Point-Free releases new dependency management library for Swift

Point-Free:

We are excited to open source a brand new dependency management system for Swift applications. It makes it easy to propagate dependencies deep into your application in an ergonomic, but also safe, manner. Once you start to control your dependencies you will instantly be able to write simpler tests, unlock new superpowers from Xcode previews, improve compile times, and a whole bunch more.

Point-Free:

With this week’s release of swift-dependencies, our new dependency injection and management framework, we have now split out 8 libraries from our work on the Composable Architecture, and each of those libraries can be used in non-TCA code.

The great thing about this new release from Point-Free is that you don’t need to be using their Composable Architecture (TCA) in order to get value out of this new dependency management library.

While there are already a number of other Swift dependency management libraries available, in lieu of any better first-party support for dependency management by Apple this seems like it’s well worth a look.

It’s great to see what was starting to become a rather large framework be broken up into a series of smaller libraries that can be used with or without TCA.

Apple to focus on mixed-reality headset in 2023

Bloomberg (Mark Gurman):

Apple Inc., after seven years of development, is nearly ready to launch its first mixed-reality headset. But the focus on this new product will lead to an otherwise muted 2023.

Up until fairly recently, Apple had aimed to introduce the headset in January 2023 and ship it later this year. Now the company is aiming to unveil it this spring ahead of the annual Worldwide Developers Conference in June, I’m told.

Apple has already shared the device with a small number of high-profile software developers for testing, letting them get started on third-party apps. 

If Mark Gurman is on the money, then 2023 is shaping up to be a relatively quiet year for most Apple product categories. Aside from the mixed reality headset, which has been rumoured for many years.

If Gurman’s sources are correct, it sounds like Apple is still having issues with developer tooling for the headset. Given the importance of getting developers on board, hopefully the company can resolve these issues shortly. The last thing we want is another development experience reminiscent of developing for Apple Watch, which can be frustrating to say the least.

With so much of the company’s efforts spent on getting the mixed-reality headset out the door, Mark is predicting a quiet year for most other product lines. The iPhone may see a number of changes in including USB-C and a switch to a titanium body. While the Mac lineup will see minor spec bumps across the line and a Mac Pro that resembles the existing Intel hardware.

One benefit of a quieter year for the other product lines is the chance for Apple to pause and ship versions of iOS, macOS, watchOS and tvOS that focus on stability, reliability and performance. So expect much of the focus for WWDC this year to be on the headset and the new ‘reality OS’, and less so on splashy iOS & macOS features.

Android to get official RISC-V support

Ars Technica:

 Lars Bergstrom, Android’s director of engineering, wants RISC-V to be seen as a “tier-1 platform” in Android, which would put it on par with Arm. That’s a big change from just six months ago. Bergstrom says getting optimized Android builds on RISC-V will take “a lot of work” and outlined a roadmap that will take “a few years” to come to fruition, but AOSP started to land official RISC-V patches back in September.

As Ars mentions, this is a significant turn of events from Google who in mid-2022 at Google I/O were remaining coy about their interest in RISC-V. At present, Google has the build system for RISC-V up and running with initial emulator support expected in early 2023.

While support for RISC-V is very much still in its infancy, having it as a tier-1 supported platform for Android means manufacturers will eventually have a strong competitor to ARM. RISC-V is defining open standards and specifications, making it less likely that commercial or political interests will cause issues.

Apple shuts down Dark Sky app

After acquiring Dark Sky in March 2020, as of January 1, 2023 the Dark Sky app is no longer available. Apple will continue to support the Dark Sky API until March 21, at which point it will also be switched off.

Apple has also published a new support guide for those looking at how Apple Weather can replace Dark Sky:

Dark Sky’s features have been integrated into Apple Weather. Apple Weather offers hyperlocal forecasts for your current location, including next-hour precipitation, hourly forecasts for the next 10 days, high-resolution radar, and notifications.

Apple used Dark Sky technology to roll out WeatherKit in 2022, which is now in use in the Apple Weather app across iOS, macOS and more. A REST API is also available, and Apple is encouraging developers to migrate immediately to avoid problems once the Dark Sky app is switched off in March.

New macOS Gatekeeper vulnerability discovered

CVE-2022-42821 (via Bleeping Computer):

A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, macOS Ventura 13. An app may bypass Gatekeeper checks.

Microsoft:

We developed a proof-of-concept exploit to demonstrate the vulnerability, which we call “Achilles”. Gatekeeper bypasses such as this could be leveraged as a vector for initial access by malware and other threats and could help increase the success rate of malicious campaigns and attacks on macOS.

Apple:

BOM

Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017)

Impact: An app may bypass Gatekeeper checks

Description: A logic issue was addressed with improved checks.

CVE-2022-42821: Jonathan Bar Or of Microsoft

Gatekeeper is the service that checks apps installed on macOS to ensure that they are notarised and signed by developers for distribution. This is a fascinating bug that works by leveraging AppleDouble and Access Control Lists (ACLs) to specify metadata allowing for the bypass of Gatekeeper checks.

Unfortunately those running the new Lockdown Mode introduced in macOS Ventura are also impacted by this issue and will need to update Ventura to fix the bug.

Facebook Android app to drop system web view

Engineering at Meta:

Over the past few years, we’ve observed that many Android users are updating their Facebook app but not updating their Chrome and WebView apps, which may result in security risks and a negative user experience.

For example, people with outdated versions of the Chrome and WebView apps may be more susceptible to zero day exploits and other security holes that might have been fixed in newer versions of Chromium. In addition, we also observed that, due to the way Android loads the System WebView, when users were updating the System WebView app, they were experiencing a Facebook app crash.

To help solve these issues – and following the precedent of browser vendors such as Microsoft Edge, Samsung Internet, and Mozilla Firefox who all ship custom browser engines on Android – we have been building and testing a separate Chromium-Based WebView for a few years.

In short, because of the way that Android updates the system web view Facebook have decided to drop the use of it altogether and build their own web view that’s updated at the same time the Facebook app is.

By building their own web view, Facebook is also able to improve performance by using a device’s GPU to render pages and games.

The fact that in Android 13 there’s still no way to detect when the system web view is being updated is damning, and made even worse given third party apps that use it will crash if they happen to use the API at the same time an update is occurring.

Microsoft shuts down SwiftKey for iOS

ZDNet:

As of October 5, support for SwiftKey iOS will end and it will be delisted from the Apple App Store. Microsoft will continue support for SwiftKey Android as well as the underlying technology that powers the Windows touch keyboard. For those customers who have SwiftKey installed on iOS, it will continue to work until it is manually uninstalled or a user gets a new device. Please visit Support.SwiftKey.com for more information.

The writing has been on the wall for SwiftKey for iOS for sometime now. The app itself hasn’t been updated in more than a year, with the the addition of Emoji search back on August 11, 2021.

Meanwhile the Android app has continued to receive numerous updates, with the most recent just a fortnight ago on September 15.

With Microsoft refusing to comment further on the reasons behind the shutdown, we can only speculate for now. But it’s easy to see how iOS’ more closed system may have prevented the team from adding additional functionality that is permitted on Android, such as clipboard sync.

Google announces hardware event for October 6

With Apple’s ‘Far Out’ event looming tomorrow, Google has overnight announced the next ‘Made By Google’ event will be held on October 6, 2022.

No word yet on whether there will be an in-person component to this event, but given the amount of new hardware expected to be announced it’s likely the media will have access to a hands-on area afterwards.

As previewed by Google at I/O this year, we can expect to see more on the Pixel 7, Pixel Watch and more.

Google rolls out Android app modularisation guide

Android Developers Blog:

As your app grows in size and complexity, it becomes increasingly difficult to manage, build and scale. One way to address this challenge is a software technique called modular programming, or modularization in short. It’s a practice of organizing a codebase into loosely coupled and independent entities – modules.

Over 54% responders mentioned that it’s difficult to find good learning materials on this topic [app modularisation] and almost 95% claimed that currently available materials on developer.android.com are insufficient! In response to this popular demand, we’ve launched the guide to Android app modularization.

Great to see Google continue to invest in improving documentation and guidance for Android app developers – particularly in the app architecture space.

In this case, there’s a brief overview summarising what modularisation is and how it can best be applied. There’s also a deep dive into a number of common patterns and module types.

Of note, the theoretical elements of the guide are not only applicable to Android apps – some information like that contained on the overview page is also relevant for those developing on alternative platforms including iOS.