Yesterday it was announced that Rogue Amoeba’s iOS audio streaming app, Airfoil Speakers Touch, had been removed from the App Store. Similarly another AirPlay emulator, AirFloat, was pulled. As always when Apple makes these unilateral moves there was a commotion amongst App Store developers. The prospect of having your livelihood suddenly disappear is disconcerting to say the least.
As much as I tried to get my dander up about this particular case I found that I couldn’t get upset. The mechanics of how Apple goes about these things could use a lot of improvement but the reasons behind this rejection seem sound. As things have shaken out and more details have come to light Apple’s motivation in this has become clear.
In order for these apps to simulate an AirPlay receiver they must reverse-engineer the AirPlay protocol. The protocol (outlined here) is cryptographically secured to prevent anyone other than Apple or its approved vendors from using it. Last year James Laird hacked out Apple’s private key from an old Airport Express and published it.
As best I understand the technical details of this, in order for any of these apps to operate they must then make use of this private key to impersonate an Airport Express. It seems entirely reasonable that Apple would not condone the use of their hacked private key in this manner, least of all in an App Store app.
Using a reverse-engineered, proprietary protocol that was also cryptographically protected by Apple was clearly going to raise red flags.
I think the discussion around the use of private vs public APIs is a distraction from the core issue. Apple’s rejection apparently used the broad and hand-waving reason of using documented APIs in a manner not prescribed by Apple. That is the one place where I think Apple is in the wrong. I wish they would have more transparency and clarity in such matters. Much of the controversy is rooted in the opaqueness of their process.
While I don’t know all the details around the internals of Rogue Amoeba I am friends with a couple of their employees and know them to be engineers of the highest calibre. I imagine they knew by adding this feature they were taking a calculated risk with the app’s future. It appears they were able to get by review initially but once someone at Apple worked out what was happening under the covers it is hard to imagine a scenario where Apple would let this slide.