Writing in the front

Today, I want to tell you a story, this story contains black technology, genius youth, high-powered and unfulfilled ambition regret. More importantly, it was a true story and a major experience in my life.

This winter has been especially cold for Internet people.

“It’s sad to start a tech startup after a year and a half of hard work and get kicked out by a co-founder.” “A phrase popped up in a long-dormant wechat group.

I saw a hair message of the person, remarks is “yong elder brother entrepreneurship”, my heart a tight.

Group of friends were blown out by the news, some watch, some righteously indignant, have asked to expose the unscrupulous company. I could not help but recall the story of the beginning and yong Brother.

I first met Yong Ge, zhang Yong, in the fall of 2015, when I was hanging out on a programmers’ forum when a post hit me: “I made an Android installer that runs free, ready to open source.” The post caught my interest immediately.

Mobile development was my focus area at the time, and I was curious about all the cutting-edge and fun technologies on smartphones. According to the post, his technology can launch any third party App from the main App, and I’ve never heard of such technology before.

Soon, through a friend, I connected with the post’s author, Daniel Zhang, who was then the technical lead for the Android version of 360’s mobile assistant, and I went to jiuxianqiao 360 headquarters to meet him in September.

Zhang yong’s thick face is clever, and most programmers are different, he is very talkative, talking about their development of DroidPlugin eyes with light. After talking to him for two hours, I’m convinced that this is an Android development hack.

Android Hack

Technology in China is all business driven, there is a need and then research how it can be done, and DroidPlugin was born in the same context.

In the past 14 years or so, App concepts in China and abroad have taken two completely different paths. In foreign countries, an App can do two or three things at most, but in China, an App can only fit all the functions, which is called super App.

Super apps have many benefits, but Google did not take into account the existence of super apps when designing Android. In the early version of Android, only 65536 methods are allowed in an App, and once more, an error will be reported. 65536 is huge, and just like the Y2K bug, android engineers didn’t expect apps to require that many methods.

The problem was discovered abroad by Facebook, which has a huge App, probably one of the few that can be called a superapp, and it offers a temporary solution to get around it.

Domestic developers are not satisfied with this temporary bypass method. As early as 2012, Engineer Tu Yimin of Dianping found in the process of studying Android source code that through the application of AndroidDynamicLoader method, resources and even codes can be dynamically loaded. In late 2014, Ren Yugang, then an Android engineer at Baidu, opened source dynamic-load-APk to take this approach one step further.

To Zhang Yong, he developed the dynamic agent to the extreme, so that the four components of the Android system can be dynamically loaded, so that when installing the App, you only need to install a host App or shell App, and then remotely download the App representing each function module in the host App. This school of technology has come to be known as Android plug-in technology.

Imagine that you only need to install one App on your phone. If you want to use another App, you can click download and run it, eliminating the troublesome installation process. You can even open one App with different accounts at the same time, which is the magic of plug-in.

A variant of Android plug-in is componentization technology, which is not divided into different apps, but usually developed separately for each module and packaged together when released. The integrator of this technology is Atlas componentization framework developed by mobile Taobao, which was first shared by Bokui in early 2014 and officially opened in March 2017.

Super App will also bring a problem, that is, the App updates, when App by dozens of teams, and hundreds of thousands of people development, version control and update into a very troublesome thing, especially when online version found bugs need to deal with the updated version, and numerous domestic android channels, relying on each platform update is not realistic, In order to reduce the impact of updates on users, hot update technology was invented in China.

Early hot update technology borrowed from the Android geek favorite tool Xposed, in July 2015 or so, Taobao’s white open source Android section programming framework Dexposed, it is transformed on the basis of the Xposed, so that it does not need root can arbitrarily change the application function. However, this technique only supports the Dalvik runtime, not the new ART runtime. Soon after, Alipay Android team launched AndFix, which can support ART very well, and soon became the standard hot update tool of Alibaba.

On Tencent’s side, Qzone shared its hot patch technology in 2015, which is based on Google’s MultiDex solution to solve the problem of overflow. The following year, wechat launched a better hot update framework, Tinker, which was also loved by the majority of developers.

In 2016, meituan told me that after studying the Instant Run function in Android Studio 2.0, they launched the Robust hot update framework, which became a new technical school of Android hot update.

Plug-in, component, hot update. Since 2015, mobile development technology in China has exploded. These are unique technologies in China, and numerous developers emerged during this period.

In this group, I have two people who stand out.

Gifted children

At the beginning of 2016, I started preparing for GMTC Global Mobile Technology Conference and asked Yong Zhang to recommend a lecturer, who introduced Me to Roddy. From Yongge’s description, it was clear that he approved of Roddy’s skills, but I was surprised to learn that Roddy was still a sophomore in high school.

I doubted his skill level for a while, but after exchanging emails with wechat, I dispelled my doubts. He had already open-source several Android plug-in tools, including Legend, the ART runtime Hook tool, which was at the forefront of the project at the time. In the communication, I also know that he has a deep insight into the development of plug-in technology, which makes me admire him very much.

There is no doubt that this is a gifted boy. According to his statement, he began to teach himself programming from the second grade, the third grade began to learn Java and Android development, spare time all used to learn and research Android source code, this point, even professional developers are difficult to do. His genius is not to say that he has the talent of learning and programming, but can calm down to learn the technology in ordinary people seem boring.

However, although I agree with his skills, I gave up the idea of making him a lecturer after weighing it up, because I didn’t want to encourage him. But I invited him to come to the GMTC conference, as well as an Android closed-door conference, and do a share at the closed-door conference.

On June 24, GMTC was held as scheduled. I also met Luo Di, who was very active on wechat, but in real life seemed rather dull, taking a while to speak a sentence and not very good at dealing with people.

He said that the direction of plug-in in the future is sandbox and double open, the latter is also known as “split body”, there was a period of time, all kinds of mobile phone game trumpet, micro channel split body is very hot, is to use this technology.

It is worth mentioning that the closed-door meeting that year almost included a group of people who were at the forefront of android plug-in research at that time. After the meeting, I invited them to dinner and took photos. Now I look at them, they are all memories.



(GMTC2016 Android plug-in closed-door conference photo, second from the right in the back row is Roddy)

At that time, Luo Di had been discovered by the market. After I published an interview with him, someone sent me an email asking me to introduce Luo Di to him. Zhang Yong also told me that a boss came to Beijing specifically to see him.

I haven’t heard from him since, but he did give me a taste of what happens when an industry explodes.

Bang and his JSPatch

The technologies described above are all for Android, and the differences between iOS and Android are so great that plug-ins are unlikely to be implemented. In those years, the most talked about iOS was componentization.

One thing iOS and Android need in common, however, is hot updates. Unlike Android, which has so many distribution channels, iOS needs hot updates because Apple’s approval process is slow, and audits are prone to accidents. Apple does have fast approval channels, but that’s not enough. We needed an update that would bypass Apple’s approval. Bang’s JSPatch was born.

Bang developed JSPatch while working at Baidu and later studying on wechat, which he opened as an open source.

Bang is a chaoshan native. In 2016, I invited him to attend the first GMTC Conference. In a short time of contact, I felt shy.

Bang became famous for JSPatch, and his talks at GMTC were packed out, and people came to watch him.

JSPatch is not the first iOS hot update tool. There was WaxPatch based on Lua before it, which was later maintained by Junzhan on Taobao. However, WaxPatch needs to run with a Lua to increase its size, while JSPatch is quite small. With the built-in JS engine of iOS platform, the number of lines of code is kept under 2000 for a long time. Since 2016, almost all of the domestic head apps I have read have used JSPatch, including the competing BAT giants, which is a remarkable achievement in a country that pays attention to family.

However, because of its popularity, JSPatch took the brunt of Apple’s decision to tighten its censorship policies, which almost affected the entire Chinese Internet. More on that below.

The age of flowers

In 2016, Korea’s mobile development technology reached its peak. Plug-in/hot update has become a compulsory course for senior engineers.

Zhang yong joined LetV Sports when The company was at its peak. Later, he was encouraged to start a business of PC Android simulator in the form of technical investment.

Zhang Jiongxuan et al from 360 Security Guard developed a more perfect plug-in technology called RePlugin and opened source it on GMTC in 2017.

Wechat released Tinker and Meituan released Robust.

Pu Cheng of Juhuasuan launched LuaView, another hot update tool for iOS based on Lua.

Didi, which had just received an investment from Apple and announced a merger with Uber China, recruited Sunny Sun Yuan, then a leader in iOS, and Ren Yugang, then an android player, to make a big push in mobile technology. Before long, Sunny released DynamicCocoa for iOS, which is more radical than JSPatch and already has some appearance of android plug-in. Mr Ren, who invented Dynamic-load-APK, has launched VirtualAPK, an Android plug-in, to compete with RePlugin.

QQ also launched one of the craziest iOS dynamic solutions OCS in history, they developed their own intermediate language OCScript, and developed their own VIRTUAL machine OCSVM to execute it… If you know anything about programming, you know what a crazy solution this is.

It really was a time when a hundred flowers were blooming. Almost every day I’m thrilled to be in this era and even to be a part of it.

What a lot of people don’t know is that InfoQ’s vision is to drive software technology, which is a pretty hubris to say that technology drives society and we drive technology. I took it as my professional creed. During that period, I could feel that the field I was working in was moving forward every day, and I could feel that what I did, whether it was reports and wechat communities, or offline conferences and salons, was just like pioneering, gradually promoting the extension of this field. There is no better job than this.

At that time, I found a problem, that is, these black technology only developed in China, no one to introduce it to foreign countries, the lack of communication between the domestic and foreign. So I emailed Sergio De Simone, community editor at InfoQ, to see if it was possible to do some reporting on domestic technology. Sergio is a software engineer who in his spare time writes many technical stories for InfoQ, most of them mobile.

However, Sergio’s reply made me frustrated. He thought that these technologies violate the rules of Apple and Google and are unlikely to be used abroad, so there was not much interest in the report. Once moved to recommend Zhang Yong to foreign QCon thought also extinguished.

In a closed-door meeting in June 2016, I called on everyone to promote plug-in technology on foreign websites and communities, but unfortunately no one listened to me. As far as I know, the only one who made efforts in this regard was Feng Forest from LBE, who demonstrated the magic of plug-in to foreign engineers when he participated in Google IO. The foreigner was said to be stunned. I don’t know if Google was inspired when they launched their own installation-free Instant Apps.

Looking back, I could have done more, but I had to try, even if it didn’t necessarily work.

But before I could muster the courage again, Apple’s blow came.

A letter from Apple

In March 2017, a number of iOS developers received an email warning that their apps were using dynamic methods in violation of rules, and were ordered to change within a limited time.

This email caused panic among developers, and even React Native was caught in the fire. After searching for it, it was found that the problems were mainly in two hot update tools Rollout and JSPatch, of which Rollout was mostly used abroad and JSPatch was mainly used in China.

In my analysis at the time, in the impact of the event section, I wrote:

Hot fixes or hot updates for iOS platforms are not popular in foreign countries. According to Rollout’s announcement, only hundreds of apps and millions of end users were affected.

But at home, the figure is far higher. Every iOS app architecture that has been publicly shared since last year has included hot fixes as part of its infrastructure, and it’s safe to say that most of the head apps use JSPatch or similar solutions. Thousands of Domestic apps were affected, including nearly all iOS users in China.

The longer term impact is that hot fixes are closely related to a team’s development process and pace, and many teams must modify their development processes to accommodate changes.

That’s not an exaggeration. After Apple’s warning, the tools to make iOS dynamic went underground, and research and sharing about it decreased dramatically, and even sharing of iOS technology as a whole. In another post, I wrote that an Email from Apple had locked up domestic technology like the Three-Body Problem’s Chiko. Since then, “nO one wants iOS developers anymore” has become a meme and caught on.

On Android, Google doesn’t have the same ability to intervene in domestic development as Apple does, but plug-in technology suffers from another aspect.

This dilemma is the new version of Android and various domestic magic ROM changes to the bottom. Android plugins rely on some of the underlying methods and proprietary apis that are likely to change in a new version, and if they do, the plugins will fail or even fail. The systems of the major mobile phone manufacturers in China also like to make changes to the bottom layer, and their changes are not even publicly disclosed, so the compatibility problem is the biggest challenge encountered by plug-in technology.

Android 9.0, released in 2018, even required developers not to use proprietary apis. Without these apis, Android development was put back in the cage and the number of hacking technologies available was greatly reduced, inadvertently achieving a similar effect to Apple’s warning.

reflection

After Apple’s warning, I frantically read online reports hoping for a turnaround, but the more I read, the colder my heart grew.

On Hacker News’s thread on the story, most people are in favor of Apple’s actions, citing privacy and security.

The privacy and security threat of plug-ins and hot updates is that users have no control over or know that malicious code has been secretly embedded in the App. Some plug-in solutions require that all plug-in apps have the required permissions in advance, which means developers can use it to steal users’ privacy.

Privacy and security are a no-go area in foreign countries, and the technology cannot be allowed even if there is no real harm and only a risk. In fact, Sergio told me a year ago, but I still took a chance and did not pay attention to his reply.

The problem with plugins and hot updates is that they are too powerful, double-edged swords that, from Apple’s and Google’s point of view, must be curtailed.

In fact, plugins have been used for bad things, DroidPlugin has been used by hackers, Triada and TigerEyeing virus trojans broke out in 2017.

As for hot updates, they haven’t actually caused any harm. They were just detected as a risk by a foreign security agency, and apple clamped them down. However, in China, there are signs of abuse. In the Apple alert event, some apps that do not use hot update were also warned, and it was later discovered that some third-party SDK uses JSPatch, and what these third-party developers do, even the App developers cannot control!

Therefore, from this point of view, plug-in and hot update are needed to prevent abuse. Before, I only saw the good side of these technologies, but deliberately ignored their negative effects, which violated the principle of media neutrality and the function of supervision. In retrospect, it is really immature.

On the other hand, I can’t help but feel exasperated that Apple and Google have cracked down too easily on plugins and hotfixes, and that they have never communicated with local developers or considered their particular situation.

Apple doesn’t even need to change its audit rules, it just needs to quietly adjust the interpretation of the rules: iOS security leader Zhengmi said on Weibo that the dynamic solution mentioned in the warning has been written on the audit, but it will not be rejected if it is actually used. Now they just need to strictly enforce the rules.

Domestic and foreign countries not only have different attitudes towards privacy, but also have different forms of apps. With the new demands brought by domestic super apps, why can’t Apple launch some new functions and policies for the domestic market?

I deeply understand that these mobile development technologies in China are actually castles in the sand, and the path dependence of the operating system, even a small adjustment by Apple and Google, will be enough to destroy these cool black technologies.

This experience made me eager for the emergence of an autonomous operating system in China, and made me deeply understand the importance of autonomous operating system, underlying technology and the importance of making rules. However, I also knew that making a mainstream operating system was not only a technical problem, but also a historical opportunity.

More practically, to avoid similar incidents, we need to strengthen technical exchanges at home and abroad as much as possible to avoid excessive technical differences between the two sides.

At the opening of the second GMTC in June 2017, I reminded attendees that Apple and Google have been firmly pushing Web technology. Is it really a good thing that we are moving further and further away from the rest of the world in terms of hot updates and plugins? Have we taken a detour?

However, this is already an afterthought, the decline of these “black technology” technology, has been inevitable.

To forget the memory

For me, this article is particularly difficult to write, with its abundance of memories.

For the past, the memory will inevitably beautify, and there may be some mistakes in memory. Please bear with me if you find them.

The experience was so hard on me that I lost interest in mobile technology for a while. I couldn’t get the image of a beach castle out of my head. There was always a voice in my ear saying, “It won’t work.

I made a few friends and offended a few people while working on mobile content and events, and then stopped talking to most of them…

The decline of plugins and hotupdates is truly inevitable. They have missed their historical opportunity, and new technologies have taken another dimension down, yes, small programs.

It is understood that some large apps, such as Taobao, have begun to use small programs to replace some of the original function modules, this responsibility is the category of plug-in, and the hot update of small programs compared to the original, more simple and natural. Applets can also be platforms that attract third parties, which in plugins are only prototypes of ideas from RePlugin.

The bigger change comes from changing winds in the industry. The great success of Toutiao’s “App Factory” has led people to rethink the value of the App matrix. Instead of adding functions to super apps, people are starting to develop new apps for which plug-ins have little use.

Many mobile developers switched careers, but Zhang eventually worked things out with his boss and moved on to his next job.

Bang went to Ant Financial, and he’s still hanging on. In his concluding 2018 blog post, he wrote:

In August, JSPatch was subjected to another wave of review and upgrade, and the confused scheme was invalid. Apple did make a more powerful scanning method for JSPatch and kept upgrading it. This year, when communicating with the audit team, they also said that they did not like JSPatch, and they still said that they could not change it after review, even if the security problem was solved, it would be useless. The JSPatch platform will continue to look for a solution.

Apple is still killing them all.

The plugins boom is destined to be a technological blip that, in a few years, no one will remember. Those years of passion will become The Wasted Times.



(Still from The Film The Wasted Times)

He did not get on the ship to Hong Kong until early May 1949, which was really the last train. No one knows what he’s procrastinating or waiting for, and I don’t think he knows either. It’s just subconscious procrastination. Before long, he died in Hong Kong. There were no more events worth writing about or words said before his death. He barely spoke again.

I like this paragraph very much, feel empathy, what did, what happened, at the end of everything is not worth mentioning, but I still pick up the pen, write down those in order to forget the memorial.

Read more:

Made an Android free installation run, ready to open source about www.v2ex.com/t/208960

Dexposed: Android platform Root free non-intrusive AOP framework www.infoq.cn/article/201…

Exclusive interview with DroidPlugin author Zhang Yong: Android black technology is how to become www.infoq.cn/article/201…

Exclusive interview with Roddy: The road to growth of sophomore Android bull www.infoq.cn/article/201…

JSPatch open Source experience sharing www.infoq.cn/article/jsp…

Review and analysis of Apple’s “hot fix gate” incident mp.weixin.qq.com/s?__biz=MzU…

Apple starts rejecting apps with “hot code push” the features news.ycombinator.com/item?id=138…