Apple Now Rejects Electron Apps from Mac App Store (david.dev) 124
Mac developers are reporting that apps made using Electron (which is a framework that allows companies to ship web apps in a native app wrapper) are now being rejected by the automated Mac App Store review process. From a report: The apps in question are getting flagged because of their usage of private API calls. These API calls are not in the app itself, but part of the underlying Electron framework. The detected private API symbols include:" CAContext CALayerHost NSAccessibilityRemoteUIElement NSNextStepFrame NSThemeFrame NSURLFileTypeMappings." Apparently, the Electron framework has used these APIs for years. What has happened is that Apple has upgraded its server-side app review processes to detect more violations of its App Review guidelines, and now this private API usage is being identified. Individual Electron app makers are a bit helpless as the issue can only really be fixed by pushing changes in the Electron code itself. It does not appear that Electron is doing anything extreme, certainly nothing malicious. App Review doesn't care about why an app is using private API, it's a hard and fast rule (at least in theory).
Good (Score:5, Insightful)
This generation of developers should learn how to write proper programs, not glorified webpages that hog resources and increase attack surface.
What common API? (Score:3)
This generation of developers should learn how to write proper programs, not glorified webpages
What's the non-web API to give "proper programs" a graphical user interface across all popular desktop and mobile operating systems? Is Qt still the best practice to reach users of Windows, macOS, X11/Linux, Android, and iOS without inflating costs fivefold?
Re: (Score:2)
Re: (Score:2)
I'm having trouble discerning the intent of your laconic statement. Please clarify. Are you calling it good practice to turn prospective users away with "Sorry! This application is not available for your operating system"?
Re: (Score:1)
Re:What common API? (Score:5, Insightful)
What's the non-web API to give "proper programs" a graphical user interface across all popular desktop and mobile operating systems
A web site. You literally don't need an app in this case.
Platform features that browsers do not yet expose (Score:2)
You literally don't need an app in this case.
An application implemented as script on a website cannot interact with with platform features that browsers do not yet expose to script. And whenever a browser publisher proposes exposing such features, such as Web Bluetooth [slashdot.org] and the Native File System API coming to Chrome [slashdot.org], there's a huge uproar on Slashdot that websites ought not to have access to these features.
Re: (Score:1)
yeah, don't use a web app that allows this access, install a native app instead that allows this access.
don't know if you realize how stupid that sounds.
Re: (Score:2)
Re: (Score:2)
i was being sarcastic. read the thread.
App that costs more than a computer (Score:2)
And what's so stupid about not wanting to do the same work to replicate the same experience on multiple platforms? What is the down side?
First, a cross-platform application will never optimal experience on all platforms.
Second, if a seat of a license for a proprietary application or the peripheral required to use that application costs more than an entry-level computer, you can bundle an entry-level computer with the application. For example, the developer of a peripheral to turn an iPad into a cash register can go iPadOS-exclusive and include the price of a base model iPad in the advertised total cost of ownership.
Re: (Score:2)
There are people who think JavaScript web apps should never have existed, that the web is for static documents and form-driven web apps and the OS's package manager is for applications.
Re: (Score:3)
Re: (Score:2)
The most famous Electron app is Atom
Please tell me you're not holding up Atom as some shining example. The thing is so buggy that I gave up on it almost immediately. I don't care about bloat in a text editor - I care about speed and efficiency and the thing just working right when I need it to. Maybe that's not because of Electron.
That's not the problem here nor what I'm even referring to. The problem is that every business wants to have an "app." They don't know why they want an app. They don't offer functionality, just content. So th
Re: (Score:2)
I don't care about bloat in a text editor - I care about speed and efficiency
Once you start thrashing swap, bloat saps your "speed and efficiency".
Re: (Score:2)
>The most famous Electron app is Atom
No, the most famous electron app is called "circling in a quantum probability wave around the nucleus". It's been popular in this universe since a few seconds after the big bang.
RAM use of HexChat vs. Skype (Score:2)
sure, we could write programs more efficiently, but we don't, and the truth is there's no evidence that Electron applications are particularly bad here
HexChat, a client for the standard Internet Relay Chat protocol, uses one-tenth the RAM of the official desktop app for Skype, Slack, or Discord. As far as I'm aware, the biggest advantage of using Skype, Slack, or Discord for text chat instead of IRC is not having to pay for a VPS to run a bouncer to log your channels.
Re: (Score:1)
Re: (Score:2)
Considering the most popular Electron app is VS Code, and its main competitor is SublimeText which also works on every major OS WITHOUT being bloated? Yeah, there are alternatives. If a single dev can do it, why can't hordes of developers all working together?
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
If you change the UI, you change the experience.
And I care about that because? Why would I want to experience of a mouse driven GUI when I’m on a touch screen phone? Why would I want a Windows experience when I’m using a Mac?
Re: (Score:2)
Re: (Score:2)
Why should I even know what is what operating system I'm using if I have an app full screen?
Because your muscle memory for accelerator keys is Command for a Mac or Ctrl for anything else.
For the inconvenience send out and plug in a mouse in you can accomplish two hours worth of touchscreen work in 15 minutes.
Would you recommend that everyone who currently uses a smartphone instead carry a laptop everywhere to use while sitting on the floor?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Why would I want to experience of a mouse driven GUI when I’m on a touch screen phone?
I'll answer the question about the extremes once you answer the following question about the means:
What should differ about an application's UI between a 12 inch laptop and a 12 inch tablet with a keyboard and trackpad connected?
(For this reason, from now on, I'll try to remember to say "iPadOS" instead of "iOS" when discussing cross-platform applications.)
Why would I want a Windows experience when I’m using a Mac?
Because "Sorry! This application can't run on your Mac" is even worse than a Windows experience.
Re: (Score:2)
The tablet doesn’t have a track pack or keyboard.
Then explain the Type Cover for Surface or the Smart Keyboard for iPad Pro.
Because "Sorry! This application written by a lazy developer can't run on your Mac" is a better experience than a Windows experience.
What steps should a lone developer without access to venture capital take to become no longer lazy?
Re: (Score:2)
If you don’t have the resources to support more than one platform then you only support one platform.
And this one platform would likely end up being the one platform with the greatest reach, which is the web platform. There is more ROI in supporting the web platform than, say, macOS alone unless you need specific OS integration features that the web platform currently fails to provide. The benefit of users of operating systems other than macOS being able to use the application at all outweighs the detriment of macOS users not getting the optimal pure-Cocoa experience.
Re: (Score:2)
We're sorry...
This comment is not available for your operating system.
[ Buy a Windows PC | License Windows for a VM ]
Re: (Score:1)
Re: (Score:2)
If a user has made several poorly received comments in the past, the user's future comments will start at oblivion.
Re: (Score:2)
Re: (Score:3)
Why would you say that? Someone might consider their simple app taking longer to load and using more resources than a 90’s operating system to be a FEATURE. /s
Re: (Score:2)
In "native", what is the name of the call to open a window?
Re: (Score:1)
Re: (Score:2)
Why are you trying to open a window in a platform that doesn’t use windows?
I was using "a window" in a broad sense to also include a full-screen activity, as seen in iOS, iPadOS, and Android. These senses would be comparable to a "maximized window" on Windows, macOS, or X11/Linux. And even with "window" in the narrow sense of occupying a proper subset of the display, the multitasking features of iPadOS (Slide Over and Split View) and Android 7 and later for tablets (multi-window mode) can run an application in a window, much like Windows, macOS, or X11/Linux.
So let me rephrase: In
Re: (Score:2)
What's "the correct way" for one team to learn five native desktop or tablet platforms and produce and release one application for each such platform without spending a lot of time turning away users for happening to have the wrong platform?
Re: (Score:2)
If the developer of every network-connected application you use regularly were to do it right, a lot of applications that are currently freemium would instead be subscription. How much would you pay per month for the use of a native Slashdot client?
Re: (Score:2)
Left-clicking "Reply to This" exposes Slashdot's D2 as an application, as D2 uses nontrivial JavaScript.
Re: (Score:2)
new JWindow().setVisible(true);
Works on basically every platform, but I guess that was not what you where seeking.
Re: (Score:2)
I know JWindow is available in the Swing library that comes with OpenJDK for Windows, macOS, and X11/Linux. But is a library available for iPadOS and Android to implement the JWindow class? If so, which?
Re: (Score:2)
Actually yes, you can run Swing on Android, and there are some weird projects of iOS, too, like Avian VM. BU in the later case i doubt they ported Swing. There are some attempts to port the new Java GUI library, JavaFX (has nothing to do with the JavaScript like programming language with the same name).
Re: Good (Score:3)
Web pages are actually pretty efficient. Ad networks are not.
Re: (Score:3)
Electron is not efficient.
Re: (Score:2)
At it's core, it's V8- which in terms of execution cycle overhead, is pretty fucking efficient as far as language VMs go.
Blows python out of the water with a nuclear torpedo, that's for sure. Perhaps we should ditch that, too?
Re: (Score:2)
Yeah, I'm not sure why Electron is such a pig. It shouldn't be, but it is. V8 itself is pretty good, although javascript does seem to lend itself to misuse.
Anybody who writes anything computationally intensive in Python is doing it wrong. Python's greatest strength is the collection of efficient compiled computational libraries, and a bunch of ways to very easily write your own if necessary.
Re: (Score:2)
But I use a couple of lightweight Electron apps, and they're snappy as hell.
Sure, they have a pretty large overhead in shared libraries... But then again, doesn't everything these days? I mean hell, gnome-terminal requires about 800MB of resident
Re: Good (Score:2)
Re: (Score:2)
The original Mac with 512 kB of memory effectively swapped to floppy disk to access resource forks of the different programs you were running at the same time (meaning cooperatively, not preemptively, an insanely great technology which eluded Apple for seventeen long years—ahh, sweet seventeen, and only yesterday you were a twinkle in my eye).
Since you couldn't really fit two large programs on the same floppy disk, every
Re: (Score:2)
How would using a web based "framework" increase the attack surface on my Mac?
The only way would be a backdoor in the framework, and that has nothing to do with "web technology" or anything else.
Re: Good (Score:2)
Re: (Score:1)
You have to wonder why these are being used (Score:3)
The interesting thing to me is, why is a cross-platform framework like Electron even using these API's?
The UI's they preset are less, not, complex than most native apps. It would have taken extra work to even find these other calls to use, than to simply use the UI frameworks that are there... how did these end up being used?
Re: (Score:2)
Probably allowing for some interaction between the web page and the device itself, possibly in ways that browsers would not allow. Still that list is weird, it does look more like layout presentation layer stuff. CAContext CALayerHost NSAccessibilityRemoteUIElement all sound like iOS draw code. The other stuff I am not so sure about.
Re: (Score:2)
The Electron Framework is written in C/C++/Objective C.
It can access anything it wants without using "private" APIs.
Re: (Score:2)
Electron is bundling chunks of Chromium I think, and they are using it to do partial frame updates in order to increase performance without spinning up your fans. They are using those APIs because apparently macOS doesn't provide APIs to update part of a frame. Mozilla wrote up a good article on it as they just implemented it in Firefox (though I guess they might revert that!)
w00t (Score:1)
Re: (Score:1)
The normal apps I use do not have this problem.
Re: (Score:1)
Re: (Score:2)
errr... steam has _always_ been a web page, ever since its first release. it used mshtml.dll, which is internet-explorer's html rendering engine. now they ported it to electron with a significantly more efficient layout engine, significantly more efficient javascript JIT, cross-platform, basically better in every way.
if it's sluggish, it has nothing to do with the underlying tech.
Re: (Score:2)
It's not using Electron, it's using CEF, which is another library derived from the Chromium code base.
Re: w00t (Score:1)
Thrashing swap (Score:3)
If some html, JavaScript and a native wrapper is enough to create an app people want then why force developers to put in more effort than necessary?
The RAM inefficiency of Electron and similar frameworks causes PCs to thrash swap.
As of fourth quarter 2019, Dell is selling new laptop computers with 4 GB of RAM. The last time I tried Skype's desktop app for X11/Linux, it took 540 MB of RAM, and having even its notification icon open took 450 MB. Slack and Discord native applications also use hundreds of megabytes of RAM. Once you've downloaded, installed, and launched the native client for each chat network on which at least one person expects to contact
Re: (Score:1)
If some html, JavaScript and a native wrapper is enough to create an app people want then why force developers to put in more effort than necessary?
The RAM inefficiency of Electron and similar frameworks causes PCs to thrash swap.
As of fourth quarter 2019, Dell is selling new laptop computers with 4 GB of RAM. The last time I tried Skype's desktop app for X11/Linux, it took 540 MB of RAM, and having even its notification icon open took 450 MB. Slack and Discord native applications also use hundreds of megabytes of RAM. Once you've downloaded, installed, and launched the native client for each chat network on which at least one person expects to contact you, you won't have much RAM left for your work work.
Just one of the typical tricks that Windows OEMs use to artificially offer useless shit at a price point that seems attractive to the unwary consumer.
Re: (Score:2)
The last time I tried Skype's desktop app for X11/Linux, it took 540 MB of RAM
No, it didn't. It's VM commit was that, but it wasn't using nearly that much RAM.
I can help educate you about the nuances of VM Operating Systems if you haven't the inclination to do it yourself before commenting.
Re: (Score:2)
It's VM commit was that, but it wasn't using nearly that much RAM.
I know a single process's VM commit is misleading. But I wasn't looking at the Skype process's VM commit. Instead, I was looking at the system's overall "free" RAM in top. I opened Skype and top, looked at "free" RAM, kept top open, closed Skype, and looked at "free" RAM again. What did I miss?
Re: (Score:2)
The rest are shared objects.
Yes- there's a lot of them. But they're shared. This is the nature of modern operating systems. Gnome-terminal, for example, takes 800MB in shared objects. You don't notice it, because most of them are loaded and in RAM long before you open up a terminal.
On your normally gnome system, if you open up a Qt app, you're going to see that it uses around 600MB of RAM as well. The second Qt app will take 15.
With what does Skype share objects? (Score:2)
Skype has a working set of around 14MB.
The rest are shared objects.
The fact that closing Skype frees 540 MB of RAM shows that Skype's "shared" objects aren't shared with anything else currently running in my Xfce desktop.
On your normally gnome system, if you open up a Qt app, you're going to see that it uses around 600MB of RAM as well. The second Qt app will take 15.
Let's devise a way to prove that the Skype situation is indeed analogous to running a Qt app in Xfce, GNOME, or another GTK+ desktop environment. What widget set does Skype for Linux use, so that I can try the closing benchmark while another app using the same widget set is running?
Re: (Score:2)
The fact that closing Skype frees 540 MB of RAM shows that Skype's "shared" objects aren't shared with anything else currently running in my Xfce desktop.
Well, I mean... no shit.
But open a GTK3 app, and you'll see it "uses" 800MB.
Let's devise a way to prove that the Skype situation is indeed analogous to running a Qt app in Xfce, GNOME, or another GTK+ desktop environment. What widget set does Skype for Linux use, so that I can try the closing benchmark while another app using the same widget set is running?
It uses Chrome-drawn widgets. ;) /proc/`pidof -s $electronApp`/maps if you'd like to see its VM allocations. Usage is more complicate, since many of those pages are COW, and you don't know what have been copied, etc.
Try getting another electron app
If you can figure out how- try running another copy of skype.
you can go ahead and cat
Perhaps you're using a snap or some other kind of portable package that carries its own shared li
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Where did you get that 540 MB number?
As I told DamnOregonian in another comment [slashdot.org]: I opened Skype and top, looked at "free" RAM, kept top open, closed Skype's window, looked at "free" RAM again, closed Skype's notification icon, and subtracted the numbers. Closing Skype's window caused free memory to increase by 90 MB. Closing Skype's notification icon caused free memory to increase by another 450 MB.
Does it include shared memory libraries?
This 450 MB freed by closing Skype's notification icon must have included whatever shared libraries Skype was using and no other running process wa
Re: (Score:2)
Re: (Score:2)
If I understand correctly, you should not look at "free", but at "used". The definition of free includes buffers and caches that are kept in memory
The "buff/cache" amount is separate from "free". If I add "used", "free", and "buff/cache", I get "total". The "available" (an estimate of what Linux can use to start another process without swapping) appears to be "free" plus a fraction of "buff/cache". So I guess when I get a chance, I'll repeat the process of free -m, close application, free -m and take down all three (used, free, and available).
Re: (Score:2)
NSA??? (Score:4, Interesting)
The detected private API symbols include:" CAContext CALayerHost NSAccessibilityRemoteUIElement NSNextStepFrame NSThemeFrame NSURLFileTypeMappings."
NSAccessibilityRemoteUIElement sure looks reassuring to me. What a clever name choice! :)
Re: (Score:2)
I assume you are joking, but in case you aren't - why in the world would you think the NSA would require anything built into the system to access it. Their baseline job is to break into systems that are designed to prevent it by actual bad actors with real technical means. These weenie apps are security sieves, script kiddies stuff, by comparison.
_NSAKEY (Score:2)
why in the world would you think the NSA would require anything built into the system to access it
It may have to do with the _NSAKEY variable in Windows NT 4 [wikipedia.org], allegedly used to facilitate review of the cryptography code in Windows by U.S. export control authorities, and the 24-bit NSA "workload reduction factor" key used by old versions of Lotus Notes [wikipedia.org].
But here, the NS stands for "NeXTSTEP", the old name for the Cocoa API in macOS.
Re: (Score:2)
I assume this is a joke, but for anyone who doesn't know:
NSAccessibilityRemoteUIElement = NextStep Accessibility Remote UI Element
NextStep was API layer for the NeXT OS that Apple bought as the basis for macOS (and now all the other OS's Apple has).
Re: (Score:2)
So, then:
NSNextStepFrame == NextStep NextStep Frame
Thanks a lot for the insight, it makes perfect sense!
They sure have very clever names! :)
The detected private API symbols include:" CAContext CALayerHost NSAccessibilityRemoteUIElement NSNextStepFrame NSThemeFrame NSURLFileTypeMappings."
Re: (Score:2)
If you insist that is the case, then what does the word "ccessibility" mean?
There seems to be no record of this word you made up, and google only returns millions of pages that say you're not able to spell correctly...
Re: (Score:2)
Actually, I find "NextStep NextStep Frame" funnier!
More seriously, NSNextStepFrame might mean that NS doesn't refer to NextStep but to NeXT-Sun since "NeXT-Sun NeXTStep Frame" would be less redundant and would make more sense anyway.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:3, Informative)
The original code for the Cocoa frameworks came from the NeXTSTEP libraries Foundation and AppKit (those names are still used by Apple's Cocoa frameworks), and the NextStep engineers chose to prefix their symbols with NS.
Because Objective-C is an extension of C and thus doesn't have namespaces like in C++, symbols must be prefixed with a unique prefix so that they don't collide. This is particularly important for symbols defined in a framework.
If you are writing an application, such that your code is only likely ever to use your symbols, you don't have to worry about this. But if you're writing a framework or library for others' use, you should also prefix your symbols with a unique prefix. CocoaDev has a page where many developers in the Cocoa community have listed their "chosen" prefixes. You may also find this SO discussion helpful.
Re: (Score:3)
"goto fail", on the other hand...
Comment removed (Score:5, Insightful)
Re: (Score:3)
They've also been very clear that private framework calls are not permitted.
Apple isn't unique in this. Relying on undocumented behaviour in any API is asking for unexpected trouble in the future.
Re: (Score:2)
They've also been very clear that private framework calls are not permitted.
Apple isn't unique in this. Relying on undocumented behaviour in any API is asking for unexpected trouble in the future.
Apple learned the hard way, way back in the Apple ][ days, that allowing third-party Devs. to use undocumented Calls was a Very Bad Thing(tm), and as early as the Apple ][ ProDOS days, at least warned Devs. that if they used an undocumented Call, they could expect it to be moved, renamed, or simply deleted at any time, and without notice.
They did this for a very good reason: The use of undocumented calls and Entry-Points in the Apple ][ ROMs had become so rampant, that Apple found it nearly impossible to up
Re: (Score:2)
The change to ProDOS at the time was huge, as not only did you get speed increases and less memory usage from better code, but throwing away the spaghetti JMPs littered around DOS 3 for the same reason.
Unlike the difficult to update boot roms, the disk system was at least able to be thrown completely out and started over.
This was the first they added a properly documented API between ProDOS and Basic, such that versions of each were more or less interchangeable on disk. (ProDOS had minimum version requirem
Re: (Score:2)
To keep the language clean:
Undocumented features are not part of the API, aka "interface" they are random functions that a random C-library is exporting/exposing.
Re: (Score:2)
Oh no! That means I can't use 90+% of their public API then!
</cynicism> - I'm just so tired of seeing auto-generated useless API docs when I hunt for one of their symbols then resorting to stack overflow. Don't actually use undocumented APIs kids.
Plus if they ever want to steal your app (Score:2)
Microsoft used to do this, and I fondly remember pawing through the "Windows Black Book" (I might be getting the name wrong, been 20 years+ since I did win32 programming) and finding a wealth of undocumented calls that would noticeably improve the stability and performance of your application.
I mean, didn't you ever wonder why Microsoft's products were always better unless they were up against assembly programmers?
Web based "applications" (Score:2)
And instantly, nothing of value was lost from the Mac App Store.
If they are private, how can it use them? (Score:2)
Blaming others for your crap API security, are we?
Of course I still applaud anything that murders Electron with a vengence. And fire.
In this case, the enemy of my enemy it my enemy I hate less.
Widespread problem, macOS is missing needed APIs? (Score:2)
The APIs in question are apparently for doing partial updates in a frame, so as not to use too much power.
Firefox wrote up how and why they use them: https://mozillagfx.wordpress.c... [wordpress.com]
Chromium uses them as well, which is likely how they end up bundled into Electron https://github.com/electron/el... [github.com]
This seems like something where Apple may actually have to relent here, until they have an API for partial compositing?
Re: (Score:2)
Re: (Score:2)
I wrote this up, works well for me https://askubuntu.com/question... [askubuntu.com] :-)
Also, fastlane at least makes certificate handling just really really irritating as opposed to fully impossible
In general though, agreed. Working so hard to support what by my stats is just 20% of my users is really frustrating.
Re: (Score:1)
For the record I don't expect to see Tim Cook dancing around like monkey boy screaming 'developers' but at least give us
Do Apple Apps use them or only the "OS"? (Score:2)