Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
iPhone app receives notification for another app (twitter.com/nachosoto)
28 points by FearlessNebula on Sept 9, 2022 | hide | past | favorite | 10 comments


Someone replied to his tweet by saying he should let Apple know there is a problem.

His response was, "I don’t get paid to do free QA."

That he won't even let Apple know that there is a problem, but is happy to let the world know about it on Twitter makes me wonder about his motives and the veracity of his single tweet story.


Making a proper bug report and answering follow-up questions on the bug tracker and whatnot is a significant amount of work, tweeting a "hey this thing happened" tweet is not. Not working for free for Apple seems very reasonable to me.


Agreed. For things like this I think firing off an email that says what has happened, opening a GitHub issue, or CC’ing in a tweet, are all reasonable approaches that minimise the work on the reporter. I’ve done all of these at some point. From there it’s up to the owner to take it on how they want, and of course not doing anything about it at all is a valid response. Unfortunately Apple have shown that they can’t provide an easy reporting process and don’t take things on so no point in reporting if you’re not personally invested, and no one morally needs to be that invested.


I have mixed feelings. Apple insists on a closed world (non-root) access with their products. As such, I think I agree with his position. Also, Apple has Billions of dollars.

If it were a small company that was user friendly, had open APIs, was transparent about their bug fixes, and non-monopolistic behavior (meaning the CEO never said: "buy your mom an iphone"), I would think differently.

But yeah, Apple can pay. Especially with the spineless leaders in the FTC and other bureaus designed to prevent monopolies.


> Someone replied to his tweet by saying he should let Apple know there is a problem. His response was, "I don’t get paid to do free QA."

The reply says that he should file a radar. Radar is Apple's bug reporting platform and famously unpopular among many developers due to slow and often useless replies.


He declined to file a Radar ticket, saying that tweeting about it was enough to inform Apple. Given that his tweet made it to HN, I’d say he’s right.


I’m guessing the other app maker used the wrong id for their notification.

That is a wild ass guess though. I don’t know how the notification system works.

If that were the case, it’s not a Apple problem, rather a problem for the other app.


How bad are the security implications for this? I’m not an iOS dev nor do I have any training in security stuff.


Cosmic bit flip? it happens.


A really fun DefCon talk on bitsquatting. Bitsquatting is the practice of registering domains that are one bit off from a popular one:

https://www.youtube.com/watch?v=9WcHsT97suU

  google.com vs ooogle.com
  >>> chr(int('0b1100111', 2))
  'g'
  >>> chr(int('0b1101111', 2))
  'o'
If the 4th to last bit of 'g' were to flip before writing to disk, you could get persistent requests to ooogle.com

Having done queries against very large datasets at a large company, I can say for certain that this happens much more than you think it might.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: