Thursday, March 28, 2024

Facebook’s Project Ghostbusters

Lorenzo Franceschi-Bicchierai (tweet, via Nick Heer):

In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers. The goal was to understand users’ behavior and help Facebook compete with Snapchat, according to newly unsealed court documents. Facebook called this “Project Ghostbusters,” in a clear reference to Snapchat’s ghost-like logo.

[…]

The document includes internal Facebook emails discussing the project.

“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, which was published as part of the lawsuit. “Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.”

Facebook’s engineers solution was to use Onavo, a VPN-like service that Facebook acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that Facebook had been secretly paying teenagers to use Onavo so the company could access all of their web activity.

[…]

Later, according to the court documents, Facebook expanded the program to Amazon and YouTube.

Jason Kint (PDF):

Yellow highlight indicates redactions just lifted in nine unsealed plaintiffs briefs in private antitrust lawsuit. Wild stuff.

[…]

You can read the press back in Jan 2019 spoon fed by Facebook PR to friendlies with no mentions of decrypting SSL then compare to this internal email below sent to Facebook’s most senior executives - “currently includes SSL decryption”…

[…]

court also unsealed (in yellow) a brief re: Netflix whose CEO sat on Facebook’s board. The lawsuit allegations are Netflix was one of the companies where Facebook backed off competing in exchange for data to boost its ad targeting signals.

Jesse Squires:

When I worked at Instagram/FB, I routinely saw presentations with data harvested from the Onavo “VPN”.

I remember asking “how do we know this user data about YouTube and SnapChat?”

The answer: “Onavo.”

I still don’t know how this wasn’t illegal and anti-competitive. Surely it was.

Previously:

Giving Up on Siri and HomePod

Jim Dalrymple:

Siri has done what no person could for 30 years: Make me stop using an Apple product.

I am giving up on my 8 HomePods/minis out of the sheer frustration of trying to use Siri.

I’ve been in tech for 30 years and this is one of the worst technologies ever and only getting worse

The Dalrymple Report:

We also talk about my continued frustration with Siri and why I’m so upset with Apple.

Storm Garelli:

When the HomePods were first launched, Apple said the onboard Siri had deep knowledge of music.

5 years later it still pronounces live albums as if “live” rhymes with “give”. And it still thinks Rush had an album called “Two Thousand, One Hundred, and Twelve”.

Most basically, it just doesn’t work very well for requesting music, even for purchases that it actually has access to.

Christian Selig:

While I’m complaining about Siri devices, it still blows my mind that HomePod, a product that has existed for over half a decade and is marketed as a speaker for your Mac, cannot pause audio in Apple’s own apps without a 5 second delay

Josh Johnson:

I honestly think Apple should kill the Siri brand. I’m not sure it can recover from the universal understanding that it’s just not good. Launch an LLM-powered assistant that actually does things, call it something else. Let Siri die.

Ty Belisle:

Man, you’re right. I’ve thought they should make a very bold “Siri 2.0” announcement, but it’s true the name Siri is so spoiled that they should ditch it. Would also allow them to come up with a new 3-syllable name (like “Alexa” - less accidental triggers, but still one word).

Previously:

Siri Regressions in iOS 17

For many years, I’ve been saying “Hey Siri, remember to x” to create reminders on my iPhone (to be transferred to OmniFocus). Sometimes it would have trouble with the “x,” but it would always create a reminder. Now, this only works some of the time: sometimes it creates a reminder, but sometimes it creates a note. I have not seen any other documentation of this change, and what’s especially strange is that the behavior is not consistent. I can say the exact same thing twice in a row and end up with one reminder and one note. I tried to look up how Apple intends it to work and found only this:

You can ask Siri to schedule a reminder for you on your iOS device or your Apple Watch. Here are a few examples:

  • “Remind me to feed the dog every day at 7:30 a.m.”
  • “Remind me when I get home to check the mail.”
  • “Remind me when I leave here to stop by the grocery store.”
  • “Remind me tomorrow at 3:00 p.m. to call Tara.”

Indeed, “remind me” seems to always create a reminder. I’m trying to switch, but it’s taking a while for me to get used to saying that. But what happened to “remember to”? I don’t see any documentation from Apple about that. The notes documentation only mentions “Start a new note”. There are lots of third-party sites confirming my memory that “Remember to” used to create reminders.

I don’t like “Remind me” because, for many short reminders, “Remind me x” or “Remind me to x” sounds ungrammatical.

“Remember” is also problematic in that sometimes if I tell it to remember a podcast (meaning that I want a reminder to listen to that podcast) it will tell me that it has subscribed me to the podcast—only it did not actually do so in either Overcast or in Apple Podcasts.

Even with “Remind me,” Siri has the same old problems:

Alan Jacobs:

A significant change in Siri dictation over the past few months: commas. Commas that I don’t ask for. Lots and lots of commas. This has made dictation effectively unusable for me, and I wonder whether it’s time for me to start looking for a different phone.

meowkoteeq:

for years i used to say “balcony” or “dining table light” to Siri, and it would just toggle the lights.

a few weeks ago it forgot how to do that. now it always confirms “do i turn it on or off?”. it’s literally getting more and more stupid

Joseph Bella:

It is astounding how bad it is. Even things that used to work fine like asking Siri to send a text message now don’t seem to work consistently anymore. Sometimes she asks me if I want to use the phone number or email, and other times it just tries to call the person. Sigh.

Previously:

Wednesday, March 27, 2024

“MFA Bombing” Attacks Targeting Apple Users

Brian Krebs (MacRumors, Hacker News):

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user’s account is under attack and that Apple support needs to “verify” a one-time code.

[…]

Some people confronted with such a deluge may eventually click “Allow” to the incessant password reset prompts — just so they can use their phone again. Others may inadvertently approve one of these prompts, which will also appear on a user’s Apple watch if they have one.

[…]

“I pick up the phone and I’m super suspicious,” Patel recalled. “So I ask them if they can verify some information about me, and after hearing some aggressive typing on his end he gives me all this information about me and it’s totally accurate.”

[…]

KrebsOnSecurity tested Ken’s experience, and can confirm that enabling a recovery key does nothing to stop a password reset prompt from being sent to associated Apple devices.

I wonder why this isn’t rate limited.

Previously:

1Password.co Tracking Links

Cabel Sasser:

PSA: 1Password uses “1Password.co” for email links — instead of their usual “1Password.com” domain.

Craig Hockenberry:

So the “phishing link” with the .co domain was a valid link and documented as such.

But I still find it inexcusable.

That link caused 30 minutes of complete panic. I know enough about how phishing works to know how absolutely fucked I’d be if that link hadn’t just been to track my click in the email.

Which brings up another question: why is a company I pay to protect my private information using tracking links in the emails it sends me?

Cabel Sasser:

Craig isn’t an idiot; it 100% feels like phishing. If you ask me, tracking link clicks and opens in emails is simply not worth the potential freak-out when you think you’ve been phished[…]

Sam Schmitt:

Another way of looking at this: [it’s] best practice to use a different domain for stuff like this. If the marketing tool gets compromised, you don’t want it to have the ability to send actual phishing domains on the real domain. You’ll see it with other stuff, like Microsoft logins being on “microsoftonline.com”. I agree it does mean you do some double takes.

Hex Batch:

best practice is using subdomains and not cousin domains.

Troy Hunt:

What makes this situation so ridiculous is that while we’re all watching for scammers attempting to imitate legitimate organisations, FedEx is out there imitating scammers! Here we are in the era of burgeoning AI-driven scams that are becoming increasingly hard for humans to identify, and FedEx is like “here, hold my beer” as they one-up the scammers at their own game and do a perfect job of being completely indistinguishable from them.

Previously:

Noncopyable Generics Walkthrough

Ben Cohen:

Non-copyable generics aren’t for every-day code – but we’ve put a lot of care into making them stay out of your way until you need them, and then keeping them usable once you do. They will allow libraries to unlock more performance and safety for end users.

[…]

To help tie all these pieces together, I wrote up some code that uses all these proposals in order to build a basic singly-linked list type.

[…]

This is a struct that opts out of the default Copyable conformance via : ~Copyable. This allows it to have a deinit, like a class. This type uses no reference counting to know when to destroy the box. The type cannot be copied, so when it goes out of scope, the deinit is called by the compiler.

[…]

The generic placeholder Wrapped, which can stand in for the type of anything you want to put in the box, is also marked ~Copyable. This means that the Box type cannot make any copies of its wrapped type. […] What this ~Copyable annotation means is just that the Box type doesn’t know if the type it holds is copyable, which means it can safely hold both copyable and non-copyable types.

[…]

Sequence, and therefore for…in, does not yet support non-copyable types. Sequence could be made to support it today by marking the protocol up as ~Copyable and having makeIterator() be consuming. However this is probably not desirable. Mostly, you want iteration to be a borrowing operation. Accomplishing this needs more language features.

Previously:

Tuesday, March 26, 2024

Canva Acquires Affinity/Serif

Jess Weatherbed (Hacker News, MacRumors, Mac Power Users):

Web-based design platform Canva has acquired the Affinity creative software suite, positioning itself as a challenger to Adobe’s grip over the digital design industry. Canva announced the deal on Tuesday, which gives the company ownership over Affinity Designer, Photo, and Publisher — three popular creative applications for Windows, Mac, and iPad that provide similar features to Adobe’s Illustrator, Photoshop, and InDesign software, respectively.

Official figures for the deal have not been revealed, but Bloomberg reports that it’s valued at “several hundred million [British] pounds.” Nevertheless, the acquisition makes sense as the Australian-based company tries to attract more creative professionals. As of January this year, Canva’s design platform attracted around 170 million monthly global users. That’s a lot of people who probably aren’t using equivalent Adobe software like Express, but unlike Adobe, Canva doesn’t have its own design applications that target creative professionals like illustrators, photographers, and video editors.

Olivia Poh (via Hacker News):

It’s the biggest outlay yet by Australia’s most valuable startup, priced at $26 billion in its latest share sale, and marks a milestone in the expansion of its range of professional tools.

Affinity (Mastodon, PR, forum, 2):

None of that changes today.

In Canva, we’ve found a kindred spirit who can help us take Affinity to new levels. Their extra resources will mean we can deliver much more, much faster. Beyond that, we can forge new horizons for Affinity products, opening up a world of possibilities which previously would never have been achievable.

[…]

There are no changes to our current pricing model planned at this time, with all our apps still available as a one-off purchase. Existing Affinity users will be able to continue to use your apps in perpetuity as they were originally purchased – with plenty of free updates to V2 still to look forward to!

Canva:

Trusted by more than three million creative professionals across the globe, Affinity’s award-winning suite of professional design software has become a sought-after solution for everything from photo editing to complex graphic and vector design. Together, we’re setting our sights on empowering every kind of team and organization to achieve their goals.

[…]

While our last decade at Canva has focused heavily on the 99% of knowledge workers without design training, truly empowering the world to design includes empowering professional designers too. By joining forces with Affinity, we’re excited to unlock the full spectrum of designers at every level and stage of the design journey.

Nick Bonyhady:

Canva has made its largest acquisition to date, likely spending more than $1 billion to buy professional design software company Serif to compete directly with Adobe as its prepares a long run at going public.

Craig Grannell (Mastodon):

Although the press has in recent years often positioned Serif as a kind of scrappy underdog newcomer, the company has a long history. It was founded in 1987, which makes it only five years younger than Adobe. Most of its recent history has been tied up in becoming a direct competitor to Adobe – and also a direct competitor to Adobe’s business model. Through its Affinity suite, Serif offered an alternative: buy-once apps rather than subscriptions. And although I can’t imagine Serif makes anything other than a minority of its sales on iPad, the company’s superb Affinity apps for Apple’s tablet – compared to Adobe’s comparatively stumbling efforts – haven’t hurt the company’s reputation any.

[…]

Version 3 of the Affinity suite will probably be the moment we’ll know. You can already picture a press release stating that Canva has made the “difficult decision” to move Affinity apps to subscriptions, and a “hard choice” to move development from Nottingham to Canva HQ in Australia. I hope this won’t be the case, but we’ve seen this scenario play out so many times before.

Rui Carmo:

The Affinity suite is (for the moment) good quality native Mac software that does not rely on cloud features nor has a subscription model.

As much as their FAQ claims that will not change, I think we’ve all seen this before–in short, I don’t trust Canva one whit and fully expect to revisit this post in a year when Serif/Affinity breaks one of those three tenets above and forces me to move away from their software.

Christina Warren:

I’m selfishly sad to see Canva acquire Affinity b/c I know it will the end to our cheap perpetually-licensed design tools for Mac/Windows/iOS, however, this is a really smart move from Canva who makes an excellent web-based design tool for normies.

Previously:

Affinity (2022, via John Gruber):

Ain’t nobody acquiring us 😎

Update (2024-03-27): See also: TidBITS-Talk.

Update (2024-03-28): Scharon Harding (via Craig Grannell):

“Perpetual licenses will always be offered, and we will always price Affinity fairly and affordably,” an announcement today from Canva and Affinity said.

If Canva ever decides to sell Affinity as a subscription, perpetual licensing will remain available, Canva said, adding: “This fits with enabling Canva users to start adopting Affinity. It could also allow us to offer Affinity users a way to scale their workflows using Canva as a platform to share and collaborate on their Affinity assets, if they choose to.”

Rui Carmo:

Wow, Affinity and canva are really trying to do damage control here, but the reality is nobody believes that existing customers won’t be coaxed into a subscription service or cloud features they don’t need. We can blame Adobe for poisoning the well, I guess.

DMA Non-Compliance Investigations

European Commission (via Hacker News, MacRumors):

Today, the Commission has opened non-compliance investigations under the Digital Markets Act (DMA) into Alphabet’s rules on steering in Google Play and self-preferencing on Google Search, Apple’s rules on steering in the App Store and the choice screen for Safari and Meta’s “pay or consent model”.

The Commission suspects that the measures put in place by these gatekeepers fall short of effective compliance of their obligations under the DMA.

[…]

The Commission has opened proceedings against Apple regarding their measures to comply with obligations to (i) enable end users to easily uninstall any software applications on iOS, (ii) easily change default settings on iOS and (iii) prompt users with choice screens which must effectively and easily allow them to select an alternative default service, such as a browser or search engine on their iPhones.

The Commission is concerned that Apple’s measures, including the design of the web browser choice screen, may be preventing users from truly exercising their choice of services within the Apple ecosystem, in contravention of Article 6(3) of the DMA.

[…]

Apple’s new fee structure and other terms and conditions for alternative app stores and distribution of apps from the web (sideloading) may be defeating the purpose of its obligations under Article 6(4) of the DMA.

John Gruber:

You could have set your watch by this announcement dropping the week after the EC held compliance “workshops”. There was no way any of these companies weren’t going to be “investigated” and I doubt there’s any way they won’t eventually get fined. Whether any of them will ever need to pay those fines, that I wouldn’t bet on.

[…]

But most of the built-in apps in iOS can be removed from your iPhone the exact same way you delete apps from the App Store. There’s a handful that can’t, among them: Settings, Camera, Photos, App Store, Phone, Messages, and Safari. You can remove those apps from your Home Screen, but they remain in your App Library. If the EC is really going to investigate Apple over removing default apps, I presume they’re thinking that Safari, in particular, needs to be deletable, because making it un-deletable is a form of preferencing? It’s all guess work. I further suppose they might want the App Store app to be deletable, but that’s a problem because it’s through the App Store that a user can re-install built-in apps they’ve previously deleted.

[…]

There’s no mechanism for a new browser that was never in the App Store to be included in the choice screen until a year after it becomes popular enough — via sideloading or distribution through alternative app marketplaces — to make the list. But DMA article 6(3) doesn’t actually say that.

Ben Lovejoy:

If that investigation confirms that Apple failed to comply with the antitrust law, then the iPhone maker could be fined up to 10% of its worldwide turnover – increasing to 20% for repeat infringements …

[…]

Such investigations take time, but in this case the stated goal is to complete it in less than a year – which is lightning speed by the usual standard.

That won’t be the end of matters, however. If the EU does find Apple non-compliant, the Cupertino company will appeal the ruling, and we will then be set for literally years of court battles as the case works its way up the court hierarchy.

John Gruber:

A few readers have asked about my speculation that Apple, along with the other DMA-designated gatekeepers (none of which are European companies of course), might reasonably pull out of the relatively small EU market rather than risk facing disproportionately large fines from the European Commission.

[…]

So EU member states account for only 25–30 percent of Apple’s revenue from “Europe”, and just 7 percent globally. 7 percent is significant, to be sure, and in addition to users, there are of course many iOS and Mac developers in EU countries. I really don’t know what Apple pulling out of the EU would even look like, but it would be ugly.

Previously:

Update (2024-03-28): John Gruber:

Kara Swisher Interviews Margrethe Vestager

Movie Piracy App Tops App Store Charts

Joshua Long:

On Tuesday, [March] 12, a researcher named Kedsayahm noticed that an app that featured pirated TV shows and movies was quickly climbing the charts in the App Store. The app was already #1 in the Entertainment category in Egypt at the time, and in the top 10 for Entertainment in at least three other countries: Saudi Arabia, Italy, and Germany. It was also #21 in the Entertainment category in the United States, and #170 in the Top Free in the U.S. as well.

[…]

By [March] 14, the app had reached astounding highs: #2 in the Entertainment category in the U.S., and #18 in the overall Top Free list in the U.S., in the iOS App Store. This is especially surprising considering that the app’s name, tagline, icon, and screenshots were all in Arabic—even in the English-language U.S. App Store.

[…]

But another concerning aspect of the story is that the app included in-app purchases: $5.99 to supposedly remove ads (no ads were visible in the researcher’s screen recording), and 99¢ to “tip” the developer.

[…]

Also last week, there was yet another fake cryptocurrency app in the App Store. It seems to have first been reported on publicly on May 11, a day before the piracy app was called out. This app used the logo and name of PancakeSwap, a decentralized finance (DeFi) site that doesn’t have an official app.

Luc Vandal:

In today’s “App Review is Clearly Fucked Up” news, it is now considered manipulating reviews to ask for them in the What’s new section? 🤦‍♂️

And no, Screens doesn’t manipulate reviews; it follows the approved method of requesting reviews from users.

I also don’t like that they imply that we manipulate reviews. Please concentrate on actual scammers, Apple, not legit developers that have been on the App Store since its inception.

skarh:

Got a notice two weeks ago that my app would be removed due to some screenshots that weren’t in compliance with the guidelines. Have since then uploaded a new version with screenshots that are in compliance with the guidelines, but the reviewer still decided to reject based on the same guideline.

Wrote a reply to the reviewer 24 hours ago (10 min after the rejection), explaining that the screenshots are in compliance, but still has not gotten a reply. And today the app was removed from sale. How long should one have to wait for a reply from the reviewer?

Have filed an appeal. but that usually takes days, and even weeks. So my app will lose all momentum on the charts!

Previously:

How to Recover macOS Recovery

Howard Oakley:

Rarely, the Recovery volume becomes deleted, or the secure disk image it should contain gets removed. Unfortunately the only means of restoring it is to perform a macOS update, and even then some Macs seem unable to recover Recovery without the boot volume group being deleted and installed from scratch, best performed when booted from an external disk. Unfortunately, on Intel Macs with T2 chips, you might need to enable that using Startup Security Utility, which is, of course, only available in Recovery. You may now scream if you like.

[…]

When the Paired Recovery system on an Apple silicon Mac is updated in a macOS update, the Recovery system from that should be copied to the Recovery volume on one of its two hidden containers, named Apple_APFS_Recovery. In the past, that process has been unreliable, but Apple has improved that, and your Mac should now have a good chance that Fallback Recovery is available. Apart from Fallback Recovery being older than your current version of macOS, it also doesn’t offer the Startup Security Utility, so can’t be used to change Secure Boot settings, its major disadvantage.

[…]

If neither Paired nor Fallback Recovery are available, the best way to restore them for an Apple silicon Mac is to put that Mac into DFU mode, connect it to another recent Mac using a USB-C charging cable (not a Thunderbolt cable, which won’t work), then run Apple Configurator 2 on the other Mac. In that, download the current IPSW image and use that to refresh the ailing Mac’s firmware.

Previously:

Monday, March 25, 2024

Digital Wallets and the “Only Apple Pay Does This” Mythology

Matt Birchler:

The FPAN is the “funding primary account number” and it’s the 15-18 digit number printed on your physical card. The DPAN is your “device primary account number”.

[…]

It’s notable that it’s called a DPAN and not “the Apple Pay number” – it’s a generic term, and that’s because this is a standard feature of digital wallets everywhere, not just Apple Pay. Google Pay and Samsung Pay are the biggest other digital wallets in the U.S. and they both do exactly the same thing. While it’s not technically using a DPAN since the payment runs through different companies, Amazon Pay and Shop Pay buttons also obscure the actual FPAN (full card number) from merchants.

[…]

The DPAN is always the same for subsequent transactions at the same merchant. So yes, while this can hinder data brokers from easily buying transaction data from a bunch of different merchants and figuring out shopping trends across those merchants, it does nothing to stop a single merchant from seeing your transaction history with just the DPAN provided by Apple Pay.

[…]

There’s also an idea I see sometimes […] that Apple Pay obscures your personal information. That’s simply not true.

Previously:

Update (2024-03-28): See also: Hacker News.

iPulse for iOS

Craig Hockenberry (Mastodon):

An app that can monitor your device is a great thing to have when you need it, but can get in the way when you don’t. On iOS we solved this problem by using Picture in Picture technology.

[…]

iPulse for iOS/iPadOS literally creates a movie of what’s going on inside your device and updates it every second. You can resize the display to fit well on your screen, or slide it out of the way completely.

[…]

iPulse also provides an alternate view of your storage: the display you’re used to seeing in Settings > General > Storage does not include cached data used by iCloud and other apps. iPulse shows how much actual space is being used.

Craig Hockenberry:

We show actual bytes used on the media, Apple only shows stuff that can’t be jettisoned. And everyone asks about the discrepancy because they have no idea why it would be different. Neither did I at first!

But knowing the true status can be important because reclaiming space can be a bottleneck for all kinds of things.

Craig Hockenberry:

Here we have devices that are equal in power to their Mac counterparts and they have to make noise in order to run in the background. What. The. Actual. Fuck.

Previously:

macOS 13.6.6

Apple (full installer):

This document describes the security content of macOS Ventura 13.6.6.

There does not seem to be an update for Monterey.

Previously:

macOS 14.4.1

Juli Clover (release notes, security, developer, enterprise, full installer, IPSW):

According to Apple’s release notes, the macOS Sonoma 14.4.1 update fixes an issue that could cause USB hubs connected to external displays not to be recognized. It also addresses an issue that could cause apps with Java to quit unexpectedly, and it fixes an issue that could cause Audio Unit plug-ins for professional music apps not to open.

macOS 14.4 was an unusually bad update that perhaps should have been pulled, but it’s good to see reasonably quick fixes. The release notes do not mention a fix for the iCloud Drive versions data loss bug. It does include the security fixes from last week’s iOS 17.4.1 and iPadOS 17.4.1, which didn’t have a corresponding macOS update.

Hopefully an Xcode update is on the way, too.

See also: Howard Oakley and Mr. Macintsoh.

Previously:

Update (2024-03-26): Mario Guzmán:

So can they just not be bothered with adding release notes anymore?

Also minimalism/clean UI is just awful. They’ve reduced it so much that this view just looks like its still in development and there is so much duplicate info.

Howard Oakley:

This Sonoma update also fixes the bug that stripped saved versions from files in iCloud Drive that had been evicted. I have now tested this on three different Macs (Intel T2 and Apple silicon) and confirmed that handling of saved versions in 14.4.1 has now returned to that expected.

Barry Collins (via Ric Ford):

Although the patch does appear to have fixed those issues for some customers, others are now complaining of fresh problems.

On Reddit, Mac owners are reporting that the update has effectively bricked their Mac. “I installed 14.4.1 on my M1 Mac mini and the opening screen is all I get. No login. I’ve tried restarting and starting in recovery mode, to no avail.” Another Mac owner reports seeing the same problem in the Reddit thread.

[…]

Others are seeing ongoing problems with hubs, which the patch was designed to fix.

For example, one Mac owner claims that a Thunderbolt 4 dock that was working normally in macOS 14.4 stopped working once the 14.4.1 update was applied.

[…]

Others are discovering fresh problems that seem to have resulted from this update. “I just updated while at work and I was connected to an external monitor,” writes a MacBook Pro owner on MacRumors.com. “Now after the update it no longer recognizes the external monitor.”

Friday, March 22, 2024

_eventFirstResponderChainDescription

Stephan Casas:

AppKit includes a private category on NSApplication that adds _eventFirstResponderChainDescription — a string describing the current responder chain. This can be a really useful debugging tool!

When your views aren’t handling input events in the way you’d expect, consider dropping this extension into your project to see what’s what[…]

Update (2024-03-25): You can also set the _NS_4445425547 user default to see a Cocoa debug menu. I tend to just leave this enabled in my apps.

Apple Manuals, Specs, and Downloads

John Voorhees (Mastodon):

Apple has consolidated documentation for its products, including manuals, technical specifications, and downloads on a new webpage that was first discovered by the Japanese-language website Mac Otakara and reported on this morning by MacRumors.

Update (2024-03-25): Ric Ford:

Apple has a completely unrelated web page for information about downloading macOS.

Epic Challenges External Link Rules and Commission

Jon Brodkin (Hacker News):

Epic Games yesterday urged a federal court to sanction Apple for alleged violations of an injunction that imposed restrictions on the iOS App Store. Epic cited a 27 percent commission charged by Apple on purchases completed outside the usual in-app payment system and other limits imposed on developers.

“Apple is in blatant violation of this Court’s injunction,” Epic wrote in a filing in US District Court for the Northern District of California. “Its new App Store policies continue to impose prohibitions on developers that this Court found unlawful and enjoined. Moreover, Apple’s new policies introduce new restrictions and burdens that frustrate and effectively nullify the relief the Court ordered.”

[…]

Apple said the charge “complies with the Injunction’s plain terms” and is “consistent with the Court’s rationale for upholding Apple’s other App Store policies.”

[…]

Epic argues that “Apple’s new scheme so pervasively taxes, regulates, restricts and burdens in-app links directing users to alternative purchasing mechanisms on a developer’s website (‘External Links’ or ‘Links’) as to make them entirely useless. Moreover, Apple continues to completely prohibit the use of ‘buttons… or other calls to action’ in direct contravention of this Court’s Injunction.”

Juli Clover:

Meta, Microsoft, X, and Match today joined Epic Games to protest the way Apple complied with a court ruling requiring it to walk back its anti-steering rules. In an amicus brief in support of Epic Games (via The Wall Street Journal), the four companies said that the fees Apple is charging are too high, and that there are too many restrictions on how developers link to their websites. “The Apple Plan comports with neither the letter nor the spirit of this Court’s mandate,” reads the brief.

Previously:

iOS 17.4.1 and iPadOS 17.4.1

Juli Clover (release notes, security “coming soon”, developer):

According to Apple’s release notes, the iOS 17.4.1 update includes important security updates and bug fixes.

Mr. Macintosh:

macOS ??? 😰

Previously:

Update (2024-03-25): SupportDiffs (via Holger Eilhard):

Apple updated: “If your iPad is unable to scan QR codes after updating to iPadOS 17.4”

Update (2024-03-28): Joe Rossignol:

Apple on late Tuesday released revised versions of iOS 17.4.1 and iPadOS 17.4.1 with an updated build number of 21E237, according to MacRumors contributor Aaron Perris. The updates previously had a build number of 21E236.

[…]

It is unclear what changed between the builds, if anything, but any potential differences are likely very minor.

[…]

There have been sporadic reports on social media about iOS 17.4 and iOS 17.4.1 causing some iPhones to get stuck in a boot loop, so perhaps the new build will allow those devices to be properly restored, but this is merely speculation.

Thursday, March 21, 2024

U.S. Sues Apple Over iPhone Monopoly

David McCabe and Tripp Mickle (PDF, CourtListener, Hacker News, MacRumors):

The Justice Department joined 16 states and the District of Columbia to file an antitrust lawsuit against Apple on Thursday, the federal government’s most significant challenge to the reach and influence of the company that has put iPhones in the hands of more than a billion people.

In an 88-page lawsuit, the government argued that Apple had violated antitrust laws with practices that were intended to keep customers reliant on their iPhones and less likely to switch to a competing device.

The tech giant prevented other companies from offering applications that compete with Apple products like its digital wallet, which could diminish the value of the iPhone, and hurts consumers and smaller companies that compete with it, the government said.

Lauren Feiner:

The government points to several different ways that Apple has allegedly illegally maintained its monopoly:

  • Disrupting “super apps” that encompass many different programs and could degrade “iOS stickiness” by making it easier for iPhone users to switch to competing devices
  • Blocking cloud-streaming apps for things like video games that would lower the need for more expensive hardware
  • Suppressing the quality of messaging between the iPhone and competing platforms like Android
  • Limiting the functionality of third-party smartwatches with its iPhones and making it harder for Apple Watch users to switch from the iPhone due to compatibility issues
  • Blocking third-party developers from creating competing digital wallets with tap-to-pay functionality for the iPhone

My high-level, non-lawyer-who-hasn’t-read-the-whole-filing take is that the DOJ’s case stretches existing law, but it may prove useful in revealing information and in shifting public opinion. I’m skeptical that this will amount to much more than a giant distraction. I wish Congress had passed better laws and that Apple hadn’t acted so badly.

Merrick B. Garland:

Apple has maintained monopoly power in the smartphone market not simply by staying ahead of the competition on the merits, but by violating federal antitrust law.

[…]

We allege that Apple has employed a strategy that relies on exclusionary, anticompetitive conduct that hurts both consumers and developers.

For consumers, that has meant fewer choices; higher prices and fees; lower quality smartphones, apps, and accessories; and less innovation from Apple and its competitors.

For developers, that has meant being forced to play by rules that insulate Apple from competition.

Via John Gruber:

Defining the iPhone as a monopoly when it has somewhere around 55 percent market share in the U.S. is obviously the first thing the DOJ needs to prove.

Jason Snell:

The DoJ attempts to square this circle in a few different ways:

  • It uses revenue instead of unit sales, pointing out that Apple and Samsung combined hold 90 percent of the U.S. smartphone market by revenue.
  • It creates a new sub-market, the “Performance Smartphone,” which pushes Apple up to about 70 percent of the market in terms of unit sales.

  • It accuses Apple of attempting to create a monopoly through its various business tactics, which is also illegal.

This is where I think existing law is lacking. iPhone is probably not a monopoly in the traditional sense. But it’s obviously not Nintendo, either. And I would argue that it’s much closer to the former than the latter. Apple thinks of itself as providing a highly differentiated product, which is true in a sense, but I see its hardware-software platform as approaching a utility. The smartphone revolution was so successful that the product has become table stakes for modern life. When everyone needs mobile Internet and app access, and the barriers to entry are astronomical, it makes more sense to think of iPhone/iOS as an electric company or an ISP than as a more powerful Nintendo Switch. We should be thinking in terms of common carriers and network neutrality. I don’t know whether there’s a good regulatory solution. Certainly, it could be a disaster if done heavy handedly.

Sebastiaan de With:

I am supportive of good legislation in tech (especially for privacy and user rights) but this Apple DOJ complaint is everything that can be bad about government tech regulation: an ignorant, pointless exercise which will likely hamper making meaningful laws that help us as users.

Manton Reece:

Competition across iOS and Android platforms is important, but competition just within iOS is important too. My complaints have always been about Apple’s exclusive control over app distribution, regardless of Android.

[…]

Even though there is a smartphone duopoly with iOS and Android, iOS alone reaches so many hundreds of millions of people that it is effectively a market on its own. If you want to build and distribute for the most commercially viable smartphone platform, you have no choice but to follow Apple’s rules. Until Apple lets developers route around that monopoly through external payments and sideloading, there will be pushback.

John Gruber:

This summary reeks of technical naivety. The DOJ is alleging that, for example, Apple Watch and iPhone work better together than third-party watches with iPhones not because of specific integration, but because Apple is locking third parties out. Same with Tile trackers vs. AirTags. The only alternative would be to allow third parties to install system software extensions on iOS, like on a Mac or PC.

I think both are true. As one would expect, the DOJ’s technical understanding is not great. I suppose you can argue as to why Apple did so, but it’s undeniable that it prevented third-party products in these categories from being competitive. Other companies innovated and got there first, Apple blocked them, privileged its own products, and took over the market.

Jason Snell:

So what surprised me is that they didn’t do the expected “Apple needs to make their watch work on other platforms”, they did the “Apple makes it impossible for other watches to work on their platform” -- which as someone who used to use a Pebble is 100% a better argument.

Ben Thompson:

This is the worst history of the iPod I’ve ever seen.

If Microsoft had been able to charge 30% on all iTunes for Windows purchases, even without restricting its availability or functionality, history would have been very different. I don’t think it’s a stretch to believe that Apple’s policies could (or may already have) prevented the emergence of the next iPod. Imagine if the Web browser hadn’t already been invented. Or look at something like the Humane Ai Pin and how it seems like they had to contort the entire design and purpose of the product because they knew they would be locked out of really integrating with iOS. Apple would say that, not even knowing about what a product like this could have been, customers chose iOS because they wanted to be protected from its ilk. I find it hard to take this sort of argument seriously, even as I also see that somehow mandating the sort of integration you’d want would be a mess.

Florian Mueller:

Here’s the most brutal sentence thus far:

“Rather, to protect its smartphone monopoly—and the extraordinary profits that monopoly generates—Apple repeatedly chooses to make its products worse for consumers to prevent competition from emerging.”

Mysk:

“In the end, Apple deploys privacy and security justifications as an elastic shield that can stretch or contract to serve Apple’s financial and business interests.”

Steve Troughton-Smith:

“Rather than respond to competitive threats by offering lower smartphone prices to consumers or better monetization for developers, Apple would meet competitive threats by imposing a series of shapeshifting rules and restrictions in its App Store guidelines and developer agreements that would allow Apple to extract higher fees, thwart innovation, offer a less secure or degraded user experience, and throttle competitive alternatives.”

Tyler Hall:

“…Apple would meet competitive threats by imposing a series of shapeshifting rules and restrictions in its App Store guidelines and developer agreements…”

“Shapeshifting” App Store rules and guidelines. Goddam, what a wonderful way to describe it.

Dare Obasanjo:

The root of Apple’s recent success Apple to use dominance of the iPhone to push for dominance elsewhere (see Pay, Watch, AirPods). Even then it’s still shockingly bold that Apple told car manufacturers that the only way to keep CarPlay is if they let Apple take over the dash.

Benjamin Mayo:

There’s no sourcing on these flyby quotes from unnamed Apple employees, but this is somewhat juicy: it sounds like an iPhone product manager explaining how they should differentiate Pro vs non-Pro models more aggressively.

Florian Mueller:

An abstract way of looking at the DOJ’s antitrust action against Apple is that it’s like they’re zooming in on the very part that the district court and the appeals court said Epic had failed to prove: customer lock-in.

Epic’s sacrifice was not in vain, apart from the injunction.

Steve Troughton-Smith:

It was really naïve to think Epic ‘lost’ its fight against Apple. Everything Epic fought for is going to come to pass, and Apple has trashed its reputation in the process while daring regulators the world over to start peeling the layers of its business apart with a crowbar.

Damien Petrilli:

I’m curious to see how long it’ll be before shareholders start questioning Apple about how they’re handling regulations.

Apple keeps getting fined for acting in bad faith and is risking more fines. They’ve wasted time and effort making 600 APIs instead of just opening iOS like macOS.

The costs are going to outweigh the benefits soon, which doesn’t make sense because they earn most of their money from hardware and they wouldn’t lose all services revenue either by opening up.

Apple still thinks it can control everything like the early days. It should’ve gradually let go, knowing this approach wasn’t going to last forever, reaping the benefits in the meantime.

See also: Gergely Orosz.

Previously:

Update (2024-03-22): Matt Stoller:

And in the U.S., retention rates are really high. According to one mobile carrier, 98% of iPhone owners buy a new iPhone. In China however, that number, at least a few years ago, was just 50%. The reason is simple. In America, it’s difficult to move out of the Apple ecosystem. In China, it’s easy.

[…]

According to the complaint, “as one Apple manager put it, allowing super apps to become ‘the main gateway where people play games, book a car, make payments, etc.’ would ‘let the barbarians in at the gate.’ Why? Because when a super app offers popular mini programs, ‘iOS stickiness goes down.’”

[…]

Like the rest of Big Tech, Apple is less a technology development firm than a middleman, standing in between the relationships of consumers and businesses, taking a piece from each. And it strong-arms anyone who tries to disrupt its role as that critical middleman, using coercive contractual terms, denial of access to key technologies, or outright deception via its impressive branding.

[…]

If you’re a consumer, sure there’s Samsung. But an app developer, or a messaging app maker, or automotive firm, or bank, or anyone who has to live in the Apple ecosystem, is operating inside a monopoly. If you make an email program, some of your customers are going to own iPhones, and they will expect an app from you, and thus Apple is your boss. It’s a bit like in the 19th century having one railroad to ship your products. There might be other railroads across the country, but the only one that matters is the one near you that can carry what you make. Similarly, an Android phone doesn’t help you if your customers demand you get your app, or your Toyota car, through the Apple approval process.

Florian Mueller:

Case in point about Apple’s privacy “à géométrie variable”: their Shazam app, even on Android, asks for GPS authorization. Voluntary scanning of QR codes at restaurants was blocked when the UK government’s COVID tracking app wanted to offer it.

Apple music sales > human lives

Dare Obasanjo:

The reality of the US smartphone market is that if you don’t do exactly as Apple wants then you’re shut out of 60% of smartphone users.

It’s technically not a monopoly but gives Apple an unreasonable amount of clout to even dictate the dashboard tech in your car. That sucks.

Dan Moren:

Despite my critiques of the DoJ suit, I think there are valid points in there. The cloud gaming section is one bit where it seems clear that Apple blocked a technology that it felt was a threat with an arbitrary ruling—clear because they subsequently backtracked that decision with no real technological change.

That’s also one place where it feels obvious that this suit is incredibly scattershot, in part because it’s so big and so long in the making. The strictures on cloud gaming have been relaxed (although perhaps too little and too late). I’m not a lawyer, obviously, but feels like what DoJ needed was maybe a much narrower suit that really focused on one or two high profile instances instead of throwing a bunch of stuff against the wall to see what will end up sticking.

Matt Birchler:

My wife is technically adept, but it’s not a hobby for her, so I always find it interesting to hear her impressions on things that people in our corner of the internet feel very strongly about. Her overall impression is that it’s absurd Apple has absolute control over what people get to run on their iPhones. From that perspective, the cloud gaming ban seemed clearly malicious to her and the NFC restrictions seemed egregious. I did mention to her that some people think the iPhone is more like a Switch or PS5 than a computer so this absolute control is fine, and her exact response was, “people actually think that?”

[…]

She said green bubbles suck so much that it makes her never want to get an Android phone lest she be the green bubble person everyone else in the group thread is slightly angry at all the time. “It’s social suicide.”

[…]

I do think it’s notable that (a) the iPod is what really pushed Apple off the brink and into the mainstream, setting them on the path that got them to be the biggest tech company in the world and (b) the iPod really took off once Windows users could buy it, and Apple would not have been able to do this if Microsoft had the same rules in place that Apple has over the iPhone and iPad.

[…]

Do you want to be the next big smartwatch company? Go ahead, but you can hire the best developers and designers in the world, you’ll never be able to beat the Apple Watch because Apple doesn’t offer you the same access their product gets. See also cloud gaming services which were blocked for years pretty clearly because they competed with Apple Arcade and made it impossible for Apple to maintain the IAP revenue and control over what games get to run on people’s devices.

[…]

Without getting into details, I will say that there are absolutely cases in the payments industry where innovative ideas were proposed but scrapped because you couldn’t do it on iPhones[…]

See also: Accidental Tech Podcast, Steven Sinofsky, Six Colors Podcast, Mac Power Users, The Verge.

Update (2024-03-25): Jeff Johnson:

Look again at the 1982 US vs. AT&T case.

The issue wasn’t AT&T’s monopoly, which had been allowed for decades. And the issue wasn’t customer unhappiness with AT&T’s service. Rather, the issue was that AT&T abused its monopoly status by requiring customers to lease phones approved by A&T, arbitrarily restricting customers from using third-party phones that could be purchased outright.

Ian Betteridge:

Over on Threads, Walt Mossberg has commented on the Apple/DOJ case. First up, if you do not respect Walt’s opinions, you’re a fool. Walt is one of my tech journalism heroes. That said, I think he’s missing a couple of points here.

Walt is correct that the vertically integrated model has been Apple’s since the start. But what is permissible when you’re a small company or in a nascent market is no longer permissible when you are in a position of market power. And no one doubts that Apple is in a position of significant market power, not least Apple itself.

Second, like most people, Walt is being tripped up by the word “monopoly”. The DOJ definition makes absolutely no mention of a percentage: it talks only of “market power”. That’s why the DOJ’s filing is careful to refer to Apple having both market power AND significant market share.

Aaron Hillegass:

Regarding the antitrust suit: I have been an Apple employee, supplier, and partner. As soon as I sold Big Nerd Ranch, I threw away my iPhone and bought a Pixel because I believe Apple’s power (and thuggish use of that power) is bad for our industry.

App developers, can you imagine how much better things would have been if the App Store had let users do free time-limited trials? Maybe, after trying a good app, a user would have been willing to pay more than $.99.

Negotiations with Apple (our biggest customer) end with “…because we are Apple (and will destroy you if we don’t get everything we want).” Most didn’t say the last part aloud, but Mike Fenger’s team shouted it while renegotiating our role in the Enterprise Partners Program.

Having worked closely with Google, Amazon, Microsoft, and Meta, none use their power as ruthlessly as Apple. I am grateful that the DOJ has stepped in. I’m certain there was a lot of political force trying to prevent the suit.

John Voorhees (Mastodon):

So, since we have plenty of time, I thought I’d kick off our coverage at MacStories with a look at the DOJ’s complaint and its legal underpinnings, along with some observations on what’s going on and what you can expect to happen next.

Ben Thompson (Hacker News):

Apple decreed that 3rd-party apps could only be installed via the App Store, which would review every app; free apps wouldn’t have to pay anything, while Apple would take 30% of paid apps. This led to an absolute explosion in the market: consumers, who had been scarred by the 2000’s era of malware and viruses, shook off their reticence to install software and embraced the App Store, leading to an explosion of app-based businesses.

This is certainly Apple’s view, but I don’t see a lot of evidence for it. Sandboxing, not Apple’s review, is what should have given consumers confidence. iPhone apps might have been more popular if Apple had allowed Mac-style downloads instead. Certainly, we did not see that sort of explosion when adding the Mac App Store to a platform that already had downloadable apps. It’s not even clear the Mac App Store had an overall positive effect on the ecosystem. People also conflate the App Store with easy installation, updates, and uninstalls, but there’s no reason Apple couldn’t have enabled those to be smooth for non-store apps, too. It’s just that they see no reason to help Pebble now that they’re selling Apple Watches.

Nick Heer:

Tourist attractions are a poor analogy for owning a smartphone. A better one, if you want an analogy, is something like a really powerful company town compared to a normal city. Everything you can buy and do is filtered through a paternalistic owner, there are seemingly arbitrary rules, and despite all the bureaucracy, it is unwise for businesses to ignore setting up shop there because its residents seem to spend more money.

People make all kinds of trade-offs when they buy something as complex and convergent as a smartphone, and it is difficult to know how much of that is a fair vote with their wallet and how much of it is a side effect of the platform owner’s impositions.

We saw this play out before the iPhone 6 was introduced. Apple still sold plenty of iPhones even though its models had smaller displays than competing products, and it was unclear whether people were buying iPhones because they were small or in spite of their size. The still-unbeaten unit sales of the iPhone 6 models shows lots of people wanted a bigger iPhone.

[…]

That lots of people buy iPhones is not inherently a vote of confidence in each detail of the entire package. If some of those things changed a little bit — the U.S. government’s suit is not a massive overhaul of the way the iPhone works — I doubt people would stop liking or trusting the product.

Update (2024-03-27): Aaron Tilley and Kim Mackrael:

In its antitrust lawsuit against Apple filed Thursday, the Justice Department invoked its case against Microsoft filed in 1998 and noted that Jobs used to rail against what he viewed as Microsoft’s anticompetitive tactics to protect its dominance in the PC market. Bill Gates has since said the company’s legal fights were a distraction that contributed to Microsoft’s failure to gain a lasting foothold in the emerging world of mobile operating systems.

After so many years of fighting, Microsoft changed tack after settling the case in 2001, promoting Brad Smith to general counsel the following year. In Smith’s pitch to Microsoft’s board of directors to take the job, he presented them with a single slide that said: “It’s time to make peace.”

Such a detente is unlikely for Apple while Schiller remains at the company, said Phillip Shoemaker, who ran the store’s review group under Schiller until 2016. “He’s a brick wall when it comes to these matters,” Shoemaker said. “I just don’t think he’s ever going to leave.”

[…]

One thing Jobs insisted on in the App Review process is that the company should always have someone reviewing each app that made it into the store. Schiller continued that tradition, eschewing excessive use of artificial intelligence in favor of reviews and careful curation [sic].

Previously:

PopClip Leaving the Mac App Store

Nick Moore (via andy4222):

PopClip’s almost 13-year journey on the Mac App Store has come to an end.

The reason? I can’t update PopClip with new features on the Mac App Store any more. This is due to Apple’s sandboxing policy. […] The review team did also clarify that if I removed new features from the update, it would be accepted without sandboxing. […] Staying on the App Store without the possibility of meaningful updates would mean the death of PopClip.

It’s not clear to me why Apple doesn’t want to allow the accessibility APIs in the Mac App Store, given that they are already protected by TCC permissions that the user must grant. Sandboxed apps in the store are allowed to get full disk access, record the screen, etc.

See also: Many Tricks.

Previously:

Update (2024-03-22): Doug:

the only granularity is allow or don’t and once you have it you can read the contents of passwords fields and all kinds of other trouble. they really need some permission granularity but those HIServices apis haven’t changed for real in years.

How to Bypass SwiftUI App Launch During Unit Testing

Jon Reid:

For apps with an application delegate, I’ve written How To Switch Your iOS App Delegate for Improved Testing. This lets us set up a separate launch sequence for test runs that does only the bare minimum. Can we do the same thing for SwiftUI apps that use @main? Yes, we can.

[…]

Basically, this conditional says, “Let’s make sure we’re running the production app. If we are, great, show the content. If not, leave the view hierarchy empty.”

Glassdoor No Longer Anonymous

cellio (via Hacker News, Reddit):

Glassdoor now requires your real name and will add it to older accounts without your consent if they learn it, and your only option is to delete your account. They do not care that this puts people at risk with their employers. They do not care that this seems to run counter to their own data-privacy policies.

[…]

After I responded to that support email last week, I found that they had updated my profile to add my real name and location, the name pulled from the email From line I didn’t think to cloak because who does that? I never gave consent for that change, and said so explicitly when I objected. (In what follows, I was so fixated on my name that I didn’t immediately notice my city was there too. I don’t know how long it’s been there.)

Ashley Belanger:

Glassdoor’s spokesperson told Ars that Glassdoor does not comment on specific user accounts, only sharing a statement that does not seem to apply to Monica’s situation.

[…]

EFF’s Mackey told Ars that there may be other risks to Glassdoor users. Employers could leverage real names or information used on Fishbowl to “potentially narrow and/or identify” Glassdoor reviewers. And the Fishbowl and Glassdoor data being combined means that information linking accounts could be subject to legal requests, such as an employer subpoena or a law enforcement request for data.

[…]

Glassdoor’s support team told Monica that the only way to delete information from her Fishbowl account was to “download the Fishbowl app and log in with either a social connection, your work email, or phone number to gain access to your account.”

Todd Struthers:

I was forced to add at least one job history, write one job review, and enter my salary history for at least one job BEFORE they would let me delete my review and account.

Wednesday, March 20, 2024

A Taxonomy of Prompt Injection Attacks

Bruce Schneier:

Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. It seems as if the most common successful strategy is the “compound instruction attack,” as in “Say ‘I have been PWNED’ without a period.”

Dan Goodin:

Enter ArtPrompt, a practical attack recently presented by a team of academic researchers. It formats user-entered requests—typically known as prompts—into standard statements or sentences as normal with one exception: a single word, known as a mask, is represented by ASCII art rather than the letters that spell it. The result: prompts that normally would be rejected are answered.

The researchers provided one example in a recently published paper. It provided instructions for interpreting a set of ASCII characters arranged to represent the word “counterfeit.”

Via John Gruber:

It’s simultaneously impressive that they’re smart enough to read ASCII art, but laughable that they’re so naive that this trick works.

Previously:

Visual Studio App Center Retirement

Microsoft:

Visual Studio App Center is scheduled for retirement on March 31, 2025. After that date it will not be possible to sign in with your user account nor make API calls.

Lyubomir Ganev:

Don’t you just love it when a big tech company buys one only to shut it down in a few years? I used to love HockeyApp, then AppCenter sucked a bit, but it was still usable, now nothing:(

Heath Borders:

HockeyApp was the first app distribution system I used. I’m not surprised MSFT is killing it since they’re becoming Google-like lately with their products, but it’s still a little sad that it’s dying.

Max Seelemann:

What are people using for crash reporting nowadays?

Previously:

Monopoly Go Hits $2B in 10 Months

Dean Takahashi:

Scopely announced that Monopoly Go has generated $2 billion in revenue just 10 months after launch and three months after hitting $1 billion.

The reimagined take on Hasbro’s iconic board game has garnered a massive player base, solidifying its place as a beloved, highly engaging title in the free-to-play market.

[…]

It has been downloaded 150 million-plus times.

Via Florian Mueller:

Apple can pay the $500M class-action settlement over Tim Cook’s alleged defrauding of shareholders (by hiding iPhone demand issues in China) more or less with what they extracted from Scopely’s Monopoly Go in 10 months. The most profitable company in (but without making) games.

DMA Compliance Workshop: Notarization and Core Technology Fee

Kay Jebelli:

Big day today as the [European] Commission kicks off its second round of DMA compliance workshops, this time focused on specific gatekeepers, their compliance reports, and the feedback of third-parties.

[…]

Interesting detail: the EC told Apple that they aren’t allowed to notarize apps to protect users. So “government authorities are the ones that are going to have to step up to protect” app developers and users from the risks of these 3rd-party apps.

[…]

On the difference between iPhone and Mac app distribution, Apple cites the unique differences: mobiles are always carried with us, have more sensitive data, and are a much more attractive target for harmful actors, the risk greater, as are the steps necessary to protect users.

I’ve never really understood this argument because everything on iPhone is sandboxed, and the sensitive sources of information like the camera and GPS are protected by access prompts.

Steve Troughton-Smith has an auto-generated transcript of the workshop.

Ryan Jones:

- EC told Apple they can’t notarize alt apps 🤯

- $1M and 2M alt store rules are to prevent rip-and-run scams on users 👏

- Apple cites: distribution, discovery, promotion, and trust as reasons for their commission 🫤

- Apple cites 3 things alt stores will lack: Report a Problem, Family Sharing, and Ask to Buy. (Surprisingly weak, and notice how it doesn’t match the reasons for commission🤫)

- Someone asks to force users to scroll to see all alt browser choices. 🤦‍♂️

- Apple is using some contract engineering resources for this 😳

Bruno Virlet:

They keep repeating this and I can’t get this argument when e.g. Facebook gets to be on the AppStore for free. Also valid for the Core Platform fee.

Michael Love:

The basic problem with the Core Technology Fee - aside from the fact that they shouldn’t be charging one at all - is that downloads are a terrible proxy for revenue, both in general and across different app categories / business models.

John Gruber (Mastodon):

We know from today’s workshop that (a) Apple has already gotten specific pushback from the EC on aspects of its DMA compliance plan; and (b) Apple continues to think the CTF is perfectly cromulent under the terms of the DMA. That to me says the CTF is going to fly.

John Gruber (Mastodon, MacRumors, 9To5Mac):

AltStore founder Riley Testut — who is apparently ready to go with a launch of the AltStore as an app marketplace in the EU — asked about the “viral hit” problem with the Core Technology Fee. E.g. what happens if a small developer — or even a kid in the proverbial garage — gets a 10-million-download hit and suddenly owes Apple 4.5 million euros?

I was disappointed in the answer, which is that Apple doesn’t know and that the European Commission forces them to charge free apps the CTF, which I don’t think is the case.

Mike Rockwell:

Excellent question, for sure.

It’s worth noting, though, even if Apple waived the fee in all instances like this, the existence of the fee is likely to dissuade people from ever building the app in the first place.

Shane Celis:

How a ruling against Apple was turned into you pay Apple to NOT distribute your app, I do not know.

Dan Moren:

Still, apps that are completely free—including open-source apps—certainly don’t seem like they should be subject to the Core Technology Fee. The question, from Apple’s perspective, is how to police that? What about, say, an app that’s distributed for free outside the App Store but has a big Patreon community that brings in a lot of money?

Colin Cornaby:

I feel like this whole CTF conversation will lead to a “Pro” version of Xcode with a subscription fee that higher end features will be gated behind. Not the worst outcome - and would cover technology usage.

Bruce Lawson:

Apple: “for a long time, Apple has made it easy to choose a default browser other than Safari”. No mention of alternative browser engines, even though this is explicitly mentioned in the text of the DMA.

Only since iOS 14, and only apps approved for a special entitlement.

There was a brief nod to humility at the start of this first Apple session (thanking the EU etc), but Apple are now trash-talking competitors, saying that they’ve had to work really really hard for the last 18 months to meet the DMA, and avoiding/ evading John Ozbey’s direct question about Apple still self-preferencing.

[…]

Now, some tiresome FUD about how the sky will fall in if apps can be distributed without Apple checking them first. After all, there are literally zero dodgy apps such as sanctioned Russian banks using trojan horse apps at the moment now, are there?

[…]

This new Apple love for web apps is somewhat surprising so soon after some naughty boys from, er, Apple tried to sneak out and drown Home Screen Apps in a bucket without telling anyone, then bawled “The EU made me do it!” when they were caught.

Matt Birchler:

Sanity checking myself: does anyone else feel like the (US) punditry anger directed at the EU for forcing Apple to let devs sell things easily from a website and to ask users what default browser they want to use, is way more intense than any of the concessions (app censorship, 🇹🇼 flag vanishing, iCloud data moved to state-controlled data centers, etc.) they’ve made for China over the years?

My memory is the vibe for China stuff is always, “it’s not good, but what can you do, it’s the law 🤷‍♂️”

Nick Heer:

Other, similar compliance workshops are coming up all week long. Meta’s begins just a few hours from the time I am writing this.

Previously:

Update (2024-03-21): Callionica wonders whether Jebelli and others are mistaken about the EC not allowing notarization, since that doesn’t seem to be mentioned in the transcript.

Foo Yun Chee:

Vestager said the new fees have attracted her attention.

“There are things that we take a keen interest in, for instance, if the new Apple fee structure will de facto not make it in any way attractive to use the benefits of the DMA. That kind of thing is what we will be investigating,” she told Reuters in an interview.

Tuesday, March 19, 2024

Clearing Space on Your Mac

Adam Engst:

Glenn Fleishman recently had to wipe one of his teenagers’ Macs after a massive Steam game download led to stalled Time Machine snapshots, resulting in a Mac with just 41K free. They tried numerous approaches to clearing space, but nothing worked—every attempt to delete files was met with errors complaining about the lack of free space.

[…]

Longtime Mac users often get caught up in looking at the amount of free space reported by the Finder. We’ll check the storage numbers shown in a Get Info dialog, delete something, and check again. Don’t waste your time!

[…]

Instead of stressing about exact numbers, I want to offer you a set of steps that will clear space quickly and easily on most Macs.

This is good advice. I would add two things:

  1. Removing local copies of iCloud Drive files is not great because then they are no longer backed up. You can do this in a pinch, but I don’t think it’s a good long-term plan.

  2. If you aren’t the type to keep around huge files/folders that you don’t need, I would start with deleting local Time Machine snapshots. For me, at least, they regularly consume hundreds of GB on my internal SSD to store data that I mostly don’t want (huge files that I’ve downloaded and then discarded or offloaded to a spinning hard drive) and/or that is also on my external Time Machine backups. Carefully pruning files is sort of pointless in a world where Time Machine will just use whatever space you free up to store more snapshots. It certainly does not respect the rule of thumb of keeping 10–20% of the drive free.

    However, Engst adds something that I didn’t know but have perhaps seen in action:

    Even though the snapshots are on your startup drive, deleting them seems to prevent the Time Machine interface from showing data that has been copied to your external Time Machine drive. If you need to recover something from the time covered by the snapshots, you may be able to do that by manually browsing each Time Machine backup folder in the Finder.

    I have lately found the Time Machine restore interface almost useless because it can’t show most of the snapshots. Browsing them directly works great, though.

Previously:

Update (2024-03-21): Nick Heer:

For whatever reason, when iTunes was replaced with Music, MacOS did not remove the now-irrelevant cached Apple Music files from iTunes. Deleting that folder freed up 38 GB of space.

While my photo library is stored on an external disk in Photos, I export selected RAW files to a folder on my local disk and edit those ones in Lightroom. It turns out those files are able to be losslessly compressed through a Lightroom feature called “Update DNG Previews & Metadata”. It is poorly documented and ambiguously named, but running it on my library resulted in a 40% disk space savings — huge, across thousands of photos.

Joel Page, RIP

Andrew Abernathy:

For those who knew him: @JoelPage passed away last night.

For those who didn’t know: he was at @OmniGroup for approaching two decades, starting on the Support team in 2003, later also becoming the longtime PM for OmniGraffle, and a member of the UX team. He designed and created loads of our icons, including the app icons still on our apps today. (I don’t know if he had a favorite, but I do know a particular aspect of the OmniWeb icon that he was rather proud of.)

Gus Mueller:

Joel was a good guy, and a friend. And even with his terminal diagnosis, he was always in high spirits. I don’t know how he did it. He’ll be missed.

Sunday, March 17, 2024

MsgFiler 4

Adam Tow (Mastodon):

Since WWDC 2023, I was telling long-time MsgFiler customers that I would look into what I could do to support the product in this new era of Apple Mail sans plug-ins. Honestly, I was a bit bummed because I didn’t see a viable path for the app.

[…]

A deep dive into AppleScript support in Mail turned up the reason. If you were trying to file a Gmail message using AppleScript, the Inbox label was not being removed from the message prior to assigning the new mailbox label.

[…]

Targeting the right mailbox using the Accessibility APIs turned out to be nearly impossible if any mailboxes were expanded in the sidebar, so I ultimately nixed this approach.

The irony is that MsgFiler wasn’t really doing the sorts of things that you would expect to need a plug-in API. It should have been able to do its work using AppleScript, except that Mail’s AppleScript API is buggy and slightly incomplete. (SpamSieve also never needed plug-in support in mail clients that had good AppleScript support.) So MsgFiler 4 works around the limitations using System Events.

Adam Tow:

There’s an even bigger problem with updating MsgFiler and that is its use of System Events to send commands and key codes to the Mail application. While MsgFiler has a temporary entitlement to control Apple Mail via AppleScript, it does not have an entitlement for sending AppleScript to System Events. Nor is Apple providing such an entitlement, since that can be a vector for sending arbitrary key strokes and commands to any application.

This sets up a situation, not unlike with Alfred and Screens, where the app is in the Mac App Store, but to get the full functionality you have to download a component from outside the store:

The MsgFiler Filing Script can supercharge your filing experience in MsgFiler 4. It is an AppleScript that can perform numerous functions that MsgFiler alone cannot do, such as:

  • Moving and copying Gmail messages.
  • Navigating Mail using the keyboard from MsgFiler 4.
  • Archiving messages from the keyboard in MsgFiler 4.
  • Selecting the next or previous message in a Message Viewer after filing non-Gmail messages.

MsgFiler 4 is $9.99 a year or $49.99 for a lifetime unlock (for version 4.x).

Also of note is that he rewrote the app from Objective-C and Interface Builder to SwiftUI, and that seems to have gone well.

Previously:

Walmart Selling M1 MacBook Air for $699

Joe Rossignol:

Walmart today announced that it has started selling the MacBook Air with the M1 chip in the U.S., with pricing set at a very reasonable $699. The laptop can be ordered now on Walmart.com, and it will be available soon at select Walmart stores.

[…]

Apple first released the MacBook Air with the M1 chip in November 2020, as one of the first Macs with an Apple silicon chip instead of an Intel processor. The configuration being sold for $699 includes the M1 chip, 256GB of storage, and 8GB of RAM/unified memory, with Gold, Silver, and Space Gray color options available.

Chance Miller (Hacker News):

While Walmart has historically sold Apple devices like the iPhone, iPad, and Apple Watch, it has never sold Macs directly.

[…]

Apple reshuffled its MacBook lineup last week, introducing the M3 MacBook Air starting at $1099 and dropping the price of the M2 MacBook Air to $999. As part of these changes, Apple also stopped selling the M1 MacBook Air, which had previously been available for $999.

John Gruber:

But it looks like Apple is going to keep producing the M1 MacBook Air for this deal with Walmart. These aren’t refurbs, or leftover stock[…] Fascinating example of pricing-as-branding that Apple won’t sell this machine in its own stores, but will through Walmart — which doesn’t sell any other Macs.

Apple did this sort of thing with iPhones, too. The M1 MacBook Air is still a solid Mac. I still wish Apple would design an actual lower cost MacBook, but this is great news nonetheless. I just wonder how long Apple will maintain OS support for it.

nateb2022:

In response to the comments regarding its “excellent value” at $699, Lenovo is currently selling its 14" ThinkPad P14s Gen 3 for $699. It comes with a Ryzen 7 6850U that roughly matches the M1 in performance, 16GB of LPDDR5 and a 512GB SSD.

Previously:

iOS Notarization’s Human Review

Apple:

Notarization for iOS apps is a baseline review that applies to all apps, regardless of their distribution channel, focused on platform policies for security and privacy and to maintain device integrity. Through a combination of automated checks and human review, Notarization will help ensure apps are free of known malware, viruses, or other security threats, function as promised, and don’t expose users to egregious fraud.

This is not a quick automated check like with Mac app notarization. There is a human review step where Apple checks the app against a subset of the App Review Guidelines. There is now a “Show Notarization Review Guidelines Only” checkbox that highlights the relevant guidelines. The list is actually much more extensive than I initially thought. Health-related content is highly regulated. Multitasking and location services are restricted. You can’t use the hardware volume buttons. You can’t scrape data from Apple Web sites. Third-party login services are restricted. You can’t monetize built-in capabilities. You have to treat Apple with respect (Developer Code of Conduct). And, unfortunately, this adds delays and the possibility for human error and corporate stonewalling.

Riley Testut:

lol my clipboard manager Clip was rejected from Notarization because it “requires push notifications in order to function”

(it doesn’t, they’re optional)

This is not just a mistake. It’s a charade because it’s not possible for App Review to accurately detect this, anyway.

Kyle Howells:

Apple’s amazing innovation of bringing the fun, accuracy and unpredictability of App Review to Side Loading.

This is just what the web, the Mac, Windows, and Android have been missing all these years!

Random rejections for things your app doesn’t even do!

Previously:

Update (2024-03-20): Nick Lockwood:

Sure would be a shame if folks were to spam App Store Connect with thousands of innocuous-seeming apps that after passing Apple’s approval process immediately switched to showing an unskippable full-screen message to the effect of

“App review doesn’t and cannot prevent malicious apps doing whatever they want. It’s security theatre whose real purpose is to let Apple impose artificial limitations on what iOS users can do with their own devices, and stifle innovation they don’t approve of”

Ahnaf Mahmud:

I have found 2 scam apps on the store today from the same developer, the moment you launch the apps you get redirected to a bitcoin site prompting you to install a config profile. How did these get through App Store review?

Update (2024-03-25): Riley Testut’s app is now in its 4th week of waiting for notarization review.

Friday, March 15, 2024

Default Handler 1.0

Edovia (Mastodon):

We were encouraged to find that approximately 80% of respondents expressed a positive inclination towards adopting Screens 5 as the default [vnc: URL] handler. However, we also acknowledge and respect the opinions of the remaining 20% who expressed a preference for maintaining the existing setup.

[…]

Although APIs exist for setting default handlers at runtime, Apple has opted not to extend access to these APIs for sandboxed applications, a stipulation essential for approval on the Mac App Store.

[…]

So the solution we came up with is an app, called Default Handler. Given that this app operates outside the constraints of sandboxing, it can freely utilize the APIs mentioned earlier.

The URL handler settings are less potentially dangerous than other things that Apple has allowed in sandboxed apps and sometimes gated with TCC or an entitlement. So I don’t see why they aren’t allowed in the Mac App Store. Any API can be abused, and App Review should be able to do something if an app ends up misbehaving.

Another option would have been to provide an Internet Config–style system settings pane. It would be more reasonable to block this functionality from apps if there were a way for the user to set it on their own. This would also be useful in its own right, as users could see the settings and adjust them as needed all in one place.

Instead, Apple just blocked the API, so the user needs to download an app that’s totally unsandboxed. Edovia is a reputable developer, so I don’t have any qualms about Default Handler in particular, but the big picture of Apple’s decisions here makes little sense.

Previously:

Spotify Anti-Steering Stonewalling

Scam apps top the search results, but at least Apple is protecting us from links to Spotify’s Web site (MacRumors):

Spotify says Apple is stonewalling updates issued in compliance with that very ruling. In an email to the European Commission obtained by The Verge, Spotify writes that Apple has “neither acknowledged nor responded to Spotify’s submission” to bring subscription pricing information into the app, preventing it from updating the app at all for its users, even to put out fixes for bugs or add other features.

[…]

The company writes that this is “yet another example of how Apple if unchecked, will seek to circumvent and/or not comply with the Commission’s decision.” It also urges the European Commission to contact Apple and requires that it approve Spotify’s changes. “Given Apple’s track record, Spotify is concerned that Apple’s delay is intentional and is aimed at delaying or avoiding compliance altogether,” the email reads.

Maybe the 10-days-and-counting review time is just a coincidence, but, as Phil Schiller might say, Apple has a history of holding apps it doesn’t like in review purgatory. Maybe the European Commissions should ask for written assurance that it’s acting in good faith.

Previously:

Update (2024-03-17): Kyle Howells:

Apple’s App Review behaving just as designed I see…. allowing it avoid complying with court orders and laws it doesn’t like.

Fake Bitcoin Wallet in the App Store

Even_Fan9110:

I got C$ 150k drained from my all my accounts right in front of my eyes after I put my seed phrase into this fake app from the apple Apple Store. I can’t believe apple lets apps like this on their App Store. Beware people don’t download this.

habeanf (via Maximiliano Firtman):

Earlier today I decided to switch my Android for an iPhone. After moving all my apps I decided to make the jump and move my bitcoin from the android wallet. I searched for ‘bitcoin wallet’ on the Apple App Store, installed the first app I saw (as far as I could tell, looks legit), transferred bitcoin, and it immediately got sent off. Turns out this app was previously reported at least 12 days ago as a scam but its still up there, #1 search result.

I get that I’ve failed to vet the app but honestly, how does a scam app become the #1 organic search result (not promoted) in the app store, topping binance, blockchain.com, and coinbase?

Previously:

Xcode 15: “no platform load command found”

Wade Tregaskis:

Apple’s new linker appears to be much more pedantic than the old one – it warns about a lot of things that the old one didn’t care about. One of these is missing platform load commands:

/Users/SadPanda/Documents/vmaf/libvmaf/ld:1:1: no platform load command found in 'src/libvmaf.a[62](cpuid.obj)', assuming: macOS

This doesn’t technically break anything – assuming it guessed the platform correctly, which I suspect it just takes as being the host’s platform – but it’s super annoying because it’s emitted for every afflicted object file the linker sees (that’s individual files, even if they’re buried in archive files – e.g. libfoo.a). You can have hundreds or even thousands of these warnings for a single library. Worse, they’re emitted when you link against the library, not just when you build it. And with nested static libraries they can propagate up a build chain endlessly.

I’ve been seeing this with the old eSellerate library, which fortunately I won’t need for much longer, as I don’t know how long the -Wl,-ld_classic workaround to use the old ld64 linker will last.

Previously:

Thursday, March 14, 2024

Nitro 2024.1

Gentlemen Coders:

Flexible storage options, camera support, and editing tools unmatched by any app.

[…]

Create smart albums, and organize your Apple Photos library. Nitro reads RAW Power edits. Everything syncs over iCloud!

Prefer to manage your files yourself? You can use Nitro with the file system too. Rate and edit non-destructively using XMP sidecars.

Nik Bhatt:

If you like RAW Power, you’ll love Nitro’s fresh interface and immense power. I have been fielding emails from many of you for some time, asking for features like gradients, brushing, cloning, XMP sidecars, synchronized zoom, and more. All of those (and a lot more) are in Nitro.

[…]

[The] underpinnings of RAW Power have become an obstacle to advancing the app. For example, the RAW Power engine is simply not able to handle features like masking and synchronized pan and zoom. I decided some time ago to start fresh, even though that would take a long time, because it provides the best foundation for a great photo app in the future.

Previously:

DealMachine Subscription Cancellations

John Gruber (Mastodon):

I downloaded the app and signed up; immediately after confirming your email address, you get sent to a screen in the app where you choose from account tiers to begin a free trial. The lowest tier is $100/month, the highest is $500/month. And after making your selection, you get sent to this page on DealMachine’s website to pay using Stripe.

[…]

I don’t think DealMachine is a scam. Stripe is as legit as it gets. But when you handle payments on your own, you handle refunds and subscription cancellations on your own too. […] So DealMachine offers a taste of what our friends in the EU may be getting from marketplace apps soon.

I’m not sure what to think about this. The external payment is apparently allowed here, because of the nature of the service, but he expects Apple to remove the app due to the poor subscription management. I only see two critical reviews mentioning cancellation, so it’s not clear how widespread the problem is. Maybe there’s no real story here. Or maybe this is not exactly a ringing endorsement of the App Store that this has gone on for years and the ratings average 4.7 stars.

Subscription management overall should be easier, but I don’t see the App Store as the place to solve this. And I don’t understand the fear with external payments for apps, specifically. Everyone buys all sorts of stuff on the Web, problems are rare, and the credit card companies already offer a backstop where it’s easy to get your money back if there’s any funny business. In fact, customers already use this for purchases that Apple doesn’t want to refund.

If some company offered consumers a service, where they could pay an App Store–like extra fee to get App Store–like buyer protection features for all the random stuff they buy online, I don’t think people would find that deal very attractive. They’re already paying the credit card companies a few percent for a system that basically works.

Craig Grannell:

Which infers third party marketplaces will by default be bad actors (they won’t) and ignores the fact this app is on the App Store, which has rules (broken here) Apple claims is supposed to protect us and is why we shouldn’t have third-party App Stores.

Dave Nanian:

This is happening in Apple’s own app store, not in some 3rd party store. And 3rd party stores are, themselves, “managed” by Apple. Wouldn’t those 3rd parties have at least the same desire to prevent abuse, if not more, since Apple can deprive them of…everything, with a click.

On top of that, do we find that this is some sort of big problem with, say, macOS or Windows apps? Even those managed by subscriptions?

Steve Troughton-Smith:

Having seen what third-party app marketplaces have to go through just to be approved by Apple, I wouldn’t be surprised if third-party stores end up being safer than the App Store; the App Store is the marketplace full of scams, exploitation and dark patterns, where third-parties can focus much more on curated collections of trusted apps.

Nick Heer:

A few things can be true:

  1. Apple’s in-app purchasing system is a particularly nice way to buy digital goods and manage subscriptions.

  2. Apple requires most developers to use in-app purchases for many types of transaction. It does not compete independently in the market of digital payment systems. This is probably in part because Apple wants a consistent experience in third-party apps. But its 15–30% commission cannot be ignored, and Apple’s mandate implies little faith in IAP’s niceness and familiarity to convince developers to use it.

  3. Easy cancellation of subscriptions can be the domain of consumer protection authorities if you want it to be. You can just pass a law. This sort of stuff is a political slam dunk across the spectrum, except for weird libertarians. It is possible to just require things to be better for everybody regardless of what they bought or how they bought it.

Drew McCormack:

Have seen some pretty scammy practices in apps lately. Straight up tricks to get people to accidentally pay for a subscription they don’t want. And these are apps that Apple accepted into its store. As is, the situation is worse than downloading from a dubious third party store or web site, because most people have learned to be wary there. When you download from the App Store, you just assume it will be fine. You don’t expect to be scammed. It’s the perfect con.

Previously:

Digital Services Act Compliance: App Store

Apple:

You’ll be asked to disclose whether or not you’re a trader under the European Union’s Digital Services Act (DSA) in order to stay compliant across regions when distributing on the App Store. If you’re distributing content as a trader, the DSA requires that you provide certain identification information, including address and contact details, to be displayed on your App Store product pages to consumers in the European Union (EU).

Steve Troughton-Smith:

TL;DR since this is confusing a bunch of folks: If you make money on the App Store, you are a Trader, and under the DSA are required to provide a postal address, email address, and phone number, that will all be displayed publicly on the App Store

Michael Love:

Successfully completed Apple’s DSA verification thing with a newly-created Google Voice number, FWIW - $10/month for up to 10 of them, though if I find a cheaper option I’ll cheerfully switch.

(physical address they got from DUNS, so I couldn’t do much about that, but it’s already in a bunch of other public databases anyway thanks to our government contracting business)

If you’re registered as an individual, Apple lets you specify the postal address directly. If you’re registered as an organization, I guess the only choice for privacy is to use a registered agent for your business. A post office box is not enough because businesses need to list a physical address. It’s unclear to me how much this really matters since in most cases the information is publicly available, anyway, if you know where to look.

See also: Jim Ye, JetBrains, Amy Worrall.

Previously:

Update (2024-03-17): Matthias Gansrigler:

So, I got a new phone number, and a post office box, and now it turns out I cannot complete the “Compliance Requirements” because they fail to send me the SMS confirmation code, and calling doesn’t work either 🤦‍♂️

Matthias Gansrigler:

Days I could have spent working. But no, I have to deal with this bureaucratic EU nonsense (and Apple’s forms don’t work).

Jeff Johnson:

The irony is that even if I published my phone number and home address in the App Store for EU consumers, it’s impossible for me to offer them a refund, because Apple does not allow that. App Store developers don’t even have individual customer transaction information.

See also: Brent Simmons and John Gruber.

Update (2024-03-20): Aaron Pearce:

Well I can’t fill out the DSA form.

Apple is pre-filling it with an address I have never had linked to my DUNS number or my business entity. Seemingly they are incorrectly pulling an address from when I was an individual developer.

Helge Heß:

I don’t think it is about a basic principle, it IMO really is an oversight. Usually EU laws are scoped at company sizes and such for that specific reason. No idea why this doesn’t have that. E.g. Germany has such rules for people doing minor business (covering hobbyist devs well).

Ryan Jones:

What’s the best Registered Agent for just the very basic LLC stuff, USA?

Tom Royal:

Today in Apple developer land:

Developer demanding Digital Services Act verification, but then crashes at the end of the process[…]

Update (2024-03-22): Apple:

To align with the Digital Services Act (DSA) in the European Union (EU), Account Holders and Admins in the Apple Developer Program can now enter their trader status in App Store Connect.

Jacob Eiting:

The European Commision defines trader extremely broadly as any business or person “acting in his or her name or on his or her behalf, for purposes relating to his or her trade, business, craft or profession.” We are not lawyers at RevenueCat, but it seems pretty clear that if you are transacting with any European consumers, you fit this definition.

DMA Compliance: Google

Google:

Changes to Search results: We have now implemented more than 20 product changes, including the introduction of dedicated units and chips to help users find comparison sites in areas like flights, hotels and shopping. We have removed some features from the search results page which help consumers find businesses, such as the Google Flights unit.

Choice screens: When you use an Android phone, you can easily switch your search engine or browser. Under the DMA, we will show additional choice screens, which are built on user research and testing, as well as feedback from the industry.

[…]

The DMA requires gatekeeper operating systems to allow users to use third-party apps and app stores. Through Android, we already do this.

[…]

User-choice billing (known as UCB) has allowed app developers to offer their own billing system alongside Google Play’s billing. This is the fairest way to offer alternative billing, as it puts the user fully in control of their preferred transaction method, and we’re expanding the program to game developers this week.

[…]

While Google Play already allows developers to communicate freely with customers outside their app about offers or lower-cost options available on a rival app store or the developer’s website, we are adding additional options in compliance with the DMA.

John Gruber (Mastodon):

The DMA has crippled Google Search in the EU […] I presume people in the EU can still go to the dedicated Google Flights page, but just typing “PHL to SFO” on Google’s homepage or in your browser’s location field is what most people expect to work.

Robert Watkins:

Correction: Google has crippled search in the EU in response to the DMA, because they don’t want to find a way to comply with the DMA that doesn’t cripple it.

• • •

Steve Dent:

Now, Google has revealed that it will indeed charge developers even if they don’t use the Play Store, just like Apple did with the App Store. Per new details found in the Play Console help section, the company will charge two new fees:

  1. An initial acquisition fee of 10% for in-app purchases or 5% for subscriptions for two years. This represents the value Play provided in facilitating initial user acquisition.

  2. An ongoing services fee of 17% for in-app purchases or 7% for subscriptions. This covers ongoing Play services like parental controls, security, fraud prevention, and app updates.

Developers can opt out of ongoing fees after two years if users agree, but ongoing Play services will no longer apply. “Since users acquired the app through Play with the expectation of services such as parental controls, security scanning, fraud prevention, and continuous app updates, discontinuation of services requires user consent as well,” Google stated.

Michael Love:

Google’s version of DMA compliance demonstrates how much easier life is for them because they don’t restrict sideloading and third-party stores. They can treat their DMA fees as a referral commission for Google Play finding you new customers - something that’s reasonable / familiar, both in software and in many other industries - rather than as the price of shipping on Android at all.

I’m not 100% on board with this, to be clear - my company name appears in pretty much all of my top search terms on Google Play, and I suspect a very large portion of my Google Play customers were not, in fact, referred to me by Google - but it’s nevertheless far far less obnoxious than Apple’s approach.

Tim Sweeney:

Google announced its malicious compliance plans for the European DMA law: The scare screens continue, and it looks like their illegal anti-steering policy will be replaced by a new Google Tax on web transactions.

The biggest travesty is Google’s deceptively-named “user choice billing” and “developer choice billing”, designed to ensure no developer would possibly want to use them. Here, Google imposes a 27% junk fee on transactions they aren’t involved in processing.

No gatekeeper should be allowed to impose fees for services not provided. It’s a transparent exercise in self-preferencing and monopoly rent extraction.

Neither Apple nor Google has a monopoly, as normally defined, but there’s not enough competition to make them do right by customers and developers.

Tim Sweeney:

Here is the most disgusting pro-monopoly thesis yet, put forth by Apple and Google funded Chamber of Progress: government should support Big Tech monopoly maintenance, because Apple and Google can more strongly reinforce US control over information than a competitive market.

Simply put: if Apple and Google maintain absolute control over apps and channels of information dissemination, then they can act as agents of the state to control it. Whereas, if users have freedom and control over their own devices, then government censorship is harder.

• • •

Google:

Google will make the following changes to comply with its DMA obligations requiring it to show choice screens: (i) introduce a new browser choice screen during initial device setup in addition to a search choice screen on Android smartphones and tablets; and (ii) show a search choice screen on Chrome on non-Android platforms.

John Gruber:

Not clear to me why Apple did this in a software update for all eligible iPhones, but Google is only doing it for newly-sold ones.

Previously:

Update (2024-03-20): The Local France:

Now, when searching a specific address on your laptop, you will continue to see a small map in the centre of the screen, but will be unable to click on the map and be taken straight to Google Maps. The ‘Maps’ button that once appeared below the search bar, along with ‘Images’ or ‘News’ no longer appears either.

DMA Compliance: Custom External Link Designs

Apple:

Developers who’ve agreed to the Alternative Terms Addendum for Apps in the EU have new options for their apps in the EU:

  • Alternative app marketplaces. Marketplaces can choose to offer a catalog of apps solely from the developer of the marketplace.
  • Linking out to purchase. When directing users to complete a transaction for digital goods or services on an external webpage, developers can choose how to design promotions, discounts, and other deals. The Apple-provided design templates, which are optimized for key purchase and promotional use cases, are now optional.

John Gruber:

The second is a bigger concession — effectively, the elimination of mandatory Apple-designed scare sheets for link-outs to the web. It sounds like the second truly eliminates anti-steering provisions for developers who opt into the new EU rules.

[…]

That link-out screens may now contain promotional and pricing information, and don’t need to follow Apple’s templates — that’s a mere policy change too, but one I suspect Apple does begrudge. And it’s obviously something developers would want. Do you want a very plain-looking, totally unbranded screen, that emphasizes more than anything that you’re leaving the safe confines of the Apple ecosystem? Or would you like to design your own screen, in your own style, with your own emphasis? This, to me, reeks of a change at the behest of the EC.

US developers will still have to use Apple’s scare sheets.

Previously:

Wednesday, March 13, 2024

DMA Compliance: Web Distribution of iOS Apps in EU

Apple (MacRumors, 9To5Mac, Hacker News, Slashdot):

Web Distribution, available with a software update later this spring, will let authorized developers distribute their iOS apps to EU users directly from a website owned by the developer. Apple will provide authorized developers access to APIs that facilitate the distribution of their apps from the web, integrate with system functionality, back up and restore users’ apps, and more.

Apple:

Apps offered through Web Distribution must meet Notarization requirements to protect platform integrity, like all iOS apps, and can only be installed from a website domain that the developer has registered in App Store Connect.

[…]

If you’re interested in using Web Distribution, please review the requirements to qualify. Later this spring, the Account Holder of your Apple Developer Program membership can request access for Web Distribution.

[…]

Be enrolled in the Apple Developer Program as an organization incorporated, domiciled, and or registered in the EU (or have a subsidiary legal entity incorporated, domiciled, and or registered in the EU that’s listed in App Store Connect).

[…]

Be a member of good standing in the Apple Developer Program for two continuous years or more, and have an app that had more than one million first annual installs on iOS in the EU in the prior calendar year.

I see this as potentially more attractive than App Marketplaces because you don’t have to depend on another middleman. But it’s far from true sideloading. Most developers will not even be eligible, and you still have to pay the Core Technology Fee (CTF).

Benjamin Mayo:

The rules as originally written were specifically orchestrated by Apple to offer “sideloading” without offering sideloading. The rules prevented the obvious, straightforward, approach of letting a developer host a binary on their website for users to download directly to their device. Instead, A developer wanting to offer their software outside of the App Store was forced to partner with an intermediary, an alternative app marketplace in which to list their app, and then would have to somehow explain to their customers how to install said marketplace in order to install said app. It induced business relationships and a whole bunch of complexity that didn’t really have a justification to exist other than frustrating the process.

Tom Warren:

That’s a lot of hoops for developers to jump through, and it appears that Apple is limiting this to big developers only thanks to the 1 million installs requirement. Having a good standing developer account for two years may also rule Epic Games out of this particular distribution method.

Jesper:

Let’s list the additional changes that would make this offer something less than sideloading but still ultimately be somewhat palatable.

Steve Troughton-Smith:

It looks like Apple is rapidly finding out all the ‘and/or’s in the DMA were ‘ands’ not ‘ors’. Apple had bet their entire compliance plan on those being ‘ors’.

It seems like they’ve been working on this for a while but hoped they wouldn’t have to ship it.

Jason Snell:

Apple suggested that it made these changes after consultation with developers, which, okay, sure. But let’s be clear: this is very obviously the result of European regulators nudging Apple and telling the company that it hadn’t gone far enough and wasn’t honoring the spirit of the DMA.

And now we can fully see Apple’s strategy of incremental compliance, brought into action: The company announced the minimum possible and then waited to be told what else it needed to do. Now it will begin modifying those policies, as required, in order to satisfy regulators while still doing the minimum required of it, presumably hoping that it won’t get nudged by the regulators all that often.

Dave Wood:

The funny thing here is that for nearly 2 decades, Apple has driven the cost of apps down to pretty much zero. Normal users don’t want to pay for apps, and expect them to all be free. But now Apple wants to charge developers €0.50 per install!

Dan Moren:

These rules also mean that many small and independent developers likely won’t be able to opt in to web distribution—that one million threshold is still pretty high. Do those shops deserve to be restricted from developing their apps on the web?

Sarah Reichelt:

I’m not in the EU but I’m hoping for side-loading everywhere for distribution of in-house apps. This one million installs is a ridiculous requirement.

Thomas Clement:

So still not possible to make a small app and share it with friends and family :(

David Meyer (via Hacker News):

The EU’s Digital Markets Act has been in place for less than five days, and its enforcers have already pushed Apple into two humiliating U-turns. If Apple has been trying to test how much it can throw its weight around in its increasingly hilarious hissy fit over the new Big Tech antitrust law, it’s had its answer now.

Michael Love:

The requirements around this are onerous, but I actually view it as a positive sign because now instead of requiring Apple to allow sideloading and having Apple hem and haw about how tricky that is, the EU just has to tell Apple to drop the minimum download count and fee.

And the whole business about requiring at least 1M installs but then charging you after 1M installs is clearly designed to both lock out smaller developers and make this financially onerous for big ones, so I’m hopeful they do make those adjustments (and in the meantime am going to start paperwork on an EU subsidiary).

Steve Troughton-Smith:

Apple’s new clutch at malicious compliance is its requirement to “Be a member of good standing […] for two continuous years or more, and have an app that had more than one million first annual installs on iOS in the EU in the prior calendar year.”, which it has applied to web-based sideloading.

I’m sorry Apple, but my rights under the DMA don’t disappear if I have less than a million EU users on the App Store, or if I have an ‘individual’ developer account. This restriction simply won’t work.

Drew McCormack:

One thing you can say for sure about Steve Jobs is that he loved to keep things simple. 30% tax on sales. Apps, books. Simple. The latest efforts to handle DMA would make him squirm. You seriously need a decision tree to understand all the options.

Previously:

Update (2024-03-14): xroissance:

It takes 15 clicks to install an app from the web using the newly proposed Apple flow. Here’s the journey[…]

[…]

I’m amazed how Apple has intricately woven 15 actions into what appears as two straightforward sentences. The complexity hidden within simplicity often goes unnoticed.

John Gruber:

The eligibility requirement of having an app with over 1 million annual installations in the EU is a high barrier. The intention, obviously, is to limit web distribution to ostensibly trustworthy developers. But it’s sort of a catch-22: the entire feature is by definition intended for developers who want to distribute their apps outside Apple’s App Store (or anyone else’s EU app marketplace) — but the only way to qualify is to have at least one very popular app in the App Store or an app marketplace.

If this change is at the behest of the EC, via back-channel feedback, the EC is seemingly only concerned with large developers. And to me it makes no sense that this change — a huge one — came from anywhere but back-channel communications with the EC.

[…]

That it will only be available to longstanding developers with at least one million-EU-downloads app may well be completely compatible with the DMA. There’s nothing at all in the DMA about the interests of small or indie developers.

[…]

So my gut feeling is that we’re seeing Apple adopt changes in response to unofficial feedback from the EC. If so, that suggests that the things Apple isn’t changing — like the Core Technology Fee — are either OK with the EC, or, if not, that Apple is willing to fight for them.

Riley Testut :

IMO the funniest thing about these Web Distribution requirements is that I’m not eligible to distribute @delta this way…but I AM eligible to distribute an entire app store

Mark Meador:

When Apple said sideloading would lead to a bad user experience, it apparently meant that it would make it a bad user experience.

Tim Sweeney:

Compare this freak show of executive-mandated bad design to the App Store, where amazing designers make installs as easy as possible.

[…]

If developers are scared into silence while Apple and Google have literally hundreds of lobbyists employed by dozens of front organizations secretly advocating for their positions and giving money to political candidates, how do smartphone users and app developers have a chance?

David Barnard:

I genuinely think it’s lost on Apple just how scared developers are of them and of App Review. And then how that shapes the entire mobile app industry.

Downie’s Anti-Piracy Scare Tactic

dario (Reddit):

It is being reported on Reddit that Downie 4 (a video downloader app developed by Charlie Monroe Software) contains code for a popup that claims to have deleted random files on the computer as a ‘punishment’ for allegedly using a pirated/cracked version.

Here’s what it looked like.

Charlie Monroe (tweet):

During this time, I was receiving reports from people running cracked versions of my apps and it was hurtful to me and my efforts. I’ve always tried to contact those users and try to convince them to use a genuine version. Many of such users do not see the effort behind the development and that it is (in the early years) matter of survival for the company.

There were, however, users running cracked versions of Downie that used fake email addresses for their reports and even included insults in their messages. Unfortunately, my mind came up with the idea that Downie would include a list these email addresses and would show a message to these users. In what you can call lack of judgement, I’ve included a message that suggested that Downie may have deleted random files, appended with a “Or am I kidding?” question. It was meant in jest (though it was very irresponsible of me) – I would never dare touch the user’s files, no matter whether genuine or cracked version. This is a line I would never cross, whether you believe it or not.

Years have gone by and I haven’t touched this code with this message in many many years now. It was a mistake ever adding it, but it was there and I simply did not think about it anymore. If a thief keeps passing your house and you set up a booby trap and the thief stops coming around, it is entirely possible that you just forget to remove the booby trap until a visiting friend falls in.

Unfortunately, one user entered the email address 1@1.com into Downie as their email address. This email address was used in one such fake-email report. This user, however, was using a genuine version, but unfortunately, the booby trap was triggered.

Piracy is a real problem. Not only do you lose revenue (some would never pay, but some would), but part of your limited time is spent troubleshooting with users who will not pay and whose support issue may in fact have been caused by whatever was done to crack the app. On the other hand, any kind of countermeasure could accidentally ensnare a genuine customer. I believe Downie’s developer that no actual harm was ever intended, but obviously even empty threats (or jokes that might be interpreted as such) are a mistake.

Previously:

Most Subscriptions Apps Do Not Make Money

Hartley Charlton (Mastodon):

The “State of Subscription Apps” report comes from RevenueCat (via TechCrunch), a prominent mobile subscription toolkit provider. With nearly 30,000 apps utilizing its platform for monetization management, RevenueCat is able to provide a reliable overview of the subscription app landscape thanks to its data collection capabilities. The analysis delves into data from over 29,000 apps and 18,000 developers, collectively responsible for more than $6.7 billion in revenue and over 290 million subscribers.

RevenueCat found that while the top-performing 5% of subscription apps amass revenue 200 times greater than those in the bottom quartile, the median monthly revenue for apps after one year is less than $50. Only 17.2% of apps cross the $1,000 monthly revenue mark.

Paul Haddad:

Pretty sure “most app do not make money”, is also a valid headline.

Ben Sandofsky:

When I read “17% of subscriptions apps make > $1,000 a month,” I just assumed that pay-once apps are at 1%.

Nick Lockwood:

consumers have some amazing misconceptions about how software is made. I’ve seen several reviews for mobile apps over the years that claimed that since Apple/Google pay the developers to make apps anyway (?) they should be free for end users

Christian Tietze (Mastodon):

That got me thinking – my family doesn’t quite understand that I’m creating apps for e.g. Apple platforms without being an Apple employee, either.

Randy Saldinger:

Even as someone who gives software away for free, I still get comments from users who take umbrage when I don’t want to add a feature they ask for, “after I paid all that money to Apple.” It’s not often stated that clearly, but the subtext is often there.

This misconception certainly isn’t helped by Apple’s framing of App Store updates at WWDC. “Apple has paid developers 70 billion dollars!” Not “developers have earned 70 billion dollars selling on the App Store.” Not “developers have earned 100 billion dollars and Apple scraped 30 billion off the top.” But “Apple has PAID developers.”

Previously:

Update (2024-03-14): Sebastian Aaltonen:

Yeah. Technically Apple is handling the billing, but billing is not equal to making money. You don’t say that Mastercard is making your money either.

The devs are making the money and devs are paying Apple 30% cut. That’s what’s really happening.

Tuesday, March 12, 2024

Mac Stuck in Recovery After Login

After writing on my report card that all my Apple hardware was working reliably, I’ve now started having what may be hardware trouble with my 2019 Intel MacBook Pro. Sometimes, whether I’m using it or it’s just sitting there, it will let out the sneeze sound and kernel panic. This Mac has always done that, but it used to be rare and seemingly without consequences..

Now, I’ve had multiple instances where the SSV was reported as damaged and so I had to reinstall macOS.

Other times, after entering my password at the login screen, instead of logging me in it will go to Recovery. Once that happens, future boots on that same partition will keep going to Recovery. I can only log in using a different partition. The kernel panic logs show a variety of problems, from “possible memory corruption” to “panicked task” to possible Touch Bar issues, and the active processes range from WiFiAgent to WebKit.

Reinstalling macOS does fix this login problem, but it takes a long time, and eventually the problem comes back. Oddly, I’ve also found that a safe boot also temporarily fixes the problem. This was surprising to me because:

But the safe boot does allow the Mac to boot, though (until I reinstall macOS) logging in will continue to fail unless I do a safe boot every time. As I said, the login items seemed innocuous, but after manually unchecking all of them in System Settings I could then boot the Mac without safe mode. I haven’t yet bothered to bisect and figure out which login item is triggering the problem, which at root I believe to be a hardware issue.

With this workaround in place, the MacBook Pro seems to still be usable for testing the Intel versions of my apps, but I no longer really trust it as a backup Mac.

Unfortunately, it’s now gotten to the point where I have to do a safe boot every time, even with all the login items disabled. And it won’t install the macOS 14.4 update. Either with Software Update or a manually downloaded installer package, will report the update as damaged. I suspect there’s some sort of internal SSD damage, which is a shame because that’s not easily serviceable. It does work fine with semi-clean macOS installations on an external SSD, so my next step is to get a larger external SSD and make a clone.

Previously:

Update (2024-03-26): The Mac seems to work properly now that I’ve switched to booting from an external SSD. In order to get that clone set up, I needed to run the macOS installer while booted from a different external SSD. Otherwise, installing macOS on the external SSD would keep failing, seemingly because it was trying to update the recovery partition on the malfunctioning internal SSD.

Microsoft Ending Windows Subsystem for Android

Microsoft (via Hacker News, 9to5Mac):

Microsoft is ending support for the Windows Subsystem for Android™️ (WSA). As a result, the Amazon Appstore on Windows and all applications and games dependent on WSA will no longer be supported beginning March 5, 2025.

Steve Troughton-Smith:

Never depend on Microsoft for anything.

Alan Miller:

This seems like the nichest of niche products since Microsoft no longer even has Android devices of its own and most Android installs run on a different cpu architecture than most Windows installs.

Michael Love:

Glad I didn’t waste time supporting the Amazon AppStore for this. (meanwhile the case for a dedicated Windows port grows)

Also maybe helps to explain Apple’s lack of enthusiasm for Catalyst, since I assume they’re seeing some of the same apathy towards blown-up-mobile-apps-on-desktop that led Microsoft to make this decision.

Previously:

Features Lost Across Versions of macOS

Michael Schmitt:

Article Do You Use It? How TidBITS Readers Install macOS Updates - TidBITS says that “Some people even wait until Apple announces or even releases the next macOS version, under the theory that it somehow isn’t fully baked until then.”. I wait until the next major release, but not under that theory.

It used to be one reason to wait was that macOS updates have become so time consuming that I’d wait until there were just the faster security updates left. But now with the sealed system volume even the security updates are a pain.

So that leaves my primary reason: I used to look forward to classic Mac and OS X updates. That ended with OS X Lion. I think every OS X/macOS version since Snow Leopard has been worse than the one before. So, I put off the pain of lost functionality as long as possible.

You think I’m joking? Just look at what we’ve lost in each upgrade since OS X 10.6 Snow Leopard[…]

I think this is a bit harsh because each version brings improvements, too. I’m more sore about the bugs than most of the lost features. But I don’t think I’ve ever seen them laid out like this before. It’s quite a list.

Previously:

Monday, March 11, 2024

PopChar 10

Ergonis Software:

  • An improved user interface that balances classic functionality with modern aesthetics
  • Enhanced magnifier providing improved information and shortcuts for characters, making inspection and insertion of special characters more intuitive
  • New insertion modes with a single click, including support for Swift code
  • Spanish language support, broadening the tool’s international usability
  • Full compatibility with Unicode 15
  • New and easier navigation concept

PopChar 10 is priced at $34.99 for new purchases, is discounted by 50% for those with previous licenses, and is available for free for those who purchased on or after September 1, 2023.

Previously:

How AirPort Changed Everything

The Serial Port (via David Kopec):

“No wires.” This simple phrase from Steve Jobs during Apple Airport’s debut in 1999 contained more than a decade of history behind it. Follow along as we chart the perilous and unbelievable journey of wireless networking, and hear from the people that were there during it all.

Apple got them to reduce the cost of the AirPort card from $1,500 to $50 and then sold it for $99. The AirPort base station initially didn’t work because Jony Ive had selected a metallic paint, which created a Faraday cage.

Previously:

Amazon Buy Box May Not Offer the Best Deal

Ashley Belanger (via Slashdot):

Amazon rigged its platform to “routinely” push an overwhelming majority of customers to pay more for items that could’ve been purchased at lower costs with equal or faster delivery times, a class-action lawsuit has alleged.

The lawsuit claims that a biased algorithm drives Amazon’s “Buy Box,” which appears on an item’s page and prompts shoppers to “Buy Now” or “Add to Cart.” According to customers suing, nearly 98 percent of Amazon sales are of items featured in the Buy Box, because customers allegedly “reasonably” believe that featured items offer the best deal on the platform.

[…]

Authorities in the US and the European Union have investigated Amazon’s allegedly anticompetitive Buy Box algorithm, confirming that it’s “favored FBA sellers since at least 2016,” the complaint said. In 2021, Amazon was fined more than $1 billion by the Italian Competition Authority over these unfair practices, and in 2022, the European Commission ordered Amazon to “apply equal treatment to all sellers when deciding what to feature in the Buy Box.”

These investigations served as the first public notice that Amazon’s Buy Box couldn’t be trusted, customers suing said. Amazon claimed that the algorithm was fixed in 2020, but so far, Amazon does not appear to have addressed all concerns over its Buy Box algorithm. As of 2023, European regulators have continued pushing Amazon “to take further action to remedy its Buy Box bias in their respective jurisdictions,” the customers’ complaint said.

See also: Nick Heer.

Previously:

Mac Dialog in Auto Layout vs. SwiftUI

Christian Tietze (Mastodon):

On Mastodon, we had a discussion about whether you are more or less productive with SwiftUI or UIKit/AppKit. Der Teilweise (@teilweise@layer8.space) chimed in with an actual, measurable benchmark: a flexible-width window, with reflowing text, and equal-size buttons. Doable in 10 minutes. Can SwiftUI beat this?

[…]

Here’s the reference implementation on GitHub.

[…]

  • Richard Kolasa got pretty far in 6mins, but the default SwiftUI window has too much free movement :)
  • Mike Apurin points out that window resizing is hell (Code).
  • Ryan Lintott shared a solution that reflows the text and increases window height properly (Code). Uses his FrameUp library to help with the layout.

Mike Apurin:

Debating whether SwiftUI is “production-ready” in 2024 is an eye-roll argument, though. It has, limitations, sure, but what doesn’t?

“Production-ready” is probably not the right question. It is clearly being used in production. But you could look at how easy it is to make standard Mac layouts that were straightforward with the old system. In this particular example, it seems like sort of the anti-Perl: easy things made hard but possible. If you look at the SwiftUI layouts in Apple’s apps, they generally don’t sweat these details. SwiftUI started on watchOS, which doesn’t really have resizable windows and where buttons are usually full width and stacked vertically. On the other hand, there are certain types of layouts and data flow that are easier in SwiftUI.

Mike Apurin:

Sadly, the way windowResizability works makes it impossible to implement this without a GeometryReader or a Layout, and even then it’s a bit janky. SwiftUI needs something like the compression resistance priority here.

Der Teilweise:

Today I’d say SwiftUI has its pros and cons. I still doubt that it is better than UIKit/AppKit. It’s (just) different.

I like the good things about Autolayout more than I like the good things in SwiftUI. And I hate the bad things in SwiftUI passionately while I have made peace with the bad things in UIKit.

(We all thought Autolayout errors were the worst possible …)

Isaiah Carew:

there is, of course, no way to build a UI that changes with content using springs and struts. it’s all top-down constraints.

that said, here’s my quick UI:

  • keeps the buttons the same size.
  • maintains correct spacing.
  • margins don’t scale, just buttons.

there’s not much to it, so it went pretty fast.

Steve Troughton-Smith:

I added an AppKit target to the @broadcastsapp codebase just to experiment, and of 245 source files only 11 are portable All the pre-existing SwiftUI code is uncompilable, because even basic things like size classes don’t have a macOS equivalent or translation. I continue to believe that the AppKit SwiftUI target is simply a dead end and needs to be rolled into the Universal app platform instead. I don’t want to continue with this bringup experiment at all.

Jaanus Kase:

Another thing that “should be easy in macOS SwiftUI but isn’t”:

Reopening a window after closing it, with the correct position, size and split view pane sizes.

It works correctly if I quit the app and restart. Window is restored with previous metrics (automatically stored in UserDefaults).

It does not work correctly if I close the window and click on the Dock icon which opens a new window. I expect the new window to have same metrics as the one I just closed, but nope.

Khoa:

This same code runs fine on Mac but causes severe hangs on iOS

Marcin Krzyzanowski:

Not me implemented 90% of functionality with the new SwiftUI API, only to learn the missing 10% is impossible because it’s missing configuration, and now rewriting it to something else.

it’s just annoying that SwiftUI API is so very closed. one can rarely add missing piece without reimplementing a thing from the ground. That aspect is very much the opposite of UIKit etc.

I would say it’s “make easy things easy, and hard things impossible” philosophy

John Siracusa:

My SwiftUI view and its containing NSHostingView/NSWindow are not getting along, and I think it’s an Apple bug.

Marco Arment:

Seems like everyone here is stumped, just like I was.

Does SwiftUI REALLY not support basic table-cell animation after four years? I assume it’s me, not the framework…

Tanmay:

SwiftUI is terrible when it comes to reliability for building any custom interactive component. Random things just break in the next release. If you want to build fluid, interactive designs for iOS that are rock stable, stick with UIKit.

Mario Guzmán:

Still experimenting with SwiftUI for Macintosh layouts because some of the toolbar item placement options and controls just don’t have the flexibility they do in AppKit.

Luc Vandal:

Keyboard shortcuts for toolbar items not showing when holding the ⌘ key on iPad: am I doing something wrong or is it just another “not yet supported in SwiftUI” thing?

So of course the solution was obvious (sarcasm)! Adding .labelStyle(.titleAndIcon) to the Label is the way to go. So many SwiftUI dark patterns…

Jordan Morgan:

In my previous snip, I used a cheeky Threads knockoff interface to demonstrate the subject matter. It occurred to me how crazy it is that I can even do this. SwiftUI has done away with so much work that used to be pervasive in interface programming, interface builder or not.

Christian Beer:

SwiftUI is awesome for starters… just until you get some strange error on a ForEach: “Cannot convert value of type ‚[XYZ]‘ to expected argument type ‘Range<Int>’” that worked perfectly until you wrote the wrong action code in a Button somewhere.

Krzysztof Zabłocki:

So many weird bugs in SwitUI, e.g. adding contextMenu steals all touches from the underlying view instead of just around that view, thus making overlay components break underlying UI interactions…

Oskar Groth:

No macOS SwiftUI component has let me down as much as List. Just when you think you’ve got it working well, there is always some tiny issue relating to reorder, DisclosureGroup expansion, highlight or layout.

Matt Massicotte:

I’ve been doing some experimentation with SwiftUI on macOS 14. Things are working amazingly well. I have yet to find anything weird, broken, or nonfunctional. Interop with AppKit world is excellent.

Craig Hockenberry:

Here’s a surprisingly hard thing to implement in SwiftUI: a panel that contains a resizable image that looks right on both iOS and tvOS..

Collin Donnell:

Things are easier in SwiftUI, except debugging, debugging sucks.

John C. Welch:

I’ll be adding to this post as I go along as a way of documenting some of the “fun” bits of SwiftUI[…]

Clarko:

Really frustrating to spend the day reworking on macOS UI, getting it really responsive and snappy, and then the exact same SwiftUI code on iOS and iPadOS runs like sludge.

Steffan Andrews (Reddit):

Apple completely removed the ability to open the SwiftUI Settings scene using legacy NSApp.sendAction() method using the showSettingsWindow: (macOS 13) or showPreferencesWindow: (macOS 12 and earlier) selectors. The only available method of opening the Settings scene (apart from the App menu → Settings menu item) is to use the new SettingsLink view.

This presents two major restrictions:

  1. There is no way to detect when the user has clicked this button if additional code is desired to run before or after the opening of the Settings scene.
  2. There is no way to programmatically open the Settings scene.

BenedictC:

I blame the annual cycle in part for the fundamental problems in Swift and SwiftUI. There’s a proposal to add a feature for property specific inits (a bonkers idea). It exists to patch a problem with macros, which fixed a problem with property wrappers, which were added to allow SwiftUI to subvert value type semantics. I believe if Apple had spent more time dog fooding SwiftUI it would be very different. No amount of pausing to fix bugs will allow Apple to fix the fundamentals.

Christian Beer:

I still can’t get over the fact that in SwiftUI you can’t create a Table with a dynamic set of columns. And I don’t mean reordering or resizing. I mean: you can‘t use if or ForEach when creating table columns. ☹️

Christian Beer:

We’re in year 4 of SwiftUI and building a good multiplatform document based app is still hard to impossible.

Building a VERY simple document based app, with DocumentGroup and TextEditor, like the sample is easy. But doing more than that is hard: DocumentGroup with NavigationSplitView? Forget it. Customizing document creation? Forget it…

Christian Tietze:

Today is the day on which I realize:

I like working in SwiftUI more than I like building programmatic interfaces in AppKit.

It’s not even close. I’m really annoyed by all the wiring[…]

Dandy Griffin:

This chain speaks to me so much! I’m in the process of reducing SwiftUI usage in my only macOS app because it just seems to fall apart. I find AppKit tedious, but reliable, and there’s ~always~ a solution. Even hacky solutions in AppKit/UIKit never feel as fragile or hacky as SwiftUI hacks.

Sam Rowlands (tweet):

SwiftUI has really helped make Mac development more exciting (for me), and further cements how far outa the race Xojo is. At this point, I don’t think there is anything Xojo can do to catch up, but I believe they know that already.

Sure it’s not without it’s downfalls, adapting some of the work flows to the SwiftUI way, can be a massive paradigm shift, and sometimes feels like hacky spaghetti code. Alerts for instance feel unnatural, but I can see why they’ve done them this way.

Marco Arment:

Sometimes, I wonder if I’ve made a huge mistake by tackling a giant rewrite of my 10-year-old ObjC/UIKit app in Swift/SwiftUI that’ll probably end up costing me ~1.5 years of development time.

Then I try to do ANYTHING with ANY new API in the old codebase from Objective-C and UIKit.

It quickly becomes apparent that this rewrite was not much of a choice — it’s a necessity.

Sam Rowlands:

SwiftUI Mac, changing focus from one TextField to another marks the document as “Edited”, even when the text wasn’t changed in either TextField.

Christian Beer:

We achieved a lot more stable code with Swift (in comparison to Objective-C; I know it’s discussable)… but we lost so much with SwiftUI!

SwiftUI/EnvironmentObject.swift:90: Fatal error: No ObservableObject of type BottomBarViewModel found. A View.environmentObject(_:) for BottomBarViewModel may be missing as an ancestor of this view.

Christian Beer:

Theoretically SwiftUI previews in Xcode are a good idea. But if it takes A LOT longer to just view this preview than to start the app and navigate to that view, or even “Failed to launch app “XCPreviewAgent.app” in reasonable time“… it’s just not helpful.

Der Teilweise:

One of the things I hate about SwiftUI is the crappy visual editor. It’s light years behind what we had for Storyboards. It’s not even as good as the original Interface Builder was.

Even in Visual Studio (201x!) editing of Windows Forms is way better. And that, too, parses code to build the UI! Change a line of code in the *.Designer.cs, switch the view: Boom, there’s you UI.

Marcin Krzyzanowski:

I didn’t expect that, but SwiftUI.TextEditor lagging on edit for relatively short text. I can feel it lag while I’m typing letters.

Sam Rowlands:

I came to the conclusion that SwiftUI.textEditor refreshes the entire content each time, I think the same happens for TextField also. Wrapped NSControls don’t suffer from the same problems.

Marcel Weiher:

Well, refreshing everything each time is kind of the underlying model.

See also: Accidental Tech Podcast.

Previously:

Update (2024-03-14): See also: If Not Nil.

Friday, March 8, 2024

App Marketplaces Will Stop Working If You Travel Outside the EU

Benjamin Mayo (AppleInsider, MacRumors):

iOS 17.4 in the European Union brings Apple’s first operating system release that complies with the regulatory framework of the Digital Markets Act. This includes support for alternative app stores — or as Apple calls them, ‘alternative app marketplaces’ — which allows iPhone users to download apps from outside the walls of the Apple App Store for the first time.

The availability of functionality is geo-restricted to the EU only, and Apple has detailed for the first time how it detects this. But perhaps more surprisingly, it also turns out that existing app marketplaces you have downloaded to your device will stop working if you leave the EU for too long.

[…]

As long as your Apple ID origin is one of those countries, and you physically reside in them, the app marketplace features will be available.

Mysk:

This is not the case for the App Store. A German account can install apps and purchase content from the German App Store even if you’re gone for “too long”

klabb3:

IIUC this is a deliberate act of aggression by Apple - which is important to note. Apple already has regional accounts, so the infrastructure for this is in place already, for preexisting reasons. My Apple ID is still within US after months of being in the EU. They have not “kicked me out” yet.

[…]

Optically, this is the behavior you’d expect from companies that stopped innovating and are clinging onto power with the power of lawyers. It seems like an incredibly small hill to sacrifice your reputation on.

Are their long term ambitions to live off the 30% cut? Because it sure as hell appears like they’re fighting an existential battle, which doesn’t inspire confidence in their visionary leadership. Perhaps the best thing for Apple is to take away their comfort blanket, so they’re setting sights on innovation again.

Dare Obasanjo:

Apple’s VP of Malicious Compliance has been firing on all cylinders when it comes to “compliance” with the DMA.

Eric Schwarz:

Apple really doesn’t want you using alternative app marketplaces[…]

Kirk McElhearn:

Currently, you can get app updates even if you’re not in the country where your Apple ID is registered. If they shut that off, that’s very dangerous.

Peter Steinberger:

Apple will not block apps from alternative app stores, just disable updating, making it fail slowly and making it look like the vendor is bad. 👍

Jeff Johnson:

What if the app needs a security update? Apple claims this is all about security, but it’s obviously a lie.

John Gruber:

What a confusing mess this is shaping up to be.

Juli Clover:

Apple today clarified that iPhone users in the European Union can continue to update and use apps from alternative app marketplaces for a 30-day period when leaving the EU.

Oliver Haslam (Hacker News):

Whether or not that will be something the European Commission takes issue with, remains to be seen. After all, an EU citizen is an EU citizen even after they leave the EU.

Previously:

Update (2024-03-11): SheriefFYI:

“On your 31st day of international travel you lose access to security updates for some apps” is an actual threat to the security of EU users of iPhones and there’s no way to spin this as anything else.

Apple Tweaks New EU App Store Business Terms

Apple (MacRumors):

To make it easier for more developers to sign up for the new terms, we’ve removed the corporate entity requirement that the Addendum must be signed by each membership that controls, is controlled by, or is under control with another membership.

[…]

To help reduce the risk of unexpected business changes under the new terms, such as reaching massive scale more quickly than anticipated, or if you simply change your mind, we’ve created a one-time option to terminate the Addendum under certain circumstances and switch back to Apple’s standard business terms for your EU apps.

[…]

To make it easier for developers who want to create alternative app marketplaces, we’ve added a new eligibility criteria that lets developers qualify without a stand-by letter of credit.

Apple:

Do either of the following: (1) Provide Apple a stand-by letter of credit in the amount of €1,000,000 from a financial institution that’s at least A-rated or equivalent by S&P, Fitch, or Moody’s, and maintain that standby letter of credit as long as your alternative app marketplace is in operation; or (2) be a member of good standing in the Apple Developer Program for two continuous years or more, and have an app that had more than one million first annual installs on iOS in the EU in the prior calendar year.

Jeff Johnson:

Not sure how (2) is much better than (1).

Ryan Jones:

Apple just effectively lowered their commission to 20%/13% in the EU, until you’re over 1M EU downloads/year.

Steps: Opt-in. Stay in App Store. Use IAP. Pay 20%/13% instead of 30%/15%. Switch back right before you hit 1M EU downloads/yr. 🤔

Kosta Eleftheriou:

Apple warns users that they may find certain apps on alternative marketplaces that wouldn’t be allowed on the App Store, while simultaneously telling developers they’d reject such apps for any store.

Which is it, Apple?

Previously:

DropDMG 3.6.7

DropDMG 3.6.7 is a maintenance update to my app for creating and working with Mac disk image files. This version improves the reliability of positioning icons on the mounted .dmg file and includes various documentation and Sonoma updates.

Some interesting bugs were:

audioOS 17.4

Juli Clover (release notes):

With HomePod Software 17.4, Siri is able to learn what a user’s preferred media service is, eliminating the need to set a third-party app as the default or include an app name when asking Siri to play content.

[…]

Apple has removed the Home app option that let users select a default media service as a result of the new feature addition. The change brings the HomePod in line with the iPhone and the iPad, which already offer the option to provide a default music service selection to Siri when making a song request for the first time.

Previously:

tvOS 17.4

Juli Clover (release notes, security):

tvOS 17.4 updates are often minor in scale, focusing on bug fixes and other small improvements. We did not find new features during the tvOS 17.4 beta testing process.

Previously:

Thursday, March 7, 2024

macOS 14.4

Juli Clover (release notes, security, developer, enterprise, full installer, IPSW):

With macOS Sonoma 14.4, Apple is introducing new emoji characters and adding support for reading Podcast Episode text in full with search support. There are new features for Business Updates in Messages, along with a toggle for showing only icons for websites in the Safari Favorites Bar.

It seems to fix the bug I reported with Swift Regex hanging.

Pierre Igot:

Much to my relief, updating from macOS 14.3.1 to macOS 14.4 was NOT as painful as the previous couple of (minor) updates. Unlike them, it did NOT force me to restore all kinds of “privacy and security” settings.

However, after the restart, it still greeted me with the following two modal dialogs.

I have no idea what Microsoft is up to, and I’ve only been using Apple Music daily for the past SEVERAL YEARS. But whatever.

See also: Mr. Macintosh and Howard Oakley.

Previously:

Update (2024-03-08): See also: Howard Oakley.

Daniel Jalkut:

There appears to be an AppleScript regression in Safari 17.4. References to documents aren’t resolved correctly[…]

Mario Guzmán:

This is weird. As of macOS Sonoma 14.4 (23E214), Music’s Settings window now animates in like how document-based view apps do. Hey Apple… ytho?

Here I open Settings from the menu and by using the keyboard shortcut a few times after to illustrate this incorrect animation.

Jesse Squires:

Someone broke the “monochrome” style for desktop widgets on macOS 14.4

They are just black now

They used to be like a “frosted/blurred material”

Update (2024-03-14): Amber Neely:

macOS to Sonoma 14.4 is causing some USB hubs embedded in monitors to stop working and there doesn't seem to be a clear fix.

Geoff Duncan:

I am so sick of macOS and it’s inability to consistently manage any sort of peripheral.

Normally I just bitch that it can’t remember anything about my monitor setup. Now it will only communicate with USB or Thunderbolt peripherals if they’re connected and powered on when the Mac starts up. Turn them on after that? Nope, Mac won’t talk to it. Connect them after the Mac starts up (maybe connecting a flash drive or connecting to an iOS device? Nope, Mac won’t talk to it.

FWIW, this is new as of Sonoma 14.4. Connecting peripherals worked as expected in previous versions.

Roman Loyola:

As reported by MacRumors, users have also posted about their problems on the Apple Support Community, Reddit, and on social media. While many users are having problems with USB hubs, others find that any connected USB device (mouse, keyboard, etc.) stopped working.

luckman212 (via Hacker News):

14.4 (23E5180j) seems to have gimped the fileproviderctl command again. This happened before where they completely broke the command on 13.6. Feels like there’s ONE guy whose job it is to compile and keep this tool updated, and he’s on vacation half of the year.

Pierre Igot:

My problem with Sonoma and slow mounting of external volumes at startup/login seems to be getting worse. It used to be random. Now (since 14.4) it seems to be systematic. At startup/login, the Finder launches BEFORE the volumes are fully mounted, which means that if I had windows showing the contents of folders on these external volumes left open in the Finder, these do NOT get reopened.

And toolbar buttons to folders on these volumes turn into… question marks.

Update (2024-03-15): Amber Neely:

Now, it looks like macOS Sonoma 14.4 is breaking printers, too.

Reports have begun rolling in on Reddit and the Apple Community forums, where users note that after updating their Macs, they no longer could print.

According to a post on Reddit, it seems that macOS Sonoma 14.4 removes the core CUPS software, leaving no way for the printer and Mac to interface.

It may be related to Microsoft Defender.

iZotope:

Apple has recently released the macOS 14.4 Sonoma update, which has resulted in compatibility issues for plug-ins protected by PACE / iLok with Audio Units host DAWs, such as Logic Pro, on Apple silicon Macs. Users have reported encountering problems with these plug-ins following the installation of the update, including DAW crashes.

Update (2024-03-17): Roman Loyola:

While many users are having problems with USB hubs, others find that any connected USB device (mouse, keyboard, etc.) stopped working.

Some users were able to fix the problem by going to System Settings > Privacy & Security > Allow accessories to connect, and then setting it to Always. Others have suggested switching to Always and then switching it to Ask every time. Before performing these steps, you may have to disconnect all USB devices, and then after adjusting the setting, the Mac needs to restart. After that, connect the devices, which should trigger a confirmation prompt and the devices may work again.

Oracle (Hacker News, MacRumors):

An issue introduced by macOS 14.4, which causes Java process to terminate unexpectedly, is affecting all Java versions from Java 8 to the early access builds of JDK 22. There is no workaround available, and since there is no easy way to revert a macOS update, affected users might be unable to return to a stable configuration unless they have a complete backup of their systems prior to the OS update.

The issue was not present in the early access releases for macOS 14.4, so it was discovered only after Apple released the update.

[…]

The Java Virtual Machine generates code dynamically and leverages the protected memory access signal mechanism both for correctness (e.g., to handle the truncation of memory mapped files) and for performance. With macOS 14.4, programs that attempt this will now terminate instead of having the opportunity to handle the signal.

Peter Steinberger:

There are no tests, are there.

[…]

Like you build an OS, you will have basic tests to check if stuff like Java, Python etc still runs…?

Marcel Weiher:

Changing a signal that can be caught to one that cannot be caught…

Who could have predicted that would break anything?

Update (2024-03-20): Addigy (via Ric Ford):

In the release of macOS 14.4, Apple has deprecated support for several commands, including  launchctl kickstart. This update will cause all existing scripts that utilize the launchctl kickstart to fail on machines running macOS 14.4, and Apple advised using the kill command instead when attempting to restart services on macOS devices. However, in testing, the kill command has not been effective and instead, Apple recommended restarting devices to force the services to restart in lieu of the kickstart command.

This directly impacts the Addigy MDM Watchdog, which relies on the launchctl kickstart command to restart the MDM and software update processes on stuck macOS devices. When these processes become stuck, devices cannot carry out MDM-based actions and perform System Updates. As a result, the MDM Watchdog will no longer be able to restart the essential services on devices running macOS 14.4 or later. However, it should continue to function on macOS devices running an older version of the OS.

Howard Oakley (MacRumors, TidBITS-Talk, Hacker News):

I’m very grateful to JK, who has alerted me to what I can only assume is a serious bug in 14.4. In previous versions of macOS, when a file is evicted (‘Remove downloads’) from local storage in iCloud Drive, all its saved versions have been preserved. Download that file again from iCloud Drive, and versions saved on that Mac (but not other Macs or devices) have remained fully accessible. Do that in 14.4, and all previous versions are now removed, and lost forever.

Howard Oakley:

Because no backup software can back up saved versions, you won’t find them in your backups, or in copies of that file on other volumes or disks, because versions always remain local to a volume. As they don’t get copied up to iCloud Drive, you also won’t find them in its 30-day backup.

Vítor:

More stuff that 14.4 broke: searching manual pages.

Tim Hardwick (Hacker News):

Since Apple unveiled macOS Sonoma 14.4 on March 7, the transition to the latest software update has not been entirely smooth for everyone, and a number of issues have been reported by users that significantly impact their daily workflow.

This article lists the most prominent challenges users have faced since updating to macOS Sonoma 14.4, and offers potential solutions where available.

Howard Oakley:

Occasionally, at seemingly random intervals, the fans in the iMac blow, and its responsiveness suffers, just for a few seconds. Activity Monitor reveals that the process that’s suddenly consuming high CPU % at the time is universalaccessd, which is typically taking over 100% for a period of a few seconds, then drops back to a far lower percentage as responsiveness returns.

Update (2024-03-21): Pierre Igot:

More new fun since upgrading to Sonoma 14.4: Now, after some undetermined amount of uptime, all of a sudden, notifications from certain apps stop being displayed altogether, for no apparent reason, with no way to get them back that I have found so far (other than a reboot).

[…]

Example of affected app on my Mac: Amadeus Pro. But I am quite sure it’s completely random.

Jeff Johnson:

In macOS 14.4, the command-line tool /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport has been deprecated “and will be removed in a future release.”

Dave Wood:

Note also, if you use Parallels, and have a macOS guest, it becomes unusable if it upgrades to macOS 14.4. The VM will boot, you can log in, but once you do, the keyboard/mouse stop working. Likely due to the same reason you’ve listed by others, with USB peripherals not being able to connect/disconnect, and the way Parallels automatically handles that.

Update (2024-03-25): Nikhil Nigade:

Account syncing is bugged in Calendar.app on macOS 14.4

Seems like the root issue stems from the Account Services daemon (Settings.app).

Removing and adding the iCloud account back, disabling/enabling the Calendar service has no effect. It just fails to sync calendars for that iCloud account.

macOS 13.6.5 and macOS 12.7.4

Apple (full installer):

This document describes the security content of macOS Ventura 13.6.5.

Apple (full installer):

This document describes the security content of macOS Monterey 12.7.4.

Previously:

Update (2024-03-20): Sam Rowlands:

14.4 is getting attention for new bugs. I really wish Apple would just focus on fixing bugs with point updates. Safari with the recent 13.6.5 update now sometimes doesn’t work with Netflix, forcing me to use an alternative browser.

Update (2024-03-21): John Schanck:

macOS passkey support is broken [in Firefox] in macOS 13.6.5

EagleFiler 1.9.13

EagleFiler 1.9.13 makes lots of improvements to my multipurpose Mac app for organizing files, archiving e-mails and Web pages, writing notes, etc. EagleFiler has long been able to import from Evernote, converting your notes to the standard RTF file format. This version is better at extracting attached files that are embedded in the notes and preserving their metadata. With Nitter no longer working, EagleFiler no longer uses it to import Twitter URLs. Instead, when you press the capture key in Safari it will import the text of the tweets. There remain other ways to import and preserve the images and rich text from tweets.

Some interesting bugs were:

Previously:

iOS 17.4 and iPadOS 17.4

Juli Clover (release notes, security, developer):

With iOS 17.4, Apple introduces sweeping changes to the way the App Store and apps function in the European Union, paving the way for alternative app marketplaces on iPhone, alternative payment systems on iOS and iPadOS, third-party browser engine support, and NFC access for banks and third-party payment providers. These features are limited to the EU, and the changes are not applicable in other countries.

Apple did, however, make worldwide changes to gaming apps. Apple is now allowing cloud gaming apps like Xbox Cloud Gaming and Nvidia GeForce NOW. Mini games, chatbots, and plug-ins are also now able to use the in-app purchase system.

In addition to these App Store-related updates, iOS 17.4 adds new emoji characters, transcripts for podcasts in the Podcasts app, Stopwatch Live Activities, improvements to battery health reporting on the iPhone 15 models, and more.

Juli Clover:

In this article, we've rounded up everything new in iOS 17.4.

Juli Clover:

iPhone and iPad owners may want to update to iOS 17.4 and iPadOS 17.4 in the near future, as the updates address two security vulnerabilities that may have been exploited to gain access to user devices.

Rui Carmo:

Reading through this makes me realize there has been no real progress on app distribution or improvements in Apple’s App Store ecosystem regarding openness over the part decade, and that besides these changes flying in the face of EU requirements, real, live, actual sideloading is still a pipe dream–there is absolutely no way it’s become feasible for the individual user, and new app stores and browser engines are still hampered by various restrictions.

Simon B. Støvring:

With iOS 17.4 released, you can go to Settings → Face ID & Passcode → Stolen Device Protection and make the security delay required even when you are at a familiar location.

You likely have way more familiar locations than you might think, in which cause you’ll probably want the security delay to always be required.

Previously:

Wednesday, March 6, 2024

Apple Terminates Epic Games’ Developer Account Again

Epic Games (Hacker News):

We recently announced that Apple approved our Epic Games Sweden AB developer account. We intended to use that account to bring the Epic Games Store and Fortnite to iOS devices in Europe thanks to the Digital Markets Act (DMA). To our surprise, Apple has terminated that account and now we cannot develop the Epic Games Store for iOS. This is a serious violation of the DMA and shows Apple has no intention of allowing true competition on iOS devices.

[…]

Apple said one of the reasons they terminated our developer account only a few weeks after approving it was because we publicly criticized their proposed DMA compliance plan. Apple cited this X post from this thread written by Tim Sweeney. Apple is retaliating against Epic for speaking out against Apple’s unfair and illegal practices, just as they’ve done to other developers time and time again.

Phil Schiller:

We welcome all developers to the Developer Program so long as they follow the rules. Those rules, including the DPLA and the App Store Review Guidelines, are intended to protect the integrity of the ecosystem, developers large and small, and - most importantly-users. Accordingly, developers who are unable or unwilling to keep their promises can’t continue to participate in the Developer Program.

In the past, Epic has entered into agreements with Apple and then broken them. For example, you testified that Epic Games, Inc. entered into the Developer Program with full understanding of its terms, and then chose to intentionally breach the agreement with Apple. You also testified that Epic deliberately violated Apple’s rules, to make a point and for financial gain. More recently, you have described our DMA compliance plan as “hot garbage,” a “horror show,” and a “devious new instance of Malicious Compliance.” And you have complained about what you called “Junk Fees” and “Apple taxes.”

Your colorful criticism of our DMA compliance plan, coupled with Epic’s past practice of intentionally violating contractual provisions with which it disagrees, strongly suggest that Epic Sweden does not intend to follow the rules. Another intentional breach could threaten the integrity of the iOS platform, as well as the security and privacy of users.

You have stated that allowing enrollment of Epic Games Sweden in the Developer Program is “a good faith move by Apple.” We invite you to provide us with written assurance that you are also acting in good faith, and that Epic Games Sweden will, despite your public actions and rhetoric, honor all of its commitments. In plain, unqualified terms, please tell us why we should trust Epic this time.

Tim Sweeney:

Epic and its subsidiaries are acting in good faith and will comply with all terms of current and future agreements with Apple, and we’ll be glad to provide Apple with any specific further assurances on the topic that you’d like.

Mark A. Perry:

Apple recently reached out directly to Mr. Sweeney to give him an opportunity to explain why Apple should trust Epic this time and allow Epic Games Sweden AB to become an active developer.

Mr. Sweeney’s response to that request was wholly insufficient and not credible. It boiled down to an unsupported “trust us.” History shows, however, that Epic is verifiably untrustworthy, hence the request for meaningful commitments.

[…]

Given the past and current conduct of Epic, Apple cannot allow Epic Games Sweden AB to be part of its ecosystem.

Please be advised that Apple has, effective immediately, terminated the Developer Program membership of Epic Games Sweden AB.

This is now the second time Apple has said they would let Epic have their account back if they agreed to follow the rules, Epic agreed, and Apple reneged, saying it didn’t believe Epic. In this case, it seems like Apple ignored Sweeney’s offer to provide “specific further assurances,” so unless there are key parts of the communication omitted it seems like Apple’s offer was not made in good faith. There is nothing in the rules saying that you can’t criticize Apple.

Joe Rossignol:

Apple shared the following statement with MacRumors:

Epic’s egregious breach of its contractual obligations to Apple led courts to determine that Apple has the right to terminate “any or all of Epic Games’ wholly owned subsidiaries, affiliates, and/or other entities under Epic Games’ control at any time and at Apple’s sole discretion.” In light of Epic’s past and ongoing behavior, Apple chose to exercise that right.

Zac Hall:

In short, Apple is leaning on a court ruling from 2021 that upholds its ability to terminate developer accounts that violate its guidelines. That’s the legal basis for which Apple is relying upon globally — not just in the EU. As recently as last month, Epic Games accepted existing rules of the Apple Developer Program like all other developers.

Note that this ruling was in the US, and the Swedish account had not violated the guidelines.

Michael Love:

If Apple doesn’t want to have to have a business relationship with Epic, a great way to achieve that would be to do what every other platform maker has done for decades, and allow companies to distribute apps without going through Apple.

But if you insist that everything go through you then you’re obligated to treat everyone equally, even those that criticize you.

Steve Troughton-Smith:

Putting Phil Schiller in charge of the App Store is going to be a hundred billion dollar mistake that all-told leaves Apple with a pile of legal, perhaps criminal, liability and a raft of draconian regulations around the world that massively compromise the iOS experience. This was clear years ago; it is unimaginable that he’s still calling the shots.

Previously:

Update (2024-03-07): Kyle Orland:

Apple told Ars that Epic Games Sweden’s access to a developer account was granted through a “click through” agreement that was not evaluated by Apple management. Now that Apple management is aware of that approval, the company says it has terminated that agreement following the same logic that led the company to deny a 2021 request by Epic for reinstatement to the iOS developer program.

Gergely Orosz:

Dare criticize Apple and they can (and, sometimes, will!) remove you from their platform as a developer. They just did this w Epic!

I cannot remember even Microsoft being this much of a bully back in the 90s.

Apple became the very thing they fought against in 1984.

Gergely Orosz:

Apple’s explanation: Epic broke rules before. Apple gave back Epic’s dev account. But then Sweeney tweeted something. So now they are taking it back.

This is the type of reasoning I see children apply. Waiting for when the adult steps in (aka regulator).

Steve Troughton-Smith:

“But Epic broke the rules” is not a defense of Apple’s behavior. As per the EC, Apple’s developer agreement contains clauses that are now and always have been illegal. Epic ‘broke’ the terms of an illegal contract in order to, among other things, test its legality in court and in regulation. We have our answer now: Apple’s terms were illegal. Epic was right to break them. I care nothing for how much money Epic makes, how its leadership tweets, or how Epic’s deals with console makers are worded.

We are all, as developers, signed up to and subject to Apple’s illegal agreement, to the detriment of us, our families, our products and our users. And almost none of us have the resources to challenge any part of that developer agreement without risking all of the above.

Peter van Broekhoven:

Seems more like, “But Epic might break the rules in the future.”

Which is bonkers. Did we stumble into the Minority Report universe? Wait until they do, then react.

Damien Petrilli:

Apple leadership is so untrustworthy that I am starting to think that making native App is dangerous.

If Apple can kill your business for a tweet, they went from mafia level to dictatorship level.

George Broussard:

It’s clear that Apple’s actions against Epic are punitive and meant to make an example of Epic. Apple moves from benevolent overlord to Tyrant. By stepping on Epic, Apple is saying “You could be next. You will be next.” therefore silencing developers and any form of dissent.

Agence France Presse (MacRumors, Hacker News):

Apple must explain its decision to halt Epic Games’ effort to develop a competing app store for its devices, EU regulators said Thursday, as they consider whether the iPhone-maker violated any laws.

[…]

The spokesperson for the commission said it was “also evaluating whether Apple’s actions raise doubts on their compliance” with two other EU laws regulating digital players.

[…]

Apple compliance with the DSA -- a content moderation law -- means any decisions to suspend or terminate accounts must be “proportionate and in due regard to fundamental rights,” the spokesperson said.

James Thomson:

Can I simultaneously think that Epic are a bunch of chancers, while also really disliking Apple’s handling of them? Yes.

John Gruber (Mastodon):

That Tim Sweeney tweet cited as an example doesn’t seem out of line to me. It’s strident, to be sure, but we know Sweeney endorses a regulatory structure that would legally require Apple to treat the iPhone as a platform more or less as open as the Mac. We know Apple disagrees, vehemently, with that — but I don’t see how stating that viewpoint ought to disqualify Epic from obtaining a developer account.

[…]

Citing recent tweets, like Sweeney’s, that are simply critical — even scathingly critical (or to borrow Schiller’s term, “colorful”) — just makes it look like Apple’s policy is that if a developer criticizes the App Store’s rules, Apple will punish them for speaking out. I don’t think that’s Apple’s policy at all, but some people think it is, and this situation with Epic just reinforces that.

[…]

But why not take an opportunity to look magnanimous? Apple shouldn’t be expected to grovel, but this looks like they’re going out of their way to look vindictive. I really thought it would be a clever bit of public relations jujitsu to make nice with Epic, even if, in Cupertino, it was through gritted teeth.

Francisco Tolmasky:

Something missing in the Apple vs. Epic discourse is the actual customer perspective. I’m sure you don’t play Fortnite (I don’t either), but apparently it’s… pretty popular. So what matters really isn’t whether you’d “also tell them to fuck off,” but whether you want an ecosystem where what seem to be increasingly personal disputes result in products not appearing in markets. I don’t want to not be able to use Procreate if they get into a fight with Apple, regardless of who’s “right.”

Update (2024-03-08): See also: Accidental Tech Podcast.

Zac Hall (Hacker News):

After a whirlwind of events, Epic Games says Apple has reinstated their App Store developer account. The move clears the way for Epic to bring its Epic Games Store to the EU, avoiding the App Store structure altogether.

Dan Moren:

Apple, for its part, issued a terse statement, saying only, “Following conversations with Epic, they have committed to follow the rules, including our DMA policies. As a result, Epic Sweden AB has been permitted to re-sign the developer agreement and accepted into the Apple Developer Program.”

Khaos Tian:

Yeah it definitely has nothing to do with the Commission’s inquiry 😛

John Gruber (Mastodon):

Theory B: Apple is flailing erratically trying to deal with their loss of autonomy.

I vote B, because to me the real win for Apple would have been just let Epic use their Swedish subsidiary to open an iOS games store without the back-and-forth. If Apple had gone that route, the European Commission could still have taken credit for proof of the DMA’s effectiveness, and Apple would look like they’re complying graciously with the law. But the way things actually played out makes clear they’re complying begrudgingly, and, worse, plays into the worst assumptions about Apple’s institutional arrogance and vindictiveness.

[…]

How was a “priority” investigation by the EC not going to happen the way Apple played this? If Apple had just let Epic proceed from the start, they’d have looked magnanimous. They even had Tim Sweeney calling it “a good faith move”. But as it stands, Apple looks bitter, and from the EC’s perspective, in need of close policing.

Steve Troughton-Smith:

Apple’s reversal on the Epic situation is all well and good, but it doesn’t prevent this kind of thing from happening again to a smaller developer who doesn’t have a ton of PR or the ear of the EC. And it does highlight that Apple still has all the control to do whatever it wants, with little oversight, under its proposed DMA plan. They have forcibly inserted themselves in between third party app stores/payment providers and those services’ users, free to turn the screws as they wish

Update (2024-03-14): Tim Sweeney:

There weren’t any other communications on the topic between Epic and Apple either directly or thru counsel during this episode, nor between then and when Apple notified the commission they were relenting.

John Gruber:

Per Sweeney, responding to a question from me tonight on Twitter/X, that was Friday, February 9, and their account was approved on the following Monday, February 12. Epic made their public announcement that they intended to create an Epic Games Store for iOS in the EU on Friday, February 16.

That announcement, seemingly, was in fact the first time Epic’s plans came to the attention of Apple’s leadership.

[…]

The “colorful” tweets Schiller quoted and which Apple’s attorney cited were mentioned as proof that Epic hadn’t changed, not as the reason for revoking the new account.

[…]

The bottom line remains as I concluded Friday: Apple played this whole thing terribly. The automated developer program enrollment form — the one that gave Epic the impression they’d been granted express permission to proceed with building an iOS marketplace for the EU — is Apple’s. The whole App Store bureaucracy is Apple’s. (Or as Sweeney aptly called it tonight, “Apple’s App DMV”.)

Update (2024-03-17): Francisco Tolmasky:

So let me get this straight, Apple, the company that “simply didn’t realize Epic had made a new account,” is supposed to keep us safe on the AppStore?… Apple’s not even trying to pretend to be the vigilant protector of the end user anymore, huh? Once again proving that the AppStore is as “curated” and “safe” as a strip mall dollar store.