{"id":32870,"date":"2021-06-16T17:14:41","date_gmt":"2021-06-16T21:14:41","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=32870"},"modified":"2021-06-16T17:17:27","modified_gmt":"2021-06-16T21:17:27","slug":"tightening-the-mac-app-store-screws-again","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2021\/06\/16\/tightening-the-mac-app-store-screws-again\/","title":{"rendered":"Tightening the Mac App Store Screws Again"},"content":{"rendered":"<p><a href=\"https:\/\/twitter.com\/tperfitt\/status\/1400839275160158213\">Timo Perfitt<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/tperfitt\/status\/1400839275160158213\"><p>caching server utility is henceforth REJECTED from the app store. calling an apple command line tool to call another apple tool via XPC is FORBIDDEN and just because we have a TEMPORARY EXCEPTION it does not it should be USED.<\/p>\n<p>i should appeal. i literally have no idea when temp exceptions are appropriate. is it when app wants to show preferential treatment to a specific developer?<\/p>\n<p>[&#8230;]<\/p>\n<p>i call an apple tool as a normal user and get back json about caching servers on the network. i then format the data and display it to make it a useful IT tool. NOT ALLOWED.<\/p><\/blockquote>\n\n<p>I can see where Apple&rsquo;s coming from because it probably didn&rsquo;t intend this XPC interface to be public API. But it would be nice to have a clearer policy of when you can use the <code>com.apple.security.temporary-exception.mach-lookup.global-name<\/code> entitlement and when you can&rsquo;t. There are definitely apps in the store that use it (including <a href=\"https:\/\/news.ycombinator.com\/item?id=18995754\">Microsoft Word<\/a>). This particular use seems harmless, and the app sounds useful.<\/p>\n\n<p><a href=\"https:\/\/twitter.com\/mxswd\/status\/1404985178104025092\">Maxwell Swadling<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/mxswd\/status\/1404985178104025092\">\n<p>Unfortunately Apple is no longer accepting updates to Max Inspect, my app for inspecting entitlements, signing, etc. of Mac apps all in one place.<\/p>\n<\/blockquote>\n\n<p>Max Inspect also uses that entitlement and has been in the Mac App Store since 2018. Now it can no longer be updated due to an unannounced change to an unwritten rule. As far as I know, there is no other API for checking an app&rsquo;s notarization status. (<a href=\"https:\/\/mothersruin.com\/software\/Apparency\/faq.html#sandboxing\">Apparency<\/a> uses it, too.)<\/p>\n\n<p>Remember when Phil Schiller <a href=\"https:\/\/twitter.com\/benedictevans\/status\/1396811577442045953\/photo\/2\">suggested<\/a> that the Mac App Store should be the &ldquo;go-to place&rdquo; for developer tools? That can&rsquo;t happen if the existing tools get kicked out.<\/p>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2021\/05\/24\/apple-execs-on-the-mac-app-store\/\">Apple Execs on the Mac App Store<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2021\/05\/06\/whitelisted-developers\/\">Whitelisted Developers<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2020\/11\/23\/requesting-entitlements-still-broken\/\">Requesting Entitlements, Still Broken<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2018\/10\/11\/max-inspect-1-0\/\">Max Inspect 1.0<\/a><\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Timo Perfitt: caching server utility is henceforth REJECTED from the app store. calling an apple command line tool to call another apple tool via XPC is FORBIDDEN and just because we have a TEMPORARY EXCEPTION it does not it should be USED. i should appeal. i literally have no idea when temp exceptions are appropriate. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2021-06-16T21:14:44Z","apple_news_api_id":"5bb09b5f-e6fb-44f7-b78a-554eb18fa89e","apple_news_api_modified_at":"2021-06-16T21:17:30Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAg==","apple_news_api_share_url":"https:\/\/apple.news\/AW7CbX-b7RPe3ilVOsY-ong","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[4],"tags":[130,30,32,39,1891,1842,71,53,1473],"class_list":["post-32870","post","type-post","status-publish","format-standard","hentry","category-programming-category","tag-rejection","tag-mac","tag-macapp","tag-macappstore","tag-macos-11-0","tag-notarization","tag-programming","tag-sandboxing","tag-xpc"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/32870","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=32870"}],"version-history":[{"count":4,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/32870\/revisions"}],"predecessor-version":[{"id":32874,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/32870\/revisions\/32874"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=32870"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=32870"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=32870"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}