Search Results for: "mac app store"

Transmit 5, the Mac App Store, and Privileged File Operations bitsplitting.org

Cabel Sasser of Panic:

But here’s something you might not know: the reasons we never put Transmit 5 in the App Store. They’re simple. We weren’t sure we could provide a good-enough Transmit experience under the stringent sandboxing security the App Store requires. And frankly, we weren’t sure Apple cared that much about the App Store on the Mac.

Since then, a lot has changed. macOS Mojave gave us a significantly improved App Store that caters to professionals like yourself and seems to treat apps with respect. And sandboxing has evolved enough that Transmit can be nearly feature-parity with its non-sandboxed cousin.

So, as we promised at WWDC: it was time to give this another go.

You can now get Transmit 5 on the Mac App Store!

But, there’s a twist…

The twist is that the Mac App Store version of Transmit is an annual subscription of about $25, instead of the $45 flat cost of buying directly from Panic. I have mixed feelings about that; I’m glad a one-time payment option is still available because, if I were still building websites full-time, I wouldn’t want a critical part of my workflow to evaporate if I unsubscribed. However, I can see the benefit from both Panic’s perspective, as well as for a user or agency that can consistently budget for the software.

There’s one more thing about the Mac App Store version that’s unique, and it’s how it encourages some flexibility in MacOS’ sandboxing.

Daniel Jalkut:

I downloaded Transmit even though I own a copy of the direct-purchase version. I wanted an answer to my question, which I got, at least partially, by dumping the application binary’s “entitlements”, which represent the sandboxing exceptions that the app has received.

New to me among the entitlements is “com.apple.developer.security.privileged-file-operations”, which is a boolean value set to true for Transmit. I don’t see any Google results for this key, so I’m assuming it’s something new that was added for Panic (and maybe BBEdit), and which may or may not be documented in the future for use by other developers.

Apple has a form on their developer site to request the privileged file operations entitlement.

Reading the Tea Leaves

In contrast to most WWDCs I can remember, the mood surrounding this year’s conference seemed more anxious, with developers’ excitement for learning the future of Apple’s platforms muted by a blockbuster Mark Gurman report late last year:

Starting as early as next year, software developers will be able to design a single application that works with a touchscreen or mouse and trackpad depending on whether it’s running on the iPhone and iPad operating system or on Mac hardware, according to people familiar with the matter.

What that meant nobody seemed to know. I think Gus Mueller reflected on it well:

What about the crux of the article, that Apple is working on a shared UI framework between iOS and MacOS? I wouldn’t find it surprising. I could also see it being written completely in Swift (though personally I’d rather it be in Obj-C for maximum interop with existing frameworks).

But history is filled with cross platform UIs and write once run anywhere dreams. None of them turned out insanely great.

John Gruber corrected the latter sentence:

My only quibble with Mueller’s piece is that “None of them turned out insanely great” is way too generous a description of write-once/run-anywhere application frameworks. Most of them are terrible; none of them are good. Or at least none of them are good from the perspective of what makes truly native Mac and iOS apps good — which isn’t everyone’s perspective, but is certainly Apple’s.

Then, in a discussion on Rene Ritchie’s Vector podcast, Gruber said:

We don’t know if it’s good news or bad news. Bad news would be literally just like being able to run the equivalent of what you see in the iOS simulator. Just have a little rectangle shape of an iPhone or an iPad that runs in a window. Every click is like a simulated touch, and that’s it.

Anybody who’s ever tried running an app, like an iPhone app, in the Xcode simulator, it’s a great feature for debugging, but it’s horrible for using. It’s because it just doesn’t mesh with the mouse-and-keyboard paradigm of the Mac. It never feels right to do that.

In a gradient of garbage-to-great, that’s at the rotten end of the scale: a Mac app that’s a simulated iOS app — one that feels like it’s simply running on the wrong platform.

The best possible iteration of shared code between iOS and Mac apps is something that would be invisible to users. It would feel entirely native when running on either platform: an NSButton becomes a UIButton on iOS, for example; perhaps a UISplitViewController turns into a NSSplitView on MacOS. Save and open commands trigger the iOS equivalents instead of MacOS sheets. Stuff like that. It should be something that makes life easier for developers building cross-platform apps, and which users simply do not see any more than whether an app is built with Objective-C or Swift.

On the Mac side, especially, that means building software that adheres to well-established platform expectations. Becky Hansmeyer published a terrific and lengthy list, and I’ve excerpted a few items from it here:

  • Touch Bar support

  • Contextual menus

  • Tooltips

  • Multiple windows

  • File system access

  • Scroll bar elasticity

  • Drag and drop support

These — and many others — are the ingredients that make a true Mac app. But there’s something not on Hansmeyer’s list that I think is just as important, which is the feel of an app. That is: an app could, theoretically, support all of the ingredients on Hansmeyer’s list and still not feel like a Mac app — though I can’t think of an app off the top of my head like that. It is likely that you may find an app that somehow doesn’t feel right on MacOS and only then discover that it’s missing one or more of the features on this list.

The inverse can also be true and, I think, is more likely: an app may be missing a few of the things on Hansmeyer’s list, but it may still have that feeling of a good Mac app. Cultured Code’s Things, for example, doesn’t really allow user interaction with the file system, but it has long felt like the most polished todo app for the Mac. Aperture still feels like more of a Mac app than Lightroom ever will. All of Panic’s Mac apps feel like the best possible iteration of an app for the genres in which they reside.

A cross-platform framework must somehow preserve this Mac-specific quality for MacOS apps, even if the underlying code is shared with an iOS version. Each version of an app should be completely correct on each platform, even if they have shared code. To make an odd comparison, it’s sort of like tea. Now, I’m not a big tea drinker but, as best as I understand it, white, green, and black tea all come from the exact same plant. The differences in colour and flavour are based on when the tea is picked and how long it is aged, but it’s still the same leaf. Ideally, that’s what cross-platform apps are: individual, but with shared origins.

The first four apps that Apple has brought to end users based on their UIKit-for-Mac framework are nothing like this ideal. At their absolute best, they are passably lazy ports of their iOS equivalents; at their worst, as with Home, they sit comfortably near the ass-end of that garbage-to-great scale.

Actually, that’s a little unfair of me. Home, on my Mac, shows exactly the same inescapable error as it does on iOS. I cannot fully judge it. However, screenshots of the app in Andrew Cunningham’s review of Mojave clearly display an iOS app in a MacOS window frame, right down to the spinning “tumbler”-style picker controls. Its full screen view is completely hilarious.

The other three apps Apple has ported from iOS so far — Stocks, News, and Voice Memos — are slightly better, but not by much. They are, quite literally, scaled up and then scaled back down iOS apps, with a handful of MacOS-converted controls. The scaling is noticeable, particularly in text and fine-lined graphics like sharing icons; it looks cut-rate and sloppy. Touch Bar support is reportedly non-existent. These apps do not look or feel at all like real Mac apps. Recall that Notes and Reminders were brought to the Mac in Mountain Lion after being on iOS for years: both look like their iOS counterparts, but fit reasonably well in the MacOS environment — Notes far more than Reminders. Or look at Photos for a more robust and capable app that started life on iOS.1

But that’s not what was shipped in the public version of Mojave. I didn’t want to complain about the state of these apps prior to release because I didn’t think that was fair — plenty of bugs were fixed as the release date drew nearer. Unfortunately, they didn’t become any more Mac-like. That would be fine if these were one-offs, but Apple is planning on releasing this framework to developers just next year, and the initial results are not promising. They remind me of the janky apps you’ll find at the top of the free chart in the Games section of the Mac App Store. I worry that this will be increasingly common now that directly porting an app from iOS is something that is seemingly officially sanctioned, and I’m not the only one. These apps are not ready.

Or, here’s an even worse situation: maybe Apple does consider these apps ready. Surely they figured they were good enough to bundle preinstalled in the latest public update to MacOS. Are these the model apps for third-party developers to aspire to when they get to start porting their apps next year? I certainly hope not.

To be completely fair to the engineers who clearly worked hard on this framework, cross-platform porting probably does represent the future of a segment of Mac apps, unfortunately, and these particular examples are absolutely functional. But they’re still pretty much just tech demos — proofs of concept. Maybe these apps were shipped to an impossible deadline. I’ll tell you who I absolutely feel bad for, though: all of the hardware engineers who worked tirelessly to cram bright, high-resolution, and battery-friendly displays into Apple’s notebook lineup, only to see them draw a bunch of blurry text and horribly-scaled graphics.

Whatever the case, the fact is that these apps have now shipped, and they’re awful examples for the rest of the developer community to follow next year. Maybe — hopefully — this framework will become far more robust and closer to the ideal or, perhaps, start something new. I dread the possibility of a day a few years from now where we must navigate Mac apps this poor the way we do for Electron apps today and Java apps a decade ago. This piece is not about that future, though; it’s about today and the four apps brand new to the Mac. They are no good.

  1. Photos even implemented something like a rudimentary version of this cross-platform framework by way of UXKit. Whether that was part of the same development track or parts of it made their way into the framework that will be released to developers, I don’t know. ↥︎

Purported Security Apps in the Mac App Store Found to Be Stealing User Data blog.malwarebytes.com

Thomas Reed of Malwarebytes, with a small collection of apps available on the Mac App Store that exfiltrate user data:

It’s blindingly obvious at this point that the Mac App Store is not the safe haven of reputable software that Apple wants it to be. I’ve been saying this for several years now, as we’ve been detecting junk software in the App Store for almost as long as I’ve been at Malwarebytes. This is not new information, but these issues reveal a depth to the problem that most people are unaware of.

We’ve reported software like this to Apple for years, via a variety of channels, and there is rarely any immediate effect. In some cases, we’ve seen offending apps removed quickly, although sometimes those same apps have come back quickly (as was the case with Adware Doctor). In other cases, it has taken as long as six months for a reported app to be removed.

In many cases, apps that we have reported are still in the store.

These are exactly the kinds of things I expect the app review process should catch before apps like these and the aforementioned Adware Doctor make it into the store. The Mac App Store should, if nothing else, be a place for any user to find safe software. Ideally, it’s also one with high-quality, useful, top-tier apps, but security and privacy ought to be the baseline.

(Thanks to Anthony Reimer.)

Apple Removes Adware Doctor From Mac App Store for Covertly Sharing User Browser History buzzfeednews.com

Nicole Nguyen, Buzzfeed:

[Security researcher Patrick Wardle], who shared his findings with TechCrunch, found that Adware Doctor requested access to users’ home directory and files — not unusual for an anti-malware or adware app that scans computers for malicious code — and used that access to collect Chrome, Safari, and Firefox browsing history, and recent App Store searches. The data is then zipped in a file called “history.zip” and sent to a server based in China via “adscan.yelabapp.com.” Two independent security researchers confirmed to Motherboard that Wardle’s report was accurate.

In his blog post, Wardle noted, “The fact that application has been surreptitiously exfiltrating users’ browsing history, possibly for years, is, to put it mildly, rather f#@&’d up!”

Security researcher Privacy 1st tweeted that they initially contacted Apple about the Adware Doctor issue on Aug. 12.

One of the theoretical advantages of the Mac App Store — or any app marketplace with a review process — is that spyware like this could be caught before it is published. Yet Adware Doctor has been in the Mac App Store for years and it could have been pilfering user data for any amount of that time. Apple was even notified about it last month, but it was not removed until today. Either Apple dropped the ball hard here, or there’s something missing to explain why it was apparently not a high priority investigation.

Safari Extensions Deprecated in Safari 12; Developers Told to Switch to Safari App Extensions developer.apple.com

It’s not all good news coming out of WWDC this year:

Support for .safariextz-style Safari Extensions installed from the Safari Extensions Gallery is deprecated with Safari 12 on macOS. Submissions to the Safari Extensions Gallery will no longer be accepted after December 2018. Developers are encouraged to transition to Safari App Extensions.

That’s not just for users, either — all old-style Safari extensions are deprecated:

Support for developer-signed .safariextz Safari Extensions in Safari 12 on macOS has been removed. They no longer appear in Safari preferences and cannot be enabled. On first launch users will receive a warning notification and these extension will not load.

Well, that’s a bummer — I still use a handful of older-style extensions that have no modern equivalents that are quite as simple. JS Blacklist is one of my favourite pieces of software because it allows me to block problematic scripts rather than ads more generally. There are content blockers available on the Mac App Store, but nothing quite as refined. But this isn’t a surprise; the writing has been on the wall for old-style extensions ever since Apple’s developer tiers were changed three years ago.

MarsEdit 4 red-sweater.com

Daniel Jalkut:

Big news today: MarsEdit 4 is out of beta and available for download from the MarsEdit home page and the Mac App Store. This marks the end of a long development period spanning seven years, so it’s a great personal relief to me to finally release it. I hope you enjoy it.

MarsEdit 4 brings major improvements to the app including a refined new look, enhanced WordPress support, rich and plain text editor improvements, automatic preview template generation, and much more.

I’ve been using MarsEdit 4 betas for several months and I love the improvements in this version — particularly, the new Safari extension. Jalkut has created a very clever trial scheme; I highly recommend you take advantage of it if you have a blog and have never tried MarsEdit before. It’s terrific.

MacOS Reportedly Vulnerable to Keychain Exfiltration Bug forbes.com

Patrick Wardle of penetration testing firm Synack posted a short video of this security hole in action. In short, it appears that the only requirement is for the user to download and execute an unsigned application; after that, the user’s Keychain is dumped in plain text.

Thomas Fox-Brewster of Forbes spoke with Wardle about the vulnerability:

“Most attacks we see today involve social engineering and seem to be successful targeting Mac users,” he added. “I’m not going to say the [keychain] exploit is elegant – but it does the job, doesn’t require root and is 100% successful.”

That’s a hell of a combination.

This is being described in several places as a High Sierra-specific problem. It isn’t; Wardle has clarified on Twitter that other versions of MacOS are also vulnerable.

Update: Wardle has also stated on Twitter that signed apps could potentially be vehicles for distributing this malware, too — it’s not difficult to imagine a circumstance similar to last year’s incident when ransomware was briefly attached to copies of Transmission.

Roman Loyola of Macworld got a statement from Apple on this:

“macOS is designed to be secure by default, and Gatekeeper warns users against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app without explicit approval. We encourage users to download software only from trusted sources like the Mac App Store, and to pay careful attention to security dialogs that macOS presents.”

Users are inundated with dialog boxes and security warnings — surely Apple knows that very few people actually read them.1 And, again, I stress that this malware could be attached to a totally legitimate signed app. Apple could invalidate the developer’s certificate if something like this were to be discovered in the wild, but that doesn’t mean that the security issue doesn’t exist. They have to be working on a fix for this, too, right?

  1. The only effective way I’ve seen of presenting security warnings is the one that Safari displays when you try to visit an address marked as a possible phishing domain. It requires the user to click the “Show Details” button and actually read the text to find the link to visit the site. ↥︎

Panic Launches Transmit 5 panic.com

It’s a big day for Panic because they’ve just launched Transmit 5, the first new x.0 version of Transmit since 2010. And, because of the app pricing climate of 2017, they are pulling out all the stops to assuage the inevitable complaints:

Q: Is there an upgrade discount?

A: No, it’s one price for all customers. (Fun fact: it’s been seven years since we last charged for an update to Transmit!)

I’ve used half a dozen file transfer clients over the past few years — due to various circumstances out of my control — and none come anywhere close to the elegance, quality, reliability, or speed of Transmit 4. Transmit 5 promises to be even better. The regular price of $45 probably isn’t an impulse buy for a lot of people, but if you rely on file transfer for your job, I can think of no better app.

Also, check out the sweet spinning truck at the top of the app page, if you need something to fidget with today.

Update: One more thing. Sasser:

Q: Is it in the Mac App Store?

A: No, just from us. This allows us to distribute a demo which we think is extremely helpful for people considering Transmit. (We’ll constantly re-evaluate the Mac App Store, though, and hope to return.)

I suspect there are other reasons why Transmit isn’t in the Mac App Store, but — as a well-known high-quality indie app — it’s the kind of app you’d think would be perfect for the App Store. The reality of the App Store begs to differ.

Cultured Code Launches Things 3 macstories.net

I’ve been using Things as my primary todo app for as long as I can remember, and it has always been a well-designed and thoughtful app from good people. But the last major version of Things was launched in 2012 and, any way you cut it, that’s a really long time ago for any piece of software. It’s a testament to how good the app is that I — and many others — have stuck with it for so long.

And, now, there’s a new version. I’ve been using Things 3 on all my devices for a while and it’s amazing. I can promise you that this is one of the best-designed apps to grace any Apple platform in a very long time — not just the way it looks, but what it does.

Ryan Christoffel, MacStories:

As with many other task managers, you’ll find a plus button in the bottom area of the screen to add new tasks. But in Things for iOS, that button has a special name: the Magic Plus Button.

In one of the most clever methods of task entry I’ve seen, the Magic Plus Button can be dynamically moved around the screen as a way to add additional data. While its default location will always be the lower right corner, the button can be dragged and dropped into different spaces of the app to do different things. Tap and drag the button into your list of projects to create a new project. Drop it into a list of tasks in Today to create a new task in that exact spot. Drop it into the Inbox icon that appears in the lower left corner to create the task in your Inbox. And, my personal favorite, when viewing your Upcoming list, drag and drop the button on to the day when that task needs to be acted on, and you’ve just assigned its start date.

The idea of a persistent button floating in the lower-right sounds very much like it’s pulled from Google’s Material Design guidelines, but it doesn’t feel that way. Cultured Code has clearly given a lot of thought to the way the Magic Plus Button should work, and its visual appearance is a reflection of that — not the other way around. My favourite little tip for this button: drag it to the left side of the screen within a project to create a section.

There’s lots more to love, like calendar integration and the redesigned Areas function, but at its core, it’s still Things. That means bulletproof sync, lots of little details, and a stubborn refusal to compromise their vision for what apps like this should be. I really like this set of updates.

I’ve written frequently here about supporting developers, the race-to-the-bottom of the App Store, and the lack of good apps on the Mac App Store. Cultured Code bucks the trend of reducing the price of their apps or introducing a subscription model, and these apps are better for it. Supporting good developers comes at a real monetary cost: $10 for the iPhone app, $20 on the iPad, and $50 on the Mac. But if a great task management app is what you’re looking for and you don’t want a company doing sketchy stuff with your data, Things might be worth the investment for you. I know that it is for me.

‘Dok’ Malware on MacOS blog.checkpoint.com

Ofer Caspi of Check Point Software:

People often assume that if you’re running OSX, you’re relatively safe from malware. But this is becoming less and less true, as evidenced by a new strain of malware encountered by the Check Point malware research team. This new malware – dubbed OSX/Dok — affects all versions of OSX, has 0 detections on VirusTotal (as of the writing of these words), is signed with a valid developer certificate (authenticated by Apple), and is the first major scale malware to target OSX users via a coordinated email phishing campaign.

Once OSX/Dok infection is complete, the attackers gain complete access to all victim communication, including communication encrypted by SSL. This is done by redirecting victim traffic through a malicious proxy server.

Glenn Fleishman, Macworld:

Apple confirmed that Gatekeeper wasn’t bypassed. That developer certificate has been revoked, which will prevent it launching in the future without a warning. Apple has confirmed that it updated XProtect, its silent malware signature system, to ward it off as well. There’s no indication about how many users might have been infected, as Check Point’s research team encountered it in the wild.

The malware is only able to execute its payload by requiring the user to jump through a lot of manual steps — including, of course, typing an administrator’s password. MacOS requires administrator-level privileges on a semi-regular basis; a user might type their admin password into a prompt at least a few times every week without really thinking about it. As much as all of us are aware that we shouldn’t open sketchy email attachments, we should also be very cautious of any request for a system admin password.

Fortunately, Apple has an existing asset that would make the Mac far more secure: the Mac App Store. Apps there are vetted and, because of the store’s rules, would never ask a user for an admin password. If the Mac App Store were part of a healthier ecosystem, I think more users would see it as their first choice and, consequently, be more concerned when any app requests an admin password.

The Life of Apps Outside of the Mac App Store weblog.rogueamoeba.com

A couple of weeks ago, I linked to Jeffrey Johnson’s account of Underpass, his new app, charting in the Mac App Store with a single sale. I wrote:

Of note, most of the apps ahead of Underpass are third-party implementations of popular iOS apps like Instagram, WhatsApp, and Facebook Messenger. And, at number thirteen in the Top Grossing chart, Apple’s long-outdated FaceTime app. That doesn’t sound like a healthy ecosystem.

Underpass is available exclusively in the App Store. Now, I want to look at the opposite of that situation. In the past two months, two other developers have shared their accounts of taking their apps out of the Mac App Store.

First, here’s Bogdan Popescu, writing one hundred days after Dash was removed from the App Store:

All of Dash’s App Store revenue has migrated to direct sales, with a slight increase.

[…]

Most of the App Store users of Dash 3 have migrated their license to the direct version. I was able to use the in-app notification mechanism I had to let them know about what’s going on so that they don’t get cut off from the app they paid for.

Paul Kafasis of Rogue Amoeba, writing about selling Piezo outside of the App Store for a full year:

The Mac App Store previously made up about half of Piezo’s unit sales, so we might have expected to sell half as many copies after exiting the store. Instead, it seems that nearly all of those App Store sales shifted to direct sales. It appears that nearly everyone who would have purchased Piezo via the Mac App Store opted to purchase directly once that was the only option. Far from the Mac App Store helping drive sales to us, it appears we had instead been driving sales away from our own site, and into the Mac App Store.

Remarkable; yet, judging by the condition of the Mac App Store, unsurprising.

The Mac App Store could have been a golden opportunity for developers. In a hypothetical world, having Apple handle credit card processing, automatic updates, quality assurance, and curation, plus putting their marketing muscle behind the store — all of these factors could have made developers happy to give up 30% of their potential revenue. But the large number and aggressive types of limitations required for apps in the store combined with Apple’s rather lax quality controls has made the Mac App Store a combined flea market and glorified Software Update utility.

Charting on the Mac App Store With a Single Sale lapcatsoftware.com

Jeffrey Johnson recently released his new encrypted chat app Underpass on the Mac App Store, and noticed something funny — it was charting:

That’s right, 1 unit sale for $0.99, giving me $0.70 after Apple’s 30% cut. The 18th top paid social networking app sold 1 unit, and the 29th top grossing social networking app made $0.70 for the developer.

If one sale puts a developer’s app reasonably high on the Mac App Store charts, that doesn’t say a lot for the Mac App Store. Of note, most of the apps ahead of Underpass are third-party implementations of popular iOS apps like Instagram, WhatsApp, and Facebook Messenger. And, at number thirteen in the Top Grossing chart, Apple’s long-outdated FaceTime app. That doesn’t sound like a healthy ecosystem.

A Wish List for the Mac App Store dancounsell.com

Dan Counsell:

Don’t get me wrong, the Mac App Store does a lot of things really well. One reason devs keep putting their apps in the store is that Apple takes away a lot of the mundane tasks, such as payment, licensing, and updates. The MAS has a huge built-in audience, making it a convenient and easy one-stop shop for developers to list their apps, and it makes getting paid easy since Apple handles the payments side. It also handles security fairly well, so there’s less risk of malware infecting users.

But after five years of working within Apple’s strict regimen of rules and guidelines, a lot of great developers struggle with the restrictions placed on them which too often throttle usual business practices for selling software. As a result, many makers of popular apps have made the decision pull their software from the Mac App Store (or simply don’t bother submitting them at all) and sell them outside it.

A few of the items in Counsell’s list could apply equally to the iOS App Store as well: getting rid of in-app purchases on free apps, for instance, which makes many free apps feel like “trial” or “lite” versions, something which is expressly prohibited by the rules of both stores.

But the simple fact is that many apps just don’t need the Mac App Store. Developer tools and utilities are more commonly found outside the store, often because of reasonable sandboxing restrictions. Most major game developers have their own “app stores,” whether they release via Steam or EA Origin, for instance, though many do release through the App Store as well. Big names like Microsoft and Adobe have their own distribution mechanisms, so they don’t need the store either.

As far as I can see, the only apps that take well to the Mac App Store — aside from Apple’s apps — are single-purpose lightweight consumer utility apps. For instance, a while ago, I was trying to find an audio A/B testing app. After fruitlessly scouring the web for probably half an hour, I tried the App Store and found a couple of decent contenders.

Take a look at the top 180 paid apps in the Mac App Store. Subtract anything from Apple, and what you’re generally left with are the lightweight utility apps I mentioned above — Weather Live, ForkLift, a Mac WhatsApp client, a period tracking app, and a notepad app — some crappy iOS app ports, Microsoft Office template packs, and a few games. That isn’t very confidence-inspiring, is it?

Dash App Removed From Mac App Store blog.kapeli.com

It’s high time that Apple made up for a recent dearth of dumb App Store rejections and removals.

Bogdan Popescu:

Yesterday I sent Apple a request to migrate my account from an individual one to a company one. Once I verified my company with its D-U-N-S Number, they notified me that some features in iTunes Connect won’t be available during account migration.

A while later my iTunes Connect account started showing as “CLOSED” and my apps were removed from sale. I thought this was normal and part of the migration.

Today I called them and they confirmed my account migration went through and that everything is okay as far as they can tell. A few hours ago I received a “Notice of Termination” email, saying that my account was terminated due to fraudulent conduct. I called them again and they said they can’t provide more information.

This is clearly a mistake, but it’s causing real impact to Popescu’s livelihood, as he’s the sole developer of Dash. To make matters worse, poor communication from Apple’s developer relations team — something we’ve discussed many times before — is preventing him from understanding what happened or what he can do to fix it.

Update: Popescu just updated the post with some followup from Apple developer relations:

Apple contacted me and told me they found evidence of App Store review manipulation. This is something I’ve never done.

Apple’s decision is final and can’t be appealed.

Either something is awry with Apple’s automated processes for detecting fraudulent reviews, or someone is screwing with Popescu. Regardless, a final decision from Apple with no opportunity for recourse is indefensible, as far as I’m concerned. The Mac App Store has been an awful place for developers for a long time; this is not making it better.

Phil Schiller, in an email to 9to5Mac reader Matthew Els:

I did look into this situation when I read about it today. I am told this app was removed due to repeated fraudulent activity.

We often terminate developer accounts for ratings and review fraud, including actions designed to hurt other developers. This is a responsibility that we take very seriously, on behalf of all of our customers and developers.

I don’t see why Popescu would lie about his alleged involvement in manipulating reviews. Dash is a widely-used and highly-regarded developer resource.

Joel Cieplinski:

The accusation from Apple of “repeated fraudulent activity” is a pretty serious one. Not sure we’re getting close to the whole story here.

MacOS Sierra sixcolors.com

Available now on the Mac App Store — remember the Mac App Store? — MacOS Sierra brings Siri to the Mac, allows you to offload storage of old files to iCloud, and adds Apple Pay to Safari, amongst miscellaneous updates and improvements.

There’s absolutely no replacement for John Siracusa’s legendary reviews, but Andrew Cunningham and Lee Hutchinson at Ars Technica have put together a very comprehensive review that’s worth checking out, featuring a particularly deep-dive into Apple’s new file system.

Stephen Hackett’s review is also very good — in particular, his explanation of pinned Siri results:

All conversations with Siri have a small button with a plus symbol. Clicking it opens Notification Center (which now sports a white theme to match iOS) and adds Siri’s results to the top of the stack of widgets.

Here’s the clever bit: the content of these is constantly being updated by the system.

This leads to all sorts of possibilities. Creating a widget during a sports game would keep the real-time score just a swipe away. Creating a Twitter search with a keyword can help you keep updated on what people are saying about your brand. The possibilities are nearly endless.

It’s a little frustrating that this kind of stuff is gated behind a spoken Siri command. Not only does this require talking to your computer — a task which I still find a little bit weird — it also means that the computer must interpret what you’re saying absolutely perfectly for this feature to be of any use. Siri remains not accurate enough for my liking, even on the Sierra betas; so, while I’ll try it out on my Mac, I’m not sure I’ll use it regularly.

Meanwhile, when Jason Snell tried the new iCloud storage optimization feature, he found it working like many of Apple’s other iCloud products:

Here’s what happened: I was editing a podcast in Apple’s Logic Pro X, and my project was stored on the Desktop. All of a sudden, the voice of one of my podcast panelists simply vanished from the mix. I quit and re-launched Logic, only to be told that the file in question was missing. Sure enough, a visit to Finder revealed that Sierra had “optimized” my storage and removed that file from my local drive. I’ll grant you, the file was a couple of weeks old, and very large as most audio files are. But I was also actively using it within a Logic project. Apparently that didn’t count for anything?

That’s not good. The automated storage features in iCloud have been a mixed-bag: iCloud Photo Library has worked perfectly for me so far, but iCloud Music Library has been fairly unreliable — so much so that I refuse to enable it. I doubt I’ll be touching the storage optimization feature in Sierra for a while.1

Michael Tsai notes some ongoing bugs in the GM, including a fix for a slow WiFi connection. As usual, upgrade with caution; be sure to make a full, verified backup.

  1. Especially since I upgraded to a 1 TB SSD in my MacBook Air a few months ago. If you’ve been hesitating on upgrading your SSD, you should know that prices have come way down. ↥︎

(Kind Of) Clarifying App Store Subscriptions macworld.com

Macworld received confirmation from Apple that the new in-app subscriptions will — theoretically, at least — be open to all apps. “Content” and “service” subscriptions are just two examples of the kinds of subscriptions that apps could conceivably offer.

However, it’s not entirely clear what criteria Apple will use to determine whether a particular app should be allowed to use a subscription model. Glenn Fleishman:

But Apple also stressed that not just every business model will pass its muster. Unlike with periodicals and streaming media apps, which are allowed to have no content or use without a subscription, apps in other categories will need to ‘make sense.’ As Apple notes on the What’s New page, ‘the experience must provide ongoing value worth the recurring payment for an auto-renewable subscription to make sense.’

We don’t yet know precisely how Apple will evaluate that, and uncertainty is bad for developers. Schiller also promised much faster app review turnaround for developers, but speed doesn’t matter if an app doesn’t meet Apple’s test, and Apple doesn’t yet offer formal advance review of app features or business model. (We have heard of developers discussing features more broadly, but informally, with developer relations staff.)

Poor communication between Apple and developers — and, in the case of the expired Mac App Store certificates earlier this year, between Apple and customers, too — has been the root cause of many of the App Store’s most significant controversies since its inception. I think a lot of developers are going to want Apple’s stance on subscriptions to be absolutely solid before they attempt to integrate it into their own apps.

Introducing Safari Technology Preview webkit.org

Think WebKit nightlies, but with fewer bizarre bugs and much iCloud-ier. Ricky Mondello writing on the official WebKit blog:

Safari Technology Preview is a standalone application that can be used side-by-side with Safari or other web browsers, making it easy to compare behaviors between them. Besides having the latest web features and bug fixes from WebKit, Safari Technology Preview includes the latest improvements to Web Inspector, which you can use to develop and debug your websites. Updates for Safari Technology Preview will be available every two weeks through the Updates pane of the Mac App Store. […]

Unlike the nightlies, Safari Technology Preview supports the full set of iCloud-based Safari features, including iCloud History and iCloud Tabs. And we’ll use the time between Safari Technology Preview releases to curate and test updates to a point where we think developers will find it practical to use as their primary browser.

I stopped using WebKit nightlies after Safari got a bunch of iCloud-specific things — especially iCloud Keychain — but this sounds great. Looking forward to using this regularly, because I need less stability and more purple icons in my life.

By the way, I’d just like to point to the Mac App Store review guidelines:

2.6 Apps that are “beta”, “demo”, “trial”, or “test” versions will be rejected

Just in case you thought you might be able to get away with this, as a third-party developer. Not that you did, of course.

Interestingly, the app is available via the web, but updates are delivered through the Mac App Store. I always wondered what it would be like if third-party developers didn’t have to use frameworks like Sparkle and could instead pipe their updates through Apple’s official software update channels.

Update: If you’re downloading this, remember to set your preferences as you’d like them and add your extensions — the tech preview doesn’t migrate anything from Safari. The Develop menu is, of course, switched on by default.

The App Store’s Golden Opportunity wsj.com

Christopher Mims, Wall Street Journal:

There is a second reason why iPad sales fell 23% in the fiscal year ended September 2015, from their peak two years earlier: Apple has put onerous constraints on the makers of software whose apps are key to the success of the iPhone.

“Whenever my friends say, ‘Denys, we want to make money on the App store,’ I spend a lot of time trying to tell them not to do this,” says Denys Zhadanov, head of marketing for Readdle Inc., a Ukraine-based company that has had best-selling productivity apps on the App Store since the store went live in 2008.

Mr. Zhadanov says Apple makes it hard for developers to connect directly with users, or to encourage them to buy upgrades. This means app makers can’t reach users through mailing lists, critical to generating repeat sales and marketing other software and services.

As a result, apps that Readdle first released in 2009 generate no additional revenue from the company’s most loyal users. Readdle says the lifetime value of those customers can be as little as $2.

Mims followed up on Twitter:

A very experienced iOS developer told me Apple is talking directly to devs about how to fix the app store’s issues since forever

That fact was anonymously confirmed by a source who would know. So perhaps in the next 6 months we’ll see big changes in the App store.

Picture a number line, of sorts, with the Apple Watch at one end and the Mac at the other, with the iPhone and iPad equally spaced between. Along this gradient of — for lack of a better word — capability, the first three products are treated similarly in terms of their ability to add third-party apps, insomuch as that they all run through the App Store. The Mac is the exception, in that it can run apps from wherever.

Apple would like to move the iPad’s needle closer to the Mac, and I think that’s terrific. But one thing that seems fairly clear is that the number of complaints with the App Store increases with the capability of the product. The Mac App Store is a dreadful place for developers, but at least they can make their apps available elsewhere. Perhaps one of the ways to make the iPad more like a Mac would be to increase its flexibility with installing third-party apps.

Older OS X Installers Are Affected by App Store Certificate Expiration tidbits.com

Josh Centers, TidBits:

The Apple Worldwide Developer Relations Intermediate Certificate is required for all apps in the Mac App Store, including OS X installers. When used to sign an app, the certificate enables OS X to confirm that the app has not been corrupted or modified by an attacker. This certificate expired on 14 February 2016, causing error dialogs and preventing some apps from launching. Most apps affected have already been updated with the new certificate. But if you downloaded an OS X installer in case of trouble, you may be in for a surprise the next time you try to use it.

If you previously downloaded an OS X installer as a safeguard, be sure to re-download it soon — before you need it.

The New Way of Bypassing Gatekeeper: The Same as the Old Way arstechnica.com

Hey, remember that crazy simple Gatekeeper exploit from September?

The hack uses a binary file already trusted by Apple to pass through Gatekeeper. Once the Apple-trusted file is on the other side, it executes one or more malicious files that are included in the same folder. The bundled files can install a variety of nefarious programs, including password loggers, apps that capture audio and video, and botnet software. […]

“If the application is valid — so it was signed by a developer ID or was (downloaded) from the Mac App Store — Gatekeeper basically says ‘OK, I’m going to let this run,’ and then Gatekeeper essentially exits,” Wardle told Ars. “It doesn’t monitor what that application is doing. If that application turns around and either loads or executes other content from the same directory… Gatekeeper does not examine those files.”

Apple said that they patched the problem after it was discovered, but they did a lousy job. Dan Goodin, Ars Technica:

Patrick Wardle said the security fix consisted of blacklisting a small number of known files he privately reported to Apple that could be repackaged to install malicious software on Macs, even when Gatekeeper is set to its most restrictive setting. Wardle was able to revive his attack with little effort by finding a new Apple trusted file that hadn’t been blocked by the Apple update. In other words, it was precisely the same attack as before, except it used a new, previously unblocked Apple-trusted file.

“Your vault is really insecure with all of those wide open windows. Let me show you by pointing to this one right here.”

“Okay, we’ve closed that one. Job done.”