Apple is allowed to share data among its apps. Third-party app developers are allowed to share data within their apps. If third-party developers want to share data with _other_ third-party developers (aka the advertising ID), then they need the explicitly request permission. It is fairly straightforward.
Because they directly negotiate deals with those companies that other smaller players can’t negotiate. The App Store is largely a “these are the rules for everyone” minus a few small exceptions.
So it just has to wait until you’re about to do a legitimate operation requiring authentication, intercept that to export the key, and cancel the real one with a bogus error (and you’ll just try again without any second thoughts).
MacOS has also no concept of secure desktop/etc where the OS can use some privileged UI to explicitly tell you what you are signing and prompt for PIN/biometrics. It’s in fact a well-known problem where legitimate dialogs for system/Apple ID password have no distinguishing features from fake ones.
Generally dialogs that require sensitive input provide some way for the user to ensure they are issued by the OS and not a random program. Windows historically used the Secure Attention Key (that's why domain-linked machines used to require pressing Ctrl+Alt+Del to login, to train users to only enter credentials in secure contexts) which is a key combo that the OS always intercepts and thus once pressed you can be assured you are typing into a trusted UI and not a piece of malware emulating the trusted UI.
Of course, this was back in the day when computers were primarily a productivity tool and not an ad delivery vehicle, so it's unlikely this problem will ever be solved.
The original claim was that the compliance was done for malicious reasons to change the law. Another possibility is that lawyers are a cautious bunch and advise their clients to take a less risky option when implementing a legal requirement. From personal experience, I would saw that latter is much more likely and would also explain why government agencies interpret these rules the same way when developing their websites.
So what happens if it ends up being nil? How does your app react?
In this particular case, I would rather crash. It’s easier to spot in a crash report and you get a nice stack trace.
Silent failure is ultimately terrible for users.
Note: for the things I control I try to very explicitly model state in such a way as I never need to force unwrap at all. But for things beyond my control like this situation, I would rather end the program than continue with a state of the world I don’t understand.
Yeah @IBOutlets are generally the one thing that are allowed to be implicitly-unwrapped optionals. They go along with using storyboards & xibs files with Interface Builder. I agree that you really should just crash if you are attempting to access one and it is nil. Either you have done something completely incorrect with regards to initializing and accessing parts of your UI and want to catch that in development, or something has gone horribly, horribly, horribly with UIKit/AppKit and storyboard/xib files are not being loaded properly by the system.
A good tool for catching stuff during development, is the humble assert()[0]. We can use precondition()[1], to do the same thing, in ship code.
The main thing is, is to remain in control, as much as possible. Rather than let the PC leave the stack frame, throw the error immediately when it happens.
> Silent failure is ultimately terrible for users.
Agreed.
Unfortunately, crashes in iOS are “silent failures,” and are a loss of control.
What this practice does, is give me the option to handle the failure “noisily,” and in a controlled manner; even if just emitting a log entry, before calling a system failure. That can be quite helpful, in threading. Also, it gives me the option to have a valid value applied, if there’s a structural failure.
But the main reason that I do that with @IBOutlets, is that it forces me to acknowledge, throughout the rest of the code, that it’s an optional. I could always treat implicit optionals as if they were explicit, anyway. This just forces me to.
I have a bunch of practices that folks can laugh at, but my stuff works pretty effectively, and I sleep well.
Crashes are silent failures but as I mentioned: you can get a lot of your crashes reported via the App Store. This is why I prefer crashes in this situation: it gives me something actionable over silent failures on the client.
And you will find the problem very early if you crash. You are much less likely to find the problem if you don’t.
What have you found useless about the crash reports from the App Store? It would be really nice for it to have something like a breadcrumb capability, but typically the stack trace of the crash is sufficient to see what went wrong.
No(t yet). It's a slimmer version of the existing JSON API that's similarly only used by homebrew/core and homebrew/cask for now, mainly because they are so huge that using Git for this had very poor performance.
But their employees collectively do. I know this is not the approach the US court system decided to humor, but there's no way around journalists' rights.
The Constitution doesn't grant rights, it binds the government. The first amendment is a law that disallows the government from taking actions to infringe on any human's inherent rights, be they individuals or in a group.
It's about the dichotomy. If the NY Times has First Amendment rights then Pfizer does.
That annoys people because Pfizer is going to advocate for things some people might not like. But that's the cost of a rule that makes it so the NY Times can advocate for things other people might not like.
I'm curious what you think "Congress shall make no law [...] abridging the freedom of [...] the press" means, in this case. Did you just not know what the actual text is, or ... ?
You see the reading “the press” as meaning some organization of people. You take it for granted that the freedom of the press applies to a business entity like the NYT and also to an individual blogger or any other person creating a publication.
The idea that people can come together to form cooperative groups and can use those to exercise rights through the idea of personhood is such a normal and legally settled idea.
The New York Times (the corporation, as a legal person) has the right to freedom of the press, not just individual humans who work there. This is good, because it means the entire institution is protected. Not only is the government forbidden from arresting the humans for operating the printing press, it’s also forbidden from sanctioning the corporation for hiring humans to operate the press. In other words, freedom of the press applies to corporations (eg. the Times) as well as human persons. I think you and the commenter you responded to both agree on the fundamental claim here, although you might disagree about the semantics of whether “corporate personhood” is a good way of describing this concept.
I think you’re generally correct about the function (“the press” is both Joe/Jill Journalist and the NYT), but I think you’re giving GP’s comment a much better reading than I can.
Can you be more specific? What would it mean for the New York Times (the corporation) not to be protected by the first amendment? The government can sue the New York Times Company for what it prints as long as the government doesn’t prosecute the humans who work there?
The existence of corporate personhood has been settled law in the United States for over a hundred years, and all nine current Supreme Court justices agree with it. There’s controversy on exactly where it applies, with cases defining the boundaries of what rights corporate persons have. I don’t think the example I’m giving here is likely to be contentious.
Ok, there’s the terminology used by the legal community (including all nine justices on the Supreme Court) and then there’s people who dislike the terminology because they saw a misleading speech about the issue on the Daily Show.
A restriction on government (as the First Amendment language is phrased) is not the same thing as an individual right. There are plenty of cases where a restriction is in the law, but only a very limited set of entities has standing to sue to enforce it. You could imagine such a case with regard to the First Amendment if we didn't have the corporate personhood doctrine.
I have no idea what that has to do with my comment or the one I responded to. The freedom of the press is guaranteed by the first amendment. The NYT doesn’t suddenly lose “rights to it” if it’s not seen as a person.
“Corporate personhood” is irrelevant, in this comment chain, and is just a way to take a swipe at an ostensibly left-leaning org in order to turn this into a team sport.
This is heavily dependent on whether the app is using a WKWebView, in which the app developer has almost total control over the experience or SFSafariViewController, which essentially provides a mini-Safari with back/forward/reload/reader mode buttons with a button in the lower right hander corner that takes you to full Safari. In the latter case, the app developer has very little customization and cannot see or really control what is happening inside of the web view.
You have it backwards: whether an app injects tracking is not a result of whether they use WKWebView of SFSafariViwController. Rather, if they want to inject tracking, they _will_ use WKWebView.
