Archive for March 23, 2021

Tuesday, March 23, 2021

Xcode Tips

Jesse Squires:

I started saving links and planned to add a new “Xcode tips” section to my TIL repo on GitHub to reference later. But as I started, I realized that the resulting markdown file would not be easily discoverable or shareable. I thought, wouldn’t it be nice if the iOS and macOS developer community had a single place to find and share Xcode tips?

So, that is what I did instead! Say hello to Xcode Tips, a resource for the community to find and share their Xcode workflows, tips, tricks, and optimizations. The code for the site is on GitHub under the Xcode-Tips organization.

Paul Kim:

Looking at my build logs in Xcode (which helpfully show the time for each step), I noticed that code signing was taking up a significant amount of time. Around 3-8 seconds each occurrence, even for standalone binaries. I have quite a few of these as well as frameworks so that time adds up. Note that for debug builds, I had the —timestamp=none option set so that was not the culprit in this case.

Poking around, I came across this thread. While I didn’t have the main problem described there of duplicate certificates, buried in that thread was the following advice: trim ~/Library/Preferences/com.apple.security.plist

[…]

Apparently, there’s a hidden setting in your project.pbxproj file for copying frameworks where you can specify whether headers get copied over. This is not exposed anywhere in Xcode’s UI, as far as I can tell. It’s also a mystery why it gets set on some targets and not others. The only way to enable/disable this is to edit the project.pbxproj by hand.

Michał Januszewski:

TIL: if your Xcode freezes a lot - unpair all devices (Window/Devices and Simulators)

Previously:

ProtonVPN Security Updates Rejected Due to Previously Approved App Description

Andy Yen (Hacker News, MacRumors, 9to5Mac):

ProtonMail is not the only Proton app being used by activists and protesters in Myanmar. For the past month, the Myanmar military has forced the national telecom companies to regularly shut down the internet and block access to social media to prevent damaging evidence from getting out.

[…]

On the same day the UN recommended Proton apps, Apple suddenly rejected important updates to our ProtonVPN iOS app. These updates include security enhancements designed to further improve safeguards against account takeover attempts which could compromise privacy.

Apple says it blocked our security updates because our app description in the App Store, which we have used without issue for months, mentions ProtonVPN is a tool to “challenge governments… and bring online freedom to people around the world”. Given the current context, Apple’s actions could not be more insensitive.

Apple says that the description violates section 5.4 of the guidelines, but that section doesn’t say anything about how the app is presented:

Apps offering VPN services must utilize the NEVPNManager API and may only be offered by developers enrolled as an organization. You must make a clear declaration of what user data will be collected and how it will be used on an app screen prior to any user action to purchase or otherwise use the service. Apps offering VPN services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy. VPN apps must not violate local laws, and if you choose to make your VPN app available in a territory that requires a VPN license, you must provide your license information in the App Review Notes field. Parental control, content blocking, and security apps, among others, from approved providers may also use the NEVPNManager API. Apps that do not comply with this guideline will be removed from the App Store and you may be removed from the Apple Developer Program.

Apple does not allege that the app violates local laws. Furthermore, if there’s no legal issue, the app should be approved based on the August 2020 rule that updates aren’t delayed over guidelines violations.

Tim Sweeney:

Apple: We need an absolute monopoly on app distribution to protect security.

Apple: <blocks security updates because a developer speaks about human rights>

Francisco Tolmasky:

The future is more cases like HKMap.live & ProtonVPN. This is the real issue w/the @AppStore: Apple has chosen to put itself at the center of every international issue. If iOS had side-loading, they could say “you can still ship, it doesn’t have to be in our store.

[…]

Apple and Tim Cook can wax poetic about values during keynotes all they want, but the actions they take represent their true values. And the @AppStore creates a clear and undeniable binary demarcation of what they approve of and what they don’t.

Previously:

Update (2021-04-16): John Gruber:

Nothing to do with Myanmar — this spat is entirely about the phrase “challenging governments”. Again, I think it’s a bit silly for Apple to have rejected the update to ProtonVPN over that phrase.

[…]

Seems to me that the ProtonVPN update should have been approved, and the dispute over the app description settled afterward. Is the phrase “challenging governments” a “legal issue”? It certainly isn’t a legal issue in most countries. So Proton has legitimate gripes here.

Jesse Squires:

While I am willing to give Apple the benefit of the doubt and consider this an inconvenient coincidence, I would not be surprised if this were a deliberate move. After all, Apple has pulled VPN apps from the App Store before. For now, we can assume (as Gruber highlights) that this is yet another issue with Apple’s poorly executed app review process where its so-called rules are applied arbitrarily.

However, there is still reason to be concerned, because Apple does not have a laudable record when it comes to cooperating with authoritarian governments. Below is a brief history of events that I have been tracking so far.

See also: Hacker News.

Sami Fathi:

Apple says it approved ProtonVPN’s latest App Store update on March 19 and says, correctly, that Proton published the update to users two days later, on March 21. ProtonVPN, another two days later, published a blog post correlating the rejection to Apple limiting free speech and human rights in Myanmar.

I don’t think this proves anything about Apple’s motivations because the situation in Myanmar was already developing, with the UN recommending the app, before Apple’s initial rejection.

Substack’s Subscription Form vs. 1Password Autofill

Timmy O’Mahony (via Hacker News):

To state the obvious: there is no $2,023 plan here. There is a “founding member” option, but I’m sure I didn’t click that?

Wait, what did I do? I’m certain I selected “monthly $10", then I opened 1Password and clicked my saved card details. Then I hit “Subscribe”.

[…]

When I’ve clicked my card details in 1Password, it’s entered my expiry year in the hidden, custom subscription amount box[…]. Because this box has now changed value, the Substack UI has automatically selected this option. I’ve then hit “Subscribe” before I had time to notice and 💸 $2,023.

Previously:

Closing Web Browser Windows Doesn’t Close Connections

Jeff Johnson (tweet, Hacker News):

That’s too much a coincidence to be a bug, right? Could it be that web browsers are keeping open connections after windows are closed on purpose?

[…]

Closing the private window closed the connections associated with the window, in every browser. Thus, it seems pretty clear that this behavior must be intentional.

[…]

I feel that many decisions made by web browser developers in the past — sometimes more than a decade ago — need to be reevaluated now that browsers are finally starting to care about user privacy. The browser vendors have always loved to compete and brag about whose browser loads pages faster, but the pursuit of speed at all costs can lead to compromises in other areas, such as privacy.

Previously: