'Swiftcord' will damage your computer
Closed this issue ยท 47 comments
Opening the latest release (0.2.2) triggers a gatekeeper alert I had never seen before.
This is unlike the regular popup for unsigned/unverified apps which require you to bypass it manually in the system settings. This popup suggests that this app was actively flagged as being malicious by Apple.
Right... Firstly, I can assure you there's nothing malicious in Swiftcord. Ideally, if you can, you should test it by running it from source since there were a lot of bug fixes since the latest release due to the fast development pace.
Next, I do not know why macOS would flag Swiftcord as malicious, the app follows all "good practices" like app sandbox, only enabling the required entitlements etc. The source code is all in this repo, you can always inspect it for malicious code :)
@jasperweiss does this clear your doubts? I'll close the issue if there isn't further input from you.
It's not so much that I don't trust it. It just seems problematic for the project that releases are flagged as malicious by gatekeeper which is why I reported it as an issue
Thanks for clarifying ๐! Unfortunately there isn't much I can do except for signing it with a valid apple dev account, which I don't have and can't afford ๐ธ
I've seen quite a few apps not signed by a dev acct that trigger this "move to bin" warning, and I usually don't mind it.
Ultimately, the purpose of the pre-built releases are for those who really want to try Swiftcord, but can't build it from source for whatever reason. Building from source is the most preferred method of trying out Swiftcord, which gives access to logs too.
Would it really be so hard for you to sign this application and distribute it thru the App Store?
Yeah, you need to pay apple $100USD a year for the dev license. I've updated the latest release which would probably fix the detected as malware issue, but you still need to right click and click open to run it.
Ok, so ask one of us for $100
Would you provide it if I asked? xD
Indeed.
Ok lol, could I ask for that $100 now?
Yeah bud, ApplePay?
Only one request. Keep it GNU, but you may charge if you want to.
Hmm interesting, I should probably setup GitHub sponsors and then when I get $100USD donated I'll open a dev account
Sounds good to me.
One issue is I don't really know if this app is allowed on the App Store, since it might be against Discord's ToS
Do you know specifically what part is?
The part that 3rd party clients are disallowed. However, it doesn't break apple's App Store ToS, nor any law, so technically discord can't do anything but ban accounts it finds using the 3rd party client.
...and its gonna be hard to find and ban accounts since Swiftcord basically almost identically uses the Discord API
First response, we want a Native Mac Client.
Exactly my thoughts, its quite ridiculous not to allow 3rd party clients. I think swiftcord would work on the App Store then!
Based on what I've read, I'm under the Impression that maybe it cannot make it into the AppStore due to the Login piece. However there is nothing stopping someone from making a test account and providing to Apple for the Sign-in, so the submission can be approved. It's definitely iffy. I'd still donate for a Dev Account if you are interested.
Sure, that would be appreciated :). The dev account would still remove the warnings when the app is opened for the first time, which would be helpful for those who can't build it from source. However, I'm pretty sure Discord themselves create a dummy test discord account, since they too have to pass app review
One issue is I don't really know if this app is allowed on the App Store, since it might be against Discord's ToS
Discord TOS only prevents third party client modifications, an entirely new client is not prevented through the Discord TOS.
Is that true, @freedom7341? If so, that would be great news!
Where do I send the $$$ ?
Login will not be an issue for Apple as long as you're only signing in through discord itself and not with Google/Facebook/etc, which discord does not seem to support in the first place. Swiftcord seems to be compliant with all App Store Guidelines.
Is that true, @freedom7341? If so, that would be great news!
https://discord.com/terms#software-in-discord%E2%80%99s-services
Nothing I see appears to say no third party clients. You aren't modifying, leasing, decompiling or reverse engineering the Discord client.
From https://discord.com/terms
You may not copy, modify, create derivative works based upon, distribute, sell, lease, or sublicense any of our software or services.
I do not know if a 3rd party client is considered a "derivative work" based on discord's services. This seems quite like a grey area atm
PS: We should probably move this to a discussion, this issue is becoming unwieldy
@opsroller, I think I'll either enable GitHub sponsors, or you can PayPal me or something like that.
Your choice.
Or even better: is there a way for you to open a dev account and "transfer" access to me?
@cryptoAlgorithm i think you should definitely setup GitHub sponsors if people are willing to help you!
I highly doubt youโll be able to publish this in the Mac App Store however having a developer account will enable you to notarize the macOS app! Which will eliminate the gatekeeper notice!
I am also open to compile and help you release notarized Mac app through GitHub releases using my personal developer account!
Thanks for making an amazing POC it looks very neat! I love supporting SwiftUI projects โค๏ธ
@Aayush9029 Thanks! I'm currently in the process of setting up GitHub sponsors. Any sponsors would be greatly appreciated :D
If you could notarise the app with your dev account, that would also be highly appreciated! I might consider trying to release it on the App Store when it gets stable enough.
@cryptoAlgorithm Here ya go! Swiftcord.app.zip
It's a Universal Notarized Binary for macOS 12.1, Current State @ 5d7917b
If you make any major changes and would like me to make a notarized app, just let me know!
I'll try to setup an automatic app build + notarization action
if I ever get time to๐
<333 Thanks! I'd publish it on GitHub releases soon :)))
@cryptoAlgorithm Say goodbye to your application name. If any developer takes your name, it's effectively theirs forever.
Yeah, I'll setup GitHub Sponsors tomorrow, then create a dev acct with the donations. I'll then reserve the app name and ID. Apple allows reserving application names and IDs right?
Yes, yes you can reserve the names, however did person above just do that? Look at the above screenshot.
Nope, he didn't. You can sign the app without using app store connect.
I don't know if Swiftcord is already reserved tho... @opsroller maybe you could check it out with your dev account?
@opsroller @freedom7341 @ConfuseIous @Aayush9029 let's continue this discussion here
Yes, yes you can reserve the names, however did person above just do that? Look at the above screenshot.
Nope! I just notarized his build!
I have no intention of working on discord app so there's no reason for me to "save" the name! I haven't checked if swiftcord has or has NOT been taken (reserved) by someone else though! That's something you'll have to to figure and maybe sort out!
Even the bundle id should br fine to reuse!
@opsroller I've applied for GitHub Sponsors, hopefully it gets approved soon. With luck, I'll be able to get Swiftcord on the App Store soon
@Aayush9029 I plan on releasing an updated version soon. Would you so kindly help sign it too? It's not ready yet, maybe by tomorrow ;)
@opsroller GitHub sponsors is now enabled for my account and this repo! You can now send the $$$ to me :D
This branch is stale and no longer relevant, closing