> Wow that is really damning, trashing user security in trade to remove a single click
As someone who has had to develop and maintain a similar web-to-desktop bridge I can tell you that this one issue was responsible for around 90% of my company’s total support requests, despite only being a small feature in a optional addon in one of our main products.
For businesses just trying to keep their customers happy, this particular one click is a very real problem.
I can absolutely symphetize with people trying to come up with workarounds.
Did your company try to write an FAQ page on how to accept the double-confirm dialogs in all major browsers (with screenshots) to maybe reduce your "90% of support tickets"? Does your ticketing software redirect you to (or display) an FAQ page that matches the ticket title?
I've come to understand how features like these get built, but I've also come to understand that people that use software are a lot more resilient and savvy than we think.
If 90% of your support tickets are about getting through a standard double-confirm, patio11 would probably recommend increasing your pricing to limit your paying customers to a pool that probably won't have much more trouble with that.
The people who end up calling support often aren't the ones paying the bill, for starters. That's definitely the case for Bluejeans and Zoom.
It also doesn't matter if you make a great FAQ page. Majority of dissatisfied people will never see it. Majorly because they won't call support but instead complain and grumble locally, the second biggest portion because once sent towards FAQ by support.... They won't follow it.
Only the tiny sliver of most dedicated will follow up long enough to reach the FAQ.
That is interesting. What were the support requests, how to remove the confirm step, or what to do if you denied it but didn’t mean to? Or something else?
Most desktop-browsers have in the name of security made it exceptionally hard to accidentally launch external programs through this mechanism.
We’re talking software engineering phd can’t complete it without hand-holding hard (true story!)
So normal users definitely don’t understand nor manage to navigate the dialogs presented by the browser to produce a “successful” outcome.
In the past we used this mechanism to “automatically” provide configuration-data a desktop component, so that it could call back to our application. And our users just didn’t manage to configure it.
In the name of security, browsers made one path so hard to use, without considering what people would then develop instead.
I have to call BS on this. Are you claiming that users can't complete a single prompt of "[Your browser] needs to open an external application to follow this link. (Decline) (Launch Application)"? That seems really unlikely. I've done enough user testing to, at least anecdotally, say with some certainty that this is not true.
It’s a two-dialog process (allow website to use external protocol & what external program should be used for this protocol), with intentionally confusing wording making it easy to choose the wrong choice (disallow) if you don’t read thoroughly.
Unless you already know what to do it’s fairly unintuitive.
Most users don’t even know the difference between a single click and a double click.
Expecting them to even know what an external protocol is, or why it should be launched at all is completely unreasonable.
And this is why the web browser vendors need to simply disallow this behavior. Websites seem to think they seem to engage in awful behavior to compete with each other. If the browsers just block it outright, then everyone will be on a level playing field.
Thats kinda what happened here, Apple made the user confirm that they were going to take an action on an app on their computer and Zoom built functionality in on the app to bypass it.
If they're notarized there's around a hundred pages of terms and conditions you have to agree to. Although I'm not sure this gets in the way of any of them except on one of the blanket ones that Apple keeps intentionally vague.
I literally just went through them at work in preparation for Catalina. They're hidden behind the developer account stuff you need to get your certs registered.
And you are not forced to abide by the developer terms to release a program for the Mac just as I said. Despite all of the HN conspiracies, you can develop for and release code on the Mac without Apple’s permission. You don’t have to abide by those terms.
The Zoom and BlueJeans apps are both signed, which indicates they're part of Apple's Developer Program, and thus bound by its terms.
If you want to distribute an unsigned app and guide users into bypassing Gatekeeper for it, by all means, do so... but that's not what's happening in this case, nor is it particularly common due to the intentional hoops they make you (or more accurately, every single prospective user of your app) jump through.
Wait a while. Holding one's breath not recommended.
For those who don't want to (or cannot, due to the nature of their application) use the Mac App Store to distribute software, the requirements will only continue to get more specific until (to the extent possible) all executable code and resources are notarized and signed with an identity.
<Insert Perry the Cynic rant about unsigned code - "What the hell is wrong with you!?">
This same prediction has been going on since 10.6 - over 7 versions ago. How do you propose that Apple forces code signing on programs that run on top of a VM like the CLR or JVM? How do you propose they enforce it for programs run using a scripting language? The best they could do is force signing on the runtimes.
But my point still stands. Today on July 9th 2019 you are not forced to be part of the developer program to distribute apps on the Mac. Despite all of the pollyanish the sky is falling type that has been going on for over a decade.
Not to put too fine a point on it, but those examples don't pass muster.
- If you're not using .NET, the CLR doesn't affect you, and although Microsoft has done well with ,NET, I wouldn't necessarily expect Apple to make Redmond's job easier.
- Java is much the same boat, and is perhaps in even worse shape as it used to be included by default in macOS releases but now isn't.
Read: security nightmare.
- From 10.16 on, scripting languages also aren't included by default. This seems less adversarial than the situation with Java, but for things like Homebrew, it's a stumbling block they will need to overcome.
I'm fairly certain you have to agree to some to join the Apple Developer Program, which is (sort-of) required if you want people to be able to run your app.
First, the dialog doesn't give any indication it can be bypassed in that fashion. Second, users should rightfully be suspicious of "just bypass the security!" install instructions - especially non-technical ones.
User willingly installs their software, they are not backdooring it. There are plenty of services running on every computer, including TCP servers and web servers. If you're going to call them backdoors, you've got a long list.
If I think I have installed your software and it's secretly running a web server with the ability to reinstall itself, I am calling it a backdoor. I think that list is pretty short, but perhaps I am wrong.
As someone who has had to develop and maintain a similar web-to-desktop bridge I can tell you that this one issue was responsible for around 90% of my company’s total support requests, despite only being a small feature in a optional addon in one of our main products.
For businesses just trying to keep their customers happy, this particular one click is a very real problem.
I can absolutely symphetize with people trying to come up with workarounds.