Archive for September 2021

Thursday, September 30, 2021

Dragging Multiple Images Out of Safari

John Gruber:

15-year-old “TopTechGeek” with a tip that blew my mind: iOS 15 Safari lets you select and drag multiple images from a web page.

Cool video. You can also drag and drop to the Files app. Unfortunately, the feature only seems to work with images. If I try to drag multiple PDF or ZIP files to a folder in Files, instead of downloading them it saves .txt files with their URLs.

The Disappointment of On-Device Siri

Federico Viticci:

The most important addition to Apple’s assistant this year is that, starting with iOS and iPadOS 15, Siri will work offline by default. As announced by Apple at WWDC, the Neural Engine can now process your requests locally, on-device, with the same quality of server-based speech recognition.

In practice, since the switch to offline processing, I haven’t noticed a degradation of quality in terms of how Siri interprets my requests, but it hasn’t gotten smarter than before either. I suppose this is good for Apple since, at the very least, moving away from server-based processing hasn’t made Siri worse.

Obviously, only some types of requests will work offline.

I don’t understand why creating reminders can’t work offline. I can see Siri transcribe everything I’ve said, but then it just stops and says that my phone needs to be online. I’m not asking it to do anything fancy like use a particular list or set a date.

I was also hoping that offline support would make the voice control features faster by eliminating server latency. That hasn’t happened, either. It can still take 10–15 seconds to pause music or a podcast, during which Siri gives me spoken feedback that it’s still working on my request. And, again, I can see on the screen that it correctly transcribed what I said right away. Why does it take so long to actually process it? It was faster and more consistent on-device before Siri, in the iPhone 4 days.

Timers work offline and are quicker than voice control, but they still feel slower than Alexa talking to the server. And there’s still only one.


Manual Full Justification

Matt Gemmell:

The most amazing thing I’ve ever read is a guide to the SNES game Super Metroid.


Lots of game guides are in plain text, by the way, like this one. No fancy formatting.


See how virtually all the paragraphs are like solid blocks on their left and right edges? In typography that’s called “fully justified”. In word processors etc, it’s accomplished by evenly distributing extra spacing throughout lines of text, and also by hyphenation.

But in that guide, it’s not done with hyphenation or variable spacing. It’s monospaced text in a monospaced font.

Kindle Paperwhite (5th Generation)

Chaim Gartenberg (via Hacker News):

Amazon is refreshing the Kindle Paperwhite for the first time in nearly three years with an updated model, adding a bigger 6.8-inch E-Ink display that’s brighter and has adjustable color temperature, USB-C charging, a faster processor, and weeks more in battery life.

Dan Moren:

Amazon has clearly realized there’s more opportunity here and has added a second Paperwhite model, the Signature Edition. In addition to the features in the base model Paperwhite, the Signature Edition also includes wireless Qi charging, sensors that automatically adjust the backlight color temperature (on the base Paperwhite it has to be done manually), and 32GB of storage (compared to the base Paperwhite’s 8GB).

All of that will run you $189.99, a $50 premium over the base Paperwhite’s $139.99. And both of those prices are Amazon’s ad-supported “with Special Offers”; getting rid of those will cost you an additional $20.

Devin Logan (via Hacker News):

I don’t think the e-reading experience really mimics the experience of reading a physical book. To me, the reading experience on an e-reader is really more comparable to a really nice electronic experience – the matte page is nice, it’s easy to flip the page, and it’s easy on the eyes (which is something I’m very particular about).

For me, my e-reader is an alternative way to read that’s more convenient in specific situations: for travel, obviously, but also for the times I’m too distracted or unfocused to focus on a physical book.


Wednesday, September 29, 2021

Retro Dither 1.0.1

David Kopec:

Today I launched a new novelty Mac app, Retro Dither. Retro Dither gives any photo a cool retro look using just black and white pixels. You may want this for artistic effect, or you may want to export your photo to MacPaint for display on a retro Mac. Retro Dither launched on the Mac App Store today.


I was working on my next programming book, which will be an intermediate Python projects book, when I came across an article about Atkinson Dithering on Hacker News by John Earnest. Dithering algorithms can be used for approximating the look of an image with less colors. Atkinson Dithering is one that is particularly well suited for approximating an image using just black and white.


So, I started researching the MacPaint file format and found this article.


Update (2021-10-05): Ashley Bischoff:

Oh, so kinda like @Iconfactory’s BitCam?

App Tracking Transparency Doesn’t Stop Trackers

Johnny Lin and Sean Halloran:

Using the open source Lockdown Privacy app and manual testing, we found that App Tracking Transparency made no difference in the total number of active third-party trackers, and had a minimal impact on the total number of third-party tracking connection attempts. We further confirmed that detailed personal or device data was being sent to trackers in almost all cases. ATT was functionally useless in stopping third-party tracking, even when users explicitly choose “Ask App Not To Track”.


How could Apple have failed so miserably in stopping third party trackers with a feature named “App Tracking Transparency”? Digging into the answers for this question led us to discover the main cause: Apple’s narrow definition of the term “tracking”.


Instead, Apple has hijacked the term “tracking” to define it as something highly specific, and they’ve even placed their full definition of it in developer documentation, which of course no average iOS user will ever read. […] Based on our research, we found Apple’s definition of tracking to be misleading, counterintuitive, and confusing for these reasons[…]


Not only do these trackers allow their clients to break Apple’s rules, but they specifically built features to help their clients easily circumvent Apple’s ATT privacy rules.

Nick Heer:

The disconnect in these findings may be explained by the many apps that are following the rules, particularly those from smaller or independent developers — who cannot afford to incur the wrath of App Review — and from really big developers where it would be obvious if they did not comply. In the middle lies this assortment of apps not quite notable enough to attract attention — at least, until this study came out.


That aside, I do think the similarities between other permission prompts and the one for app tracking could be misleading. I do not think this is deliberate. But I can see how many people could view their effects similarly, even though the negative option is to “ask” for the app to comply with the user’s request instead of simply disallowing permission.

Matt Wille:

The investigation found at least three iPhone games — popular enough to make it to the top of the App Store charts — sending explicit user data to third-party advertising companies, even after the user has selected the option for their information not to be collected. And Apple has done nothing about those apps’ invasive methods, despite being alerted to them weeks ago.


Safari 15 for Mac

Howard Oakley:

Apple has released an update for Safari in Big Sur and Catalina, bringing it to version 15.0. This brings some of the new features coming in Monterey, including tab groups, redesigned tabs, a compact tab bar option, and automatic switching from HTTP connections to HTTPS where they’re available. I’ve been using tab groups for a while now, and am very impressed by them. If you like to have a lot of tabs, they’re your last hope to get better organised.

The basic features are working fine for me except that iCloud is no longer syncing tabs to my other devices. Safari’s history now syncs to my iPad but not to my iPhone. Bookmarks and Reading List sync to all devices. [Update (2021-09-30): I’m now having problems with Reading List, too. It stopped syncing new items from iPhone to Mac; then I reset it on both devices and it synced the new items but didn’t delete the items from the phone after I deleted them on the Mac.]

Juli Clover:

Safari 15 introduces a new look for Safari with rounded, more defined tabs and support for transparency, a compact tab bar option that can be toggled on or off, and Tab Groups.

Nick Heer (tweet):

On my iPad — and on my Mac, where I have been running beta versions of Safari 15 for weeks — I still think this redesign is a mess. It is unnecessarily cramped, it is visually unappealing, and there are usability problems even if you enable the separate tab bar to mimic previous versions. The best updates to Safari 15 on iPad and Mac will be those that make it look and work more like Safari 14.

Jesse Squires:

the safari 15 tab design is so bad i might switch browsers just because of this

Marco Arment:

A company famous for its design went with… this

It looks like I hovered over it or clicked down, then Cmd-Tabbed to a different app, locking it in a hover/active state.

My web browser now always looks like a UI-rendering bug.

I still get confused because in regular macOS tab views the active tab is lighter than the others, and the active window also has a lighter title bar, but in Safari the active tab is darker. (Prior to Big Sur, the active window and active tab were darker with the standard controls, except in Safari where the active tab was lighter.)

John Gruber (post, tweet):

My strong advice to MacOS Big Sur users, if it’s not too late for you already, is NOT to upgrade to Safari 15.

The new tabs are terrible. I’ve tried them, given them a fair shot, but they’re ugly at best, and I find them genuinely confusing. I feel lost.

Colin Cornaby:

I feel like Safari’s new tab bar layout would be more successful with a traditional Mac look, and without the Big Sur flat design. So many of the odd issues could be fixed by adding depth.

Juli Clover:

Honestly the worst. The new design definitely impacts my workflow and makes Safari tabs more annoying to deal with. I don’t understand why Apple made this change because it’s in no way better.

Joe Fabisevich:

Why did the Safari team think this was a good design choice? I can barely read anything in my tab bar or see any of my extensions because some random website (CNET) chose to make their background some obnoxious red. I love colorful design but this is horribly inaccessible.

Thomas Tempelmann:

My favorites bar now looks as if it’s part of the web site content.

Jordan Borth:

It looks like Safari is drawing custom window controls? These look so gross… Finder included for comparison of the standard appearance

And the inactive window state… why? 🤢

Steve Troughton-Smith:

Butterfly effect in action: They had to do custom window controls in Safari to account for the new toolbar tinting 👀

And the controls look funny even if you turn off tab bar coloring.

Jeff Johnson:

Also, Safari 15 also removed the hidden preference, previously in the “Debug” menu, to disable the tab hover previews.

Roustem Karimov:

Safari 15 has a ton of bug fixes though, especially when it comes to browser extensions. We’ve waited for this update many months.


Update (2021-10-04): Matthias Gansrigler:

Have I already said how bad this new version of Safari is on macOS? I restart my Mac, or just Safari, and most of my tabs are gone. What a poop-show. If you can, keep using the previous version of it.

John Gruber (tweet, The Talk Show):

I despise the new tabs even when the “Show color in tab bar” and “Compact” layout settings are turned off. They don’t look like tabs. They look like buttons.


These new “tabs” waste space because, like buttons, they’re spaced apart. Tabs that look like real-world tabs aren’t just a decorative style. They’re a visual metaphor. My brain likes visual metaphors. It craves them. And my brain is very much comfortable with the particular visual metaphor of tabs in a web browser window. Buttons do not work as a metaphor for multiple documents within a single window. Thus, trying to use the new Safari 15 on Mac (and iPadOS 15, alas), I feel somewhat disoriented working within Safari. I have to think, continuously, about something I have never had to think about since tabbed browsing became a thing almost 20 years ago. The design is counterintuitive: What sense does it make that no matter your settings, the active tab is rendered with less contrast between the tab title and the background than background tabs? The active tab should be the one that pops.


If I were preparing a lecture for design students about what Jobs meant, I’d use Safari 14 and 15’s tab designs as examples. If anything, Safari 15 feels like a ginned-up example — too obviously focused solely on how it looks, too obviously callous about how it works. If it hadn’t actually shipped to tens of millions of Mac users as a software update, you’d think it was a straw man example of misguided design.


It’s hard to express in words how perverse this is. The icon that represents the web page is a destructive button for that web page. Imagine clicking a document icon in the Finder to trash it.

Dave Mark:

John focuses on the Mac in his post, but his comments might just as well apply to Safari for iPadOS 15. Though there are differences between the two implementations of Safari tabs, both joyously break the tab metaphor.

Simon Boo-th:

@gruber undersells how bad Safari 15 is. He’s missed the case with three tabs, where active and inactive-but-hovering are the same colour, so if your mouse is in the “tab” bar the third tab is the one that looks active.

Cesare Forelli:

I believe this is the most important piece @gruber wrote in years. It needs to reach Apple’s C-suite because tiny paper cuts decisions like hiding proxy icons suggested someone didn’t get Mac design, but this year Safari plainly proved someone should be shown the door. That bad.

Kieran Healy:

As @gruber says, the design of tabs and the differentiation of the browser from the page it’s rendering are both terrible on Safari 15 for Mac. I am reverting to a browser where things that look like buttons are in fact buttons.

Christoffer Lernö:

The new tabs on Safari is such an UX disaster. I keep clicking on the tab thinking it’s the address bar, since the tab more resembles a text input than the address bar itself...

Dieter Bohn:

It is truly astonishing how bad the new Safari tabs are on Mac. @gruber calls it an own goal and he’s exactly right. I’m baffled that this made it past any kind of design review.

Jason Snell:

Even more baffling is that it comes alongside Tab Groups, a feature that’s designed to enhance the use of browser tabs. The contrast between understanding what users like and utterly misunderstanding basic tab usability is breathtaking.

Jesse Squires:

Safari 15 tabs are so fucking terrible that I have to retweet this.

The options to turn off the new “compact” tabs should fully revert to the v14 tab design.

Peter Maurer:

Bonus fun fact: Safari’s web inspector evolved in the opposite direction: Its tabs were pills for the last few Safari versions; now they’re gap-less tabs again that look very similar to what Safari’s page tabs used to look like.

One can only imagine the discussions within Apple.

Jeff Johnson:

Try using Safari 15 tabs with a private window in dark mode.

I’m utterly confused about which tab is active. It’s the opposite of what I expect.

Peter Maurer:

Days since I’ve tried to drag a Mac Safari URL from the location field only to find I’m dragging the entire tab/window: zero.

Also, that was the only tab in my only Safari window, so the entire tab dragging operation is pointless — it’s just going to end up as the only tab in the only window again anyway. Maybe at least disable it under these circumstances?

Joe Rossignol:

On both macOS Big Sur and the macOS Monterey beta, it appears that attempting to bookmark a YouTube page in Safari 15 results in the browser crashing.


On macOS Catalina, some users across the Apple Support Communities, MacRumors Forums, Reddit, and Twitter have reported that some websites fail to load in Safari 15, with affected users receiving an "a problem repeatedly occurred" error message.

Update (2021-10-05): Joe Rossignol:

In Safari 15, however, tabs have a new button-like design with a rounder and more defined appearance. Apple has also inverted its shading of tabs, with an active tab now having darker shading and inactive tabs having lighter shading. The change has annoyed Gruber and other users, as evidenced by this Reddit thread with nearly 1,000 upvotes.

Update (2021-10-15): Corbin Dunn:

Safari 15 “tabs” are such a bad UI experience. The active tab should be lighter than other tabs, not darker. And which tab is active when you hover over it? You can’t tell! @Apple please fix this design…

Mark Allen:

The blue highlight given to third-party extensions on Safari 14 to show which extensions can access page data is horribly distracting.

Jeff Johnson:

A few weeks ago I wrote a blog post called The Safari extension blues, in which I described how Safari tints many extension toolbar icons with the system accent color, by default blue, and how my own StopTheMadness avoids the tinting.


In my previous blog post, I argued that Apple should drop the icon tinting, because it's confusing to users, ugly, distracting, completely undocumented, and pointless security theater.

Jeff Johnson:

It’s important to note that is there’s no official Apple documentation explaining the significance of Safari extension toolbar icon tinting. I’ve looked everywhere in Safari and also searched extensively in Apple’s support pages. The only way that anyone knows how this works is that occasionally a Safari engineer will respond to someone’s perplexity. But this haphazard approach obviously doesn’t scale to over a billion Safari users.

It’s also important to note that due to confusion, users tend to blame Safari extension developers for the color instead of Apple. We get the complaints and the support issues about it, not Apple. […]

The links I’ve collected here are anecdotal data, but I challenge anyone to try to collect anecdotal data to the contrary, showing Safari users who enjoy the extension toolbar icon tinting, find it useful, and would rather keep it than eliminate it.

Update (2021-11-12): Marco Arment:

Just spent a half hour trying to figure out where iCloud Tabs went in new Safari.

Had to go to iCloud prefs and uncheck/recheck “Safari” on each device, then look up where it was moved to (a section you may need to enable on the new-tab Start screen).


Of course, this feature is there on the Mac, but hidden behind a hover gesture that’s hard to see or discover.

Of course.

Best part: this non-standard UI widget doesn’t even respond to clicks on the text label. Gotta hit that <> thing exactly.

The End of AMP?

Dwayne Lafleur (via Hacker News):

Google provided a distinct advantage to sites using AMP – priority placement on the world’s largest traffic source – Google search. I’ve had the pleasure of working with more than twenty thousand publishers in the five years since AMP’s launch, and I don’t believe I’ve ever heard a single reason that a publisher uses AMP other than to obtain this priority placement.


The good news is that, in May [2021], this is all about to change. Part of the Google update is that all pages with high Page Experience scores are eligible to be in the featured top news carousel. This effectively means that publishers will no longer be forced to use AMP and can instead provide fast, rich experiences on their own domains.


The good news gets even better; non-AMP pages make considerably more revenue per pageview than AMP pages. Initially, I assumed this was due to the nature of how ads load on AMP, however, recent Antitrust lawsuits have proposed that hindering ad competition was a feature and that all non-amp ad tags, such as my company, Ezoic’s, were delayed by 1 second to make them less effective.

Nick Heer:

Let us hope this marks the rapid decline of a proprietary format designed to replicate the open standards of the web in a way that Google can more readily control and track.

John Wilander:

The Google AMP cache is the cross-site tracking stunt of the decade. How did they get away with serving others’ content under for all these years, with full access to people’s Google login cookies, while making the actual content providers into 3rd-parties?

Marko Saric (via Hacker News):

From the release of the Core Web Vitals and the page experience algorithm, there is no longer any preferential treatment for Accelerated Mobile Pages (AMP) in Google’s search results, Top Stories carousel and the Google News. Google will even remove the AMP badge icon from the search results.

You can now safely ignore Google AMP when building a more diverse and more exciting web without any artificial restrictions set by the adtech giant.


Google AMP was never popular. It was controversial from the day it was introduced and received a big push back and a lot of hate but Google stuck to its guns for years.

There’s been a lot of antitrust scrutiny on Google and it may have played a role in this change of heart.


Tuesday, September 28, 2021

Microsoft Store Supports Alternate App Stores

Juli Clover:

Microsoft today announced that it is opening up the Microsoft Store for Windows to third-party storefront apps, including the Epic Games Store and the Amazon Appstore. Epic and Amazon's stores will be discoverable on the Microsoft Store for Windows and can be downloaded like any other app.


Two major Apple competitors, Google and Microsoft, now support alternate app installation options on their platforms, something that could potentially sway regulators working on antitrust legislation in the United States and other countries.


Update (2021-10-05): Jesper:

When I heard the original part of the Windows 11 announcement, I got the sense that the Microsoft Store would become either a store “platform”, where other people could host Microsoft Store-shaped objects or a browser, through which other stores could be federated. Making the separate stores available for download through their store itself (which is mostly what it all comes down to) is a reasonable way to cut this Gordian knot.

But here’s the thing. Alternative Android stores, alternative Windows stores — they already exist. They have existed for years, the technical platform has existed for years, all issues have been ironed out or known for years, and the major tide has been closing an open system (for Android, “anyone can do anything”, for Windows, “Microsoft can’t build a regular application cooler than you can” (literally)).

For Apple, the starting point is the complete opposite.

AirTag Bug Enables “Good Samaritan” Attack

Brian Krebs:

When scanned, an AirTag in Lost Mode will present a short message asking the finder to call the owner at at their specified phone number. This information pops up without asking the finder to log in or provide any personal information. But your average Good Samaritan might not know this.

That’s important because Apple’s Lost Mode doesn’t currently stop users from injecting arbitrary computer code into its phone number field — such as code that causes the Good Samaritan’s device to visit a phony Apple iCloud login page.


Rauch contacted Apple about the bug on June 20, but for three months when he inquired about it the company would say only that it was still investigating. Last Thursday, the company sent Rauch a follow-up email stating they planned to address the weakness in an upcoming update, and in the meantime would he mind not talking about it publicly?

Rauch said Apple never acknowledged basic questions he asked about the bug, such as if they had a timeline for fixing it, and if so whether they planned to credit him in the accompanying security advisory. Or whether his submission would qualify for Apple’s “bug bounty” program[…]


Imgur Acquired

Imgur (Hacker News):

Imgur remained an independent company for 12 years. Through it all, our goal has always been to build an authentic place online where people express themselves, feel good, connect, and discover the magic of the internet. Today Imgur reaches 300 million people around the world and is home to one of the largest (and obviously the best) single independent communities online.


We made the choice to join the MediaLab portfolio because their resources and shared services can help accelerate us closer toward our goal and keep the main Imgur team focused on what we do best: creating the best place for community-powered entertainment online. MediaLab has committed to investing more resources in engineering and community to continue adding new features, new tools for creators, and growing Imgur.

Andy Baio:

bought by the same company who acquired Genius two weeks ago

IPLeak and DNS Leak Test

Bruce Schneier:

These two sites tell you what sorts of information you’re leaking from your browser.

App Tracking Transparency Affecting Facebook

Alex Kantrowitz (Hacker News):

Facebook VPs, including Simon Whitcombe and Graham Mudd, spoke to advertisers about Apple’s anti-tracking initiative, the one thing wreaking immediate harm on the company’s ad effectiveness and its bottom line.


Apple is indeed doing more damage to Facebook than any of its rolling series of scandals so far. The changes Apple made in iOS 14.5 — asking people if they wanted to opt-out of apps tracking them across the web — is causing tumult for advertisers who rely on Facebook to sustain their businesses. Performance marketers, i.e., those who want you to buy immediately after clicking, are particularly struggling. The masses, they believe, have opted out of letting Facebook track off of Facebook, so they can’t be sure if people are buying their products after seeing their ads. Facebook expects them to spend less money as a result.


Monday, September 27, 2021

Accessible Hangman Bug Fix Rejected From App Store

Oriol Gomez (via Becky Hansmeyer, Daniel Hall, Hacker News):

As some of you may know, I am a totally blind iOS game developer. Among other games I have made accessible Hangman, Choose your Face, etc.

Well, about 3 days ago I found out a bug which prevented iOS 15 users from running my game accessible hangman. I submitted an update to the app store fixing this problem. To my surprise, I got an email saying that my app is similar to other apps on the app store and that it is considered spam. Literally.

Oriol Gomez:

Now, I do understand that every app needs to go through review every time it is updated, of course. But this is verion 2.5 of the app, this is in no way the first or second version. So yes, Apple seems to find a new issue when someone just finds a little light in their brain clicking into place, the first version had no such issue. But after 4 or 5 versions, oooooh wait, your app does not comply with blah blah blah. So, yes, I think this is unfair. Anyway, I have some news regarding this whole hing, the update was pushed through and approved finally so I’m a bit less worried, they still say I should talk to them on the phone so they’re going to schedule a call with me.


Mac OS X 10.1 Puma Revisited

Stephen Hackett:

Jobs said that the software team didn’t take a vacation after OS X shipped, but kept working to improve the operating system. Four point updates had been released over the Internet, but 10.1 was something much bigger.

Phil Schiller came out to discuss Mac OS X 10.1. He reiterated that Mac OS X was Apple’s platform for the future, and that the company’s embrace of open standards and the Digital Hub were both critical to this future — as were things like the Mac’s graphics and Internet capabilities.

The first feature Schiller spoke about was speed, which is one of the biggest knocks against the original version of Mac OS X. He said that the company had been working on this at every level of the operating system.

Indeed, the main thing I remember about Puma, though Apple didn’t really start using the cat names externally until Jaguar, was that it felt much faster (but still slower than Mac OS 9).

For users hopping aboard the Mac OS X train for the first time, Puma cost $129, the same as the original version. However, for customers who had paid for Mac OS X, Apple charged just $19.95 for the upgrade … at least on paper.

Indie Apps Catalog

Dave Verwer:

What would an App Store look like if it focused on apps by independent developers? Filip Nemecek shows us! What a great idea. Of course, this would be better as an app itself, but the guidelines would get in the way of that plan, but a web version is better than nothing!

This looks nicely done, and it includes both iOS and Mac apps, though not Mac apps from outside the App Store. Too bad he can’t earn an affiliate commission for helping people find apps. Note that submissions seem to be backlogged at the moment.


Opting in to 120Hz Animations on iPhone 13 Pro

Benjamin Mayo:

Indeed, the lack of published documentation meant that everyone assumed that adopting 120Hz would be done automatically by the system. This is how it works on the iPad Pro, which has supported ProMotion since 2017. But for the iPhone 13, high frame rate animation is actually gated twice, firstly by a global Info.plist key and secondly by the fact that each individual animation in the codebase will need to be audited and marked as wanting high refresh rate pacing.

All apps will see ProMotion benefits when the user is actively interacting with the display and generating touch events, which thankfully means scrolling is always ultra-responsive and fluid across the system.

However, this also puts an onus on developers to meticulously check all the animations in their app and do the code changes where it makes sense. 60 FPS animations in app like Twitter will stick out like a sore thumb if the user has just finished scrolling their timeline at a smooth 120 FPS rate.

Smart Voting App Removed From App Store

Justin Sherman (tweet, Reuters):

Earlier this month, when the Kremlin told multiple Big Tech companies to suppress political opposition amid nationwide elections in Russia, their answer was unequivocal: no. Yet just two weeks later, Apple and Google deleted from their app stores the Smart Voting app, opposition leader Alexey Navalny and his party’s primary tool for consolidating votes against Vladimir Putin’s regime. Then Telegram and Google-owned YouTube also restricted access to the recommendations for opposition candidates that Navalny was sharing on these platforms.

Francisco Tolmasky:

Just like during the Hong Kong protests, Apple has again been pressured to remove an app for political reasons. This time a tactical voting app in Russia. Without side-loading, the @AppStore becomes a single bottleneck for governments to censor dissent.


One thing that baffles me every time this happens, is that I wouldn’t want this responsibility if I was Apple. I’d want to stay distraction free, focused on fun stuff like AR or new iPhone cameras, not getting needlessly sucked into heavy decisions about international politics.


Friday, September 24, 2021

iOS Safari Extension: Achoo

Christian Selig:

Quickly view the HTML for a given page in Safari on iOS/iPadOS 15. Customizable, beautiful, easy to use, and you can tweak the page too!

It’s $0.99.

iOS Safari Extension: Amplosion

Christian Selig:

Amplosion automatically redirects from AMP links to normal websites.


  • A great deal of the time the website loads weirdly or incompletely, potentially missing parts or acting differently than you’re used to
  • AMP links add another opportunity for AMP providers to track you
  • The URLs often become really gross for sharing with friends, with a bunch of weird extra stuff shoved into them, or sometimes not even from the correct website

Parker Ortolani:

The app also lets you keep track of how many times you’ve visited an AMP link and how many times you’ve used Amplosion to avoid one. Amplosion is priced at just $1.99 and if you hate AMP as much as I do it’s well worth it.

Update (2021-09-29): Nick Heer:

Do not miss Selig’s announcement video.

See also: Hacker News.

Christian Selig:

Safari extensions require your permission to run, so in the interest of transparency I wanted to make the app completely open source. Amplosion’s Privacy Policy already states that it’s completely private (everything is handled locally, on-device) but why trust my words when you can go through the code itself? My intention is for this to serve as an extra layer of validation that Amplosion is a privacy-first app, and seeks simply to make your web browsing experience more pleasant.


The fact that so many people hate AMP the $3 iOS plugin to get rid of it is #1 in the app store is kind of an incredible sign of what a bad technology it is.

Nick Heer:

More notable, I think, is that it is the third most popular paid app of any kind in the Canadian App Store as I write this, sitting just behind Procreate Pocket and well ahead of Facetune, Wolfram Alpha, and at least four moose hunting apps.

Federico Viticci:

AMP is a user-hostile, useless technology that has harmed the mobile web and publishers who fall for it

Rob Ruenes:

current mood: you worked on the initial AMP launch and then bought this app 😌

John Wilander:

As I said, the Google AMP cache is the cross-site tracking stunt of the decade.

Valentino Volonghi:

[If] you click this link from macOS, it will open Apple News and ask for subscription, but if you open from iOS Twitter client it will open up on the news. I would argue this is much worse than what AMP does as well


iOS Safari Extension: StopTheMadness

Jeff Johnson:

People have been requesting StopTheMadness on iOS for literally 3 years!

I never thought it would be possible, but I was pleasantly surprised, to put it mildly, by the announcement of Safari extensions on iOS at WWDC.

I thrilled to finally be able to release it!

Jeff Johnson:

StopTheMadness is a web browser extension that stops web sites from making your browser harder to use. And it protects your privacy on the web! StopTheMadness works in Safari on iOS and iPadOS, and in all major web browsers on macOS, including Safari, Firefox, Google Chrome, and any other Chromium-based web browser, such as Microsoft Edge, Brave, and Vivaldi. StopTheMadness is sold separately on the iOS App Store and Mac App Store.

Jeff Johnson:

[U]nfortunately App Store is very inflexible when it comes to cross-platform purchasing. It’s only possible in certain limited circumstances that don’t fit my apps.

The iOS version is $7.99, and the Mac version is $9.99.

Jeff Johnson (tweet):

I won’t screenshot the App Store page here, because I’d like people to judge the experience for themselves. There are a few featured extensions at the top, and below that there’s a list of “Must-Have Safari Extensions”. When I select “See All”, there’s a list of 22 extensions, written by 20 developers (2 developers have 2 extensions in the list). The featured extensions at the top of the previous Safari Extensions page are all included in this list too. Here’s my question: Where are the rest of the Safari extensions for iOS? An iOS user might understandably get the impression that these are the only Safari extensions available for iOS, because they’re the only Safari extensions shown by the App Store.


I’m complaining that there’s no comprehensive list of Safari extensions in the App Store. If an app isn’t featured, then it effectively doesn’t exist. […] Apple claims that the App Store gives developers access to over a billion customers, but what kind of “access” is it when the only way that customers find your app is if they follow a direct URL link to your app or search for your app by name (and hopefully see it below the irrelevant ads)?


Update (2021-10-04): Jeff Johnson:

StopTheMadness has a lot of features. From a marketing perspective, maybe too much a good thing! I want to highlight a few features often overlooked:

1) Allows PiP on YouTube (“Video controls” website option)

2) Deletes tracking tags from clicked links

3) Stops Google AMP


iOS Safari Extension: 1Password

Sami Fathi:

With iOS and iPadOS 15, Apple allows Safari extensions developers to release their previously exclusive Safari for Mac extensions to the iPhone and iPad, allowing users to use extensions on all of their devices. 1Password was one of the first to tease support earlier in June, and with its latest App Store update today, it’s bringing it to all users.

With its Safari extension on iPhone and iPad, 1Password users now have immediate access to all their passwords and 1Password entries right inside of Safari, including in-page suggestions. 1Password for Safari uses on-device machine learning to automatically fill in the login process of complicated websites and even automatically fills in two-factor authentication codes.

Too bad it doesn’t work with standalone vaults.

Update (2021-10-04): Mike Rockwell:

With the introduction of 1Password’s Safari extension, they’ve also discontinued their share sheet extension. This has managed to irritate quite a few users, including myself.

While the Safari extension is great, it doesn’t replace all of the functionality of the previous share sheet extension.


So if they had already stopped maintaining it, the claim that it would require additional work to maintain doesn’t really hold water. The sensible solution would have been to keep the share sheet extension in the app for some period of time alongside the Safari extension and then notifying users of its imminent retirement.

What irritates me the most is the lack of messaging. I had no idea the share sheet extension was even in consideration for retirement. One day I just updated the app and it was gone — it wasn’t even mentioned in the 7.8 release notes.

Update (2021-10-05): Damien Petrilli:

1Password removal of the share sheet is also preventing it to work with Firefox on iOS as it was used as a a workaround as they provide no plugin

iOS Safari Extension: Vidimote

Felix Schwarz:

This iOS 15 Safari Extension can:

🏃‍♂️ change the speed of videos in Safari

⏯ control playback, jump ±10s

🍿 enter picture-in-picture & fullscreen

🎯 pick an AirPlay target

It’s $4.99.

European Union USB-C Mandate

Tom Warren (tweet, Hacker News):

The European Commission, the executive arm of the European Union, has announced plans to force smartphone and other electronics manufacturers to fit a common USB-C charging port on their devices. The proposal is likely to have the biggest impact on Apple, which continues to use its proprietary Lightning connector rather than the USB-C connector adopted by most of its competitors. The rules are intended to cut down on electronic waste by allowing people to re-use existing chargers and cables when they buy new electronics.

In addition to phones, the rules will apply to other devices like tablets, headphones, portable speakers, videogame consoles, and cameras.


Efforts to get smartphone manufacturers to use the same charging standard in the EU date back to at least 2009, when Apple, Samsung, Huawei, and Nokia signed a voluntary agreement to use a common standard. In the following years, the industry gradually adopted Micro USB and, more recently, USB-C as a common charging port. However, despite reducing the amount of charging standards from over 30 down to just three (Micro USB, USB-C, and Lightning), regulators have said this voluntary approach has fallen short of its objectives.

Apple was a notable outlier in that it never included a Micro USB port on its phones directly. Instead, it offered a Micro USB to 30-pin adapter.

I think Apple is right that mandating a connector will stifle innovation. And I think that, in isolation, Lightning is a better connector than USB-C. However, it’s annoying that I have to carry multiple cables and adapters because, even with exclusively up-to-date Apple gear, my iPhone and AirPods don’t use the same connector as my MacBook Pro and iPad.

Hartley Charlton:

The directive now needs to be greenlit by the EU Parliament and national governments, who may suggest amendments, before it can come into law. The European Commission hopes that this will occur in 2022. From that point, companies will have two years to transition to USB-C on their devices.

Steve Troughton-Smith:

As somebody with an iPhone, iPad, and Kindle on his bedside table, all with different, incompatible, ports, I’m 1,000% behind standardizing on USB-C for everything. Apple had the chance to push the Lightning connector as standard for USB-C; maybe they’ll reconsider that next time

See also: Dithering.


Update (2021-10-20): Peter Maurer:

Why am I in favor of the USB-C mandate for phones and other small devices?

There are two upsides, in my opinion: Standardization means fewer cables, which benefits the environment. The second upside is that this also makes life easier by reducing the number of cables we have to carry around.

John Gruber:

Gartenberg summarizes a commonly-held theory here: that Apple is sticking with its proprietary Lightning port on iPhones because they profit from MFi peripherals. That it’s a money grab.

I don’t think this is the case at all.


My theory is that Apple carefully weighs the pros and cons for each port on each device it makes, and chooses the technologies for those ports that it thinks makes for the best product for the most people.


Now, I know what you, someone reading Daring Fireball, might be thinking — I own dozens of USB-C cables already — because you own other products, perhaps several from Apple itself, that do use USB-C. But that’s not true for most iPhone owners around the world. They have Lightning chargers in their kitchens, cars, purses, backpacks, and bedrooms. All things considered, they do not want to replace any of them, let alone all of them.

Nick Heer:

I think this also helps explain why Apple’s “Magic” accessories — keyboard, mouse, and trackpad — and the Siri Remote continue to use Lightning. Lots of people have lots of Lightning cables laying around.

iOS Vulnerabilities Either Unfixed or Uncredited

illusionofchaos (via Kosta Eleftheriou):

I want to share my frustrating experience participating in Apple Security Bounty program. I’ve reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page. When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update. There were three releases since then and they broke their promise each time.

Ten days ago I asked for an explanation and warned then that I would make my research public if I don’t receive an explanation. My request was ignored so I’m doing what I said I would. My actions are in accordance with responsible disclosure guidelines (Google Project Zero discloses vulnerabilities in 90 days after reporting them to vendor, ZDI - in 120). I have waited much longer, up to half a year in one case.


Here are links to GitHub repositories that contain PoC source code that I’ve sent to Apple. Each repository contains an app that gathers sensitive information and presents it in the UI.

Khaos Tian:

This is kinda bad given Core Duet tracks a lot of user activities on device. Maybe Apple’s security team really believe that App Review will capture this 🙃

Felix Krause:

Three 0-day iOS vulnerabilities for unauthorized access to medical data, iMessage, third party messengers, device usage, ...


Upgrading Your iOS Device

Jason Snell:

The problem is that most people don’t buy a new iPhone every year. The primary upgraders to the iPhone 13 will be coming from the iPhone 7, or 8, or X, or XS, or XR. For them, several years of Apple innovations will be rolled into a single purchase. But reviews of the new iPhones will not address what happened in 2018, or 2019, or 2020.

Here’s an attempt to provide a little more of a big-picture overview for owners of older iPhones who are wondering what’s new in the iPhone 13.


Face ID replaces Touch ID, so if you’re frequently masked and don’t have an Apple Watch, you’ll need to enter your passcode more often.

John Gruber:

Device-to-device is better because it moves over all your login credentials. When you restore from an iCloud backup, you wind up logged out of a lot of apps on the new device. When you restore device-to-device, almost everything moves over. I know there are exceptions, but I don’t think I bounced into a single app that didn’t keep me fully logged in this week. If you tried device-to-device a few years ago and found it lacking, try it again now — Apple has improved this process every year since it debuted. Worst case scenario, you can always start over and use iCloud backup.


Update (2021-10-20): Marco Arment:

I think the only way to include downloaded podcast files in phone transfers is to ALSO set them to be included in your iCloud Backup.

I’ve never set that flag because most people don’t want to waste a lot of their limited iCloud space for most podcasts, which are redownloadable.

Some Web Sites Will Stop Working With El Capitan and Older

Scott Helme (Hacker News):

On 30th September 2021, the root certificate that Let’s Encrypt are currently using, the IdentTrust DST Root CA X3 certificate, will expire. You may or may not need to do anything about this Root CA expiring, but I’m betting a few things will probably break on that day so here’s what you need to know!


In normal circumstances this event, a root CA expiring, wouldn’t even be worth talking about because the transition from an old root certificate to a new root certificate is completely transparent. The reason we’re having a problem at all is because clients don’t get updated regularly and if the client doesn’t get updated, then the new root CA that replaces the old, expiring root CA is not downloaded onto the device.


In the last year alone, Let’s Encrypt have grown their market share quite a lot and as a CA becomes larger, it’s certificates enable more of the Web to operate and as a result, when something like this comes along they have the potential to cause more problems. This is nothing to do with what Let’s Encrypt have done, or have not done, this still comes down to the same underlying problem that devices out in the ecosystem aren’t being updated as they should be.


Because old Android devices don’t check the expiration date of a root certificate when they use it, Let’s Encrypt may be able to continue to chain down to the expired root certificate without any problem on those older devices.

Howard Oakley:

If you’re still running El Capitan, or any version of Mac OS X prior to 10.12.1, then you’re about to run into problems with some popular security certificates.

macOS 10.11 was only superceded five years ago, and some older hardware can’t run 10.12. On the iOS side, an iPhone 4S can’t update to iOS 10. I get that Apple doesn’t want to provide security bug fixes that far back, but how hard would it be to have a mechanism for updating the root certificates? (Then again, even the Mac App Store no longer works properly on macOS 10.13 due to a bad CSS URL.)

Let’s Encrypt is quite popular now, and there are other certificates issued using the same root. Lots of sites will break, and users won’t know what to do.

This blog and the C-Command forum use Let’s Encrypt, and they are set to redirect HTTP to HTTPS. I haven’t decided how to handle this yet. So far, it seems like the only options are to accept the breakage or to buy a certificate from another provider.

The main C-Command site (which my apps use for automatic software updates) uses a different certificate that should continue to work. One of the mirror download sites does use Let’s Encrypt; if you get an error due do that you could try again until you get the non–Let’s Encrypt mirror.


Update (2021-10-04): Commenter “a” and Stefan Reitshamer have posted instructions for how to download a new root certificate so that certificates from Let’s Encrypt and others can still be trusted on macOS 10.11.

Howard Oakley:

A few days ago I warned that those still using older versions of Mac OS X are likely to have problems making secure HTTPS connections with many websites, because of a security certificate due to expire on 30 September. Unfortunately, it has turned out that this isn’t confined to older Mac OS X, and can even affect Monterey betas. And there’s more than one certificate which has now expired.


Although this is a Let’s Encrypt certificate chain, the first of the certificates to expire wasn’t its DST Root CA X3 which we were warned about, which remained valid at the time that this happened to me. The first certificate to expire was the intermediate R3, which expired on 29 September, a day earlier.


So how come two different Macs connecting to the same site get such different chains of trust?

The answer I suspect lies in the caching of certificate checks. Both my iMac and iPhone have connected to this site previously, and rather than performing a full certificate check every time, macOS is just using old results, which still refer to the old intermediate and Root certificates. My M1 Mac mini had never connected to that site, so had to perform a fresh check on the chain of trust, which then traced back to the current chain with its replaced intermediate and Root certificates.

Howard Oakley:

In the rest of this article, I’ll focus on the use of security certificates for one of their most common purposes, in establishing a secure connection to a remote server using the HTTPS protocol, using Transport Layer Security (TLS), which long ago was known as the Secure Sockets Layer (SSL) and is still occasionally referred to incorrectly as being SSL.

Howard Oakley:

Since the first of those security certificates expired on 29 September, there’s been a steady stream of comments from ordinary users, those operating small websites, developers, and system administrators, documenting far more extensive consequences than any of us had anticipated.


When your browser blocks or warns you about a site you want to visit, don’t just blunder on assuming that you’re right. You might be, but you have at least to wonder what’s wrong, and whether that’s a warning in itself. Check the site’s certificates and think through the implications of any error messages. If the identity on the leaf certificate doesn’t match the site you’re trying to connect to, be extremely wary, as that’s a common ploy of impersonators.

Howard Oakley:

To understand why current versions of Safari appear to be having problems connecting to some sites, particularly those affected by the recent Let’s Encrypt certificate changes, I’ve been exploring what’s recorded in the Unified log. This article casts more light on the checks which Safari runs, and how they can fail.

See also: Reddit.


Update (2021-10-08): See also: Reddit, Let’s Encrypt.

Update (2021-11-12): Howard Oakley:

Many users are continuing to report problems trying to connect to some websites, which reportedly have broken certificates. This comes a month after the fiasco with the Let’s Encrypt root certificate, and affects some other root certificate authorities, including IdenTrust. This article explains how you can deal with these and similar problems in both current and older versions of macOS.

Thursday, September 23, 2021

Apple Lies About Epic Again


As we’ve said all along, we would welcome Epic’s return to the App Store if they agree to play by the same rules as everyone else.

Tim Sweeney:

Epic has asked Apple to reactivate our Fortnite development account. Epic promises that it will adhere to Apple’s guidelines whenever and wherever we release products on Apple platforms.


Apple has exercised its discretion not to reinstate Epic’s developer program account at this time. Furthermore, Apple will not consider any further requests for reinstatement until the district court’s judgment becomes final and nonappealable.

Tim Sweeney (MacRumors, Hacker News):

Apple lied. Apple spent a year telling the world, the court, and the press they’d “welcome Epic’s return to the App Store if they agree to play by the same rules as everyone else”. Epic agreed, and now Apple has reneged in another abuse of its monopoly power over a billion users.


Late last night, Apple informed Epic that Fortnite will be blacklisted from the Apple ecosystem until the exhaustion of all court appeals, which could be as long as a 5-year process.

This seems clear-cut to me. Yes, Epic willfully disregarded the App Store guidelines last year, and Apple had cause to terminate its developer account. But, just this month, Apple said that Epic could come back if it agreed to follow the guidelines. Epic promised to, but instead of following through, Apple now says it won’t even consider lifting the ban for potentially five years.

I say that Apple lied again because, last September, Epic reported that Apple was going to block its customers from using “Sign In with Apple.” Apple told The Verge and John Gruber that this was not, and never was, the case. But then it came out in court filings that Epic was telling the truth.

It’s surprising that Apple, which has historically been very careful about communications, would make statements like these that are so easily disproven. Perhaps it was emboldened after it became apparent that there were no consequences for its CEO lying to Congress last summer—other than its reputation among people who follow these things.

The other unfortunate thing about this story is that the Fortnite Mac app is also blocked, even though it isn’t in the App Store. You need a developer account to get a Developer ID certificate and notarize your app—otherwise macOS won’t launch the app and will suggest that it might be malware.

John Gruber (Hacker News):

But agreeing not to break Apple’s guidelines again seems in the spirit of what Apple had been asking for, regarding reinstating Fortnite.

M.G. Siegler:

I’ve long wondered if Sweeney and Epic weren’t playing a different kind of game than the one Apple is playing, and the moves today don’t dissuade me from that thinking. Yes, it’s entirely possible that Sweeney just wants this to be over with and wants Fortnite back in the App Store following the loss on most fronts with regard to their lawsuit. But actually, that doesn’t seem like the right read to me. Because if they wanted that, Sweeney obviously — obviously — would not have included a few very clear lines in his email […] to Apple’s Phil Schiller.


It’s basically saying to Apple: read the intent (and perhaps the room!) of what the judge was going for, don’t try to litigate the language down to the lowest common denominator.


“Wait a minute, that $2.5T company won’t let the game developer back in the App Store even after they lost the lawsuit, paid the fine, and agreed to their demands?!”


iPhone 13 Reviews


Update (2021-10-05): See also:

Keith Harrison:

Not much has changed but here’s a recap of what you need to know to update your apps for the new devices.

Ryan Jones:

Complete History of iPhone’s Camera Bump *estimated from product photos

Update (2021-10-15): See also:

iPad mini (6th Generation) Reviews


Update (2021-10-05): Francisco Tolmasky:

MagSafe in the iPad mini would have been really nice. I want it on all of them, but the iPad mini seems like it would work best with existing stuff just due to its size.

Francisco Tolmasky:

It just really feels like we don’t need such a humongous (over 1 inch!) margin on the iPad mini, and we could instead make the icons (and text!) easily 1.3x bigger. It often feels like I have to hold it closer to my face than my iPhone to be able to see and use it properly.

Tim Hardwick:

Now that new iPad mini 6 owners have had a couple of days with Apple’s latest redesigned tablet, some users are noticing an issue being referred to as “jelly scroll” when viewing the screen in portrait mode.

The term refers to a noticeable effect when scrolling vertically through text-based content like a webpage or document, where each line of text appears to tilt down towards the left of the screen as it passes by. The effect makes it look as though one side of the display is responding faster than the other when a finger drags to scroll the page.

Andrew Cunningham:

Apple has told us that the “jelly scroll” issue on the 6th-generation iPad mini is normal behavior for LCD screens. Because these screens do refresh line by line, there is a tiny delay between when the lines at the top of the screen and lines at the bottom are refreshed. This can cause uneven scrolling issues like the ones observed on the iPad.


An iFixit teardown suggests that the iPad mini’s more noticeable scrolling issue is a byproduct of how the display controller is mounted.

Update (2021-10-08): Tim Hardwick:

Following complaints of “jelly scrolling” on the iPad mini 6 display, another issue has gained traction online that also has to do with the device’s 8.3-inch Liquid Retina LCD panel.

A poster on Reddit brought attention to a discoloration and distortion issue that they were having when touching the screen with the iPad in portrait orientation.

I got my 64gb Wi-Fi iPad Mini 6 just about a week ago and noticed that there seems to be an LCD clearance issue – if you put your mini in vertical orientation (with the power button on the top right) push very lightly on the screen and you will see distortion and discoloration about an inch down and in from the top right. On most models this will happen in three spots along the top of the display (when vertical).

iPad (9th Generation) Reviews


Tuesday, September 21, 2021

Swift 5.5 Released

Ted Kremenek:

Swift 5.5 is a massive release, which includes newly introduced language capabilities for concurrency, including async/await, structured concurrency, and Actors.



John Sundell:

Before Swift 5.5, if we wanted to make an enum that contains associated values conform to Codable, then we’d have to write all of that code manually. However, that’s no longer the case, as the compiler has received an upgrade that now makes it capable of auto-synthesizing serialization code for such enums as well.


If needed, we could even customize what keys that are used for the associated values within a specific case. For example, here’s how we could declare that we’d like the youTube case’s id value to be serialized as youTube

John Sundell (tweet):

In general, these kinds of issues can be worked around using a compile-time platform check — but before Swift 5.5, we’d have to first break our List out into a separate expression, and then apply different listStyle modifiers separately using an #if-based operating system condition[…]


When using Swift 5.5, we now have the option to inline #if directives right within our expressions. So, going back to our ItemList, we can now conditionally apply each of our listStyle modifiers completely inline — without first having to break our expression up into multiple parts[…]

Joshua Emmons:

Sadly, these [async/await] features require runtime support. Which means, at least for the time being, async is iOS 15-/macOS 12-only.

For those of us supporting older deployment targets, this can be a bit of a let down. But not all hope is lost! We can build clean, flattened-out async handling on our own.

David Ungar:

If your incremental (i.e. Debug) builds seem to be too slow, here some things to try[…]


Update (2021-10-05): taylorswift:

I’ve discovered several stack corruption bugs related to async/await which can be reproduced in simple test programs compiled with recent nightly toolchains. i have confirmed that four of these bugs are present in the 5.5-RELEASE toolchain.

Monday, September 20, 2021

iOS 15 and iPadOS 15

Apple (iOS release notes, iPadOS release notes, Hacker News):

iOS 15 is packed with new features that help you connect with others, be more present and in the moment, explore the world, and use powerful intelligence to do more with iPhone than ever before.

Federico Viticci (extras):

Surprisingly, iOS 15 doesn’t introduce any notable improvements to what made its predecessor wildly popular last year. In fact, as I’ll explore in this review, iOS 15 doesn’t have that single, all-encompassing feature that commands everyone’s attention such as widgets in iOS 14 or dark mode in iOS 13.

As we’ll see later in the story, new functionalities such as Focus and Live Text in the Camera are the additions that will likely push people to update their iPhones this year. And even then, I don’t think either of them sports the same intrinsic appeal as widgets, custom Home Screens, or the App Library in iOS 14.


But after three months of running iPadOS 15 on my M1 iPad Pro, I can’t help but feel like power users will still be left wishing for more. Yes, iPadOS 15 brings extensive keyboard integration for multitasking with a plethora of new keyboard shortcuts and yes, the new multitasking menu and improvements to the app switcher benefit everyone, including power users, but iPadOS 15 is a foundational update that focuses on fixing the basics rather than letting the iPad soar to new heights.

Dan Moren:

So it is with iOS 15, a release that appears with at least one of its most touted features, SharePlay, delayed until later this year, and another impressive piece of functionality—Universal Control—demoed but never even present in the betas. What’s left is a hodgepodge of interesting ideas and occasionally misguided attempts to prescribe how people should use their mobile devices. It’s an update that’s got a lot to recommend it, but that’s simultaneously tough to recommend, if only because it’s difficult to point to a single big feature that will make a huge difference in the life of the average user.


The reason that Time Sensitive notifications are significant is twofold. Firstly, they’re a class of notification that you can allow to break through your Focus, even if you haven’t specifically allowed notifications from that app. Secondly, they work with the second new major notification feature, Scheduled Summary.

Jason Snell:

In iPadOS 14, holding down the Command key would display a simple list of app-specific features and key equivalents. In iPadOS 15, Apple has expanded this feature to make it more like the iPad equivalent of the Mac menu bar. Not only does it list keyboard shortcuts, but it can list every command in the app (with suspiciously familiar labels like File and Edit). You can click or tap any of them to execute them. iPad apps that build out the Mac menu bar for their Catalyst version can pick this feature up for free. It’s another way that the Mac and iPad are increasingly complementing one another.

Then there’s the Globe key. Initially intended for supporting multiple languages, in iPadOS 15, the Globe key has become something much bigger: it’s a symbol for global keyboard shortcuts. (The Globe key appears on most modern Apple keyboards. If your keyboard doesn’t have a Globe key, don’t worry—you can use the Hardware Keyboard settings area to map a less-used modifier key such as Caps Lock to the Globe key.)

Hold down the Globe key in any app in iPadOS 15, and instead of seeing app-specific commands, you’ll see a list of functions that are available everywhere on the iPad.

Juli Clover:

A new Focus mode cuts down on distractions by limiting what’s accessible and who can contact you, and notifications can now be grouped up in daily summaries. There’s an option for a new Safari design that moves the tab bar to the bottom of the interface, and Tab Groups keep all of your tabs organized.

Joe Rossignol:

Apple recently updated its iOS 15 features page to indicate that Find My network support for AirPods Pro and AirPods Max has been delayed until “later this fall,” implying that the feature will not be available with the initial release of iOS 15.

Joe Rossignol:

According to the iOS 15 features page on Apple’s website, the following features require an iPhone with an A12 Bionic chip or newer, which means the features listed below aren’t available on the iPhone X or any older models.

It does still run on devices all the way back to the iPhone 6s, though.


Update (2021-10-20): Chaim Gartenberg:

It’s the most incremental and iterative iOS release in years, a grab bag of new features that, while nice to have, don’t really move the needle or change your iPhone experience much.

Juli Clover:

iOS 15 is absolutely packed with new features, and it can be overwhelming sorting through everything that’s new. If you’re wondering whether it’s worth upgrading and what new features might be worth getting access to right away, we’ve rounded up 10 of the best new additions in the iOS 15 update that you might not be aware of.

Ryan Burnett (via John Gruber):

What’s new in iOS 15. Includes before and after comparisons documenting the design evolution from iOS 14 to iOS 15. Settings, Photos, Safari, Calendar, Maps, and FaceTime are covered in 52 screenshots.

Peter Steinberger:

Heads up if you call isLowPowerModeEnabled anywhere - this now easily deadlocks on iOS 15.

Steve Troughton-Smith:

There’s been a change between iOS 14 and iOS 15 that now evicts apps from Now Playing on the lockscreen if they’ve been stopped for more than five seconds, which then lets the Music app forcibly claim the play/resume button. Anybody run into this? Is there a new API I’m missing?

Sami Fathi:

Adding to the list of issues facing iOS 15 and iPhone 13 users, a new, seemingly widespread bug is causing CarPlay to suddenly crash whenever a user attempts to play music, such as through Apple Music or third-party providers like Spotify.

Hide My Email

Tim Hardwick:

At its WWDC keynote on Monday, Apple announced that iCloud is getting a premium subscription tier called “iCloud+,” which includes tentpole privacy features like Private Relay and Hide My Email. Another feature included in iCloud+ that wasn’t discussed in the keynote is the ability to create a custom email domain name.

I think it’s better to use another e-mail provider, but at least with a custom domain you can more easily change in the future.


Expanding on the capabilities of Sign in with Apple, Hide My Email lets users share unique, random email addresses that forward to their personal inbox anytime they wish to keep their personal email address private. Built directly into Safari, iCloud settings, and Mail, Hide My Email also enables users to create and delete as many addresses as needed at any time, helping give users control of who is able to contact them.

It appears that you can set it forward to a non-iCloud address. So you can improve your privacy by hiding your real e-mail address from sites, but you also reduce it by routing your mail through Apple, and add a dependency on iCloud.

Tim Hardwick:

The following steps show you how to create a new dummy email address with Hide My Email, for use in Safari and Mail.


iCloud Private Relay

Michael Grothaus (via John Wilander, Alex Guyot):

The obvious comparison people will make is that iCloud Private Relay is Apple’s version of a VPN (something I have called for in the past for the company to offer). But from an engineering perspective, Private Relay’s privacy protections make VPNs look weak.


iCloud Private Relay uses a dual-hop architecture. When you navigate to a website through Safari, iCloud Private Relay takes your IP address, which it needs to connect you to the website you want to go to, and the URL of that site. But it encrypts the URL so not even Apple can see what website you are visiting. Your IP and encrypted destination URL then travels to an intermediary relay station run by a third-party trusted partner.

See also: WWDC, Nick Heer, Hacker News, Accidental Tech Podcast, MacRumors, TidBITS.

John Gruber:

It’s a little weird that Apple doesn’t want to talk about who these “trusted partners” are, because if we don’t know who they are, how are we supposed to trust them?

Stephen Nellis and Paresh Dave:

Apple’s decision to withhold the feature in China is the latest in a string of compromises the company has made on privacy in a country that accounts for nearly 15% of its revenue.

Tim Hardwick:

According to Apple, “regulatory reasons” prevent the company from launching Private Relay in China, Belarus, Colombia, Egypt, Kazakhstan, Saudi Arabia, South Africa, Turkmenistan, Uganda, and the Philippines.

Apple mentioned these country limitations in June, but it seems that Private Relay will not be available in Russia either, after Apple apparently disabled the feature there over the last day or so.

Spencer Dailey:

Hats off to Apple’s architects. At first glance, the principle behind this “dual hop” seems inspired by Tor, a browser that “directs Internet traffic through a free, worldwide, volunteer overlay network” with an encryption scheme that promises to “conceal a user’s location and usage” from prying eyes. The main issue with Tor has always been that it’s slow. Apple claims Private Relay works “without compromising performance”. There are reasons to be very skeptical of that claim by Apple (more on that later), but nevertheless, Private Relay will certainly be far faster than using Tor.


Private Relay will ruffle the feathers of ISPs and local network administrators.

This is a power move reminiscent of 1) when Apple launched the iPhone and decoupled phone software from the carrier, and 2) when Apple launched iTunes and CD-selling music labels had to come on board.

The industry will push back, leading to friction for consumers.

Many local area networks, such as WiFi on college campuses, will end up prohibiting Private Relay traffic. This will lead to inconvenienced users, who will be presented with dialogs to disable Private Relay for that network. I’m sure ISPs of all sizes will be tempted to also put in place hard blocks.

Florian Forster (via Hacker News):

If a user enables this feature, your RIBA [Risk Based Authentication] seriously will have a bad time. This is because, as you can see below, the user’s IP Address will be more or less useless as a signal. As of writing this blog I was in Switzerland and the IP used to egress my traffic was in a region located in the US. If this also tends to change a lot and fast you can basically throw away IP addresses as data of your RIBA.

Saagar Jha:

As expected, using Private Relay may get you flagged on certain sites, such as Wikipedia. Haven’t hit a captcha yet but I’m not looking forwards to it…

Frank A. Krueger:

Funny side-effect of iOS’s new private browsing: websites keep signing me out and reporting irregular login attempts. I have to remind myself that I sometimes live in Sweden now.

John Voorhees:

Private Relay currently has a significant impact on Safari’s performance. Here’s my Internet speed outside Safari using the Speedtest Mac app.

David Sparks:

My connection was noticeably slow and laggy. After a bit of troubleshooting, I discovered Private Relay is the culprit.

Dave Wood:

Why does iCloud Private Relay randomly turn itself back on? I didn’t reboot or anything here. And, the option to disable it again is missing. (Usually appears again if you go back a menu and forward again).


I have a VPN app that uses a tunnel to route traffic, and I’m finding that port 80 traffic cannot be routed when Private Relay is enabled. Oddly, it’s just port 80 traffic. HTTP traffic over 8080 or other ports still work fine.

Specifically, connecting the socket using the connect() function for a port 80 address always returns the same error "No route to host".

Jason Snell:

Essentially, Apple has decided to launch iCloud Private Relay as a beta when iOS 15 ships in the fall, and the feature will be turned off (for now) by default. Paying iCloud users will be able to turn it on and try it out.

John Gruber:

Here’s my concern about iCloud Private Relay compatibility, though: if web publishers want to make sure their sites are compatible with iCloud Private Relay, they can make it work. They might just need more time. But everyone knows there are sites that aren’t interested in your privacy. That’s the whole reason Apple even made this feature. For a lot of websites, if the answer to an iCloud Private Relay compatibility issue is “Disable iCloud Private Relay”, that’s fine by them. For a lot of privacy-invasive web publishers, their goal, I suspect, is to break iCloud Private Relay, not fix their shit-ass websites to work with it.


DuckDuckGo Email Protection

Sami Fathi (Hacker News):

DuckDuckGo today announced its brand new Email Protection feature that will allow users to save themselves from being tracked by trackers embedded into emails by forwarding them to a free and personalized DuckDuckGo email before being sent to their actual email.


One of the largest cornerstones of DuckDuckGo’s offering, compared to Apple’s Hide My Email, is its cross-platform compatibility.


DuckDuckGo is pledging that it never saves a user’s email and that even when emails are sent to its servers to be cleansed from trackers, that information remains private.


Mail Privacy Protection


In the Mail app, Mail Privacy Protection stops senders from using invisible pixels to collect information about the user. The new feature helps users prevent senders from knowing when they open an email, and masks their IP address so it can’t be linked to other online activity or used to determine their location.

Ben Lovejoy (MacRumors):

One of the new privacy features included in iCloud+ is what Apple calls Mail Privacy Protection. While that’s designed to protect Apple Mail users from overly intrusive marketeers, some are worried that it could badly hurt small publishers of email newsletters.

That’s because it will deny them access to a key metric used to sell the advertising that makes many such newsletters viable…

Casey Newton (Hacker News):

And so it’s no surprise that some observers look at Mail Privacy Protection and see a threat. “This is another sign that Apple’s war against targeted advertising isn’t just about screwing Facebook,” Joshua Benton wrote in Nieman Lab. “They’re also coming for your Substack.”


But after conversations with newsletter writers and media executives today, I’m not sure that people doing email-based journalism have all that much to worry about from the shift.

Nick Heer:

Email open rates are notoriously unreliable. Some sources will say that open rates are underreported; others will say that they are way too high. That is because open rates are determined by the number of times that a tracking pixel in an email is downloaded. If users have images turned off, it will not be triggered; if a user’s email client automatically goes to the next message when an email is deleted, it may register as the email being opened again and again.

Eric Blair:

It sounds like like MPP proxies will pre-download images regardless of whether you open the email. The effective open rate will look like 100% for Mail users. Since the download is out of band from the viewing, the access time is also meaningless.

Andrew Grant:


Also Apple.


Record App Activity

Jason Cross:

Apple is always expanding privacy features, and with iOS 15 you have a powerful new tool to find out which apps are accessing your phone’s features and data.


This will record a 7-day summary of exactly when and how often all your apps access things like your microphone or microphone, or which web domains they visit. Just come back to this screen a week later for a full report.

You can even tap Save App Activity to export a JSON file of all the data if you’re into that kind of thing.

Nick Heer:

I’ve just saved four days’ worth of app activity. It’s a 27 MB JSON file. An analysis of this would be wild, I am sure.

John Spurlock:

Want a better way view the json files saved from “Report App Activity” in iOS15 beta privacy settings?

I just published a simple web app that runs locally to slice and dice them.


Update (2021-10-20): Marco Arment:

I analyzed a week’s worth of my phone’s app activity, and it’s pretty surprising how many apps — big and small — send analytics data to Google.

Marco Arment:

Record App Activity isn’t intended to be a user-facing feature.

It’s part of App Privacy Report, which is coming later.

Record App Activity is more of a preview/preparation tool for developers.

Record App Activity is there mostly for devs to make sure we’re setting .attribution on our NSURLRequests to .user when that’s semantically correct. (See docs.)

For instance, I don’t set it when talking to Overcast’s servers, but I do when downloading user-selected podcasts.

Rejected for Mentioning iOS 15 Compatibility

James Thomson:

And, that’s the iOS 15 build of Dice by PCalc rejected for… mentioning iOS 15.

It feels like we’ve been down this road before.

It’s a longstanding unwritten rule, though in this case Apple had already posted the iOS 15 release candidate build and notified developers to submit their updates for iOS 15. So not being able to mention the OS version just adds confusion for users.

Marco Arment:

My Overcast build with the iOS 15 GM SDK, released after the very public event this week, was rejected for mentioning “iOS 15 compatibility” in the release notes.

Such a waste of everyone’s time, Apple. Come on.

Michael Love:

My best guess is that they’re somehow trying to avoid user confusion - they’re worried that if people see a bunch of iOS 15 updates before iOS 15 is out they’ll assume their phone isn’t compatible with it or the updates won’t work on 14 or whatever.

If Apple really doesn’t want users to see these updates before iOS 15 is released, there should be an option to submit your update now but have the App Store hold it for release until iOS 15 ships.

Dave Wood:

They’re probably confused because the change of term from GM to RC. Since iOS 15 is now RC, it is no longer pre-GM so doesn’t violate the rule they quote. Which is even funnier.

Curtis Herbert:

If Apple, year after year after year, pulls the BS of an app rejection because you mention the upcoming release … at some point ya gotta stop trying. Save yourself the headache. Just say “the new iOS” or “today’s update.”

Alexey Chernikov:

Just got rejected for mentioning “the latest iOS.”

Sash Zats:

That’s why you just “bug fixes and improvements”

James Thomson:

It is my understanding that mentioning iOS 15 is allowed in your release notes, as of now, and in future mentioning an unreleased OS should not cause a problem after app submissions for that particular OS have opened.

Thanks to Thompson for relaying an unwritten rule change, but it would be nice to have a written guideline to cite when the memo inevitably doesn’t get out to everyone.


Update (2021-10-20): Tanner Bennett:

Seems to me like the trouble that comes with rejecting hundreds of apps for mentioning it and having potentially broken apps on iOS 15 would far outweigh whatever trouble comes with user confusion from mentioning iOS 15 in app release notes… What kinda whack priorities are these

Saagar Jha:

Apple: don’t you dare mention our OSes that are in RC and we announced are going to launch next week

Also Apple:

TJ Luoma:

I saw three apps that mentioned iOS 15 which were allowed through app review. Glad to see that process is as cönsistent as ever.

Thursday, September 16, 2021

Shortcuts Outage Caused By Researcher

Nick Heer:

Remember how, back in March, all links to Shortcuts just stopped working?

Frans Rosén (via Federico Viticci):

I found some permission issues when hacking Apple CloudKit. I wrote about three of them @detectify labs, one where I accidentally deleted all shared Apple Shortcuts.

He reported the bugs to Apple and received the security bounty.


Performance of the A15

Jason Snell:

Here’s a funny thing about Tuesday’s announcement of the A15 Bionic: Apple didn’t compare its performance to the A14. In the past, Apple has compared the power of its iPhones to previous models. But this year, Apple has chosen to proclaim that the A15 in the iPhone 13 Pro has 50 percent better graphics and CPU performance “than the competition.”

Given that Apple has generally been ahead of its smartphone competition in terms of processor power, this suggests that the A15 shows less improvement over the A14 than it does over the Qualcomm processors in leading Android phones. And it makes me wonder if Apple is perhaps trying to soft-pedal a new chip that isn’t much faster than the older model.

Dylan Patel (tweet, via Meek Geek):

The CPU is claimed to be 50% faster than the competition while GPU is claimed to be 30% or 50% faster depending on whether it is 4 cores or 5 cores. They are sticking with a 16 core NPU which is now at 15.8 TOPs vs 11 TOPs for the A14. There is a new video encoder and decoder, we hope it incorporates AV1 support. The new ISP enables better photo and video algorithms. The Pro models have variable refresh rate, so that likely necessitated a new display engine. Lastly, the system cache has doubled to 32MB. This was likely done to feed the GPU and save on power. SemiAnalysis also believes Apple moved to LPDDR5 from LPDDR4X.


The most important thing to note is that the CPU gains are identical from the A12 to A14 as they are from A12 to A15. The GPU gains are quite impressive with a calculated 38.5% improvement. This is larger than the A13 and A14 improvements combined.


SemiAnalysis believes that the next generation core was delayed out of 2021 into 2022 due to CPU engineer resource problems. In 2019, Nuvia was founded and later acquired by Qualcomm for $1.4B. Apple’s Chief CPU Architect, Gerard Williams, as well as over a 100 other Apple engineers left to join this firm. More recently, SemiAnalysis broke the news about Rivos Inc, a new high performance RISC V startup which includes many senior Apple engineers. The brain drain continues and impacts will be more apparent as time moves on. As Apple once drained resources out of Intel and others through the industry, the reverse seems to be happening now.

Eric Slivka:

These scores represent a roughly 10% increase in single-core performance and 18% increase in multi-core performance compared to the A14 Bionic in the iPhone 12 lineup.

Jason Snell:

If accurate, this would place the A14 to A15 performance boost in line with recent updates. What makes this a question at all is that Apple hasn’t directly compared the two chips, instead opting to compare the iPhone to “the competition.”


Update (2021-10-05): Ben Bajarin:

While it isn’t always obvious, Apple’s integrated product design approach of hardware, software, and silicon has led to many of the advances in camera, battery life, AI, video capture performance, and even ProMotion on iPhone 13 Pro. Apple has a luxury other silicon companies don’t. They custom-tune their architecture and silicon design specifically for iPhone and the feature they want iPhone to have. This allows them to spend their transistor budget on features instead of just pure performance.


While I will admit there is a small percentage of Apple customers who upgrade every year and a percentage more who upgrade every two years because they are on upgrade plans, the vast majority of consumers upgrade every 3-4 years. I thought it would be interesting to look at some basic iPhone benchmarks through the years and look at how much performance improvement happens every four years.

Andrei Frumusanu (Hacker News, MacRumors):

Compared to the A14, the new A15 increases the peak single-core frequency of the two-performance core cluster by 8%, now reaching up to 3240MHz compared to the 2998MHz of the previous generation. When both performance cores are active, their operating frequency actually goes up by 10%, both now running at an aggressive 3180MHz compared to the previous generation’s 2890MHz.


On the CPU side of things, Apple’s initial vague presentation of the new A15 improvements could either have resulted in disappointment, or simply a more hidden shift towards power efficiency rather than pure performance. In our extensive testing, we’re elated to see that it was actually mostly an efficiency focus this year, with the new performance cores showcasing adequate performance improvements, while at the same time reducing power consumption, as well as significantly improving energy efficiency.

The efficiency cores of the A15 have also seen massive gains, this time around with Apple mostly investing them back into performance, with the new cores showcasing +23-28% absolute performance improvements, something that isn’t easily identified by popular benchmarking. This large performance increase further helps the SoC improve energy efficiency, and our initial battery life figures of the new 13 series showcase that the chip has a very large part into the vastly longer longevity of the new devices.

Global Chip Shortage

Nilay Patel (Decoder):

Since the beginning of the pandemic, the demand for microchips has far exceeded supply, causing problems in every industry that relies on computers.


My guest today is Dr. Willy Shih. He’s the professor of management practices at Harvard Business School. He’s an expert on chips and semiconductors — he spent years working at companies like IBM and Silicon Graphics. And he’s also an expert in supply chains — how things go from raw materials to finished products in stores. Willy’s the guy that grocery stores and paper companies called in March 2020 when there was a run on toilet paper. If anyone’s going to explain this thing, it’s going to be Willy.

Ian King et al. (via Hacker News):

Building an entry-level factory that produces 50,000 wafers per month costs about $15 billion. Most of this is spent on specialized equipment—a market that exceeded $60 billion in sales for the first time in 2020.

Three companies—Intel, Samsung and TSMC—account for most of this investment. Their factories are more advanced and cost over $20 billion each. This year, TSMC will spend as much as $28 billion on new plants and equipment. Compare that to the U.S. government’s attempt to pass a bill supporting domestic chip production. This legislation would offer just $50 billion over five years.

Once you spend all that money building giant facilities, they become obsolete in five years or less. To avoid losing money, chipmakers must generate $3 billion in profit from each plant. But now only the biggest companies, in particular the top three that combined generated $188 billion in revenue last year, can afford to build multiple plants.

Yang Jie et al. (via John Gruber):

Taiwan Semiconductor Manufacturing Co. plans to increase the prices of its most advanced chips by roughly 10%, while less advanced chips used by customers like auto makers will cost about 20% more, these people said. The higher prices will generally take effect late this year or next year, the people said.

Horace Dediu:

IPhone 13 pricing is same as 12. So much for new pricing due to semiconductor shortages.

FlickType Sherlock+’d

Tom Maxwell (Hacker News):

But one, seemingly minor product announcement has caused a stir in the developer community: the new full software keyboard that Apple is adding to the Apple Watch.

It was just last month that Kosta Eleftheriou, the developer of FlickType, announced that his swipe-based keyboard for the blind would be pulled off the App Store over objections by Apple. Its reasoning was unclear[…]

A separate version for the Apple Watch would remain, but then Apple pulled that one as well, telling Eleftheriou that keyboards aren’t allowed on the Apple Watch.

Now Apple has announced its own, nearly-identical keyboard for the Apple Watch — and seven years after the smartwatch was introduced, no less.

Kosta Eleftheriou:

So now we know. See you in court, @Apple.

Dave Mark:

I’m mystified by this decision by Apple, especially given the ratcheted up scrutiny they are under. Did they think no one would make the connection? Or did they not care about that, Sherlock business as usual?

This is much worse than a regular Sherlocking. In the past, Apple would just build a popular third-party feature into the operating system. You can argue about whether there’s a more or less fair way to do that, but at the end of the day it makes sense to have a built-in keyboard. What’s different here is that, not only does the third-party app have to compete with the built-in feature, but Apple is also using App Review to harass the developer and block updates for no good reason. Competing with Apple on an unfair playing field is difficult, but it can be done and has been many times. But you can’t compete when they won’t let you ship your app and won’t even explain why they’re rejecting it.

Rui Carmo:

Seeing the Sherlocking of FlickType streamed live to the world, however, was a major downer (I was one of the Watch beta testers, and loved it). Apple really ought to be better than this, and I expect a fair amount of fallout over the next few days.

Joshua Topolsky:

This is really messed up. Apple forced a keyboard designed for the blind off of the App Store... and then announced its own version of it yesterday. COME ON you can do better than this.


Update (2021-09-17): William Gallagher:

Kosta Eleftheriou’s lawsuit had already been filed when Apple unveiled QuickPath. Apple says it has told Eleftheriou that following further explanation from him, it now believes that the app’s accessibility keyboard complies with App Store rules.

In other words, it never should have been rejected.

Sean Hollister:

Yes, Eleftheriou filed his suit nearly six full months before the Apple Watch Series 7 announcement.


But no, Apple didn’t actually reject every Apple Watch keyboard app in 2019 — Eleftheriou believes his app was singled out for this treatment.


The company basically admits that removing Eleftheriou’s app was a mistake, and claims it quickly corrected the issue.

But Eleftheriou disputes that last point, saying it took a year of appeals and resubmissions to get his keyboard back onto the store. “From [January 2019] on, I was simultaneously discussing a FlickType acquisition with them, while also being rejected,” he tells me. And Apple initially made it look like those appeals failed, too. “The App Review Board evaluated your app and determined that the original rejection feedback is valid. Please note that all appeal results are final,” reads Eleftheriou from a message he received in May 2019.

In the complaint, he alleges it wasn’t until January 2020, a year after the surprise takedown, that his Apple Watch keyboard extension was approved.


He’s particularly annoyed with how Apple’s own keyboard has an unfair advantage since it doesn’t need to use its own APIs, and how those APIs are lacking features that Apple publicly promised years ago.

Wednesday, September 15, 2021

The Future of the App Store

Marco Arment (tweet, Hacker News):

I think the most likely long-term outcome isn’t very different from the status quo — and that’s a good thing.

I would like to see big changes, but I think he’s probably right that we won’t.

Apple will still require apps to use their IAP system for any qualifying purchases that occur in the apps themselves. […] Most apps will be required to also offer IAP side-by-side with any external methods.


Apple will have many rules regarding the display, descriptions, and behavior of external purchases, many of which will be unpublished and ever-changing. App Review will be extremely harsh, inconsistent, capricious, petty, and punitive with their enforcement.


I’d expect any app offering external purchases to have a very high chance of being escalated to a slower, more pain-in-the-ass review process, possibly causing it not to be worthwhile for most small developers to deal with.


Most importantly, many products, services, and business models will become possible that previously weren’t, leading to more apps, more competition, and more money going to more places.

I don’t see why that would happen given the very limited scope of the changes.

Nick Heer:

I keep thinking about the likelihood of the sideloading doomsday scenarios that Arment writes about. […] I could see Facebook creating its own app marketplace for iOS, but I am unclear why developers would need to submit their apps to multiple marketplaces, so long as Apple gets to keep its first-party App Store.


This modest corrective action is, I think, a good step toward a store that improves users’ experiences while opening up new possibilities. I still hope Apple takes greater advantage to simultaneously release regulatory pressure and the hostility felt by developers.

David Heinemeier Hansson:

Now imagine that Apple abides by the injunction but also attempts to continue forcing IAP upon developers who don’t want it. The gag orders are gone, because that was the anti-steering provisions explicitly prohibited by the injunction. Which means developers have to offer something they don’t want to offer, but they’re free to present that offer as they see fit. Can you see where this is going?

Not the way he thinks, I expect. Apple will probably get away with having lots of rules about the allowable language, require that IAP get top placement, and do various other things to make the non-IAP flow needlessly feel second-class.


Update (2021-10-20): Mike Rockwell:

I don’t understand the argument that, if Apple allowed sideloading and third-party app stores, then companies like Facebook would pull all their apps from Apple’s App Store and release them exclusively on their own app store. Facebook can already do this on Android and they haven’t. You can still get Facebook, Messenger, Instagram, and WhatsApp in the Google Play Store and I don’t see any indications that this will change.

Magic Lasso Adblock 3.0

Matthew Bickham:

Magic Lasso seamlessly blocks all YouTube ads with a combination of custom, efficient content blocking rules using Safari’s native content blocker API along with a new permission-restricted ‘Magic Lasso Pro’ web extension.

Unlike other ad blockers whose web extensions have unrestricted permissions to read and view any pages you visit, Magic Lasso Pro only has access to pages within the domain. Therefore your browsing history beyond YouTube is not accessible to the web extension. Or to the Magic Lasso app.

This feature requires the Pro version, which is $3/month or $30/year (shared across Mac and iOS). Pro also includes a blocker for those annoying cookie pop-up banners. Both features work well in my experience, though sometimes I run into a Safari bug that stops extensions from working until I quit and relaunch.


Creating Compile-Time Reminders in Xcode

Robin Kunde:

This attribute will produce a warning if the selected Swift version is available in the version of Xcode you’re using. For 5.5 for example, this would generate a warning in Xcode 13.0 but not Xcode 12.5.


This attribute will produce a warning if the selected iOS (or tvOS, or macOS) version is equal to or below your deployment target. In other words […] after you remove support for older operating systems.


By wrapping [a #warning] in this condtional compilation check, you can get Xcode to ignore the statement until you’re using an Xcode version that ships with the given compiler version.

Intuit to Acquire Mailchimp

Intuit (Hacker News):

The planned acquisition of Mailchimp for approximately $12 billion in cash and stock advances Intuit’s mission of powering prosperity around the world, and its strategy to become an AI-driven expert platform. With the acquisition of Mailchimp, Intuit will accelerate two of its previously-shared strategic Big Bets: to become the center of small business growth; and to disrupt the small business mid-market.


Founded in Atlanta, GA in 2001, Mailchimp began by offering email marketing solutions, and evolved into a global leader in customer engagement and marketing automation fueled by a powerful, cutting-edge AI-driven technology stack.


Update (2021-09-17): Ben Bergman (via Hacker News):

When employees were recruited to work at Mailchimp there was a common refrain from hiring managers: No, you are not going to get equity, but you will get to be part of a scrappy company that fights for the little guy and we will never be acquired or go public.

The founders told anyone who would listen they would own Mailchimp until they died and bragged about turning down multiple offers.


Employees reacted with shock and anger over text, Slack, and Twitter to the deal. They described feelings of betrayal and a cash windfall that seemed to only benefit those at the very top of the 20-year-old company.

Update (2021-11-12): Ben Bergman:

Big update to my Mailchimp story:

Employees got no equity but were promised transaction bonuses.

Employees finally found out the amount today and were "devastated" by how paltry they were — in the tens of thousands of dollars for longtime workers.

Gergely Orosz:

How to mess up an acquisition: do what Intuit is doing with Mailchimp and their longtime employees.

Given how it’s M&A 101 that you do not cut anyone’s pay if you want to retain them, and given that Intuit has competent people, this points to this:

Intuit never wanted to keep many of Mailchimp’s employees. They wanted the customers and the cashflow Mailchimp brings.

Tuesday, September 14, 2021

Xcode 13 RC

Apple (release notes):

Xcode 13 includes everything you need to create amazing apps for all Apple platforms. Includes the latest SDKs for macOS, iOS, watchOS, and tvOS.

Don’t delete your beta version because this build removes the Monterey SDK. Seems like the iOS stuff isn’t quite ready yet, either.


Update (2021-09-16): Nick Lockwood:

So far, Xcode 13 RC seems like a major regression in stability. I've had it freeze up multiple times on my M1 in the last couple of days, after basically no problems for months with 12.5.

Steve Troughton-Smith:

Xcode 13 is so crashy right now 👀 RC goes down multiple times a day, and I can’t even blame Interface Builder or the SwiftUI preview system because I use neither

I’m seeing many reports like this.

Update (2021-10-20): Max Seelemann:

Anybody at Apple reading this: we cannot use this Xcode for automatic deployment! We only have one branch with OS updates for Mac/iOS (lots of shared code). Our CI runs universal builds only, so this Xcode breaks it. We need to manually build and submit👎

Steve Troughton-Smith:

Is it just me, macOS 12, or does Xcode 13’s Simulator just not save GIFs anymore? Also pretty frustrating that it saves out videos in the wrong orientation ☹️

Update (2021-10-29): Craig Hockenberry:

SeeIf you have problems distributing an app with Developer ID on Xcode 13, use Xcode 12.5 to pull down the necessary certificates (but don’t upload). After that Xcode 13 will work fine.

This is likely to happen on a new machine (e.g. M1).

Took me a day to figure this out…

iPhone 13 and iPhone 13 Pro

Apple (MacRumors):

Apple today introduced iPhone 13 and iPhone 13 mini, the next generation of the world’s best smartphone, featuring a beautiful design with sleek flat edges in five gorgeous new colors. Both models feature major innovations, including the most advanced dual-camera system ever on iPhone — with a new Wide camera with bigger pixels and sensor-shift optical image stabilization (OIS) offering improvements in low-light photos and videos, a new way to personalize the camera with Photographic Styles, and Cinematic mode, which brings a new dimension to video storytelling. iPhone 13 and iPhone 13 mini also boast super-fast performance and power efficiency with A15 Bionic, longer battery life, a brighter Super Retina XDR display that brings content to life, incredible durability with the Ceramic Shield front cover, double the entry-level storage at 128GB, an industry-leading IP68 rating for water resistance, and an advanced 5G experience.


Customers can get iPhone 13 for $33.29 (US) a month for 24 months or $799 (US) before trade-in, and iPhone 13 mini for $29.12 (US) a month for 24 months or $699 (US) before trade-in[…]

I’m glad to see the base storage increase to 128 GB. I hope the iPhone mini stays in the lineup. It’s unfortunate that there’s still no good way to unlock it while wearing a mask, unless you have an Apple Watch. I would have loved to see Touch ID on the power button or under the display.

Apple (MacRumors, Hacker News, Slashdot):

Apple today introduced iPhone 13 Pro and iPhone 13 Pro Max, pushing the boundaries of what’s possible in a smartphone. Redesigned inside and out, both models introduce an all-new Super Retina XDR display with ProMotion featuring an adaptive refresh rate up to 120Hz, making the touch experience faster and more responsive. The pro camera system gets its biggest advancement ever with new Ultra Wide, Wide, and Telephoto cameras that capture stunning photos and video, powered by the unmatched performance of A15 Bionic, more powerful than the leading competition. These technologies enable impressive new photo capabilities never before possible on iPhone, like macro photography on the new Ultra Wide camera and up to 2.2x improved low-light performance on the new Wide camera. New computational photography features like Photographic Styles personalize the look of images in the Camera app, and both models now include Night mode on all cameras. Video takes a huge leap forward with Cinematic mode for beautiful depth-of-field transitions, macro video, Time-lapse and Slo-mo, and even better low-light performance. Both models also offer end-to-end pro workflows in Dolby Vision, and for the first time, ProRes, only available on iPhone. iPhone 13 Pro and iPhone 13 Pro Max also include 5G with more bands for better coverage, big improvements to battery life for the best battery life ever on iPhone with iPhone 13 Pro Max, new storage capacity of 1TB, and the Ceramic Shield front cover, tougher than any smartphone glass.


Customers can get iPhone 13 Pro for $41.62 (US) a month for 24 months or $999 (US) before trade-in, and iPhone 13 Pro Max for $45.79 (US) a month for 24 months or $1,099 (US) before trade-in[…]

I’m not sure what to make of the touted camera improvements. It seems like Apple always says stuff like this, and most years it feels like a small improvement compared with the prior year. But every once in a while it really is a big leap.

Ryan Jones:

Normal person summary of iPhone 13 Pro

  • 1.5-2.5 hours more battery life
  • super fluid animations
  • light blue
  • macro photos
  • Portrait Mode for video
  • smaller notch
  • better cameras


Update (2021-09-16): John Gruber:

Last year, the 12 Pro Max had a better camera system than the 12 Pro. Only the 12 Pro Max had the sensor shift optical image stabilization, and only the 12 Pro Max had a 2.5× (as opposed to 2×) telephoto lens. This year, both Pro models have identical camera systems. (And, like last year, the regular iPhone 13 and 13 Mini share the same camera system as each other.)

The iPhone 13 Pro camera modules are entirely different from the non-Pro 13 and and 13 Mini, though. Not just the existence of the new 3× telephoto, but the 1× (wide) and 0.5× (ultra wide) cameras are better on the Pro models.

Kuba Suder:

Updated table of all recent iPhone sizes & weights. Heaviest iPhone ever!

Juli Clover:

All of the iPhone 13 models are heavier than their iPhone 12 counterparts, likely due to the larger batteries that are inside and the thickness increase. Weight comparisons are below.

Jason Snell:

I want to call out Apple’s incremental improvement in battery life. The last couple of years, Apple seems to be on a mission to extend iPhone battery life. The fact that they tacked on 1.5 hours (iPhone 13 mini and iPhone 13 Pro) or 2.5 hours (iPhone 13 and iPhone 13 Pro Max) should not be underestimated. That’s an impressive addition—and if you’re upgrading from a three- or four-year-old phone, the battery life of a new model will be even more impressive.

Quinn Nelson:

Please enjoy getting 4K ProRes off your new iPhone using AirDrop or USB 2.0 via Lightning.


Update (2021-09-17): Tim Hardwick:

The iPhone 13 lineup features new low-power displays, a more efficient A15 chip, larger batteries, and more power-efficient components, all of which make for dramatic improvements when streaming, as the numbers above show.

For example, Apple claims that when streaming video, the iPhone 13 Pro and Pro Max last nine hours and 13 hours longer than last year’s equivalent models, respectively. Taking the same metric, the battery in the iPhone 13 mini manages 13 hours, which is longer than even the iPhone 12 Pro Max.

Josh Ginter:

Here’s what I’m most excited to try out in the new camera system when I get my hands on it next week.

Nick Heer:

Apple’s accessory design guidelines have not been updated with these phones yet. But if the webpage rendering is anything to go by, the bump is now over 50% of the width of the back glass and over 25% of its height.

And, apparently, the phones don’t lay flat in Apple’s cases.

Apple Watch Series 7

Apple (MacRumors):

Apple today announced Apple Watch Series 7, featuring a reengineered Always-On Retina display with significantly more screen area and thinner borders, making it the largest and most advanced display ever. The narrower borders allow the display to maximize screen area, while minimally changing the dimensions of the watch itself. The design of Apple Watch Series 7 is refined with softer, more rounded corners, and the display has a unique refractive edge that makes full-screen watch faces and apps appear to seamlessly connect with the curvature of the case. Apple Watch Series 7 also features a user interface optimized for the larger display, offering greater readability and ease of use, plus two unique watch faces — Contour and Modular Duo — designed specifically for the new device. With the improvements to the display, users benefit from the same all-day 18-hour battery life, now complemented by 33 percent faster charging.


Apple Watch Series 7 will start at $399 (US), Apple Watch SE starts at $279 (US), and Apple Watch Series 3 starts at $199 (US).

Yep, they’re still selling the Series 3 from 2017.


Update (2021-09-16): John Gruber:

Quinn “Snazzy Labs” Nelson flagged Apple for an unfair comparison, regarding just how much more text the larger Series 7 displays can show at a time. The font was the same size, but the line spacing was quite a bit tighter in the Series 7 screenshot. I would also argue that Apple chose text that line-wrapped inefficiently on the Series 6 display, but the difference in line heights is clearly unfair. Apple doesn’t usually play games like that in comparisons. Yellow card issued.

Dr. Drang:

The Series 3 is today’s version of the iPad 2, the 16 GB iPhone, or the 5 GB iCloud free storage tier: The Thing That Wouldn’t Die. But like the iPad 2, it’s a perfectly good device if your needs stay the same as when you bought it.

iPad mini (6th Generation)

Apple (MacRumors, Hacker News):

Apple today introduced the powerful new iPad mini — with a larger 8.3-inch Liquid Retina display — in four gorgeous finishes. Featuring the brand new A15 Bionic chip, the new iPad mini delivers up to 80 percent faster performance than the previous generation, making it the most capable iPad mini ever. A new USB-C port allows faster connectivity, and cellular models with 5G bring more flexible mobile workflows. New advanced cameras, Center Stage, and support for Apple Pencil (2nd generation) enable new ways for users to capture photos and videos, communicate with loved ones, and jot down their ideas when creativity strikes.


Wi-Fi models of iPad mini are available with a starting price of $499 (US) and Wi-Fi + Cellular models start at $649 (US). The new iPad mini, in 64GB and 256GB configurations, comes in pink, starlight, purple, and space gray finishes.

My iPad mini 2 died a while ago, and I decided to switch to a larger screen with an iPad Air (4th generation) earlier this summer. I don’t regret it. However, this new iPad mini looks really great, pretty much what I was hoping Apple would do.


Update (2021-09-16): Joe Rossignol:

Both the iPhone 13 and the new iPad mini are equipped with Apple’s latest A15 Bionic chip, but benchmark results reveal that the chip is downclocked to 2.9GHz in the iPad mini, compared to 3.2GHz in all iPhone 13 models.

iPad (9th Generation)

Apple (MacRumors, Hacker News):

Apple today introduced the new iPad (9th generation), featuring the powerful A13 Bionic chip that packs even more performance and capability into the most popular iPad, all while retaining its all-day battery life. Starting at just $329, the new iPad features a 10.2-inch Retina display with True Tone, a 12MP Ultra Wide front camera with Center Stage, support for Apple Pencil (1st generation) and Smart Keyboard, the intuitive iPadOS 15, and twice the storage of the previous generation.


Wi-Fi models of iPad are available with a starting price of $329 (US), and Wi-Fi + Cellular models start at $459 (US), in silver and space gray finishes. The new iPad starts with 64GB of storage — double the storage of the previous generation. A 256GB option is also available.

I wish they could get the entry price a bit lower, as it’s still higher specced than it needs to be, but at least it comes with 64 GB now.


Monday, September 13, 2021

The Epic Anti-Steering Injunction Is Narrow

Nick Heer:

The nearly two hundred page order is very readable and well-written, but the injunction ordering Apple to scrap the last sentence of the first bullet in App Store rule 3.1.1 leaves plenty of ambiguity over what developers can do and what Apple must allow. This will undoubtably be clarified with time, but it is the only part of the result that creates more questions than it answers. Apple is apparently interpreting it as requiring the company to, in effect, apply its settlement with the Japan Fair Trade Commission to all apps, not just Apple’s “reader” app category. That means the anti-steering App Store policies will be removed within three months. But it may not mean that Apple must permit alternative in-app purchase options.

John Gruber:

YGR is only striking down the anti-steering rules that inform and link users to out-of-app (which effectively means web) means of sign-up and payment.

Judging by their reactions, both Apple and Epic see it that way too.

John Gruber:

I think the injunction allows, and Apple will enforce, that such links must open outside the app.


The court specifically, carefully, and methodically examined whether Apple should be forced to allow IAP (in-app purchasing) systems other than the one built into iOS. The court found the arguments for such a ban lacking and declined to allow external IAP methods.

So the third-party IAP approach taken by Fortnite would still not be allowed.

Florian Mueller:

It’s one of those situations in which either side “gets something” and could claim victory, as Apple apparently does though the stock market initially disagreed (I, personally don’t think the decision should have moved the stock at all). This makes it all the more remarkable that Epic doesn’t engage in spin but concedes defeat. It’s not that Epic achieved nothing; but for the time being, all it got is a consolation prize, and that’s why Fortnite won’t return to iOS at this stage.

John Voorhees:

Building alternative storefronts or offering separate payment schemes are no more possible today than they were a week ago. In fact, the Court specifically concluded about the App Store and In-App Purchases, that Apple’s approach is valid[…]

Benedict Evans:

The more I look at this the more questions occur to me. Apps can offer their own payment now, but can Apple require them to offer IAP as well? Yes, on this text. At what price? What if Apple demands both IAP inclusion & price parity? Wouldn’t that mean Spotify was still blocked?

Michael Love:

There’s something unsettling about the fact that all the “actually much narrower” spin on Apple v. Epic has come secondhand through off-the-record “industry sources” and such; if Apple believes YGR did not comprehensively block anti-steering, they should come out and say so.

Personally, I think the injunction is unambiguous in blocking all anti-steering restrictions, and I don’t see anything in the longer opinion to suggest that that wasn’t her intent - she wants something simple to enforce, doesn’t want to get into the weeds of what a “button” is.

I don’t even think it’s particularly clear that developers have to keep offering in-app purchase at all - many of the developers this applies to weren’t offering it in before, the idea that Netflix can only offer an in-app ‘subscribe’ button if there’s an IAP option too is silly.

At the very least, certainly for ‘reader’ apps the combination of existing allowances for selling stuff outside of the app + this new requirement that all apps be allowed to redirect people to other purchase methods should fairly comprehensively end any obligation to use IAP.

Florian Mueller (Hacker News):

Let’s bear in mind that only Epic’s tenth claim succeeded at all. Not only Epic’s federal antitrust claims but also various state law claims failed. The failed state law claims include a couple that were very specifically about offering different IAP systems: Count 8 alleged unreasonable restraints of trade in the iOS IAP processing market under the California Cartwright Act, and Count 9 presented a tying claim related to IAP. Epic’s tenth and last claim--based on California UCL--broadly raised the issue of Epic being “unreasonably prevented from freely distributing mobile apps or its in-app payment processing tool, and forfeit[ing] a higher commission rate on the in-app purchases than it would pay absent Apple’s conduct.” But the court found for Epic under its tenth claim only with respect to the anti-steering provisions.

Florian Mueller:

By coincidence, that case was also an antitrust case as its caption shows. And the same appeals court--the one with which Epic filed its appeal yesterday--clarified that the standard involves “disobedience to a specific and definite court order.” (id.)

The bottom line is that any alleged ambiguity would favor Apple, not developers.


The question is not whether a developer’s interpretation of the injunction is somewhat reasonable. It’s whether Apple’s interpretation is so unreasonable as to constitute disobedience to a specific and definite court order.


Apple won’t even have to approve linking out to websites that merely sell digital items consumed in an iOS app.

Ben Thompson:

Judge Gonzales Rogers disagreed with both, defining the market as ‘mobile game transactions’.


I mentioned above that this was where the decision got a bit complicated; notice that I just used “IAP” and “in-app purchases” to represent two distinct concepts. Specifically, it seems clear that Gonzales Rogers has defined “IAP” to be Apple’s overall commerce system, while “in-app purchases” are purchases made in an app. In other words, Apple is justified in requiring IAP for in-app purchases.

Ryan Jones:

Basically, Judge ruled the same as the Japan anti-steering law, but for all apps: Apple can’t stop linking out.

  • Apple’s 30% rate is not threatened
  • Apple Pay + Stripe is not allowed
  • Apple crushed Epic

Craig Hockenberry:

While the lawyers argue about IAP, the rest of the development ecosystem is stuck with stuff that just plain doesn’t work.

Has anyone been able to get “Reset Eligibility” to work?


Why Apple Should Compromise With Antitrust Regulators

Roger McNamee:

Recent news reports alleging mistreatment of some employees, internal policies that conflict with the company’s outward-facing stance on privacy, and efforts to prevent the passage of state laws to enable competition with the AppStore, along with a high profile lawsuit related to AppStore policies have tarnished Apple’s reputation. Despite this, the company has taken a stance towards Congress and regulators that the latter describe as ranging from arrogant to inflexible.

Unless Apple rethinks its approach, regulators will likely have no choice but to undermine its advantage in privacy and security. As a customer, that will piss me off. As an activist trying to reform the tech industry, it will leave me wondering what might have been. I would like to suggest a path to a better outcome.


It is a strategic error for Apple’s lobbyists and surrogates in Washington to argue against every new antitrust law targeting the tech industry. Apple has made itself a target by being incredibly successful and by adopting communications strategies that mimic tech giants whose anticompetitive behavior is substantially more damaging. Apple is almost certain to lose something, but there is still room to protect your most valuable assets. There may also be an opportunity to gain competitive advantage.

Via Nick Heer:

If there is some ambiguity as to what rules the permanent injunction permits Apple to create around in-app purchases, my hope is that the company uses this as an opportunity to ease off a little. I am not saying that I expect this to happen — today’s judgement indicates that Apple has little reason to stop pursuing its existing App Store strategy, with only the aforementioned exception. But a world in which Apple is not in an antagonistic role with developers is a better one for everyone, assuming that Apple can maintain or improve upon iOS’ privacy and security reputation. These fights are just noise.

M.G. Siegler (Hacker News):

My read is that Apple did win — exactly what everyone always knew they would win. But in winning that battle, they actually lost something far more important. There is no way around it: the judge’s order to stop App Store anti-steering is a big one. And seemingly one Apple did see coming given the Japanese settlement a few weeks back. But this is still a major blow because it both continues and accelerates the boulder rolling down the hill of real reforms to the App Store.

Apple may think that they’re doing enough in a piecemeal fashion to stave off major change, but they’re not. If anything, they need to make a major change to stanch the bleeding. But they won’t do that. They’re both too proud and too arrogant. They’re so sure that they’re in the right here that they don’t see that it actually doesn’t matter.


They should open things up to win these arguments on the product side of the equation — something which they’re uniquely situated to do thanks to about two dozen aspects of the iPhone. They should compete on the playing field in which they already have home field advantage.


Update (2021-09-16): Michael Love:

At some point either Apple will allow sideloading or Safari will (foot-draggingly) reach a threshold where large numbers of apps start going web-only; I think option a is much healthier for iOS than option b, but absent legislative intervention the latter seems more likely.


Update (2021-10-20): Jean-Louis Gassée:

Rather than proactively, preventatively combatting these criticisms, Cook has let his company fall into a defensive posture that has led to significant PR damage and potential legal, regulatory, and financial impact. Was the App Store windfall so unexpected it blinded company execs and their chief?

macOS 11.6

Juli Clover:

According to Apple’s release notes, macOS Big Sur improves the security of macOS and is recommended for all users. Apple has also released security update 2021-005 for macOS Catalina, and both updates address an issue that could allow a maliciously crafted PDF to execute code. Apple says that it is aware of a report that this bug may have been actively exploited.

It’s unclear why this update isn’t numbered 11.5.3. It was also weird in that the Update Now button was disabled for me in Software Update even though the text said that the update was available. I had to click the text to see the sheet with the list of updates and then click the checkbox next to it before macOS would start downloading the update.


This document describes the security content of macOS Big Sur 11.6.

Howard Oakley:

Congratulations to Mikey @0xmachos, who has worked out that the PDF vulnerability is most probably the same as the Megalodon/FORCEDENTRY iMessage zero click exploit, involving a bug in CoreGraphics decoding JBIG2-encoded data in a PDF file.

See also: Mr. Macintosh (tweet).


Update (2021-09-14): Howard Oakley:

Software which has changed version or build numbers between macOS 11.5.2 and 11.6 includes[…]


Although it does contain some minor fixes – that to SMB looks of potential interest – the 11.6 update is primarily a security update.


If you’re still running Mojave, this almost certainly means that your macOS is no longer supported by Apple, and may well be vulnerable to either or both of these bugs.

The standalone download is still not available.

Update (2021-09-17): Mr. Macintosh:

The macOS Big Sur 11.6 full installer is now available. 🎉

Update (2021-10-19): Howard Oakley:

One great advantage of the new sealed system in Big Sur is that failed updates should be a thing of the past. Updating should now be almost totally reliable, and in the rare cases where something does go wrong, that Mac should be returned to its pre-update state or Recovery, ready to try again. It has been widely assumed that the primary purpose of Big Sur’s sealed system volume is for its improved security. Although that’s clearly important, improved reliability of updates and assurance of the total integrity of the system affect far more users directly.

So far the big disadvantage of the new update mechanism required to accomplish this has been the size of updates. Each has brought an overhead of around 2.1 GB on Intel Macs and 3 GB on M1 models.


In a year’s time, when Big Sur has reached 11.6.5, for example, how will a user be able to install or reinstall that on their Mac? Will they have to download and run the 11.6 full installer app, then use Software Update to obtain and install a single Combo update to bring that up to 11.6.5, or will they have to plod painfully through each individual delta update starting from 11.6.1 and ending with that to 11.6.5?

Zero-click iMessage Attacks

Lily Hay Newman (Hacker News):

These “zero-click” attacks can happen on any platform, but a string of high-profile hacks show that attackers have homed in on weaknesses in Apple’s iMessage service to execute them. Security researchers say the company’s efforts to resolve the issue haven’t been working—and that there are other steps the company could take to protect its most at-risk users.


Apple did make a major push to comprehensively address iMessage zero-clicks in iOS 14. The most prominent of those new features, BlastDoor, is a sort of quarantine ward for incoming iMessage communications that’s meant to weed out potentially malicious components before they hit the full iOS environment. But the interactionless attacks keep coming. This week’s Citizen Lab findings and research published in July by Amnesty International both specifically show that it’s possible for a zero-click attack to defeat BlastDoor.

Apple hasn’t issued a fix for this particular vulnerability and corresponding attack, dubbed “Megalodon” by Amnesty International and “ForcedEntry” by Citizen Lab. An Apple spokesperson told WIRED that it intends to harden iMessage security beyond BlastDoor, and that new defenses are coming with iOS 15, which will likely come out next month.


In fact, Citizen Lab researchers and others suggest that Apple should simply provide an option to disable iMessage entirely.

Lorenzo Franceschi-Bicchierai (tweet):

Security researchers found the vulnerability when they were investigating the potential hack of a Saudi activist’s iPhone, according to a new report by Citizen Lab, a digital rights group housed at the University of Toronto’s Munk School that has investigated NSO spyware for years.

The researchers told Motherboard that they believe the attack was carried out by a customer of NSO, the infamous Israeli company that sells spyware to dozens of governments all over the world.

Bill Marczak:

The exploit is invisible to the target, but in our forensic analysis, we found 31 files with the “.gif” extension on a target’s phone. Of course, they weren’t GIFs at all! 27 of them were the same 748-byte Adobe PSD file, and four were PDFs.

See also: Goodbye, iMessage.


Update (2021-09-14): Juli Clover:

Today’s iOS 14.8 update addresses a critical vulnerability that Apple engineers have been working around the clock to fix, reports The New York Times.

See also: Hacker News.

Update (2021-09-17): Tom McGuire:

This blog post will analyze the integer overflow in CoreGraphics, CVE-2021-30860. After examining the modified .dylib, it appears that there were other issues that were resolved as well, related to imaging processing. We will focus in on the JBIG2 processing, specifically in the JBIG2::readTextRegionSeg.

MarsEdit 4.5.2

Daniel Jalkut (tweet):

This update brings long-awaited media syncing functionality for WordPress blogs. After you refresh your blog in MarsEdit 4.5, all the existing images and files from your blog will be available for re-insertion from the Media Manager’s “Published” tab.

Historically, this tab has included only files that are uploaded from MarsEdit itself. This limitation was based in shortcomings of the WordPress API (the interface MarsEdit communicates to the blog with), but the API has since been updated to support downloading a complete list of the published media files.

This is really cool. I ran into some issues when syncing large numbers of images, and these have been addressed in the 4.5.2 update.

Friday, September 10, 2021

History of App Store Policy Changes

Dieter Bohn:

Apple’s app store policies have caused controversy and consternation many times over the years, but few periods have been as active and strange as the last two weeks. For the first time, we are seeing Apple being forced to react directly to lawsuits and regulators with substantial policy changes.


Here, then, is a very brief history of the major policy changes and statements Apple has made about the App Store over the years. The impetus for these different changes (or, as Apple tends to call them, “clarifications”) has varied, but the trend has remained the same. Apple has worked hard to keep the fundamental, central model of a 30 percent cut intact while softening it around the edges to appease various constituencies.

But just take a look at the timing and cadence of these changes. After a development period from 2007 to 2011 when Apple fills out the features, there’s a large gap when Apple made few notable policy changes. Then, a major shift in 2016 to address some growing discontent among developers. And then, starting in the summer of 2019, there is an ever-increasing cadence of controversies and policy tweaks to address them.


Epic Wants Its Developer Account Back

Jay Peters (Fortnite, Hacker News):

Epic Games has asked Apple to reinstate its Fortnite developer account so it can release the game in South Korea, following the passage of a bill that will force Apple and Google to let apps use alternative payment systems.

Steve Troughton-Smith:

Of note, Epic’s preliminary injunction (to keep the Epic dev account & ability to use Xcode, build, sign, and distribute Unreal Engine for Apple’s platforms) is terminated.

I’m not sure what happens here; if Apple is vindictive, Epic may be forced to drop support for iOS & macOS

Juli Clover:

Apple is under no obligation to allow Fortnite back into the App Store, and further, the injunction preventing Apple from banning the Unreal Engine developer account has ended. Apple is well within its rights to remove Epic’s access for Unreal Engine development and distribution.

Juli Clover:

In a statement to MacRumors, Apple said there is no basis for the reinstatement of the Epic Games developer account.

As we’ve said all along, we would welcome Epic’s return to the App Store if they agree to play by the same rules as everyone else. Epic has admitted to breach of contract and as of now, there’s no legitimate basis for the reinstatement of their developer account.

Apple says that to be added back to the App Store, Epic Games would need to comply with all of Apple’s App Store review guidelines, which the company has thus far declined to do.

With no developer account, Epic can’t submit to the App Store, so how can Apple tell whether or not the app now complies with the guidelines?


Update (2021-09-14): Tim Sweeney:

Like Apple’s attempt to retaliate against all Unreal Engine customers, their refusal to restore Epic’s Fortnite developer account is vindicative and nonsensical. We’re fighting Apple over their iOS terms, but this ban blocks Fortnite from Mac too. Nobody’s arguing about Mac.

Sam Byford:

The South Korean legislation has not yet gone into effect, but if and when it does, according to Apple, that wouldn’t have any bearing on the company’s process for approving developer accounts. Until Epic agrees to comply with the App Store’s app review guidelines, Apple isn’t going to consider its request.

Has Epic really not agreed to do that?

Colin Cornaby:

So there’s a question of Apple restoring Epic’s account.

But couldn’t Epic open a new account either for themselves or through a proxy publisher?

Like if Epic decided to publish Fortnight through EA or something could Apple stop that?

Anti-Steering Ruling in Epic v. Apple

Russell Brandom (via Nilay Patel, Hacker News, 9to5Mac, MacRumors, Slashdot):

Judge Yvonne Gonzalez Rogers issued a permanent injunction in the Epic v. Apple case on Friday morning, putting new restrictions on Apple’s App Store rules and bringing months of bitter legal jousting to a conclusion.

Under the new order, Apple is:

permanently restrained and enjoined from prohibiting developers from including in their apps and their metadata buttons, external links, or other calls to action that direct customers to purchasing mechanisms, in addition to In-App Purchasing and communicating with customers through points of contact obtained voluntarily from customers through account registration within the app.

In short, iOS apps must be allowed to direct users to payment options beyond those offered by Apple. The injunction is scheduled to take effect in 90 days — on December 9th — unless it is enjoined by a higher court.

In a separate judgment, the court affirmed that Epic Games was in breach of its contract with Apple when it implemented the alternative payment system in the Fortnite app. As a result, Epic must pay Apple 30 percent of all revenue collected through the system since it was implemented — a sum of more than $3.5 million.

Juli Clover:

In a statement on Twitter, Epic Games CEO Tim Sweeney said that the company was not happy with the verdict, and at the current time, there are no immediate plans for Fortnite to return to the App Store. Sweeney said that today’s ruling “isn’t a win” for developers or consumers.


Though Apple did not score a total win, Apple lawyer Kate Adams told members of the media that the ruling was a “resounding victory” that validates the App Store business model. Apple’s official statement highlights the anti-trust portion of the ruling, which went in Apple’s favor. Apple has yet to comment on the outside payment requirement.


Epic Games plans to appeal the parts of the ruling that it does not agree with, and Apple too will likely submit an appeal to push back on the anti-steering requirements the judge has enacted.

Ben Thompson:

Epic lost on everything else, and has to pay Apple 30% of the money it earned from its own in-app purchase flow. And Apple can still kick them out of the store. Truly a self-sacrifice for developers generally 🤷‍♂️


One final note: neither this ruling nor the JFTC settlement say that Apple can’t require IAP. In fact this injunction specifically says developers can link out “in addition to” IAP. No mention about offering different prices.

Steve Troughton-Smith:

Apple just lost a huge part of the Epic vs Apple case, breaking open the App Store to alternate payment systems — Apple will almost certainly appeal the ruling, but with the pressure mounting globally over this very issue, I think the writing is on the wall

This also means that Epic was completely justified in the stunt they pulled, adding alternate payments to Fortnite, as Apple’s rules on this, & enforcement thereof, are illegal.

Matthew Panzarino:

This is really a big likely loss for consumer protections. Have fun chasing down all of the fraudulent scammy junk cash grabs that will result. Big win for game/IAP-focused publishers and for Stripe though.


Imagine a world where Apple had introduced a Stripe partnership a year ago and offered two clear options for developers, web via Stripe or streamlined IAP inside apps.

M.G. Siegler:

Apple needed to tear down the wall proactively and win by competing. And the wild is, they easily could have! (And now will.) In-App/Apple Pay is a great product and has inherent advantages thanks to the iPhone. Just a dumb misread and self-own.

Craig Hockenberry:

Apple is competing against Stripe now.

In my mind, that’s a good thing because Stripe is really fucking great.

If Apple can match their pricing & functionality, they’ll get my business both as a developer and a consumer because I know where they stand on privacy.

Also, when I say “Stripe”, I really mean “Apple Pay”.

Joe Fabisevich:

Stripe is gonna make one hell of an IAP SDK. People keep talking about how Apple has to allow developers to link to the web for payments, but there’s no reason someone like Stripe can’t make a top notch easy to setup native experience.

In my view this is probably one of the best outcomes. Alternative App Stores would be an absolute mess, and while I hope Apple provides some sort of payment plugin to ensure the best experiences, companies that already provide good competitive experiences is a great outcome.

Perhaps it’s the best that could be expected from this case, but there are so many problems that alternate app stores or sideloading would address that this ruling doesn’t.

Steve Troughton-Smith:

Seeing a few people interpret the ruling as devs are now allowed ‘to link out’ to 3rd-party purchasing. To me, this specifically prohibits Apple from stopping devs having buttons or other calls to action to use a different payment provider, in-app or ex-app. No link-out necessary

John Gruber:

That’s not how Apple sees it. It is an ambiguously worded injunction, though. Apple’s take, as I understand it, as well as my take, is that it means apps can steer users to the web in addition to IAP.

Michael Love:

Apple seems to be discreetly leaking that interpretation to a bunch of people, but since the language is lifted directly from the App Review Guidelines it’s very hard to argue that it’s doing anything short of totally blocking the anti-steering portion of 3.1.1.

Whatever version of “buttons” Apple says we’re not allowed to use to direct users to outside purchasing mechanisms, that’s the version of “buttons” that they’re no longer allowed to ban.

See also: Nilay Patel (tweet).

Curtis Herbert:

My guess, new IAP rules will follow Sign in with Apple:

  • Can offer alternate payments, but Apple IAP has to be top billing.
  • Can’t show others without also showing Apple’s.

Sean Heber:

If this is how it goes, it’s not that big a win since supporting 2 payment systems is going to be twice the work and twice the support burden for anyone that isn’t huge. Apple has no incentive to make this situation easier on the developer, either.

Ryan Jones:

We knew the App Store is really a Game Store, but…98% of all IAP revenue comes from games.


10% of iOS users generate 70% of App Store revenue via games

David Barnard:

Kinda gross TBH that this all really boils down to Apple making billions off free-to-play games selling gems and digital trinkets. The rest of us are just a rounding error — collateral damage in Apple’s ability to keep that income stream and prop up the stock price.

Nilay Patel:

Apple’s anti-steering rules are “an incipient violation of antitrust law” regardless of Epic failing to prove its case, says judge.

Ruffin Bailey:

Apple has to take 3rd party payments.

We can judge Apple by seeing if they...

  1. Do this quickly (they anticipated the possibility & have prepared best case implementations) or
  2. Drag their feet (they’re a poorly run company scrambling to adapt; sell).

See also:


Update (2021-09-14): John Gruber:

Judge Yvonne Gonzalez Rogers ruled today on the Epic v. Apple case. It seems pretty clear to me that Apple got a huge victory, and Epic was served an even huger loss.

Thomas Claburn:

Amusingly, the judge trashed Apple SVP of software Craig Federighi’s argument that opening up iOS to all apps, as it does for macOS, would open the floodgates for malware. “While Mr. Federighi’s Mac malware opinions may appear plausible, they appear to have emerged for the first time at trial which suggests he is stretching the truth for the sake of the argument,” the judge noted.

Mitchell Clark:

After discussing notarization and App Review a bit more, she concludes that Apple could implement a system similar to the Mac’s without giving up much of the security iOS already enjoys[…]

Sean Hollister:

Epic will appeal the court’s ruling in Epic v. Apple, a spokesperson confirmed to The Verge.

Sami Fathi:

Epic Games has filed an appeal against the ruling in its case against Apple, further prolonging the already year-long legal battle between the two companies.

Dieter Bohn:

Apple won the vast, vast majority of issues Epic tried to bring up, but also I feel like all of those were long shots. But there is an actual win in all those losses (anti-steering), so I’m fascinating by Epic’s rhetoric here.

Update (2021-09-16): Florian Mueller:

What the court got absolutely right is that the 30% cut is not a market rate for the intellectual property in question. The court even takes note of “Apple’s low apparent investment in App Store-specific intellectual property.” The commission is practically imposed and enforced because of Apple’s app distribution monopoly. The term “gatekeeper” (which is very popular in EU tech policy and law) doesn’t appear in that ruling, but that’s what it’s all about.

Universal Control

Dieter Bohn (Hacker News):

The idea is simple enough: it allows you to use the keyboard and trackpad on a Mac to directly control an iPad, and even makes it simple to drag and drop content between those devices.

What made the demo so impressive is how easy and seamless it all seemed. In a classic Apple move, there was no setup required at all. The segment happened so fast that it even seemed (incorrectly, as it turns out) like the Mac was able to physically locate the iPad in space so it knew where to put the mouse pointer.

See also: Teleport, Synergy.

Federico Viticci:

It can only be started from a Mac running Monterey. You cannot start dragging the pointer from an iPad towards a Mac – it only originates from macOS, and then you can move it around.

It seems to be iPad-only, which is too bad because it would be nice to be able to type directly into my iPhone.

Sami Fathi:

While the feature was previewed at WWDC in June, it’s yet to make an official appearance in any developer beta of macOS Monterey or iPadOS 15, leading to speculation that the feature may be delayed to a future update to the operating systems. However, in the latest macOS Monterey beta released on August 11, Universal Control can be enabled and used between two Macs.

To enable it, users will need to follow the steps outlined in this GitHub post, which requires running a series of Terminal lines, altering system settings, and running commands to enable “Ensemble,” Apple’s internal codename for Universal Control.


Thursday, September 9, 2021

Fire TV Omni and 4-Series

Chris Welch:

Amazon is officially in the TV business. The company has announced its first lineup of Amazon-branded 4K Fire TVs, which will begin shipping in October. This is a major expansion from the company’s “Fire TV Edition” collaborations, where its popular streaming software comes preloaded on sets manufactured by other TV makers. But with its new Omni and 4-Series, Amazon is describing these as “Amazon-built TVs.”

The Omni series is the higher-end of the two, and beyond offering better picture quality, its other key selling point is hands-free voice control. Amazon includes far-field microphones in each model of the Omni series, which comes in 43, 50, 55, 65, and 75 inches.


The Fire TV Omni sets also include picture-in-picture for checking your smart home cameras, and you’ll see your Ring doorbell feed whenever someone is at the door. Amazon says it will be adding a “smart home dashboard” later this year for more comprehensive controls over your connected home gadgets.

You can get a 43-inch 4K smart TV for about double the price of an Apple TV 4K box with no screen. Amazon has more details here.

John Gruber:

This privacy report focuses on streaming services, not hardware platforms, but related to the previous post re: Amazon’s new Fire TV Omni Series, it’s also the case that Apple TV is the only platform that makes privacy a priority and doesn’t put ads on your screen.

Except for ads for Apple services.


Security Researchers Unhappy With Apple’s Bug Bounty Program

Juli Clover:

Apple offers a bug bounty program that’s designed to pay security researchers for discovering and reporting critical bugs in Apple operating systems, but researchers are not happy with how it operates or Apple’s payouts in comparison to other major tech companies, reports The Washington Post.

In interviews with more than two dozen security researchers, The Washington Post collected a number of complaints. Apple is slow to fix bugs, and doesn’t always pay out what’s owed.

Reed Albergotti (tweet, Hacker News):

Ultimately, they say, Apple’s insular culture has hurt the program and created a blind spot on security.

“It’s a bug bounty program where the house always wins,” said Katie Moussouris, CEO and founder of Luta Security, which worked with the Defense Department to set up its first bug bounty program. She said Apple’s bad reputation in the security industry will lead to “less secure products for their customers and more cost down the line.”


“The Apple Security Bounty program has been a runaway success,” Ivan Krstić, head of Apple Security Engineering and Architecture, said in an emailed statement.


Payment amounts aren’t the only factor for success, however. The best programs support open conversations between the hackers and the company. Apple, already known for being tight-lipped, limits communication and feedback on why it chooses to pay or not pay for a bug[…] Apple also has a massive backlog of bugs that it hasn’t fixed, according to the former employee and a current employee, who also spoke on the condition of anonymity because of an NDA.


Tian Zhang, an iOS software engineer, first reported a bug to Apple in 2017. After months of waiting for Apple to fix the bug, Zhang lost patience and decided to blog about his discovery. The second time he reported a security flaw, he says Apple fixed it but ignored him. In July, Zhang submitted another bug to Apple that he says was eligible for a reward. The software was quickly fixed, but Zhang didn’t receive a reward. Instead, he was kicked out of the Apple Developer Program.

Dave Mark:

This is a long article, filled with bug bounty stories, many of them anonymously told. Hard to truly know whether this is the squeaky wheel getting all the attention, or something more problematic. […] Definitely reads like Apple puts less money into bug bounties, shines less of a light onto bug researcher efforts and successes than its competitors.

We’ve been hearing a steady stream of these stories, and it almost doesn’t matter whether they’re representative. The perception is that Apple is stingy and a pain to deal with, and that will affect whether researchers choose to deal with Apple at all. Why, other than ethics, go through a process that sounds worse than App Review when you can blog about it for fame or quickly sell to another party for more money?


Update (2021-09-10): Jeff Johnson:

We don’t know for sure that the stories are representative, but we would know a lot more if Apple published any information whatsoever about the bounty payments. Compare the Google Chrome release announcement.

QuickBooks Desktop Subscriptions

Adam Engst:

Unfortunately, AccountEdge was built on a 30-year-old, 32-bit code base that wasn’t compatible with macOS 10.15 Catalina. MYOB tried and failed to update AccountEdge to be a 64-bit app, and eventually stopped selling it. Tonya didn’t mind keeping one of her Macs on 10.14 Mojave so she could keep running AccountEdge temporarily, but we clearly had to switch accounting systems. Such transitions are most easily done at the start of a year, so in late 2020, we started evaluating the alternatives. Two choices immediately presented themselves:

AccountEdge Pro: You have to give MYOB credit for trying. The company’s engineers figured out a way to embed the Windows version of AccountEdge in a custom emulation wrapper, and they made that the official migration path for orphaned Mac users. However, for $15 per month, we weren’t interested in using an emulated Windows app.

QuickBooks: The 800-pound gorilla of the small business accounting world is still Intuit’s QuickBooks. Although the company seemingly sells a $399 desktop version for the Mac, Intuit’s focus is on various cloud versions of QuickBooks Online, with plans starting at $12.50 per month. […] We were also troubled by the idea of working with Intuit, and the company seems to be up to its old tricks, having just announced that it was discontinuing the Mac app that provided direct access to QuickBooks Online without having to use a Web browser.


The QuickBooks Online Windows and Mac desktop apps are no longer supported as of April 20, 2021.


Due to limited use, we stopped supporting these apps to invest in other functionality that matters to you.

TidBITS eventually decided on Xero.

Meanwhile, the situation for QuickBooks Desktop for Mac has changed (via Hacker News):

For 2022, we are introducing QuickBooks Desktop Mac Plus, an annual subscription-based license for small businesses. We will now be selling our Mac product subscription in place of one-time purchase licenses.


Our transition to a subscription-forward lineup will occur at the time of our 2022 product release – scheduled for October 12, 2021.

We will offer a limited time exception for the purchase of our Desktop Pro, Premier and Mac 2021 one-time purchase licenses (supported through May 2024) to avoid disruption to you and your clients. These products will be available via QuickBooks Solutions Providers (QSPs) and Intuit sales agents until December 10, 2021.

$199 for the first year, then $299/year.


Update (2021-09-10): Michael Love:

I was an upgrade-every-couple-of-years only-use-10%-of-the-functionality QuickBooks user - just as I was with Photoshop - so for me the effect of subscription pricing is that I’ll switch to another product.

As with other subscription products, I’m sure Intuit will more than make up for the loss of smaller customers with the increased revenue from larger businesses. But, as with Adobe, this may create an opening for competitors.

21 Years of Apple Home Page Tabs

James Dempsey (tweet):

The tabs at the top of have been around for over two decades now.

Looking at the changes over time shows changes in Apple products, priorities, and design. For long-time Apple watchers it also provides a walk down memory lane.


Why Is There No iPad or Mac Weather App?

Zac Hall:

For some reason, Apple’s Weather app on iPadOS 15 doesn’t have exactly the same design. Information is still organized into blocks, but a lot of the blocks are weirdly not about weather conditions.

The top of the Weather app for iPad includes a giant banner for a subscription version with more features and fewer ads. I missed the announcement about a paid version of the Weather app, but Apple is really into services these days so it’s no surprise.


Something else unique about the Weather app for iPad is a neat tidbit about UPS. According to the Weather app for iPad, you can save 50% on global shipping with code REACH from now through July 19. I couldn’t find this curious but helpful data point on the Weather app for iPhone. Now I’m worried folks who check the weather on their iPhone are overpaying for shipping.


And before you try to tell me this isn’t the Weather app for iPad, hear me out. The Weather widget launches the Weather app on iPhone, and I’m certain the Weather widget launches the Weather app on iPad. That’s just how widgets work!

M.G. Siegler:

Honestly, it’s embarrassing. Apple has outsourced its soul to an absolutely awful webpage. On load, you’ll see crappy ad after crappy ad. Keep scrolling and you’ll quickly be subsumed by shitty click-bait-y ads. “Kill the Goblin!” And go further still and it’s full-on porn-y spam. Apple is sending millions upon millions of their users to this experience. Apple!


The whole situation is bizarre. Apple just redid the Weather app in iOS 15 to be more beautiful. And the widgets reflect that. And they throw it all in the trash compactor when it comes time to drill down on the iPad.

Nick Heer:

A native Apple weather app on the iPad is long overdue, but that also goes for MacOS. The weather widget in Big Sur is, as far as I know, the only widget that opens a webpage instead of an app when you click on it.

The macOS weather widget is particularly annoying. It shows fewer days and hours than the iOS Weather app, amongst other missing information, and isn’t interactive. On Big Sur, the widget system has a tendancy to crash, making all the widgets disappear until I manually re-add and re-configure them, which sometimes requires restarting the Mac.

With the iPhone Weather app now using SwiftUI, hopefully iPad and Mac will get basic ports in the next cycle. Really, they deserve something even better, though. Apple should be leading by example.

Dave Mark:

Is paying for this placement on iPad? Why is the iPhone weather experience so different from iPad? Have long wondered this. Anyone know the real scoop?


Tuesday, September 7, 2021

How to Hard-Lock Your iPhone


Apple today announced that it is working with several states across the country, which will roll out the ability for their residents to seamlessly and securely add their driver’s license or state ID to Wallet on their iPhone and Apple Watch.

John Gruber:

When you pay with Apple Pay, you never hand your phone to an employee. It wouldn’t even work, because no one else can authorize an Apple Pay transaction without your biometric authentication. This ID feature for Wallet is exactly like that: it doesn’t work without your biometric authentication, and your phone does not unlock when you use it.


With a Face ID iPhone, you hard-lock your iPhone by pressing and holding the side button and either volume button. Two seconds or so — just long enough to make the “Slide to power off” screen appear. (That screen also has sliders for Medical ID and Emergency SOS.) With a Touch ID iPhone, you just press and hold the power button.

Once you do this, your iPhone will require your passcode to unlock. You can’t use Face ID or Touch ID to unlock until after you’ve unlocked with your passcode. That means even if someone confiscates your phone by force, they cannot unlock it by pointing it at your face or by forcing your finger onto the Touch ID sensor. Remember to put your iPhone into this mode every time you’re separated from it as you go through the magnetometer at any security checkpoint, especially in the airport.

Super Follows and IAP

Juli Clover:

Twitter today announced the official launch of Super Follows, a new feature that allows creators to provide subscriber-only content that requires a paid fee to access.

Hartley Charlton:

Each Twitter Super Follow subscription is an individual in-app purchase for every account with the feature set up, it has emerged.

The unusual system, spotted by Jane Manchun Wong, means that for every Super Follow there is an individual in-app purchase for that account specifically. Some observers are speculating that each Super Follow in-app purchase will have to be set up manually by Twitter on the App Store, making the system even more unconventional.


The App Store does not allow for multiple instances of the same subscription, leading other platforms such as YouTube and Twitch to get around this by effectively allowing users to buy a sub-token that can be directed toward a specific creator.


Apple only allows developers to create up to 10,000 in-app purchases, so it is not clear if Twitter will limit the users eligible to sell Super Follows at 10,000 minus Ticketed Spaces and Twitter Blue.

And yet Apple expects Amazon to use this system to sell 9 million Kindle books.

John Gruber (tweet):

This is incredible. Ostensibly, Twitter is doing what Apple wants them to do. Right now Super Follows payments are even exclusive to iOS. (Once you pay on iOS, you can see Super Follow content on Twitter’s Android and web clients, too, but the only way to pay is on iOS through IAP.) But Apple’s IAP system is so brittle that Twitter has to make a discrete SKU for each and every Super Follow user, and pay Apple 30 percent of the price for the privilege. (Twitter, per its published terms, takes just 3 percent of the first $50,000 in lifetime earnings, then 20 percent after that.) Also, because Apple’s IAP listings in the App Store rank IAP offerings by popularity, Twitter is being forced to reveal data that they quite likely would prefer to keep to themselves.

Buzz Andersen:

This is bonkers and really illustrates the ways that Apple’s IAP rules severely constrain the possible business models on its platform.

Steve Troughton-Smith:

This whole system seems designed to showcase just how ridiculous the hoops Apple makes apps jump through with IAP policies are. App Review, too, theoretically has to review each individual in-app purchase, and each one has to include a screenshot.

Steve Moser:

Twitter’s latest beta update introduces support for providing content creators with Bitcoin tips using the “Tip Jar” feature that Twitter introduced earlier this year. Bitcoin isn’t yet available to select as a tip option for beta users, but code in the beta suggests that Twitter is in the process of rolling it out.


Update (2021-09-08): frijole:

reminds me of when comixology had to list every comic via IAP -- and the rejections

ProtonMail Turned on IP Logging for User

Natasha Lomas and Romain Dillet (Hacker News, 3):

ProtonMail, a hosted email service with a focus on end-to-end encrypted communications, has been facing criticism after a police report showed that French authorities managed to obtain the IP address of a French activist who was using the online service. The company has communicated widely about the incident, stating that it doesn’t log IP addresses by default and it only complies with local regulation — in that case Swiss law. While ProtonMail didn’t cooperate with French authorities, French police sent a request to Swiss police via Europol to force the company to obtain the IP address of one of its users.


ProtonMail’s founder and CEO Andy Yen reacted to the police report on Twitter without mentioning the specific circumstances of that case in particular. “Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended and we’re required by Swiss law to answer requests from Swiss authorities,” he wrote.


As detailed in our transparency report, our published threat model, and also our privacy policy, under Swiss law, Proton can be forced to collect info on accounts belonging to users under Swiss criminal investigation. This is obviously not done by default, but only if Proton gets a legal order for a specific account. Under no circumstances however, can our encryption be bypassed, meaning emails, attachments, calendars, files, etc, cannot be compromised by legal orders.


Second, ProtonMail is one of the only email providers that provides a Tor onion site for anonymous access.


Third, no matter what service you use, unless it is based 15 miles offshore in international waters, the company will have to comply with the law. This case does illustrate one benefit of ProtonMail’s Swiss jurisdiction, as no less than 3 authorities in 2 countries were required to approve the request, which is a much higher bar than most other jurisdictions. Under Swiss law, it is also obligatory for the suspect to be notified that their data was requested.

Robert Graham:

ProtonMail has always been clear: they abide by Swiss law and don’t track IP addresses until forced to. Now people are upset at ProtonMail because it works as claimed, not how people assumed because they weren’t paying attention.


[They] provided the IP address and information on the type of device used to the police

Now, of course Protonmail has to comply with Swiss law, but is that what you mean by “No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first.”

It was confirmed by @andyyen that in criminal cases, Protonmail can log IP addresses, their documentation say “in extreme criminal cases”

IANAL, but I have a hard time seeing how young people squatting buildings in Paris is an extreme criminal case. In any case, I have an issue with this lack of transparency from ProtonMail, if any police service can ask them to log IP addresses, that is not anonymous

Andy Yen (Hacker News):

Under no circumstances can our encryption be bypassed, meaning emails, attachments, calendars, files, etc. cannot be compromised by legal orders.


Under current Swiss law, email and VPN are treated differently, and ProtonVPN cannot be compelled to log user data.


Due to Proton’s strict privacy, we do not know the identity of our users, and at no point were we aware that the targeted users were climate activists. We only know that the order for data from the Swiss government came through channels typically reserved for serious crimes.


We will be making updates to our website to better clarify ProtonMail’s obligations in cases of criminal prosecution and we apologize if this was not clear.

Gareth Corfield (Hacker News):

Today that boast has been replaced with a mealy-mouthed version: "ProtonMail is email that respects privacy and puts people (not advertisers) first. Your data belongs to you, and our encryption ensures that. We also provide an anonymous email gateway."

Regarding Yen’s first point, rogers18445 writes:

Each time you visit protonmail you re-download (cache can be invalidated) their client. It would be trivial for them to serve a specific user a modified client which uploads their encryption keys.

This problem is not specific to protonmail, any service which contends to be secure with respect to some server (the protocol relies on the client to decrypt stuff the server cannot) can be compromised this way because of implicit trust in the client software which can be modified at any time with no notice - making any auditing entirely meaningless in the case of targeted attacks.


Fission Exits the Mac App Store

Paul Kafasis (tweet):

We want to be sure to our customers who previously purchased Fission via the Mac App Store are taken care of as well. To that end, we will be transitioning you over to our directly distributed version.


For almost twenty years, we’ve sold our software directly to our customers via our online store. Our fast and secure purchase process has served our customers very well. Since the Mac App Store opened in 2011, we’ve also experimented there. However, despite a decade of feedback from countless developers and users, Apple has made scant few changes and the store remains beset with issues. When you couple the many shortcomings and issues with Apple’s restrictive policies that preclude most of our software from appearing there, the Mac App Store is clearly a poor fit for us. With the removal of Fission, we no longer have any products in the Mac App Store.

Jeff Johnson:

I remember putting Fission in the Mac App Store, and it sucked, mainly because we had to mangle it and make the app worse for sandboxing.

Steve Troughton-Smith:

A damning indictment of the Mac App Store.

Jonathan Deutsch:

I’d love to see a follow-up to this piece about overall revenue with any other apps/app-makers that have left the Mac App Store.

Frank Reiff:

I’m thinking of removing my apps from the Mac App Store, the revenue from that source is constantly dropping and I’m really only offering it as a convenience for potential customers, especially those with a Mac App Store preference.

James Thomson:

When I was selling via both the Mac App Store, and Kagi, it got up to around 80% MAS sales, and the direction was pretty clear. For something like PCalc which is (less) unlikely to fall foul of App Review, I think it’s still the best place to be.


Update (2021-09-08): Steve Troughton-Smith:

Alternate take on the Mac App Store: I only joined the MAS in the past two years after years of my apps being iOS-only. It has since grown to ~30% of my revenue, a chunk that didn’t exist before, and, as competition is low, the App Store editors are eager to show off great apps.

Mike Rockwell:

How can anyone watch so many developers leave and/or completely ignore the Mac App Store and continue to think that the iOS App Store is actually good for the platform?

Apple Delays Child Safety Features

Joseph Cox (tweet, Hacker News, The Verge, MacRumors, TechCrunch):

“Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features,” Apple said in the statement.

It sounds like they are delaying, indefinitely, both the Messages and iCloud Photos components.

Matthew Green:

My suggestions to Apple:

(1) talk to the technical and policy communities before you do whatever you’re going to do. Talk to the general public as well. This isn’t a fancy new Touchbar: it’s a privacy compromise that affects 1bn users.

(2) Be clear about why you’re scanning and what you’re scanning. Going from scanning nothing (but email attachments) to scanning everyone’s private photo library was an enormous delta. You need to justify escalations like this.

(3) As Nick says, client-side scanning is icky to people. There is a reason for this. Considering the number of privacy invasions users have learned to live with, the pushback on this line means something. Learn from it.

(4) Privacy-preserving cryptographic protocols aren’t going to distract people from the fact that what you’re trying to do is uncomfortable.

And (5) if you’re going to make your system design public, make all of it public. Withholding NeuralHash and then having it REed, broken: that was a catastrophe.

There’s also the issue of the secondary server-side hashing algorithm, which Apple seems not to have mentioned until after people started criticizing NeuralHash. Are there other key components not mentioned in the whitepaper?

Kyle Howells:

To me client side scanning is THE issue. Server side, do whatever you want. But MY device should be MINE, and only do what I tell it and/or act for my benefit.

Scan things on “sharing” them, not on “storing” them.

Cindy Cohn (via Edward Snowden):

EFF is pleased Apple is now listening to the concerns of customers, researchers, civil liberties organizations, human rights activists, LGBTQ people, youth representatives, and other groups, about the dangers posed by its phone scanning tools. But the company must go further than just listening, and drop its plans to put a backdoor into its encryption entirely.

Nick Heer:

If you think Apple lacks the backbone to resist political pressure for expanding the CSAM matching database, you definitely cannot hope for wholly encrypted iCloud storage without any way of detecting abuse.


I am curious about the company’s next steps, though. […] I look forward to a solution that can alleviate many researchers’ concerns, but if — as with the App Store — trust has been burned. Only Apple can rebuild it.

Adam Engst:

The other possibility is that the entire effort is now tainted, making this “delay” just a face-saving way for Apple to drop the technology like the hot potato it became. Would there be a massive public outcry if 2022’s Worldwide Developer Conference came and went with no mention of CSAM detection in iOS 16?

Paul Haddad:

It’s a loss for Apple because all they managed to do is piss off everyone.


Monday, September 6, 2021

Tweetbot 6.3 for iOS

Joe Rossignol:

Tapbots today released version 6.3 of Tweetbot for the iPhone and iPad, with the key new feature being a “Behaviors” menu in the app’s settings that contains several toggle switches for fine tuning your Tweetbot experience.

I like the option to turn off “Tap to Top,” as I often accidentally scroll to the top and then lose my place in the timeline. In theory, I can tap the top again to scroll back down, but sometimes by the time I realize I’ve gone to the top it’s too late.

What I’d really like to see is more behaviors, e.g. being able to configure a swipe to share with OmniFocus in a single gesture. Currently, it’s a multi-step process: tap to show the buttons, tap the Share button, wait for the animation, tap OmniFocus, wait for the panel to show up, tap Save, and wait for the panel to close.

It does let you configure a swipe to add to Safari Reading List, though, which was not previously possible. This also requires a confirmation alert each time, apparently because iOS was designed that way. Apple doesn’t explicitly say so, but I assume that Reading List is considered part of Bookmarks rather than History and so is not end-to-end encrypted.


Powering Your Mac: Power Filters and UPS

Howard Oakley:

Providing your Mac with a reliable filtered AC supply is very important to protect it from sustaining damage during electrical storms, when there’s utility maintenance underway, or some idiot trips a circuit-breaker or pulls the mains plug.


Most Macs are well-protected if the UPS keeps them going long enough to allow an orderly shutdown – a minute or two at most. It’s far better for a Mac to be given that chance than to have no UPS at all.


When that’s connected to your Mac, the Energy Saver pane should recognise it and offer both display options and Shutdown Options, which determine how quickly your Mac shuts down when mains power is lost and it’s running off the battery in the UPS.


There’s an important fact which can sometimes be forgotten: the USB interface on a UPS can only be connected to one Mac. If you’ve got two Macs to protect, they each need their own UPS, as one UPS can’t tell two Macs to shut down, except by SNMP, which is considerably more complex to use.

I used APC’s Back-UPS LS for many years with success, but eventually the units (not just the batteries, which I’d replaced many times) failed, and APC discontinued the design that I liked. Lately, I’ve been using a Tripp Lite, which is great except that starting with Catalina the Mac always thinks it’s out of power and needs to shut down. Now the USB connection is useless, and it’s no longer a good solution for a Mac that will be running unattended.

Some other things to consider when getting a UPS:

Update (2021-09-07): Although I think an extension cord will work in practice, the Tripp Lite manual specifically says that doing this will void your warranty.

Callin 1.0

David Sacks:

Today is the public launch of Callin, the first app to offer a new experience we call “Social Podcasting.”


Callin lets you create, discover, and consume live and recorded audio content in one place. It combines the best aspects of social audio — live conversations and social discoverability — with the best aspects of podcasting — creating a lasting library of shows that users can listen to anytime.

This seems like a non-ephemeral version of Clubhouse. I was going to compare how it handles the privacy of phone numbers, but somehow Apple approved this app even though both the Terms of Service and Privacy Policy links 404.

Our goal was to bring the barriers to podcasting down to zero by turning your iPhone into a studio.


One of the most magical features of Callin is that recordings are turned into a transcript which you can edit. Callin recompiles the audio based on the edited transcript so the creator never needs to touch an audio file.

Jason Snell recently described a very different workflow:

This week’s episode of Upgrade was a “call-in show,” in which we answered audio questions sent in by listeners. I’ve heard from a few people who wondered how we put the show together, so I thought I’d provide some of the details.

This likely produces a much higher quality result, but with a lot more time and expertise required. He’s also posted a video of his workflow using Ferrite Recording Studio on an iPad.

Tim Hardwick:

Clubhouse, the online audio app that this year became a social sensation, is rolling out spatial audio support for iOS users.


In the example, individual speakers on a Clubhouse call can be heard as if their voices are in separate locations within a three-dimensional space around the listener, making it seem like everyone is situated in different places in the same a room.


To be clear, this isn’t Apple’s version of spatial audio, which includes head tracking to make it sound like the sound is coming from your iPhone or iPad, but it shows just how much spatial audio has caught on since Apple began touting the concept.


The Persistent Gravity of Cross Platform

Allen Pike:

Each time a cross-platform app has found itself in the crosshairs of the internet, I hear a variant of this question: “What is it about enterprise companies that make so many of them abandon native apps, when they could surely afford to develop one app for each platform?”


At the highest level, cross-platform UI technologies prioritize coordinated featurefulness over polished UX.


Where things get interesting is when you look at customer-facing software. Products where the experience is a big contributor to success or failure, and the higher “UX ceiling” that platform-specific UI code enables can help retain paying users. It seems, conceptually, that a big company willing to spend big money to build really nice native Mac and Windows apps would be in a position to outcompete the Electron-based Slacks, Figmas, and Spotifys of the world. Right? So why isn’t that happening?


When you’re rapidly hiring, rapidly adding client features, and adding support for a third, fourth, and fifth platform, things start to get dicey. […] Hiring more engineers makes for a non-zero improvement, but the exponential – or at least super-linear – nature of coordination overhead means the additional product velocity per new hire can get disturbingly low.

Gus Mueller:

More and more apps written with web tech (such as Electron) are showing up on the Mac desktop everyday. I understand why, but I don’t have to like it.


Update (2021-09-14): Fred McCann (Hacker News):

The obvious question is if Electron is so bad, why do companies keep shipping Electron applications? There’s a set of common theories, which do have merit, but I don’t think they explain why Election is gaining so much traction. Before I give you my take, let’s break these down.


With some notable exceptions, most awful Electron apps are clients of network services. Why does that matter? Haven’t there always been terrible cross-platform applications that were clients of network services?


The interesting question to me is not whether developers, companies, or users are to blame. It’s not how we could expect a single company to be able to develop applications on multiple platforms with feature parity. The question is what fundamentally changed? Why are internet applications today more often than not controlled entirely by a single company which carries the burden of creating client applications for every user on every platform?


When protocols are open, there’s more innovation and more choices. If anyone can make a client, every popular internet application will have a high quality native application because there will be a market for people to make and sell them. Not only that, these competing developers are more likely to add features that delight their users. When one company controls a service, they’re the only one who can make the software, and you get what you get.

Thursday, September 2, 2021

Why Xcode Tools Are Slow After Reboot

Jeff Johnson:

When you attempt to run one of the developer tools, the _xcselect_invoke_xcrun function must look up the actual path of the tool. The paths of Xcode and the developer tools are cached on disk in a database file named xcrun_db located in your $TMPDIR. […]

Perhaps you already see the problem here: the contents of $TMPDIR are emptied on every reboot! Thus, the first time you run a developer tool after reboot, the xcrun_db cache needs to be regenerated.


Why does it take so long to regenerate the cache? While I was reproducing and diagnosing the issue, I noticed that when I ran a developer tool after reboot, the process syspolicyd went crazy and used almost 100% CPU until the command finished. I took samples of syspolicyd when this happened, and the process seemed to be spending a lot of time in the security framework checking code signing.


I discovered a way to accelerate the cache regeneration to around 3 seconds, down from over 10 seconds: disable System Integrity Protection.

Note that this also affects non-Apple tools like Git that are bundled inside of Xcode. The last few macOS releases, and especially since Catalina, it seems like my Mac is always pausing at inopportune times to verify security stuff. Often times the delay is much longer than the 10 seconds reported here, and sometimes one CPU core is pegged at 100% doing syspolicyd or tccd for the duration of what I’m doing. Disabling System Integrity Protection isn’t a great solution because it messes up testing.

Update (2021-09-07): Robin Kunde:

I wonder if this has implications for CI services like Circle CI that spin up a fresh VM every time you run a test suite. By restoring the database from cache, one might be able to work around this issue.

Relaxing Anti-Steering Rules for Reader Apps

Apple (Hacker News, 9to5Mac, MacRumors):

Apple today announced an update coming to the App Store that closes an investigation by the Japan Fair Trade Commission (JFTC). The update will allow developers of “reader” apps to include an in-app link to their website for users to set up or manage an account. While the agreement was made with the JFTC, Apple will apply this change globally to all reader apps on the store. Reader apps provide previously purchased content or content subscriptions for digital magazines, newspapers, books, audio, music, and video.

To ensure a safe and seamless user experience, the App Store’s guidelines require developers to sell digital services and subscriptions using Apple’s in-app payment system. Because developers of reader apps do not offer in-app digital goods and services for purchase, Apple agreed with the JFTC to let developers of these apps share a single link to their website to help users set up and manage their account.

The changes don’t go into effect until “early 2022.” Each month they can be delayed is potentially worth a lot of fees.

John Gruber:

Progress. Apple’s anti-steering provisions are the number one thing I have been clamoring to be changed in the App Store rules. I think this should expand beyond just “reader” apps, but one step at a time.

Do you hear that sound? That’s the sound of a significant amount of antitrust pressure being relieved from Apple.

Steve Troughton-Smith:

I look forward to the App Store Guidelines changing rule by rule in individual press releases brought upon by lawsuits and governmental action 🙄

David Heinemeier Hansson (tweet):

How petty can you get? Why does it have to be a single link? Why can’t the Kindle app link to buy another book by the same author when you finish the one you were reading, without having that mean the general link to the store on the Home Screen has to disappear?


But that’s been Apple’s tactic in all of this: Do barely better than nothing. What’s the absolute least we can get away with? Do that. And from the perspective of a single battle, I guess that makes sense. But I think they’re missing the forest for the trees here. Every time they give barely an inch, they prolong and intensify the overall struggle. Rather than simply getting out of this morass entirely.

Steve Troughton-Smith:

It took the full weight of a national antitrust investigation to make Apple budge by ‘a single link’ for a subset of App Store apps, a policy change that would require no development or code changes on Apple’s part. We’ve got a loooong road ahead of us

James Thomson:

Again with the “let’s add more complicated rules in an effort to stave off antitrust” approach, rather than just ripping off the payment system band-aid[…]

Thomas Clement:

Isn’t it clear enough now that sideloading and alternative stores is the only way? Apple will never let go.

Federico Viticci:

I don’t know friends, these “reader” apps seem pretty suspicious to me. Linking to “the web”? For “account management”? On a “website”? pretty scary stuff

Note that this still doesn’t let you purchase books in the Kindle app.

Joe Cieplinski:

Apple is betting if they give enough concessions to those who can afford lawyers, they won’t have to really change the App Store. They are not wrong.

Indies who haven’t figured out these companies don’t care about them any more than Apple are in for a splash of cold water.

Paul Haddad:

All kidding aside this is great news, awesome to see the small developers come out ahead for once! Congratulations to <checks notes> Amazon, Netflix, HBO, Disney, Google, Hulu, Pandora, Spotify and dozens of others!

Steve Troughton-Smith:

I guess it should be noted that developers & apps don’t self-identify as ‘Reader apps’. Apple decides what is and isn’t a Reader app. And then it will quietly use that as a means to influence how your app works via App Review rejections and opaque addenda to the rules

I could have sworn that during a long-since-past furore Apple introduced the term ‘Reader apps’ out of nowhere as an excuse to give certain apps special exceptions to certain rules

Tim Sweeney:

In Apple’s carefully-worded statement on safety, it’s hard to discern the rationale that this is safe while Fortnite accepting direct payments remains unsafe.

Even more so if Apple deems Roblox, a game from 2006-2021 that became “an experience” mid-trial, a reader app.

Kosta Eleftheriou:

What’s up with “Apple will also help developers of reader apps protect users when they link them to an external website to make purchases”?

What Apple is saying is they want users to keep trusting Apple.

The links will be CLEARLY marked as external links to set boundaries & dissuade users from opening them, and they’re gonna open in a private Safari tab for extra friction - er, I mean privacy.🤷‍♂️

Rob Jonson:

Part of me worries that I might be giving them ideas...

John Siracusa:

Sure, your “reader” app can include one (1) approved link to your website…but will you be allowed to have any text near that link explaining why someone might want to tap on it, or is that still forbidden? This is where we are, mentally, when considering App Store rules in 2021.

David Barnard:

Instead of saying “go to Netflix on the web” the Netflix app can actually link to the account management page on the web. And the sign-in page can actually have a link to create a new account instead of just a sign in button.

It really is that small of a change to a rule that was customer and developer hostile to begin with. It is a big deal, but also not. As with the settlement last week, Apple is very deftly giving the absolute minimum possible. But they are giving.


Update (2021-09-10): Nick Heer:

On its face, this is excellent news, though it is still limited. Apple’s definition of “reader” apps is media-centric, so it seems like this would preclude an app like Hey from offering a link to create a paid account on the web. It also does not apply to in-app purchases generally, so this would not resolve Apple’s dispute with Epic Games over Fortnite. But it should mean that Netflix and Spotify will be able to remove the error messages Apple has required to be vague. I see progress.

Matt Birchler:

I love love loved this segment from @siracusa on ATP this week 😂

It boggles the mind how this debate gets people to argue that e-commerce basically isn’t a thing and the world would implode if anyone but Apple processed a transaction.

Also I’m not sure if people understand that when you use Apple Pay on the web, it’s not Apple processing that transaction, it’s a third party payment processor.

John Gruber:

I heard from one reader in the racket wondering if Apple is going to require these apps to also offer Apple’s IAP to be allowed to include a link to a website. I have another friend, who works on a popular subscription app that does use IAP, who’s wondering if they’re going to be allowed to also have a link to their website now, and doubting it.

That’s how much trust Apple has burned.

Dan Moren:

As always, the devil is in those details. The company has never shied away from spelling out exactly when, where, and how developers can present certain information inside their apps. It’s not at all out of the question that Apple would say, for example, that such a link could only appear on, say, a first-launch splash screen or buried deep in a settings screen.

Joe Rossignol:

Following the announcement, some developers have said Apple’s decision is not good enough.

Benjamin Mayo:

In this case, I am perturbed by the fact that there are lot of words, a lot of paragraphs, surrounding what should be a straightforward policy change: allowing developers to link out to their website on the sign-up screen.


Setting aside Apple’s self-serving and/or contradictory rules around what counts as a reader app, what the heck does a single link mean in a digital world? It’s a hilarious concept.

Joe Rossignol:

Apple said the changes “will help make the App Store an even better business opportunity for developers,” but Morgan Stanley analyst Katy Huberty believes there will be “minimal financial impact” to Apple. In a research note, she said the changes would result in just a 1-2% hit to Apple’s earnings per share in the 2022 fiscal year in a worst case scenario.

The Sub Club Podcast:

On the podcast, we talk with Ben about all things app stores. From Apple’s revolutionary launch of the App Store in 2008 to the monopoly-like powers, both Google and Apple now wield today. With multiple lawsuits filed, government investigations ongoing, and developer sentiment at an all-time low, we take an honest look at the challenges and trade-offs in trying to bring two of the world’s largest companies to heal.


Wednesday, September 1, 2021

South Korea App Store Bill

Sami Fathi (Hacker News):

South Korea today passed a bill that bans Apple and Google from requiring developers to use their own respective in-app purchasing systems, allowing developers to charge users using third-party payment methods, The Wall Street Journal reports.


The bill is an amendment to the existing Telecommunications Business Act. It aims to ban Apple and Google from unfairly exploiting their market position to “force a provider of mobile content, etc., to use a specific payment method.”

David Heinemeier Hansson (tweet):

But as much as South Korea is an important market, particularly for Google, it’s not the fifty million people there that truly scare either of these companies. It’s the crack in the dam. The one that’ll soon flood their scarecrow arguments on app-store payment mandates around the world.

South Korea just made it a lot easier for every other country in the world to pass their own laws outlawing anti-competitive app store payment mandates. These countries will be able to point to South Korea to show that allowing developers to use Stripe, Square, Braintree, PayPal, or whatever to charge their customers won’t bring about app armageddon. Reality is going to refute the fear that Apple and Google have been working so hard to stoke.

Steve Troughton-Smith:

Lot of the discussion around this, especially from Apple’s side, makes it sound like a potential in-app payment wild west. What that ignores is that there are payment processors that customers do trust — Amazon, Stripe, PayPal, et al

Those services are just as easy, if not easier, as Apple’s to cancel/refund/unsub with. And prices will be lower, as a result, if offered side by side. There is nothing stopping Apple enforcing — by policy — that all apps using IAP must adhere to the system IAP family controls

How does Apple’s in-app purchase stay as a preferred option for consumers given the choice? By competing. Lower rates & better terms for developers. If Apple’s IAP really were the best option out there, developers wouldn’t be looking elsewhere to try and sustain their business

If Apple cared about consumers more than the paltry sum it makes from developer revenue, it would drop App Store & In App Purchase commissions to as low as realistically possible, so that everybody would want to use the system. Match other processors — you can afford to

John Gruber:

I see a clear difference between purchasing an app or game from the App Store and making an in-app purchase within an app or game after having installed it. My understanding of the new South Korean law is that it only pertains to in-app purchases, so the distinction, I believe, is more than just semantics.


I am confident that the overwhelming majority of typical users are more comfortable installing apps and making in-app purchases on their iOS and Android devices than on their Mac and Windows PCs not despite Apple and Google’s console-like control over iOS and Android, but because of it. And if these measures come to pass and iOS and Android devices are forced by law to become pocket PCs, I think there’s a high chance it’ll prove unpopular with the mass market. The masses are not clamoring for the app stores to be opened up. These arguments over app stores are entirely inside baseball for the technical and business classes.


The part of Apple’s statement about “Ask to Buy” and parental controls, though, I think is sophistry. It’s certainly true that the “Ask to Buy” feature currently wouldn’t work with third-party in-app payment processing, but that’s because nothing in iOS is built to support outside payment processing for in-app purchases. If required to support third-party payment processing, Apple could and should create APIs to support them through the existing “Ask to Buy” process, and the App Store guidelines could and should be expanded to require supporting all parental control APIs regardless of how payments are processed.


Update (2021-09-10): John Gruber:

I have a rough English translation of the law, and my understanding is that the above ban on “delaying” or “deleting” apps is specifically related to retaliation for using their own payment processing. It’s not a ban on removing apps from the stores for just cause.


On the Shift From Imperative to Declarative UI

Peter Steinberger (tweet):

The trend of declarative UI on mobile began in 2013 with React Native, which started as a Facebook hackathon project. The goal was to improve the developer experience by bringing everything people loved about the web—rapid development, instant reload, platform agnosticism—to mobile. The first major declarative UI framework, React Native offered a way to build cross-platform apps with very little platform-specific code.


Today, React Native is a polarizing framework. Some companies are dropping it (like Airbnb), while others are doubling down (like Coinbase).


Google had similar ambitions to bring web development concepts to mobile, although it took a different approach. Flutter started as a fork of Chrome animated by the question, “How fast could we go if we dropped all that backward compatibility from the web?” […] This didn’t always work out—especially on iOS, where the infamous “jank” problem (choppy animations on first render) hurt the experience, though a recent release has resolved the issue.


With this in mind, Apple and Google created their own “first-party” solutions, SwiftUI and Jetpack Compose. Both were announced in 2019 and are now becoming production ready.


Despite their structural similarities, Jetpack Compose tends to be easier to adopt than SwiftUI. Whereas Google distributes Compose as a library that works on every Android version down to 5.0 (released in 2014), most apps that adopt SwiftUI need to target iOS 14 (released in 2020) or later.

Shortcut for Tapback in Messages

Sommer Panage:

On Mac, you can do ⌘+T to bring up your Tapback responses in Messages and then you can use the number keys, 1-6, to select your reaction. 🤯 Get ready for lots of ❤️ and 👍🏻 everyone…

It also works on iPad.

What I’d really like is to be able to choose a Tapback right from the notification, especially if the Messages app isn’t even open.

Catalyst Sample Code Roundup

Steve Troughton-Smith (tweet):

I thought it would be a good idea to round up the various pieces of sample code I've created for Mac Catalyst just to get everything in one place. These are by no means step-by-step guides, merely illustrated examples that have come about over the course of developing my own apps and responding to questions from developers.

Apple Acquires Primephonic

Juli Clover (Hacker News):

Apple today announced that it has acquired classical music streaming service Primephonic, and will be folding it into Apple Music.

Primephonic offers an “outstanding listening experience” with search and browse functionality optimized for classical audio, plus handpicked recommendations and “contextual details on repertoire and recordings.”

Andy Ihnatko:

I’m very pleased and optimistic about Apple’s acquisition of Primephonic. Classical music is idiosyncratic and absolutely requires a bespoke streaming experience. Apple acquires the whole catalog and promises a custom app and experience for classical.

Mainstream platforms are usually disappointing. “We’ve loads of opera…we’ve got ‘Nessun Dorma’ by the Three Tenors and that little girl from ‘America’s Got Talent’! Here’s some 70s soft-rock that our algorithm thinks people who search for opera would rather listen to…”

Well, maybe not that bad. But many of the greats record for labels that don’t have streaming distribution, or aren’t even given a chance to record at all. And much of the best stuff ever recorded is locked up on an opera company’s servers with no plans for distribution.

So it’s a big opportunity for Apple to seriously move the needle. Not just to provide better search and playback tools (which are sorely needed) but to do things like help change a legendary 2009 performance from a thing that fans have heard about to a thing that fans can hear.


Update (2021-09-07): Kirk McElhearn:

Apple’s Primephonic acquisition is interesting. The company was a very small player in the streaming market, but with only classical music. Apple making a separate app for classical music is some I would never have expected. I’ve been critical of classical support in iTunes and Music for as long as as I’ve been writing about digital music. While Apple made small improvements over the years, they never got remotely close to providing what classical listeners want. This is very good news.

Update (2021-10-20): John Gruber:

What I find interesting is Apple is going to use this acquisition to launch a dedicated classical music app, not to expand the Music app. iTunes, infamously, expanded greatly over the years, and everyone seems to agree that the user experience suffered for it. I wonder if that’s in the back of Apple’s mind here.