"We have forwarded your feedback to the appropriate team. Someone from that team will investigate and follow up as needed with the developer.
Because we can only share communications about an app with its developer, you will not receive updates about this matter."
It's the perfect email, they can do whatever they want, and they have an excuse why they don't need to account for it - they could let the app do whatever it want, demand it to change it's behavior or throw it out, but the one who spent considerable time researching this would never know.
Similarly, I often report problems on Google Maps since they actually send email updates about your report and tell you when it's fixed, whereas I never do with Apple Maps since they don't provide any feedback.
Having your bug get fixed is perhaps the most meaningful update possible, and that's the one you'll never get if you don't file bugs.
I get your pain, I really do. I've filed many hundreds of bug reports with Apple. And many of those never got updates, or (more often) got a single update telling me it's a duplicate. It sucks to spend a bunch of time compiling a bug report only to be told that it's a duplicate.
But many of the bugs actually got real feedback, and many of them got fixed. Sure, if I hadn't filed those bugs, maybe someone else would, so some of those would have gotten fixed anyway, but maybe not as fast, and a bunch of them probably wouldn't have been fixed at all simply because most people don't get around to filing bug reports.
However, internally they use that bug tracker for everything. If it isn't in there as a bug, it likely isn't on the "radar" to be fixed.
BTW, it is unfortunate they don't make public views of bugs available (a la openradar) but if you have an issue impacting you marked as a duplicate, it is not closed. You can both amend your issue with new information and you can request updates on the status of the primary bug.
The power of the court of public opinion is, that everything (hopefully) gets revealed instead of being confined to the opinion of a few select.
: This is mentioned in Hello World by Hannah Fry
Are you saying everyone is aware about those things?
I for one never use a Chinese app or an app that was bought by a Chinese company ever again (sorry, Opera). But I doubt 99% of the users even realize who owns these apps.
I currently use Solid Explorer due to ES File Explorer's shadiness
I think it was navigating videos and being able to hit 'Next' in-video.
Whatever the case it broke and I found a new file explorer.
VPNs are allowed and are natively supported, but I wouldn’t trust a random third party VPN.
If it were that important to me on iOS, I would host my own VPN server and just use the native support.
But honestly, I hate ad supported software. Either give me away to remove ads via an in app purchase or I’ll just delete the app.
I bought an iOS device partially because I prefer the simple transaction model of giving Apple money and they give me stuff without subsidizing the purchase price with ads and invasive tracking.
Many “VPN apps” for iOS don’t do anything special except for automatically configuring VPN settings. As the article above stated, you can do the same thing manually by going to settings.
The VPN providers can sell services off the App Store and document the manual setup process.
This is something that the sandbox model already supports, but is granted by default to apps under the default profile for App Store apps.
Really this is just an indictment of old-school massive deep tree file organisation, and of Unix file permission being too coarse-grained for what are effectively single-user computers.
I think ultimately the problem is more about trust and oversight.
However, IMHO AV software should be reviewed as such. They clearly didn’t do this. What is the point of the app store? It seems to be a proxy into sandboxing, but it’s hardly useful if there’s no review that the sandbox is effective, and the sandboxing would be more useful decoupled from the app store so that you can sandbox arbitrary apps. If the controls are there, it’s not obvious.
This is changing in macOS Mojave so that databases for things such as email and contacts are inaccessible except through the proper APIs, which present a prompt asking for access.
But you have to use Wayland, sanboxing is pretty useless with X11, since it does not provide GUI isolation.
1) Apple's app review is nigh useless security theater.
2) The App Store is easily manipulated with fake reviews to boost malware.
3) Apple's approved channels for vulnerability reporting are low priority, opaque, and unresponsive.
4) Apple acts (and swiftly) only upon media attention.
It's not useless, it serves the vital purpose of allowing Apple to strong-arm companies when Apple wants to compete with them. :/
Well, since the HN story doesn't rely on the fact that no other apps exist with that capability, and actually uses that fact to make its point, I'm not sure what you're trying to use their existence to prove.
"since other apps still get to do this, it's clear the policy change message was BS."
The post said
Since other apps still get to do this, it's clear the policy change message was BS. I've suspected a lot has had to do with Apple's ambitions in the streaming space and their desire to be in a position to offer bundling and other over the top services.
There are literally dozens of cross platform streaming apps on iOS. There has been no policy change. Apple would be more than happy to take a 30% cut on a cross platform streaming service.
So, your argument is that because some apps exist now with this behavior, the claim that some apps do or did experience unwarranted attention and extra requirements for non-policy and technical reasons must be false? I'm not sure I follow that reasoning.
I’m definitely not willing to believe that he was singled out because Apple wants to build thier own streaming app seeing that they will already be competing with dozens of other providers on thier own platform when thier streaming service comes out.
I believe that due to the numerous stories I've heard about the review process arbitrarily holding up some apps and not others, since they very beginning, and the fact that I believe large companies have lots of internal politicking and divisions competing and managers pulling rank to affect outcomes that the app review process is not always purely policy and technically driven, especially since there's essentially no negative consequences to apple for being arbitrary.
I think we just have differing view on the likelihood of certain outcomes and how they combine into a likelihood of the specific outcome in question, so we'll probably just have to agree to disagree.
As a small time dev with limited resources, Apple is my least favorite company to deal with.
I honestly cannot take seriously any complaints about having to have a Mac to make Mac apps. How on earth are you testing if you don't have the platform you're supposed to be targeting?
I mean, I understand having to have a Mac to develop for a Mac, but having to have a Mac to develop for iPhone is just Apple being Apple.
> I honestly cannot take seriously any complaints about having to have a Mac to make Mac apps. How on earth are you testing if you don't have the platform you're supposed to be targeting?
The point is that you don't have to buy dedicated hardware for the other two big platforms (Windows, Linux). The fact that this restriction is essentially arbitrary makes cross-platform developers reasonably annoyed.
The programs allegiance is always with the people who write it (exploitable bugs aside). Either you trust those people with the permissions you give them or you don't give them those permissions. How can Apple know who to trust? How can the end user?
With sufficiently robust and constrained permissions, it wouldn't be out of the realm of possibility to offload the process to trusted third parties. If I could subscribe to Consumer Reports App Review, which was an app that itself was given some access to see binary signatures of installed applications, a robust third party review ecosystem could develop.
If applications were also given the capability to subscribe minimally to resources they require (e.g. this app will access foo.example.com, and bar.example.com, and otherwise interact with registered sharing handlers through the OS), etc, we could be a lot more assured of an application not secretly spiriting away our data, at least if we cared to pay attention.
Alas, neither app store is willing to throw away the billions of dollars in app sales they make, so while we might get more granular permissions over time, we'll likely never be allowed out of our walled gardens. "For our own good", of course.
After which apps will get an update where they first send your data to app-website.com where their own servers will secretly spirit away your data
That's how stock ratings work, to my understanding. There are problems, of course, but for the most part, it works out. If any one ratings company does a poor job, they lose public trust, and another one is always ready to compete. In the current setup, Apple is the ratings companies for their platform, and if you don't like the job they do, sucks to be you if you want or need to use Apple for some reason.
Just because the garden has a wall doesn't mean that anybody's tending the roses.
"You can sell and distribute your apps with Safari Extensions to customers worldwide on the Mac App Store. To submit, sign in to App Store Connect. For information on creating Safari Extensions for the Mac App Store, see the Safari App Extension Programming Guide."
If an app needs that type of permission on the Mac sell it outside of the App Store.
Can we talk about this problem? Amazon gets a lot of attention for questionable reviews but Apple hardly gets any backlash from consumers or the media.
I note on the relevant Apple page for developers (https://developer.apple.com/design/human-interface-guideline...) that the following guidance is given:
Ratings and reviews help people make informed decisions when considering whether to try out your app. Positive ratings and reviews can mean more downloads of your app, and customer feedback gives you insight into real world usage that helps direct future development efforts.
Delivering a great overall experience is the best way to encourage positive ratings and reviews, but it’s also important to ask for feedback at appropriate times. Keep these considerations in mind when asking people to rate your app.
Ask for a rating only after the user has demonstrated engagement with your app. For example, prompt the user upon the completion of a game level or productivity task.
Nowhere on that page are there any prohibitions against asking for five-star or positive reviews, and indeed, it's quite easy to find examples of high-profile apps asking for five star reviews, including Amazon (see example on the bottom of this page: http://leanmedia.org/amazon-removes-reviewer-emails-profiles...).
It's not hard to see the damage done by inflated or bogus user reviews: The unwary are more likely to download them, as is the case for this top-ranking utility sending browser history back to China.
The value of the review can be diluted by encouraging reviews from actual users. Here, however, the user can't review behavior that is concealed.
I asked him if his Mac was a Windows box from the 1990's.
DaisyDisk's App Store version has similar sandboxing limitations and a similar workaround. It's an app designed to scan your whole hard drive and show you how your space is used, but by default it doesn't have permission to access the drive at all. So to run the first scan you have to indicate to the OS that you want the application to be able to read your hard drive, IIRC by dragging and dropping the volume onto DaisyDisk.
For an antimalware app, of course users are going to grant it permissions. There's no point in buying that if you're going to keep it in a sandbox where it can't look at your system.
True that will limit what types of apps can be distributed on the Mac App Store. But I am okay with that. On the Mac, they can distribute their app outside the store. I would love to be able to tell my mom. Don’t trust any app outside of the store and make it hard to download outside of the store.
What about other browsers?
See here for a better summary of the feature: https://apple.stackexchange.com/questions/332673/what-and-ho...
From my own experimentation in Terminal.app in Mojave, ~/Library/Safari is unreadable without granting permission, but I can read everything under ~/Library/Application Support/Google just fine.
Probably Apple should expose a way for applications to register their data to be included in the protected data set.
The only real impact on Apple’s bottom line would be for the entire store to become so infested, relative to competitors, that people jump ship and stop buying expensive Apple hardware out of frustration. Apple is at least observant enough to avoid that; they’ve kept their store clearly better than competing stores but none of them is necessarily a great experience.
I strongly suspect that the convenience of payment processing is the primary reason for developers to put up with Apple’s too-random screening systems. If Apple were required to open up app payment processing to any number of payment services, and if they were relying on trusted 3rd parties to certify apps (perhaps based on category), we would see a very different app experience.
Distributing reviews to different authorities would also be hard. For example, if you had “security experts” handle screening for apps in a certain category, somebody could just write a sneaky app in a different, weakly-reviewed category to make it through the net into the store. Apple would almost have to create secure subsets of their entire API in line with app store categories, e.g. “you can’t even use network-access APIs for apps in this category” would be a very useful restriction. The other nice thing about this is that Apple would finally be free to not need certain expertise in-house; e.g. if you don’t have enough good people on staff who are qualified to assess the security risks of an app but you can find a trusted 3rd party that can, you can hire them to be that trusted authority and we can stop assuming that Apple is the best at handling everything by itself.
Then what's the point of the sandbox on the mac?