Archive for March 5, 2020

Thursday, March 5, 2020

iCloud and iMessage Experiencing Performance Issues

Benjamin Mayo:

Apple is reporting that some cloud services including iMessage, iCloud Photos and iCloud Drive are currently experiencing technical difficulties.

Even when the status page is green, I receive iMessages out of order and with incorrect timestamps.

New App Store Guidelines for Push Notifications and More

Juli Clover:

Apple today informed developers that it has released updated App Store Review Guidelines, with changes that cover reviews, spam, push notifications, Sign in with Apple, data collection and storage, mobile device management, and more.

Here’s a diff.


4.5.4 Push Notifications must not be required for the app to function, and should not be used to send sensitive personal or confidential information. Push Notifications should not be used for promotions or direct marketing purposes unless customers have explicitly opted in to receive them via consent language displayed in your app’s UI, and you provide a method in your app for a user to opt out from receiving such messages. Abuse of these services may result in revocation of your privileges.

Previously, apps were not allowed to send these types of push notifications at all, although Apple’s own apps sent marketing notifications, and it rarely enforced this for third-party apps. Some people are interpreting this relaxing of the rules as a sign that Apple is getting more serious about enforcement.

Curtis Herbert:

A) yay no more “no marketing pushes!? but apple does it!” hot takes

Will Apple’s apps let you opt out, as third-part apps are required to?

Guilherme Rambo:

Having each developer implement their own notification categorization system is a huge waste of resources.

Paul Haddad:

Now that Apple has a policy for marketing push messages they should also add a global toggle for them.

Nick Heer:

The rules are ambiguous about whether users must be able to opt out of push notification ads without entirely disabling notifications for an app.


Notably, there is also no requirement that push notification ads be a promotion for the app or its features. It seems perfectly legal under these rules for unscrupulous developers to sell push notification ad slots to third parties. Gross.

Kyle Howells:

Apple changing the rules to officially accept defeat on a rule they’ve never actually enforced.


Apple is officially an advertising company. They allow marketing spam so they can receive a cut of sales.


5.1.1 (ix) Apps that provide services in highly-regulated fields (such as banking and financial services, healthcare, and air travel) or that require sensitive user information should be submitted by a legal entity that provides the services, and not by an individual developer.

So no financial apps that can download your lists of transactions?

Apple (emphasis added):

3.1.3 (b) Multiplatform Services: Apps that operate across multiple platforms may allow users to access content, subscriptions, or features they have acquired in your app on other platforms or your web site, including consumable items in multiplatform games, provided those items are also available as in-app purchases within the app. You must not directly or indirectly target iOS users to use a purchasing method other than in-app purchase, and your general communications about other purchasing methods must not discourage use of in-app purchase.

Is the Mac another platform? Does this mean you can activate an iOS app with the serial number for a Mac app?

Max Seelemann:

That last one bit is very interesting, as it makes is extra clear now that selling subscriptions outside the App Store for App Store apps is A-okay.


1.4.4 Apps used to commit or attempt to commit crimes of any kind by helping users evade law enforcement will be rejected. Apps may only display DUI checkpoints that are published by law enforcement agencies, and should never encourage drunk driving or other reckless behavior such as excessive speed.

Damien Petrilli:

Everybody ask Apple to stand for freedom, and instead, Apple double down on rules to help dictatorships. This is clearly targeting the Hong Kong protesters App.

Oddly, the current version on Apple’s site seems to have reverted to the old wording:

1.4.4 Apps may only display DUI checkpoints that are published by law enforcement agencies, and should never encourage drunk driving or other reckless behavior such as excessive speed.

I like this version better, as virtually any app could be used to help commit a crime, e.g. even a basic to-do or messaging app. HKmap Live also had non-criminal uses. Apps shouldn’t be penalized for the ways customers choose to use them.

And there’s a whole new section:

5.6.1 App Store Reviews

App Store customer reviews can be an integral part of the app experience, so you should treat customers with respect when responding to their comments. Keep your responses targeted to the user’s comments and do not include personal information, spam, or marketing in your response.

Use the provided API to prompt users to review your app; this functionality allows customers to provide an App Store rating and review without the inconvenience of leaving your app, and we will disallow custom review prompts.

This seems reasonable.


Update (2020-03-06): Juli Clover:

Apple is rejecting apps that are related to the COVID-19 coronavirus that aren’t provided by health organizations or government institutions, according to CNBC.

Four independent developers that spoke to CNBC said that their coronavirus apps, which were designed to let people see stats about which countries have confirmed cases, had been rejected.

One developer was told over the phone by an Apple employee that anything related to the coronavirus needs to be released by an official health organization or government, while another received a notice that “apps with information about current medical information need to be submitted by a recognized institution.”

I don’t think Apple should be in the business of deciding which apps have good health information. Some of the ones that were rejected undoubtedly did. Meanwhile, various world health and governmental organizations, as well as general news sources and forums, have in some cases spread misinformationyet those apps remain welcome in the store.

Benjamin Mayo:

Apple seems to be doing a decent job rejecting health advice apps not published by official institutions, but there is deffo keyword spam going on. Plenty of random games show up when you search for “coronavirus”.

See also: Hacker News.

Update (2020-03-27): See also: App Store Review Guidelines History.

Rewriting Facebook Messenger


To make the Messenger iOS app faster, smaller, and simpler, we rebuilt the architecture and rewrote the entire codebase, which is an incredibly rare undertaking and involved engineers from across the company.

Compared with the previous iOS version, this new Messenger is twice as fast to start and is one-fourth the size. We reduced core Messenger code by 84 percent, from more than 1.7M lines to 360,000.

We accomplished this by using the native OS wherever possible, reusing the UI with dynamic templates powered by SQLite, using SQLite as a universal system, and building a server broker to operate as a universal gateway between Messenger and its server features.


Historically, coordinating data sharing across features required the development of custom, complex in-memory data caching and transaction subsystems. Transferring this logic between the database and the UI slowed down the app. We decided to forgo that in favor of simply using SQLite and letting it handle concurrency, caching, and transactions. Now, rather than supporting one system to update which friends are active now, another to update changes in profile pictures in your contact list, and another to retrieve the messages you receive, requests for data from the database are self-contained. All the caching, filtering, transactions, and queries are all done in SQLite. The UI merely reflects the tables in the database.

This keeps the logic simple and functional, and it limits the impact on the rest of the app. But we went even further. We developed a single integrated schema for all features. We extended SQLite with the capability of stored procedures, allowing Messenger feature developers to write portable, database-oriented business logic, and finally, we built a platform (MSYS) to orchestrate all access to the database, including queued changes, deferred or retriable tasks, and for data sync support.

Dan Abramov:

Many readers focused on the app being native. That shouldn’t be a surprise. The app was fully native before the rewrite, too! So it’s a native app — and rewritten to a native app. Turns out, squeezing out the last bits of performance is about more than “being 100% native”!

Was this a rewrite from RN? No, Messenger didn’t use React Native at the time it was rewritten.

Again, this is a native app rewritten to a native app. The big change is dropping all of the xplat shared FB infrastructure code (not RN) in favour of a lean core in plain C.


But the whole point is that “native” doesn’t guarantee “fast”. The old app was native, AND it was slow. The difference is in how they solved their requirements in a creative way. For example, they don’t write “native views” like everyone else to save size — UI is driven by DB!

Facebook’s investment in React Native is as high as ever. The main app has 750+ React Native screens, and it’s used for several standalone apps. It’s not the right tradeoff for Messenger, but this ethos (e.g. lean use of C) inspires a lot of the ongoing React Native work.


Project Sandcastle: Android for the iPhone

Corellium (tweet):

The iPhone restricts users to operate inside a sandbox. But when you buy an iPhone, you own the iPhone hardware. Android for the iPhone gives you the freedom to run a different operating system on that hardware.

Android for the iPhone has many exciting practical applications, from forensics research to dual-booting ephemeral devices to combatting e-waste.

The source is here.


By leveraging our virtual devices, along with our deep knowledge of both the Android OS and the iPhone hardware, we were able to rapidly iterate to bring Android to life.


Unfortunately, Android developers enshrined the 4kB page size in the build system, breaking AArch64 convention; third-party applications containing binary libraries built for these small pages will not be able to start on our Android port and will need to be rebuilt. It’s not intrinsically hard - one or two command-line options - but it can’t be done if all you have is an APK.

Less limiting is the lack of 32-bit code support on our platform. While Android these days requires support for pure 64-bit systems from application developers, the system itself still has moldy chunks of 32-bit only code in unexpected places.

Update (2020-03-06): Isaiah Carew:

this is kind of mind blowing -- running Android on iOS.

i’d prefer the opposite. i’d like to be able to run iOS on generic hardware.

Hiding Easter Eggs in Maps

Zoey Poll (via Paul Kafasis, Hacker News):

Watching a single place evolve over time reveals small histories and granular inconsistencies. Train stations and airports are built, a gunpowder factory disappears for the length of the Cold War. But on certain maps, in Switzerland’s more remote regions, there is also, curiously, a spider, a man’s face, a naked woman, a hiker, a fish, and a marmot. These barely-perceptible apparitions aren’t mistakes, but rather illustrations hidden by the official cartographers at Swisstopo in defiance of their mandate “to reconstitute reality.” Maps published by Swisstopo undergo a rigorous proofreading process, so to find an illicit drawing means that the cartographer has outsmarted his colleagues.


Errors—both accidental and deliberate—are not uncommon in maps (17th-century California as an island, the omission of Seattle in a 1960s AAA map). Military censors have long transformed nuclear bunkers into nondescript warehouses and routinely pixelate satellite images of sensitive sites. Many maps also contain intentional errors to trap would-be copyright violators. The work of recording reality is particularly vulnerable to plagiarism: if a cartographer is suspected of copying another’s work, he can simply claim to be duplicating the real world— ideally, the two should be the same. Mapmakers often rely on fictitious streets, typically no longer than a block, to differentiate their accounts of the truth (Oxygen Street in Edinburgh, for example).


Mac Programming in 2020

In the post-show for ATP 366, John Siracusa discusses adding a bit of interface polish to his SwitchGlass app. What seems like a simple enhancement takes him down a trail of API bugs and limitations, documentation problems, edge cases, heuristics, race conditions, security prompts, and sandboxing.