> When analyzing the code of one of the apps that received an Apple update, MacRumors could not find what had changed.
Unfortunately, it's put so vaguely, it could either mean the diff showed no code changes - or they were unable to compute a diff, for whatever reason.
If it's the former, that would be a strong indication for certificate issues, I think.
⇒ I think that’s unlikely. If some optimization got broken that produces results that bad that it has to be fixed, users would have noticed in those apps that “have not been updated in some time”.
Then again I found no source for that - and some certificate rollover seems more likely.
And this is part of the agreement between an app developer and Apple; for a long time now, a developer doesn't upload a full compiled app to Apple, but a package containing partially compiled (itermediary language) code and assets for many different platforms and resolutions, leaving it up to Apple to do the final assembly based on what device it downloads. This allows them to (re)compile for newer hardware, 32 vs 64 bit CPUs, save bandwidth and storage space by only having the device download the assets for its device (and for e.g. games the assets for the level they are playing at that time), etc.
So again, what trust model are you thinking of? Apple is a trusted party when it comes to this, I'd even argue they're more trustworthy than the app developers themselves.
By the looks of the app list, they seem to be apps and games that used to be popular and have fallen in disrepair and apps that are starved of maintenance attention.
On the one hand it could be an exceptionally good example of "stewardship"; on the other hand, if this is true, what if authorities could later compel Apple to manipulate applications in some malign manner?
I think this is simply updating some api call which no longer works properly, coupled with the terrible "changelogs" that are the norm on the app store. Someone down thread mentioned certificate rollover.
A sensible changelog would be "update expired certificate", or "fix integration with ios 26.2", or "patch security issue"
An actual changelog would be "we're bringing you ever more great new improvements"
Here's the latest Audible one:
> At Audible, we're always making updates and improvements to make your listening experience better.
> If you're experiencing issues, please reach out to customer services. For feedback or suggestions contact us at audible.co.uk/help
This is the same every time, because these changelogs are meaningless.
That is, I'm calling you out for fearmongering, for a possible what-if, but given how popular VLC is you'd think it would've happened / is actively happening already. And there is no evidence for that.
I don't believe an iOS distribution specific certificate falls under the license you're referring to, but I'm no expert on these matters.
swizz89•2d ago
Cthulhu_•21h ago