Issue 468
7th August 2020
Written by Dave Verwer
Comment
You’ve likely seen Kane Cheshire’s post this week talking about his experiments with Process
and a Swift package manifest file. If not, read that before continuing here.
It’s not surprising to see that people were generally quite shocked to find out this is possible, but I think that highlights just how little we think about the dependencies we include in our apps. Is it shocking that package authors can launch arbitrary processes when we run swift package
? If that concerns you, you’re really not going to like what third-party code can do with your user’s data when you build them into your app and ship it to the store.
Does your app request permission to access location data? Photos? Contacts? That’s all available to third-party libraries you include. What do you store in the keychain? It’s all open to a library. 😅
I have strong feelings about choosing high-quality dependencies. So much so that the “mission statement” of the Swift Package Index is to “help you make better decisions when choosing dependencies”. Some of that can be automated, which is where the site can help. But you also need to understand (on some level) what the packages that you’re importing are doing.
Dave Verwer
Sponsored Link
Launch Scalable iOS Chat In Days With StreamThis tutorial shows how easy it is to use Stream’s scalable chat API & UI components to ship in-app chat in a fraction of the time. Start a free trial now and try out Stream’s chat API, SDK and chat React Components. See why Stream powers the feeds and chat for over 500 million end-users. Check out the tutorial.
News
Verify your app’s integrity with App AttestDrop your quirky jailbreak detection code. There’s a new, official API in town. 👍
The App Attest service gives your app a way to assert its validity so that your server can more confidently provide access to sensitive resources.
If you’re having trouble getting your head around SwiftUI...
It’s around about this time in the beta cycle that I always like to remind people that it’s OK if you’re not taking advantage of every new API in this year’s releases, or last year’s releases. This year, I’ll let James Thomson do it though, with a tweet that can only be written after holding your head in your hands and exclaiming to yourself “But WHY isn’t it working!” 😂
Code
Self-Sizing UITableView Cells with SwiftUIIs the ultimate answer to the age-old problem of self-sizing table view cells… SwiftUI? Noah Gilmore suggests it might be! The post is a journey through three different methods of working towards a solution and is thoroughly worth your time.
Swiftʼs Collection Types
Here’s Harshil Shah with an in-depth look at the multitude of Swift collection types. The inspiration for the post came from Dave Abrahams’ WWDC 2018 talk, which is also thoroughly worth watching. You’ll learn more than you ever need to know about collections by the end.
Building a Multi-platform App with SwiftUI
I liked this post from Rick Wierenga on building a full multiplatform app with SwiftUI and this year’s betas. I love that cross-platform (where cross-platform means cross-Apple-platform) development feels like a critically important part of this year’s releases. It’s taken a while to get there, but I love how it’s turned out.
Adding a closure as a target to UIButton
Sometimes it’s the little enhancements to the APIs we use every day that make the biggest impact on our developer lives. Like being able to use a closure to execute the code when someone taps your button. Here’s Antoine van der Lee with a quick post to bring you up to speed.
Business and Marketing
Guide to SKAdNetwork and iOS 14 Privacy ChangesWhat’s going on in iOS 14 with the IDFA? You might be tempted to breeze past this issue, but even if you’re merely tracking your own installs through from your marketing efforts, this is going to affect you. Let David Barnard guide you, with this incredibly detailed post on how this is all changing in iOS 14, and beyond.
BIS Annual Self-Classification Report Generator
If last week’s post on filling in an encryption self-classification report resonated with you, but you didn’t get around to actually… you know… doing it yet 😅 then you’ll want to check Christopher Atlan’s site out. Fill in the form, and generate a report. Could it be any simpler?
Jobs
Senior iOS Engineer @ DuckDuckGo – Rather than rely on interviews, we base our hiring decisions on demonstrable work performance. We achieve that through asking our candidates to complete paid projects, which largely resemble the type of challenges they would be solving at DuckDuckGo every day. – Remote (anywhere)