Archive for May 3, 2024

Friday, May 3, 2024

Error -609 Launching App From the Mac App Store

Matthias Gansrigler:

Does anybody here know what macOS’ error -609 is when launching an app from the App Store?

“The application “XYZ” can’t be opened. -609”

And, maybe more importantly, how to fix it? Relaunches, re-installs and restarts have not helped.

Mark Cornelisse:

Are you behind a firewall? This usually occurs when MacOS can't communicate with the App Store to get the decryption certificates for the binary.


I’ve done so research on the subject. It could be the following things:

  • Corrupted Application File or incomplete installation. Unintall the application and download it again from the App Store.
  • Disk Permissions. Use Disk Utility to repair disk to all disk permissions.
  • Outdated MacOS or too new version of it. Download the latest MacOS for the device.
  • Account Authorization. Solution: Logout of the App Store account and log back.
  • Damaged System Files. Reinstall MacOS through the EFI.
  • Conflicting Software like security software. Disable the security software. See if the issue persists. If doesn’mt contact support of the security software or the administrator of the Mac.
  • Network issues in contact the App Store server. Remove any obstacle like firewall and system rights that might prevent the Mac from communicating with the App Store to get the needed certificate.
  • Disk Storage. Free up disk space.

I’m seeing a recurrence of the old problem where launching test versions of Mac App Store apps doesn’t work.


Apple’s Q2 2024

Apple (transcript, Hacker News, MacRumors):

The Company posted quarterly revenue of $90.8 billion, down 4 percent year over year, and quarterly earnings per diluted share of $1.53.

“Today Apple is reporting revenue of $90.8 billion for the March quarter, including an all-time revenue record in Services,” said Tim Cook, Apple’s CEO.


“Given our confidence in Apple’s future and the value we see in our stock, our Board has authorized an additional $110 billion for share repurchases. We are also raising our quarterly dividend for the twelfth year in a row.”

Jason Snell:

The company booked $90.8 billion in revenue (down 4% versus the year-ago quarter) with $23.6 billion in profit. Mac revenue was up 4%, presumably buoyed by the release of the M3 MacBook Air. iPad revenue crashed down to $5.6 billion, a 17% drop from the year-ago quarter and the weakest iPad quarter in four years. iPhone revenue was $46 billion, down 10% versus the year-ago quarter.

Services revenue was the big highlight for Apple this quarter, with a new record $23.9 billion in revenue, up 14% year over year. The Wearables, Home, and Accessories category managed only $7.9 billion in revenue, down 10% versus the year-ago quarter.

Artificial intelligence was mentioned many times, and as Ryan Jones notes, Apple even suggested that the M3 MacBook Air is selling well because of its “incredible AI performance.”

John Gruber:

Tim Cook’s decade-ago decision to focus both the company and investors’ attention on Services looks ever more prescient. As it stands, a 4 percent overall drop in revenue makes for an ever-so-slightly bad quarter. If not for Services growth, however, this would’ve been a not-so-slightly bad quarter.

Maybe it was a good business decision. I still think the focus on services has not been good for the products.

John Gruber:

It’s somewhat interesting to me that those are the two iPhone models: on the consumer side, the smaller-display iPhone 15; on the pro side, the big-display iPhone 15 Pro Max. The cheapest iPhone 15 model and the most expensive one.


Update (2024-05-07): Michael E. Cohen and Adam Engst:

Apple’s regional results were a mixed bag, with some regions—the Americas and Europe—providing generally steady or growing revenues, while others—Greater China, Japan, and the rest of Asia Pacific—showing declines. The declines may be less related to Apple’s products than to regional economic conce

Jason Snell:

It’s interesting that Cook calls out generative AI, which is basically the sort of stuff that Apple hasn’t spent the last few years rolling out inside its various products. He acknowledges that they’ve been investing in this technology and once again touts that Apple will share things soon.


There was one claim that made me laugh out loud during the call, though. Apple CFO Luca Maestri said, as a part of his prepared remarks, that “customers are loving the incredible AI performance of the latest MacBook Air and MacBook Pro models.” Are they, really? I knew some apps have AI features, but the idea that M3 MacBook Air users are just buzzing over how incredible the AI performance they’re getting is… just seems silly. This is the place where Apple’s product marketing hype machine collides with its investor community hype machine and generates something… not optimal.


Sometimes, it seems like Apple has almost saturated demand for its products, which leads to slower growth (for everything except the Services category, apparently). So, where would growth ever come from? This answer focuses on it: There’s a big portion of the world where Apple’s market share is quite low, but populations are growing and income levels are rising. Apple’s growth story for the next couple of decades may have more to do with India, Brazil, and Indonesia than with Europe or the United States.


That’s about as savage a shade-throwing as you’ll get on an Apple analyst call. But to summarize, Rakers asked Cook to respond to third-party estimates on Apple’s sales, and Cook essentially pointed at his legally mandated financial statements and declared them the real numbers.

Beats Solo Buds

Chance Miller:

Alongside the launch of Beats Solo 4 today, Apple has also announced new Beats Solo Buds earbuds. The new Beats Solo Buds pack a truly wireless design with an incredibly impressive 18 hours of battery life and $79.99 price.


While they miss out on features like Active Noise Cancellation, auto play/pause, and Transparency mode, they offer an impressive set of other features.

Via Benjamin Mayo:

even if you halve the quoted 18-hour battery life it’s still much better than AirPods longevity for a single session (like plane journeys?)

Tracking Through MarketplaceKit


@brave for iOS just got updated to support the new “marketplace-kit” scheme. Brave only calls the scheme when trackers blocking is disabled. As we reported earlier, Apple implemented the new scheme in a way that allows tracking across websites based on the unique client_id.

Now users in the EU can use Brave to safely install alternative marketplaces. We would like to thank Brave for considering our advice about potential tracking. Moreover, Brave doesn’t invoke the scheme if it’s called from a website different than the store’s website. Great job. 👏

The client_id is created by MarketplaceKit. It is unique per device, Apple ID account, and marketplace combination. At the moment Apple allows any website to trigger sending client_id to the alternative store backend. This allows a malicious app store to track users across websites.

Via Damien Petrilli:

Apple implementing a half-assed compliance instead of implementing a well proven Mac-like installation.

Pretty sure they are going to blame all the security issues caused by their code on regulation.

All those 600 new APIs they did to fake compliance are just code exposing users to new security flaws.

It’s not clear to me exactly what the client_id is for. Apple mentions it in the context of restricting app downloads to certain “qualified users.”

I think users would already expect a marketplace to track their purchases and browsing through that marketplace, so I’m not sure this is a big deal. Does it matter that the marketplace account is linked to a device–Apple ID combination? Is it that different from a Web store tracking through cookies? I’m not seeing a huge distinction between browsing a Web page associated with a product in the marketplace vs. within a marketplace/store.


Update (2024-05-03): The piece I was missing is that any Web site can ping the marketplace to get the unique ID because Safari doesn’t check that the Web site is part of that marketplace.

Talal Haj Bakry and Tommy Mysk:

Our testing shows that Apple delivered this feature with catastrophic security and privacy flaws. First, Safari invokes the marketplace-kit URI scheme without checking the origin of the website containing the URI scheme and the URL passed in the alternativeDistributionPackage input parameter. This allows cross-site tracking as we’ll show in the next section.

Second, MarketplaceKit would accept any parameters once invoked. It doesn’t read or validate the JWT tokens passed in the argument. We are sure that Marketplace doesn’t read the tokens because we sent text that doesn’t conform to a valid JWT structure and MarketplaceKit accepted it. Worse, it blindly relayed the invalid JWT token when calling the /oauth/token endpoint. This opens the door to various injection attacks to target either the MarketplaceKit process or the marketplace back-end.

Third, certificate pinning is not deployed in the entire process. This makes it easy to intercept and manipulate requests between the MarketplaceKit process and the marketplace back-end. It might be tricky to support certificate pinning here because MarketplaceKit might communicate with many servers that can dynamically be changed by the marketplace developer in the .well-known resources. But this also has potential issues. In our testing, we overwrote the .well-known resources through intercepting the calls and we fed our own endpoints. As a result, MarketplaceKit called our endpoints.


The flaw of exposing users in the EU to tracking is the result of Apple insisting on inserting itself between marketplaces and their users. This is why Apple needs to pass an identifier to the marketplaces so they can identify installs and perhaps better calculate the due Core Technology Fee (CTF).