Archive for October 19, 2020

Monday, October 19, 2020

Face ID and Touch ID for the Web

WWDC 2020 Session 10670:

But this time, when I sign in, rather than go through a password and SMS 2FA flow, instead I just Face ID, like that. Boom. I’m signed in.


Safari will only allow public key credentials created by this API to be used within the website they were created, and the credentials can never be exported out from the authenticator they were created as well. This means that once a public key credential has been provisioned, there is no way for a user to accidentally divulge it to another party.


There are two important properties that Apple builds into the authenticator. The first one, as we saw, is the Face ID and Touch ID, which is used to verify users’ identity. The second one is Secure Enclave, which is a processor that manages all the private keys and guarantees that they cannot leave the device. By combining both, each sign-in performed with the Face ID or Touch ID is essentially a multi-factor authentication. The response the device sends back to the websites encapsulates two factors: something you have, the iPhone, and something you are, the biometrics. And the sign-in only takes a single tap.

Jiewen Tan (tweet):

What follows is the recommended way to invoke Face ID and Touch ID for the web.


Attestation is an optional feature which provides websites a cryptographic proof of the authenticator’s provenance such that websites that are restricted by special regulations can make a trust decision. Face ID and Touch ID for the web offers Apple Anonymous Attestation. Once verified, this attestation guarantees that an authentic Apple device performed the WebAuthn registration ceremony, but it does not guarantee the operating system running on that device is untampered.


How iOS Apps Adapt to the Various iPhone 12 Screen Sizes

Geoff Hackworth (via Peter Steinberger):

As a general rule, apps must build with the latest version of Xcode to opt in to seeing the native screen resolutions of new devices. Older apps would run on newer devices but appeared as letterboxed, pillar boxed and/or scaled versions of previous device sizes. This ensured that the old apps never ran at screen resolutions that didn’t exist when they were built.


At their October 2020 event, Apple announced four iPhone 12 models[…] None of these resolutions correspond to existing devices. The iPhone 12 mini has an extra surprise in store. Just like the iPhone 6+, 6S+, 7+ and 8+, an app running on the iPhone 12 mini renders at a different resolution to what is actually shown on screen.


So Apple seem to have forgotten they said last year apps will now always display at the native resolution of future devices 🤷‍♂️

Keith Harrison:

Here’s a recap of what you need to know to update your Apps for the new devices.


There’s one more curiosity with the iPhone 12 mini. The safe area inset at the top of the device is slightly larger than the height of the status bar.


Evolution of the Programming Languages From iPhone OS 1.0 to iOS 14

Alexandre Colucci:

In this new article, I will answer this question by measuring the total number of binaries in iOS. I will go one step further and also count the number of binaries using other programming languages: Objective-C, C++ and C.

Finally to be as complete as possible, I ran this analysis on all major iOS releases, from iPhone OS 1.0 to iOS 14. This will provide a detailed overview of the evolution of the different programming languages over more than a decade of iOS development.


iPhone OS 1.0 contained less binaries than the number of binaries in iOS 14.0 using Swift.


The number of binaries using Objective-C is still growing with each iOS release.

Looking at the graph, it’s scary to contemplate just how much iOS has grown. So much new code, so many potential new interactions. As with macOS, we can lament the shocking number of bugs that go unfixed, even unacknowledged, but it’s also a wonder that it works at all.


Update (2020-10-20): Malcolm Hall:

Recent heavy use of stubs might be skewing the numbers. E.g. On iOS 14 the staged apps are now stubs for an app framework in the dyld cache so you might have counted the app twice or maybe three times.

Pure Programming

gazzini (via ChrisLTD):

I used to joke, back then, that I was a professional App Store rules explainer, because in every role, I was constantly explaining to peers, managers, and clients why we couldn’t build X because it violated Apple’s terms & conditions. I just wanted to build what our users wanted, but instead we debated endlessly about what Apple might allow. Even then, we’d still occasionally be punished by a frivolous rejection, moving us to the back of the app-review line.

But Apple isn’t the villain here – this is a large industry trend. The entire internet is increasingly burdened by various governments, corporations, and everything in-between.


In-app purchases. Email verification w/ various “unsubscribe” options. Sign-in with X. DUNS numbers. Applying for AWS Service Limit increases to send any emails. These “table-stakes” features are a real drag on productivity because… well, because they’re no fun to develop! It’s energizing to solve real problems, and draining to solve fake problems.