, only a handful of developers will be hit by the unfortunate error.

Developers who have been refused approval by Apple will have their game sent to the back of the queue for App Store approval.

“The API calls were coming from a piece of library we use so we didn't know,” added Helgason, “though one could argue we should have.

“All that said we are sorry about the whole thing (and those developers whose apps were delayed) but we think this story shows that we are over-the-top dedicated to make sure to support Unity and its users.”