Hacker News new | past | comments | ask | show | jobs | submit login

> Yeah, they do, because they have to trust the certificates and entitlements that my app is signed with.

That's a 401 vs 403 distinction. They know who you are, they don't know that you're authorized to do this.




I get what you’re saying but have to disagree because it’s kind of different. Apple has to review our apps before they’re released and they certainly have capability to review a trusted pasteboard copying predicate as I am suggesting. They would have the authority to revoke it at any time and I would certainly not want to risk my developer account being put into jeopardy by breaking their trust.


> Apple has to review our apps before they’re released and they certainly have capability to review a trusted pasteboard copying predicate as I am suggesting.

Are you willing to provide signed proof that the user consented to this action? The same way you provide signed code to prove you're the one uploading the code. Presumably this would have to be via a key that you don't have access to (only the user would be able to consent to this).

Because that seems like the parallel here.

Technically, apple should be auditing your flows at that point too, to make sure there aren't any dark patterns.

But, yeah, at that point, I think you could make that argument stick.


If we can do it in a way that reduces friction and doesn’t break the flow, then absolutely yes.


Speaking from a user point of view, I find arguments like this are often disingenuous (I'm not saying that yours is). "Tailoring for the user" normally actually means "tracking the user". Specifically, the passing of UTM parameters from my website session to my app session is something that normally has no benefit to me and I find it repugnant that developers feel entitled to do it.


> they certainly have capability to review a trusted pasteboard copying predicate as I am suggesting

They do not have the capability to exhaustively check all uses thereof in a way that obviates the need for a user to consent to having you monitor their pasteboard.

They could develop it, expending significant resources on an edge-case for a tiny fraction of app developers, or they could ask the user for permission because the user has the context to expect this request (or to not).


They already do similar stuff like cross referencing applinks at .well-know/apple-app-site-association with the associated domains bundled in your binary.

What I'm suggesting is a predicate like only allow NSPasteboard access without prompting iff the predicate passes something like let predicate = NSPredicate(format: "SELF MATCHES %@", "^/.\\?var=.$")

I don't think you know what you're talking about.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: