What App Stores allow with OTA updates: Apple and Google policy explained

Over-the-air (OTA) updates provide a solution for deploying critical fixes directly to users' devices without waiting for app store reviews, leveraging tools such as Expo EAS Update, CodePush, and Shorebird. These updates operate within the boundaries set by Apple and Google, which differ across platforms, with Apple focusing on not altering the app's core purpose or security features and Google allowing interpreted code like JavaScript to bypass direct native code modifications. While Apple's guidelines, particularly Section 3.3(b) of the Developer Program License Agreement, permit OTA updates if they don't transform the app or compromise security, Google's policy explicitly permits JavaScript running in a virtual machine, provided that the app's main functionality and security measures are not compromised. React Native apps, which separate the JavaScript bundle from the native binary, are typically compliant with these guidelines, as long as they adhere to certain conditions such as not introducing new features or altering the app’s primary purpose on iOS, while being more flexible on Android. App developers are advised to conduct checks on native code, functional scope, payments, policy compliance, and rollback strategies before each OTA release to ensure compliance with store policies, and to periodically review these policies for any updates.