assdass (via Ben Sandofsky, Hacker News):
Just got this message for a few of my apps that are live in the app store (and have been for years).
"Your app, extension, and/or linked framework appears to contain code designed explicitly with the capability to change your app’s behavior or functionality after App Review approval, which is not in compliance with section 3.3.2 of the Apple Developer Program License Agreement and App Store Review Guideline 2.5.2. This code, combined with a remote resource, can facilitate significant changes to your app’s behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes.
This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.
Chance Miller:
Apple today has started informing developers that use “hot code push” SDKs that it will soon start rejecting their applications.
[…]
While Apple has yet to publicly comment on the change, the email sent to affected developers seems to imply that services like Rollout.io are the cause.
[…]
It really shouldn’t come as too big of a surprise that Apple is starting to crack down on these type of SDKs. Seeing that they allow changes to be made to an app after App Store review, it’s really a miracle that they have lasted so long in Apple’s generally rather restricted ecosystem. Whether or not this is a good policy on Apple’s part, though, is up for debate.
Rollout:
How can Rollout allow you to push code-level updates to live iOS apps and be fully compliant with Apple’s guidelines? Glad you asked.
[…]
Apple’s guidelines explicitly permit you to push executable code directly to your app, bypassing the App Store, under these two conditions:
- The code is run by Apple’s built-in WebKit framework or JavascriptCore
- The code does not provide, unlock or enable additional features or functionality
[…]
Rollout isn’t intended to push new features or functionality. It is meant to tweak or fix them, avoiding the minor releases needed to fix bugs, add logging or tracking, update messages, force users to upgrade, etc.
Nick Lockwood:
Many tweets about Apple rejecting apps using Rollout.io have mentioned React Native, but AFAICT, RN isn’t affected
I can see why people would jump to the conclusion that these rejections are about apps bypassing review, but that may not be the case.
It may be that Apple is more concerned about MITM attacks being used to hijack apps, or dynamic selectors being used to call private APIs.
Jeff Johnson:
App review should just say “We don’t allow Rollout” instead of scaring the shit out of everyone with respondsToSelector and performSelector.
Mike Ash:
The machine doesn’t know or care what’s public and what’s private. There’s no security boundary between the two. Private APIs do nothing that a third-party developer couldn’t do in their own code, if they knew how to write it. The only way Apple can check for private API usage is to have a big list of all the private APIs in their libraries and scan the app looking for calls to them. This is fundamentally impossible to do with certainty, because there’s an unlimited number of ways to obfuscate such calls.
Functionality that needs to be restricted due to privacy or security concerns has to be implemented in a completely separate process with requests from apps being made over some IPC mechanism. This is the only way to reliably gate access.
Apple’s prohibition against using private APIs is like an “employees only” sign on an unlocked door in a store. It serves a purpose, but that purpose is to help keep well-meaning but clueless customers away from an area where they might get confused, or lost, or hurt. It won’t do anything for your store’s security.
Update (2017-03-09): Rollout:
While Apple has not modified its guidelines, it appears that these guidelines are now being interpreted in a more narrow way. We are disappointed that Apple has made this change before we have had an opportunity to address any concerns. We have already reached out to Apple to discuss and are committed to adjusting our offering as needed to remain in compliance under the more narrow interpretation of the guidelines.
Update (2017-03-10): See also: Dave Verwer.
Update (2017-05-19): See also: Peter Steinberger, Colin Cornaby.
App Store App Store Rejection Developer Tool iOS iOS 10 Private API Rollout Security
Ray Holley (via Dori Smith):
Indeed, [Tom] Negrino walked with a bit of a sway, but he went everywhere vigorously and purposefully. He was the author of 48 books, focusing on Macintosh computers and software. He wrote on his website, “I’ve been writing about Macs, other computers and software since dinosaurs ruled the earth. OK, it’s actually been since 1987.”
Negrino was a contributing editor for Macworld Magazine and a leading figure in the Macintosh movement in Southern California, where he met Smith.
Thank you for decades of good writing. Thank you for recommending my software. Best wishes for whatever comes next.
Update (2017-03-08): Negrino’s own announcement from May 2016.
Update (2017-03-09): See also: John Gruber, Kirk McElhearn, Jason Snell.
Update (2017-03-11): See also: Adam C. Engst (tweet).
Update (2017-03-12): See also: Andy Ihnatko.
Update (2017-03-14): See also: John Moltz.
Update (2017-03-15): See also: Jeff Carlson and Dori Smith.
Update (2017-03-16): See also: Jean MacDonald.
Death Mac Rest in Peace
Stephen Hackett:
I’m glad to see lodging covered as part of the scholarship. Most of the time, the WWDC ticket itself is not the most expensive thing about the trip.
Bravo. When I attended WWDC on a student scholarship (in 2002, coincidentally the last year in San Jose), lodging was not included. However, Apple did book an inexpensive hotel, within walking distance, and arrange roommates. With triple occupancy, the lodging ended up being only about $250 per person for the whole week. Most of the food was included, so the main costs were airfare and ground transportation from/to SJC (not far).
Apple iOS Mac WWDC
Ever since updating to macOS 10.12.2, my MacBook Pro has had horrible problems with Bluetooth. Multiple times per day, the keyboard disconnects. Sometimes it reconnects automatically a few seconds later. Sometimes it reconnects only after I power cycle it or toggle Bluetooth. Sometimes to get it to reconnect I have to reset the Mac’s Bluetooth module by holding down the Option and Shift keys (on the internal keyboard, natch) to access the Debug submenu of the Bluetooth menu bar icon. And sometimes all that fails and I have to reboot the Mac.
At first I thought this was due to a hardware problem with my original aluminum Apple keyboard. I had been able to extend its life by making better connections to the batteries, but power problems with this model seem to be common, and eventually something inside of it breaks.
Liking the keyboard’s feel, but tired of dealing with the AA batteries, I replaced it with a Magic Keyboard (Amazon). I ended up liking the Magic Keyboard slightly less, as it’s flatter, it’s harder to feel the edges of the keys, and the left-right arrow keys are harder to find because they aren’t half-size.
More importantly, the Magic Keyboard also would disconnect all the time. Sometimes it would reconnect and think that a key was stuck down. I’d see the same letter repeat for several lines, or see several lines of text delete one character at a time. Still suspecting a hardware problem, I reported these problems to Apple Care. After ruling out Wi-Fi as a cause and also reproducing the problem on a second Mac, I got them to send me a replacement Magic Keyboard. It exhibited the exact same problems. Curiously, the Magic Keyboard also did not work reliably when directly connected via Lightning. I had thought that when used with a cable it would act like a regular USB keyboard, but apparently the cable only provides charging and Bluetooth pairing assistance.
Thinking/hoping that the problem was with Apple’s keyboards, I then bought a Logitech K811 (Amazon), which I’d heard good things about. Indeed, it’s a great keyboard. It’s like an improved version of the Apple aluminum keyboard that I liked so much. It can pair with three different devices at once and quickly switch between them. It’s still low-profile, but the keys have slightly more travel than Apple’s, they’re slightly clickier, and there are larger spaces between them, so it’s easier to feel their edges. It has the T-shaped arrow key layout, and you also get an extra function key: F13. One downside is that some of the hardware functions (like brightness) are assigned to different F numbers than on the internal keyboard, and I have had a hard time getting used to this.
There are also a bunch of software issues compared with the Apple keyboard. The OS doesn’t know the keyboard’s battery level. You need to install a kernel extension to make the media keys behave as standard function keys. Both the menu bar and flashing bezel indicators for Caps Lock get out of sync with the actual state of the key. It keeps forgetting the level I’ve set for the keyboard backlight. LaunchBar and Dictation can’t detect taps of the fn key.
And the Enter key doesn’t work. You’re supposed to be able to type Enter by pressing fn-Return, but (unlike with Apple’s keyboard) this just generates a Return. Logitech support first blamed this on a defective keyboard and sent me a replacement that had the same problem (as did another, older, Logitech keyboard that I tried). They then blamed a recent OS update, but I reproduced the problem on 10.10. It’s possible to use Karabiner Elements to program another key to act as Enter, but that didn’t seem worth the extra software to me. Instead, I opted to use the alternate keyboard shortcuts—unfortunately not consistent—in the apps where I used Enter: Control-Return to execute a BBEdit shell worksheet command, Command-Return to send a tweet in Tweetbot, Command-Return to submit an event edit in Fantastical, and Command-K to compile an AppleScript in Script Debugger.
The main problem, though, is that the K811 is subject to the same disconnection issues as Apple’s keyboard, although it seems to be slightly better at auto-reconnecting and does not repeat keys. I’m now convinced that the Bluetooth keyboard problems, which others have also noticed, are due to an OS bug. And it’s not limited to keyboards: when I tested a Microsoft Bluetooth mouse, it also kept disconnecting. Fortunately, my wireless mouse does not rely on Bluetooth.
The keyboard disconnections have gotten so frequent that I pulled my Apple aluminum USB keyboard out of storage. It works reliably, but I miss the narrower layout of the newer keyboards (which keep my mouse more centered), I keep forgetting that the corner key is Control rather than fn, and I miss the dual-purpose function keys that fn enables.
Update (2017-03-08): Addison Webb:
I’m having the exact same issues with my Late 2015 iMac. It’s super annoying and I also solved the problem with my Apple USB keyboard.
Jordan Merrick:
I have two Logitech BT keyboards, K780 and K380. Both completely unusable with Sierra, yet worked flawlessly with El Cap.
I was able to get the Magic Keyboard to work in wired mode by connecting it via Lightning and then unpairing it in the Bluetooth pane in System Preferences. I expect this to be more reliable, though it keeps auto re-pairing even before I reboot. I don’t want to turn Bluetooth off entirely because I use it for my AirPods and Universal Clipboard.
Nick Heer:
Sierra also introduced a couple of serious bugs with the way keyboards and trackpads are interpreted. I occasionally notice keypresses getting “stuck”, and my cursor sometimes lags when it is moved. Both of these bugs have been destructive for me: I have, more than once, deleted the wrong file, and have selected the wrong action in several applications.
Paul Ward:
Same problem with an MX Master & K780. My MBP lives on a swing arm, & the problem is reduced when I move it away from the desk.
Update (2017-03-17): Dan Frakes recommends FunctionFlip, which uses the accessibility APIs to invert the behavior of the function keys so that a kernel extension is not needed.
Update (2017-10-02): Marco Arment is also seeing Bluetooth disconnections with Sierra.
Apple Software Quality Bluetooth Bug Kernel Extensions Keyboard Logitech Mac macOS 10.12 Sierra Magic Keyboard