Archive for May 11, 2020

Monday, May 11, 2020

Apple Books for Authors

Michael Potuck:

The new Apple Books for Authors website is live now. Here’s how Apple describes it:

Apple Books for Authors guides you through every step of your journey as an author, from structuring your story to packaging your digital book and selling it on our store. Even established authors will find valuable resources on how to grow sales and track performance.

The comprehensive guide walks authors through using Pages and iBooks Author apps as well as other popular options like Microsoft Word and Scrivener for the writing process. But there’s much more than that as Apple takes writers through preparing, publishing, audiobooks, marketing, and sales and reporting.


RSS Readers Rejected From the App Store

Brent Simmons (tweet):

NetNewsWire 5.0.1 for iOS is delayed due to an apparently new, or newly-enforced, issue: if an RSS reader includes default feeds, Apple will ask for documentation that says you have permission to include those default feeds.

The first RSS app that got tagged with this, that I know of, was NewsWave. We submitted NetNewsWire 5.0.1 for iOS for review a couple days ago and had the same issue.

I wonder how they expect you to document this permission. For what it’s worth, I hereby give permission for any RSS reader to include my feed URL.

Daniel Jalkut:

I think this is a really bad precedent. Sharing public information shouldn’t require permission.

Mike Rundle:

[I had this issue], years ago. They also said I couldn’t load URLs from Reddit within the app, I had to link out to open them in Safari. I said that makes no sense and they never got back to me. I stopped developing my news app Interesting after that, I didn’t see the point.


It happened the same to me more or less 3 years ago. If I remember correctly they disallowed me even to open link in Safari


If you publish an RSS feed on the internet, that should imply wide distribution. That’s how the thing works.

Jeff Johnson:

RSS is simply the web in XML format rather than HTML format. An RSS reader is simply a web browser that reads XML rather than HTML. RSS feed subscriptions are simply URL bookmarks.

It’s not quite the same, because some RSS feeds contain the full post content. But it’s not as if the apps are purporting to own the content or are altering and proxying access to it like Luminary (which is in the App Store).

Brent Simmons:

NetNewsWire 5.0.1 for iOS was approved this morning and is now up on the App Store. If you don’t see it there yet, it’s because it’s still propagating.

I did not have the chance to provide permission documentation before this happened.

I will assume that the permission issue I wrote about yesterday was mistakenly applied to NewsWave and to NetNewsWire.

I ended up switching back to NetNewsWire (syncing via Feedbin) sooner than planned. It works great and feels incredibly fast.


Update (2020-05-12): Brent Simmons (tweet):

I heard from Apple that, while this latest version has been approved, the app is now under further review for this issue.


I’m trying to figure out what bothers me. I think there are two things.

One is just that the App Store has always seemed rather arbitrary. The guidelines don’t even have to change for unseen policies to change, and it’s impossible to know in advance if a thing you’re doing will be okay and stay okay.


If a site provides a public feed, it’s reasonable to assume that RSS readers might include that feed in some kind of discovery mechanism — they might even include it as a default. This is the public, open web, after all.

Nick Heer:

I see very little difference between NetNewsWire’s default feeds and web browsers that include default bookmarks. Maybe popular web browsers like Firefox and Brave really have struck agreements with YouTube, Amazon, and Wikipedia to include their sites as bookmarks, but I doubt that, and I don’t think that ought to be a requirement. Likewise for feed readers.

If there is a good, non-arbitrary reason for this, Apple is apparently horrible at communicating it.

The options that Apple suggested for bringing the app into legal compliance make it even more of a mystery what the reason was.

Brent Simmons:

The issue with the default feeds reminds me that, at any time, even for a small bug-fix update, App Store review may decide that an app can’t be published as-is for some reason.

You’d be right to think that, with an issue like this, it would come up the same on both App Stores — solve it in one place and you’ve solved it in both. It’s not like I’d have double the issues.

But sometimes the issue actually is platform-specific. For example: NetNewsWire Lite 4.0 for Mac was held up by Mac App Store review for three weeks due to a bug in WebKit. (Yes, this was nine years ago.)

This is supposed to be fun. It’s work that I love doing for a great cause. And I just keep thinking that dealing with the iOS App Store is enough to ask of me, and there’s no requirement that I go through this with the Mac App Store too. The personal cost is just too high.


[The App Store is] arbitrary in ways that defeat its purpose, demean its constituents and take for itself the crown of only responsible grown-up.


It would take an incredible balancing act to actually run an app store well. Apple has done the best job of it so far, but it's still a tire fire that inhibits applications legitimate developers want to write. These events are not representative of every app review process ever, but they are representative of what happens when you have an app review process and you live in the real world. It doesn't have to happen in most of the cases to be a disgrace and an impediment.

Via Nick Heer:

It has been said before but I will say it again: the biggest problem that the App Store faces is in the communication of shifting expectations. If, for whatever reason, Apple wants to interpret default feeds in a feed reader as a potential copyright issue, they ought to notify developers of the change and give them a chance to make adjustments.

Right now, developers do not find out about a change in App Store rules or the interpretation of existing rules until they submit an app for review.


It is ludicrous that the App Store turns twelve years old in July and this fundamental problem remains unaddressed.

In this case, it sounds like Apple hasn’t even decided what the new policy is yet. NetNewsWire wasn’t just rejected for violating an unwritten rule but for violating a rule that doesn’t exist yet.

Update (2020-05-19): Brent Simmons:

I just heard that the default feeds in NetNewsWire are okay as-is, and I don’t need to collect permissions for Apple.

Brent Simmons:

I like to make a public record in order to make inconsistency more difficult.

Apps That Can’t Be Transferred

Charlie Chapman:

Looking again at implementing CloudKit for syncing and again getting hung up on the whole “I can no longer transfer this app to another account” thing

Is it really worth setting up a separate LLC and dev account for each app for the rare chance I may want to transfer later?


It’s not about iCloud data not transferring, it’s that Apple literally won’t let you transfer the app to a different account at all of you’ve enabled the CloudKit entitlement. So you’d have to give up the entire account

Jurgis Kirsakmens:

iCloud entitlement, Catalyst app, Passbook entitlement, apps with App Group Container, Sign in with Apple - any of this makes app un-transferable

Update (2020-07-29): Steve Troughton-Smith:

App Store Connect protip: never, in a million years, put your app into an app bundle. Holy crap. It locks you into so many restrictions, forever, and there’s no way back out of it; you can never remove your app from a bundle, and you can never delete a bundle completely

It is absolutely insane that bundles, which should be a temporary marketing feature, permanently taint your app record. Who in their right mind designed this system? What developer would ever use it if they knew?


swiftdt (Swift Debug Tool)

Mike Ash (via Joe Groff):

This is a tool which can inspect a Swift process and dump information about the Swift runtime in that process.

It currently supports inspecting two kinds of information:

  1. It can dump the protocol conformance cache.
  2. It can dump all metadata allocations, and print the name and size of the metadata allocated by the generic metadata cache.

It’s meant to grow more functionality over time.

The design of the tool places all of the runtime-related smarts in Remote Mirror. swiftdt is then a small that connects the Remote Mirror functionality with remote process inspection.

Exposure Notification

Christina Farr:

Within a few weeks, the Apple project -- code-named “Bubble” -- had dozens of employees working on it with executive-level support from two sponsors: Craig Federighi, a senior vice president of software engineering, and Jeff Williams, the company’s chief operating officer and de-facto head of healthcare. By the end of the month, Google had officially come on board, and about a week later, the companies’ two CEOs Tim Cook and Sundar Pichai met virtually to give their final vote of approval to the project.


The early team included Ron Huang, who runs Apple’s location services group, and Dr. Guy “Bud” Tribble, a veteran Apple software vice president who is referred to internally as the “privacy czar.” Tribble, who is also a medical doctor, is known outside of Apple for speaking out in favor of federal privacy legislation, noting at a Senate hearing that in 2018 that privacy should be a human right.

Huang agreed to loop in a group of engineers who were willing to volunteer their time to the project. They included some of the company’s in-house cryptography experts, Yannick Sierra and Frederic Jacobs (Jacobs has been credited for helping create the secure messaging app Signal). The team began researching some of the protocols for electronic contact tracing already underway at the Massachusetts Institute of Techology and EPFL, a similarly well-regarded research university in Switzerland.

Cory Doctorow (tweet):

But “contact tracing” apps don’t actually do contact tracing. Real contact tracing, of the sort that has been used to fight previous grave infectious disease outbreaks, is a labor-intensive, hard-to-automate process.

The apps that will be developed atop Google and Apple’s joint API will be “exposure notification” apps, not contact tracing apps. These can be complementary to contact tracing, but do not substitute for the army of human tracers we need to fight the pandemic.

Joe Rossignol:

Apple and Google are now referring to “contact tracing” as “exposure notification,” which the companies believe better describes the functionality of their upcoming API. The system is intended to notify a person of potential exposure, augmenting broader contact tracing efforts that public health authorities are undertaking.

Bruce Schneier:

This is a classic identification problem, and efficacy depends on two things: false positives and false negatives.


Assume you take the app out grocery shopping with you and it subsequently alerts you of a contact. What should you do? It’s not accurate enough for you to quarantine yourself for two weeks. And without ubiquitous, cheap, fast, and accurate testing, you can’t confirm the app’s diagnosis. So the alert is useless.

Similarly, assume you take the app out grocery shopping and it doesn’t alert you of any contact. Are you in the clear? No, you’re not. You actually have no idea if you’ve been infected.

I do think it’s worth working on because the tests will hopefully get better, but there’s the danger of launching too soon:

People will post their bad experiences on social media, and people will read those posts and realize that the app is not to be trusted. That loss of trust is even worse than having no app at all.

Elly Belle:

“Those numbers are just unacceptable,” Scott Hensley, a microbiologist at the University of Pennsylvania, told the New York Times, adding, “The tone of the paper is, ‘Look how good the tests are.’ But I look at these data, and I don’t really see that. If your kit has a 3 percent false-positive, how do you interpret that? It’s basically impossible. If your kit has 14 percent false positive, it’s useless.” So if even the three most accurate tests still only proved to detect antibodies 90 percent of the time in people who have been infected, what does that mean for the overall accuracy of antibody tests?

Experts say that ensuring that tests don’t give false-positives is extremely important to everyone’s overall health — if someone receives a false positive and believes that they’re immune to COVID-19 when they aren’t, they could be putting themselves in danger by abandoning necessary measures like social distancing or isolating.

Richard Harris:

The Food and Drug Administration does not regulate these tests, but White House coronavirus task force coordinator Dr. Deborah Birx has said that she expects manufacturers to achieve a standard of 90% specificity (and 90% sensitivity, another measure of test performance that’s less important in this context).

Here’s what would happen if you used a test with 90% specificity in a population in which only 1% of the people have coronavirus. Nobody knows for sure, but that could be the situation in many parts of the country.

In that instance, more than 90% of the positive results would be false positives, and falsely reassuring.


Update (2020-05-14): OpenCovidTrace (via Hacker News):

This update is a reaction to the criticism (most of which was baseless) as well as several technical changes implemented in versions 1.1 and 1.2 of this protocol.


A primary private Tracing Key that was used before for Daily Tracing Keys generation has been removed. In the new version, each Exposure Key (Daily Tracing Key earlier) is randomly generated, so it is impossible to establish a link between them even in theory.


To improve performance, the encryption was changed to AES from HMAC-SHA-256.


A mistake in timing the temporary key generation was fixed.


The appearance of encrypted metadata is the most enigmatic change in specifications. It is not clarified what it will contain and who will have access to it, so let’s try to guess.