Mac App Store

[ApolloZhu]

Something is definitely gonna go wrong during the App Review process, but in case if we are allowed to be put on the Mac App Store, we need to

• Follow their guidelines
• Design a good product page
• Promote and showcase ourselves

[ApolloZhu]

What I'm going to do

Rejected

Guideline 2.3 - Performance

Your app does not achieve the core functionality described in your marketing materials or release notes.

Specifically, App requires System Events access in order to function. (Please see attached screenshot)

The user is provided the option to select this functionality within the app. Only after attempting to use this functionality is the user told that it is not available without an additional install. It will be necessary to remove this functionality from the app.

Argue that "System Events" is not an additional app that the user needs to install. It's literally something built into the system that handles events.

Design Preamble

The user interface of your app is not consistent with the macOS Human Interface Guidelines. Specifically:

We found that menu items are not visible, except by right-clicking. See the "WYSIWYG (What You See Is What You Get)," "Give Users Alternate Ways to Accomplish Tasks," and "Designing Contextual Menus" sections of the Human Interface Guidelines.

I know this sucks. I'll fix this.

Next Steps

Please revise your app to address all instances of this type of issue.

Sure.

General

Your app modifies native macOS behavior. Specifically, Dark Mode.

Your app modifies that behavior to have the DarkMode turn off/on according to time set by the user.

Excuse me? What is this? What are you talking about? I know these are true statements?!

Next Steps

Please determine how you can resolve this issue and upload a revised binary for review.

Please see attached screenshots for details.

Thanks for this nice screenshot

Good choice for your wallpaper

[ApolloZhu]

Thanks for validating the revisions, but still,

Rejected

Guideline 2.4.5(ii) - Performance

Your app installs code in shared locations.

Specifically, Dark Mode automation script under ~/Library/Application Scripts.

I think that's what other apps are also doing though...

Next Steps

Please revise your app to remove this functionality.

Alright, time to implement #13 . I guess NSUserAppleScriptTask is not really for this purpose and objcio tutorial is no longer valid.

[ApolloZhu]

Since Apple Event is so primitive, I decide to

Appeal

As much as I'd like to avoid this (it's bad user experience and it looks suspicious and it's uncommon), but that is pretty much the standard (and only?) approach for all the sandboxed apps on the App Store that have automation built-in. For example, the #16 lifestyle app on the App Store, Irvue, installs script in the same folder (~/Library/Application Scripts, or known as FileManager.SearchPathDirectory.applicationScriptsDirectory for developers). In addition, that is not really a shared location. The scripts are contained within the folder for my app. The folder name io.github.apollozhu.Dynamic matching my app bundle identifier is no coincidence. That's the designated folder for my app to put scripts in...

[ApolloZhu]

Well, the response came back fast

Thank you for the feedback.

The app *REQUIRES the script in order to work. The method your app is using is considered Sandbox escape. There may be an app installs a script for optional functions but not required for app to work.

We appreciate your feedback, however, to appeal this review, please submit your request to the App Review Board at https://developer.apple.com/appstore/mac/resources/approval/contact.html. As you may be aware, the App Review Board was created for developers to appeal an app review they have concerns with.

Once the App Review Board has completed their evaluation, they will contact you directly.

[ApolloZhu]

Alright, here you go

Please allow me to first thank the review team for giving all the previous suggestions on how I can improve my app design. It does stand in a better position now, and even myself like it better than it used to be.

Let me present why my app exists at first place: there is a need for a dynamic dark mode. While macOS may implement this feature sometime in the future, for now, I, and hopefully you, believe users should be allowed to find a legit tool to assist and empower them, make them more productive, and enjoy a happier life. Isn't that what technologies and apps do?

And I agree that my app should be regulated. I don't like those other apps out there that have similar functionalities but are NOT OPEN SOURCE, NOT sandboxed, NOT notarized, and have NO intention to be reviewed by the (Mac) App Store review team. In addition to being a developer, as a Mac user, if I don't have an option to download from the Mac App Store, I feel like my safety is truly at risk. That's why I'm submitting this appeal instead of just giving up and do what the other apps are doing.

I personally care about user privacy and security deeply. Unlike other apps, this app has NO tracking, NO ads, and NO analytics, not at all. I didn't use any private APIs, even some apple engineers suggested me to investigate them during WWDC this year, to implement some of the features. I didn't even think about that. Why? Simple, I'd like to follow the rules and only use public APIs. That's what we all expect, and that's what I did.

There is no other reason I requested to access the folder through existing public API for MY APP AND MY APP ONLY under ~/Library/Application Scripts folder than that is the current standard--and most likely the only--approach for apps to carry out automation for users, as I stated in the appeal. Existing apps like Irvue as well as established tutorial website objc.io are just a few of the examples that do the same thing. I sincerely request you to reconsider the decision of rejecting my app because of something that everyone else does for the good and sake of the users.

One more thing, even if by doing this I escaped the sandbox, the user still can stop my scripts from "harming" them (of course, they are not harmful at all in the first place). Did you notice during the welcome/setup process, a dialog pops up saying would you allow my app to command system events? You, just like the rest of mac users, still have the ability to say no. My app is still contained.

If the review team insists that THIS IS indeed a sandbox escape and THAT IS totally NOT OKAY for ANY app on the app store based on the review guideline, I would accept that but feel sympathetic towards the all the Mac users who are enjoying the wonderful automation currently. However, if the review team judge that "sandbox escape is okay for optional functions but not essential functions," I will not agree. First of all, how can one determine if a feature is crucial or not for any other user? And more fundamentally, how could something wrong ever acceptable? Is it because it's ranked #16 in the lifestyle category? I believe not, and I hope not.

From a design and user experience standpoint, this is nowhere near perfect. But what do we developers and users have as our choice other than doing what is the only thing available and allowed?

Sincerely Yours,
An Individual Developer You've Never Heard From

[ApolloZhu]

[ApolloZhu]

[ApolloZhu]

I'm not patient enough to wait for the review board, so I submitted a new version, and then, as you may expect,

Rejected

Guideline 2.3 - Performance

Your app does not achieve the core functionality described in your marketing materials or release notes.

Specifically, the app still requires System Events access in order to function.

I thought I explained about this

Guideline 2.4.5(i) - Performance

We've determined that one or more temporary entitlement exceptions requested for this app are not appropriate and will not be granted:

com.apple.security.temporary-exception.apple-events:
com.apple.systemevents

We understand this may prevent the app from being approved for the Mac App Store. We encourage you to investigate other ways of implementing the desired functionality.

Next Steps

See App Sandboxing for links to essential video and documentation to learn how to sandbox your application.

Should you need code-level assistance implementing sandboxing, contact Apple Developer Technical Support.

I think you need a bug report. I've watched enough WWDC videos.

Design Preamble

The user interface of your app is not consistent with the macOS Human Interface Guidelines. Specifically:

We found that menu items are not visible, except by right-clicking. See the "WYSIWYG (What You See Is What You Get)," "Give Users Alternate Ways to Accomplish Tasks," and "Designing Contextual Menus" sections of the Human Interface Guidelines.

Specifically, Right-click to quit is the defaulted choice.

Regarding right-clicking, we advise setting the left-click option seen in the screenshot as the default choice, allowing the user to opt into the right-click setting if they wish to.

Next Steps

Please revise your app to address all instances of this type of issue.

Sure... But I think most people would opt-in though...

General

Your app still modifies native macOS behavior. Specifically, Dark Mode.

Your app modifies the behavior to have the DarkMode turned off/on according to the time set by the user.

Next Steps

Please determine how you can resolve this issue and upload a revised binary for review.

Seriously? Again? You didn't reject me because of this last time though? And this is not in the guideline?

[uetcis]

Most convenient solution: change the bundle identifier

[ApolloZhu]

That would be my last resort

[uetcis]

In fact you'd better try it at first. You are likely to be always rejected if you don't modify the identifier, even if you try to follow what the retarded review team asks you to do every time.

[ApolloZhu]

Several other apps on the Mac App Store that do more or less the same thing:

• Irvue (Read/Write to application scripts folder, script targets SystemEvents)
• Kaka (Read/Write to ENTIRE DISK, scripts target more than SystemEvents)
• Sunset Calculator (See comment below)

Apple Review Team says:

On occasion, there may be apps on the App Store that don't appear to be in compliance with the App Store Review Guidelines. We work hard to ensure that the apps on the App Store are in compliance and we try to identify any apps currently on the App Store that may not be. It takes time to identify these occurrences but another app being out of compliance is not a reason for your app to be.

[etrahretep]

You can download Smart Dark Mode (7 days tryout free) bit.ly/sdm-mac
Same "Why Smart Dark Mode isn't available on the Mac App Store?
The app requires to change a system preference (Dark Mode on/off) and, due to the restrictive limits of the Mac App Store, it wasn't approved."

[ApolloZhu]

Hmm, so they are 2 different things? That's a misleading advertisement.

And I'll still try to get this approved... I'll try...

[ApolloZhu]

My science teachers tell me I no longer need to collect data when the same result appears twice. It's time to stop the experiment. -- Or restart the experiment, since it's expected to yield something.

Yes, rejected.

Guideline 2.3 - Performance

Your app does not achieve the core functionality described in your marketing materials or release notes.

Specifically, the app still requires System Events access in order to function.

Guideline 2.4.5(i) - Performance

We've determined that one or more temporary entitlement exceptions requested for this app are still not appropriate and will not be granted:

com.apple.security.temporary-exception.apple-events:
com.apple.systemevents

We understand this may prevent the app from being approved for the Mac App Store. We encourage you to investigate other ways of implementing the desired functionality.

Next Steps

See App Sandboxing for links to essential video and documentation to learn how to sandbox your application.

Should you need code-level assistance implementing sandboxing, contact Apple Developer Technical Support.

General

Your app still modifies native macOS behavior. Specifically, Dark Mode.

Your app modifies the behavior to have the DarkMode turned off/on according to the time set by the user.

Next Steps

Please determine how you can resolve this issue and upload a revised binary for review.

Please see attached screenshots for details.

---

I say:

Thanks for the assurance.
Should you need code-level assistance regarding secure scripting, I can walk you through developer documentation and WWDC session recordings.

[etrahretep]

Bummer

[ApolloZhu]

Me: changed bundle identifier
Review team: spam. You already showed us something like this

... alright

[ApolloZhu]

From PLA EP5493(101918):

3.3.4 An Application for iOS, watchOS, or tvOS may only read data from or write data to an Application's designated container area on the device, except as otherwise specified by Apple. For macOS Applications submitted to Apple for distribution on the App Store: (a) all files necessary for the Application to execute on macOS must be in the Application bundle submitted to Apple and must be installed by the App Store; (b) all localizations must be in the same Application bundle and may not include a suite or collection of independent applications within a single Application bundle; (c) native user interface elements or behaviors of macOS (e.g., the system menu, window sizes, colors, etc.) may not be altered, modified or otherwise changed; (d) You may not use any digital rights management or other copy or access control mechanisms in such Applications without Apple’s written permission or as specified in the Documentation; and (e) except as otherwise permitted by Section 3.3.25 (In-App Purchase API), such Applications may not function as a distribution mechanism for software and may not include features or functionality that create or enable a software store, distribution channel or other mechanism for software delivery within such Applications (e.g., an audio application may not include an audio filter plug-in store within the Application).