Archive for November 21, 2017

Tuesday, November 21, 2017

iOS Background Transfer

Agnes Vasarhelyi (tweet):

Memory consumption is not the only factor when iOS is judging your app. What also counts is the time your app spends executing in the background and the number of times it wants to be woken up. Keep these in mind when implementing background transfer, because you will want to be a good citizen. iOS ranking your app down means delays in your background execution window, and as mentioned, sometimes might lead to termination.


To find out when your tasks did complete when your app was terminated while doing background transfer, you can implement that one function on the AppDelegate for handling the results of those sessions. The tricky part here, is that it provides a completion handler that’s very important for you to call it as soon as possible. Remember, iOS judges you if you spend too much time executing code in the background. This is how it measures it.


How does iOS punish you? One way is by not waking you up in the background to receive silent push notifications.

Silent pushes are the only way to wake up your app from your server, indicating there’s work to do, such as download data.

Something seems to have changed in iOS 11, as OmniFocus now rarely syncs in the background for me.

The biggest surprise of this journey was when authentication between our app and our server broke the minute we switched to background sessions. It stopped working in both the foreground and the background.

According to Apple, client authentication doesn’t work with background sessions. Don’t even try.


But even after re-engineering for only what works, we learned that iOS will still punish you for some approaches that are fully supported. Any server-trust authentication is unwise.

Please make sure to read Quinn the eskimo’s responses to Alexis near the bottom of the dev forum thread carefully, if you want to understand why Apple doesn’t encourage this kind of authentication method when implementing background sessions.

Google Collects Android Users’ Locations Even When Location Services Are Disabled

Keith Collins:

Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers—even when location services are disabled—and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals’ locations and their movements that go far beyond a reasonable consumer expectation of privacy.


The cell tower addresses have been included in information sent to the system Google uses to manage push notifications and messages on Android phones for the past 11 months, according to a Google spokesperson. They were never used or stored, the spokesperson said, and the company is now taking steps to end the practice after being contacted by Quartz. By the end of November, the company said, Android phones will no longer send cell-tower location data to Google, at least as part of this particular service, which consumers cannot disable.

Via Michael Rockwell:

But if no one noticed, how much longer would this have gone on?

Update (2017-11-27): John Gruber (tweet):

If they were “never used or stored”, why did they start collecting them in the first place?

Skype Removed From Chinese App Stores

Paul Mozurnov (Hacker News, MacRumors):

“We have been notified by the Ministry of Public Security that a number of voice over internet protocol apps do not comply with local law. Therefore these apps have been removed from the app store in China,” an Apple spokeswoman said Tuesday in an emailed statement responding to questions about Skype’s disappearance from the app store.


A Microsoft spokesman said Skype had been “temporarily removed” from Apple’s store and that the company was “working to reinstate the app as soon as possible.” But the spokesman did not address Skype’s absence from a variety of major third-party Android app stores. Because Google’s services are largely blocked in China, Android users revert to alternate stores for downloads, and Skype’s main app was not available on popular ones run by Chinese tech giants like Huawei and Xiaomi.


This sort of thing represents one of the true dangers of single-source App Stores on general purpose computers with no side-loading fallback, and is why we should be proactively working to make it illegal. It’s not that Apple is malicious per se, or even that they’re particularly slow at reviews or whatever (though that has been the case at times too), but the mere fact that they represent a single, easy to pressure choke point. Apple themselves have reacted to this appropriately when it comes to the hardware by removing more and more of their own ability to affect it once it’s been sold and giving that power to the owners instead. That’s not just a positive for owners’ privacy and security (and in turn a selling point), it also reduces Apple’s exposure and liability. If they don’t hold a given set of data or power in the first place, then nobody can go after them for it.

Unfortunately on the software side they have not sought any of the better tradeoffs available between security and vetting vs owner power and decentralization, and in turn find themselves in the crosshairs for every single app. Not even just from governments though they’re most coercive, but from any public cultural/religious interest group at all. Since Apple has to approve everything, Apple is also seen (correctly) as directly responsible for everything on the App Store. The result has been exactly as you’d expect: they’re more conservative on average about what sort of content they’ll allow, not merely about objective issues like security.

Previously: Apple Pulls VPN Apps From China App Store, Apple Removes New York Times Apps From Chinese App Store.

The Whole Pantry

Mitchel Broussard:

After facing a wave of controversy in March over reports of false claims made towards her cancer diagnosis, Australian indie developer Belle Gibson this week spoke out, admitting that “none of it’s true” in regards to her ever having cancer (via

Last month, when $300,000 of her app sales failed to find its promised home at certain charities, the legitimacy of her cancer claims began to be questioned. Gibson is the founder of The Whole Pantry, a healthy lifestyle and diet app that focuses on naturally-occurring ingredients and solutions to complicated recipes.

Matt Novak (via John Gordon):

When the Apple Watch launched in 2015, Belle Gibson was touted by Apple as a star. Not only had Gibson supposedly cured her own cancer through healthy eating, she now had an app for both the iPhone and Apple Watch that could help others do the same. But now that her own cancer and “cure” have been exposed as fake, people are asking what responsibility Apple had to the public.


When the press started asking hard questions and raising doubts about her astonishing claims in April of 2015, Apple’s internal emails about their star app developer show that the company was ready to stand by Gibson.


This is the second-worst instance of Apple falling for “natural cancer cure” quackery.

MailChimp Switches to Single Opt-In

Graham Cluley (via Hacker News):

The only saving grace is that the better-managed newsletters ask you to confirm that you really really want to receive emails from them. They do this by sending a single email - normally with a clickable confirmation link - to the email address entered on their subscription form.

If you don’t respond to the confirmation email, you don’t get any follow-up emails. That’s how things are supposed to work. And it’s called double opt-in.

Per Axbom:

Yesterday, out of the blue and without explanation, users of the service received an e-mail saying Mailchimp will in seven days change a default behavior affecting how people subscribe. They have previously described the current behavior as a safeguard against malicious spambots and scammers. By their own account the new default behavior will contribute to reducing list engagement, reducing clicks and increasing unsubscribes.


Not only will Mailchimp change default behavior, they will also make this change to all existing lists without any intervention by the list owners. Read that again. They are automatically removing safeguards from all lists without my consent.


We know that some of you are curious about why we’re moving to single opt-in as a default, after having been double opt-in by default for so long.


Rather, as the majority of companies have moved to single opt-in, recipients have become re-educated on how email marketing confirmation works. Today, most people don’t expect or look for a double opt-in confirmation message when they subscribe to a newsletter.

Indeed, we’ve seen double-opt in rates within MailChimp slip to 39%. This means 61% of people start but do not finish the double opt-in process.


So while we’ll continue to support double opt-in, we’re shifting the behavior of native forms in MailChimp to default to single opt-in. We’re making this change now because we have stronger, more intelligent data-backed systems in place to prevent spam for all of our hosted forms—double and single opt-in—so we don’t expect this to impact deliverability.

For what it’s worth, nearly all the newsletters I subscribe to still use double opt-in.