Gui Rambo writes about his coding and reverse engineering adventures.| rambo.codes
Gui Rambo writes about his coding and reverse engineering adventures.| rambo.codes
If you’ve been reading my previous posts about security vulnerabilities that I discovered on Apple’s operating systems, you’ve probably noticed a pattern of bugs being caused by improper validation of clients by XPC services. So it’s probably not a surprise that the latest CVEs also fall into that category, but the first one that I'm going to talk about has a slight twist.| Rambo Codes
TL;DR: Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets. This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone.| Rambo Codes
This year's WWDC introduced many new APIs, two of which caught my attention: ExtensionFoundation and ExtensionKit.| Rambo Codes
Phishing attacks are a very common threat in our digital lives. So much so that many companies try to trick their own employees into falling for fake phishing attacks in order to assess their skills when trying to identify a certain message as genuine or not.| Rambo Codes
My friend, podcaster and fellow indie developer Casey Liss has just released his latest app, MaskerAid.| Rambo Codes
I’ve been working on a new app in my spare time using the new Swift Playgrounds 4 for iPad. As mentioned in my previous post, this app is document-based. I’ve chosen the JSON format to be the underlying data format for my app’s documents because I (and possibly future users) would like to be able to have the app’s documents in version control, and dealing with merge conflicts and diffs of binary files is the worse.| Rambo Codes
It’s been just a couple of weeks since Apple introduced the new Swift Playgrounds 4 for iPad, which now enables full app creation and publishing directly from an iPad, but many people are already making some really interesting projects with the app.| Rambo Codes
The most common application of CloudKit by far is to store private user data with the goal of keeping their devices in sync. This is mostly what my CloudKit 101 post is focused on, as well as explaining the basic concepts of how CloudKit works and the best practices around that type of data synchronization.| Rambo Codes
Programming microcontrollers is something I’ve always liked to do, there’s something very satisfying about writing code that controls things in “real life”, instead of just pixels on a screen. Recently, I decided it would be a fun side project to turn a cheap air humidifier into a HomeKit accessory. I started out with an Arduino board to test things out, but then people reminded me of the ESP32 and ESP8266 microcontrollers, which integrate BLE and WiFi and can run the HomeKit Accessor...| Rambo Codes
The Mac has always been very different from its close relative, iOS, especially when it comes to what a user is or is not allowed to run on their system. Even with the introduction of Apple Silicon, Apple has made it very clear that the Mac is still the Mac, and is still hackable, even when running on the new architecture.| Rambo Codes
Update (September 29, 2020): With Xcode 12.2 beta 2, Apple has added an official template to create macOS Intents extensions.| Rambo Codes
One of my favorite new things announced during this year’s WWDC was App Clips. They allow developers to offer a small experience from their app to users, without the need to install the entire app from the App Store.| Rambo Codes
UPDATE JUL 10, 2020: It has come to my attention that implementing the Facebook login flow without using their SDK is against their terms of service for third-party applications, further confirming that Facebook is more interested in gathering data about an app's users than it is in providing a useful service (shocker).| Rambo Codes
The new iPad Pro is here! It features a brand new LiDAR sensor and there’s also a cool new Magic Keyboard with a built-in trackpad coming in May. But the best thing about this latest Apple launch for developers is the new and improved mouse and trackpad support on iPadOS 13.4, which works on every iPad model that can run the version.| Rambo Codes
Writing automated tests like unit, integration, or UI tests can be a great way to have reproducible steps that ensure an app is working the way we expect it to. But there are some circumstances where automated testing just doesn’t cut it.| Rambo Codes
Note: this article is a revision of the article I wrote back in 2017. If you’d like to listen to an informal conversation about CloudKit, check out iPhreaks episode #226.| Rambo Codes
This article is basically the script from the talk I presented at dotSwift in Paris. If you prefer, you can watch the video.| Rambo Codes
DISCLAIMER: this is not a tutorial on how to use the Keychain or Keychain Sharing.| Rambo Codes
Whenever Apple introduces a new technology for developers, there’s always the question: “Can I use this thing right now for my projects?”. The answer many times ends up being the good, old, and boring “it depends”, but more often than not it leans toward “probably better to wait for a few OS versions”.| Rambo Codes
Every time I’ve had to change something in the launch screen on any of my iOS apps, I’ve faced an issue: the system caches launch images and is really bad at clearing said cache, even after the app has been deleted.| Rambo Codes
Update 2019, Nov 22: Apple reached out and resolved the situation.| Rambo Codes
Using private APIs can be fun. When working with private APIs, I usually prefer to write code in Objective-C, since the runtime makes it a lot easier to use classes and call methods Apple doesn’t want you to. That’s of course when I’m working in Xcode on my Mac.| Rambo Codes
I should start by explaining what I mean by “animations are assets”. I don’t mean that every single animation in an app must be represented by an asset and can’t be done programmatically, since that would be dumb. What I do believe in is that complex animations, especially ones that are not very dependent on dynamic data that’s only known at runtime, should be assets.| Rambo Codes
Maybe this is not common for all developers, but as an iOS developer, one of my favorite things to implement are beautiful user interfaces and cute animations. When the UX people at my job presented me with a new onboarding screen for our app, it consisted of static screens on Zeplin, without any animations specified. I asked for the Sketch file and came up with this:| Rambo Codes
Gui Rambo writes about his coding and reverse engineering adventures.| rambo.codes
Gui Rambo writes about his coding and reverse engineering adventures.| rambo.codes