ToothFairy 2.8.6 is a maintenance update of my Bluetooth menu bar utility.
Some interesting issues were:
There’s a new issue with macOS Sequoia where sometimes IOBluetoothDevice never sends a notification that a device has connected, even though the device has actually connected and isConnected() now returns true.
Separately, sometimes the device connects (with no notification) but isConnected() remains false.
There was a longstanding bug where we were modifying a view layout from a background thread. macOS is now detecting this and _AssertAutoLayoutOnAllowedThreadsOnly() raises an NSInternalInconsistencyException.
I’m having trouble testing my Mac App Store build because after exit(173) it will prompt me to log in with my sandbox account, but the verification code never arrives. I’m not sure what Mac it’s even supposedly going to—where can you access the device list for a sandbox account? This had been a problem for a long time, but there used to be an option to have it send the code via SMS to the phone number on my developer account. That seems to be gone.
Previously:
Apple ID Bluetooth Bug Cocoa iTunes Connect Sandbox Testers Mac Mac App Mac App Store macOS 15 Sequoia Programming ToothFairy
I’ve been hosting ATPM with Pair Networks for almost 25 years now. At one point, it needed a dedicated server, and then technology improved and we were able to use a high-volume shared hosting account. The site has been in maintenance mode since 2012, and as lower level hosting plans got better and traffic gradually dropped off, eventually it could run on the least expensive shared hosting plan. This was $66/year in 2019. Pair increased the rate to $88 in 2022, and it stayed there for a while. I’m sure there were cheaper options elsewhere, but Pair had provided many years of good service, and it seemed a small price to pay to keep the archives online without putting a lot of time into investigating an alternative host and moving the site.
On December 2, Pair sent an e-mail:
In recent months, we’ve experienced rising operational costs as we upgrade our hardware to improve the quality and reliability of our services. To support these improvements, we will be adjusting our rates effective January 1, 2025.
For our valued existing customers, these new rates will only take effect upon your service renewal.
The new rate was $159/year, a huge increase in percentage terms. Other hosts have been raising rates, too, but not by that much. It’s not really clear to me what’s going on here, as for decades the hardware/storage/bandwidth got better and prices went down. My guess is that we’re currently getting a lot more than we need, but there’s no lower tier to downgrade to. In Pair’s case, the timing shortly after it was acquired is suspicious. Anyway, with our renewal in June, I made a note to investigate other options but figured that staying another year with Pair wouldn’t be that big of a deal.
On May 1, Pair sent another e-mail:
Starting June 1st, 2025, we will launch our NEW Pair Platinum Mail services, replacing the current free email offerings. This change is driven by rising our commitment to continuously improve our products despite operational costs and technical challenges in maintaining high-quality service.
[…]
To ease this transition, we are introducing new email service bundles, offering discounted rates as you increase the number of mailboxes in your plan. This pricing model ensures continued service quality while providing flexibility and affordability as your needs grow.
All the hosts we’ve used have always included more than enough mailboxes for free along with the Web hosting. This change raised the expected $159 to $639, even though we barely get any non-spam mail these days. And it’s anything but “flexible”: you can’t actually buy the number of mailboxes you need:
While each mailbox is priced competitively, we also offer bundle options designed to reduce the price per mailbox as your needs grow—delivering even greater value for businesses requiring multiple accounts.
It looks like there are bulk discounts, but when you actually go to configure it, it turns out that adding more mailboxes makes the per-mailbox price go up. This is because you can’t buy 11 mailboxes at the 10-mailbox rate; you would have to buy 20 and leave 9 unused.
The short notice and trying to market this rigidity as as benefit leave a bad taste, and it just doesn’t seem like the same company anymore. So now I really am looking for alternatives, or perhaps I’ll move it onto the server for one of my other sites. Pair also got rid of their discount for yearly billing, thus incentivizing us to move sooner. I’ve kind of been dreading the move because the site uses Python 2 and MySQL, and the last time I tried compiling the dependencies on a modern version of Linux I ran into multiple blockers. But, actually, it was surprisingly easy to update all my other server code to Python 3, so I should probably just do that here, too.
Previously:
ATPM Business MySQL OpenSSL Pair Networks Python Web
Benjamin Mayo (MacRumors):
Apple has appealed parts of the Digital Markets Act law citing user privacy concerns. Specifically, Apple is contesting the interoperability requirements that say data like notification content and WiFi networks should be made available to third-parties.
Apple says the DMA as written allows others to “access personal information that even Apple doesn’t see”. This is because features like notification rendering and WiFi network data are currently handled on-device and stored in an encrypted fashion, so Apple cannot see that stuff. However, the DMA does not necessarily require third-party agents who would be able to access this same data to commit to the same standards of privacy and security.
The implication is that, say, Garmin wants your personal information and Apple doesn’t. But I think Apple’s framing of this is all wrong. The companies don’t necessarily want your information either, and it’s not as if it would be shared without your consent. The real issue is that Apple is trying to lock people in by preventing them from even choosing to share their own data. If you could opt into sharing notifications of iMessages with third-parties, it would “hand data-hungry companies sensitive information.” But, in contrast, if Apple by default backs up actual iMessages and attachments to their server, not E2EE, somehow that’s “even Apple doesn’t see”? I’m sure there are aspects of the EU requirements that merit criticism, but I have little sympathy given how disingenuous Apple is being.
John Gruber (Mastodon):
To cite just one example, the Commission’s March ruling requires Apple to make AirDrop available to third-party devices, as though AirDrop was an open standard. (It also requires Apple to allow AirDrop to be replaced on iOS devices, like an interchangeable component, with third-party file sharing software.)
The part I saw was not saying that Apple has to open up AirDrop but that it has to allow third parties to build their own wireless fire transfer solutions and that they shouldn’t be put at an API disadvantage vs. AirDrop. As with Tile, I don’t really see how such a non-built-in system would get enough traction, so enabling AirDrop competitors hardly seems like it should be a priority, but I don’t see it as harmful, either. I want to be able to install interesting third-party apps on my phone. “Something only Apple could do” should be about the amazing things that Apple can design and build, not about how it actively blocks others from competing and innovating.
The EC’s March mandate basically says that third-party devices must be permitted to do everything Apple’s own devices do when it comes to communicating or interoperating with iPhones and iPads, even if that requires allowing those third-party companies to install and run system-level background processes with broad privileges on iOS. In fact, as Mayo alludes to above, in order to have the same capabilities as Apple’s own devices do, third-party system software extensions might need broader privileges.
I’ve long seen that there are two ways Apple can comply with this mandate, if the EU court declines Apple’s appeal. The first is what most people are thinking, and surely what the European Commission’s bureaucrats are thinking: that Apple will somehow make all third-party devices as capable as Apple’s own when it comes to pairing with and communicating with iPhones and iPads. (And that when Apple is set to unveil new devices, they’ll share the details with third parties in advance so they can do the same things.) The second, though, is that Apple will limit its own devices in the EU and only in the EU to the same features available to third-party devices through open standards like Bluetooth. New features and entire devices will either come late, or never, to the EU.
Rui Carmo:
Considering I use [AirDrop] almost every day and that there are zero alternatives that actually work (remember when we had to use Bluetooth?), I am hardly amused.
I am even less amused by the fact that the EU has pretty much ignored more widely rampant abuses (off the top of my head, the way TVs are sending out advertising data or the way ISPs do traffic shaping and sell your data) while focusing on a feature that is actually useful and works well.
Previously:
AirDrop Apple Continuity Digital Markets Act (DMA) European Union iMessage iOS iOS 18 Lawsuit Legal Notification Center Privacy Wi-Fi
Apple (MacRumors):
In the last five years, the App Store has protected users by preventing over $9 billion in fraudulent transactions, including over $2 billion in 2024 alone, according to Apple’s annual App Store fraud analysis. This reflects the App Store’s continued investment in fostering the most secure experience for users while providing developers with tools and resources, including a powerful commerce system that helps customers transact safely and securely in 175 regions around the globe.
[…]
In 2024, Apple terminated more than 146,000 developer accounts over fraud concerns and rejected an additional 139,000 developer enrollments, preventing bad actors from submitting their apps to the App Store in the first place.
Apple also rejected over 711 million customer account creations and deactivated nearly 129 million customer accounts last year, blocking these risky and malicious accounts from carrying out nefarious activity. That includes spamming or manipulating ratings and reviews, charts, and search results that risk compromising the integrity of the App Store.
[…]
Before any app makes its way onto the App Store, it is vetted by a member of Apple’s App Review team, all of whom are deeply familiar with the App Review Guidelines, and focused on ensuring apps meet Apple’s standards for quality and safety. On average, this team reviews nearly 150,000 app submissions each week, helping bring new apps and updates to the App Store.
I think some developers would beg to differ on the emphasized point.
Other common tactics used by fraudulent developers can include concealing hidden features and functionality in their code, which are only enabled after the app passes App Review. Apple monitors for such behavior, and in 2024, rejected over 43,000 app submissions for containing hidden or undocumented features.
Are they saying that there were 43K apps that, like Fortnite, tricked App Review and had to be blocked after the fact? I don’t see that as an endorsement of the current system vs. what sideloading and code signing would offer.
These bad actors can also attempt to deceive users by disguising potentially risky software as seemingly innocuous apps. Last year, App Review removed over 17,000 apps for bait-and-switch maneuvers such as these, as part of its ongoing efforts to routinely monitor and take action against problematic apps.
Again, it sounds like these all got through App Review.
Nick Heer:
This has become an annual tradition in trying to convince people — specifically, developers and regulators — of the wisdom of allowing native software to be distributed for iOS only through the App Store. Apple published similar stats in 2021, 2022, 2023, and 2024, reflecting the company’s efforts in each preceding year.
[…]
There are plenty of numbers just like these in Apple’s press release. They all look impressive in large part because just about any statistic would be at Apple’s scale. Apple is also undeniably using the App Store to act as a fraud reduction filter, with mixed results. I do not expect a 100% success rate, but I still do not know how much can be gleaned from context-free numbers.
M.G. Siegler:
I’m totally fine if Apple wants to point such numbers out as a way to upsell their own services, such as the App Store itself, and their payments infrastructure. But I’m worried this is more about the continued justification for why they need to keep the App Store locked down.
Craig Hockenberry:
Now do Stripe.
The App Store processes about $100B/year, while Stripe does about $1T/year. So, roughly, Stripe’s business is 10x of Apple’s *
It also tells us that Apple’s fraud rate is 2% ($2B / $100B). Let’s assume that Stripe’s has a similar fraud rate: that means they prevented $20B last year, or $100B vs. Apple’s $9B.
Apple’s still thinking like they area the only ones on the Internet that can process money securely…
Jake Mor:
Finally figured out why your app keeps getting rejected... because Apple takes pride in it.
Jeff Johnson:
It’s possible, perhaps likely, that Apple executives BELIEVE that the crApp Store is not full of scams, in the same way they may believe that their operating systems are not full of bugs: they have “internal metrics” telling them what they want to hear. In both cases, Apple’s own QA is practically nonexistent due to overwork and understaffing, while their external issue reporting system is overly difficult and unresponsive, a black hole.
The execs only see problems when they come via the media.
John Gruber (Mastodon):
What some App Store critics argue is that if any substantial amount of fraud, scams, or rip-offs occur through apps distributed through the App Store, that proves that there are no protective benefits of the App Store model. That’s nonsense. There are high-crime cities and low-crime cities, but there exist zero no-crime cities. The question is whether Apple is catching most — or even just “enough” — scammers. Scammy apps, pirated apps, fraudulent app reviewers. You name it.
Aside from the very small alternative marketplaces in the EU, Apple has made sure that there’s no competition for the App Store. So we can’t actually compare whether they’re doing a good job. All we know is that they block a lot but also that a lot gets through. The main point I would make here is that I don’t think Apple has presented much evidence that the current system is safer than something more like the Mac model with notarization. If the App Store is a magnet for scammers because the search and reviews are so easy to game, and if almost all the damage could be blocked post–App Review, then it’s hard to see how the protections around discovery and the review process are really load-bearing.
Jeff Johnson:
Defenders vastly underestimate the extent to which App Store is a scammer’s paradise that makes it much easier to find victims and take their money. Apple handles hosting, search, downloads, and payments for scammers. “Free with IAP” auto-renewing subscriptions are inherently scammy. And Apple tells users to trust the App Store, lowering their guard.
As the sole source of iOS apps, App Store is a single point of failure. Once you sneak in, you’re golden.
James Remeika:
One very weird stat this year: apps using StoreKit & Apple Pay fell more than 50% since the ’23 report. This stat has been included in this report every year[…]
See also: Mac Power Users.
Previously:
App Review App Store App Store Scams iOS iOS 18 Notarization Payments Sideloading Stripe
