By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: March 21, 2023

Tuesday, 21 March 2023

Widgetsmith Hits 100 Million Frigging Downloads ★

“Underscore” David Smith:

Widgetsmith has just achieved a remarkable milestone, surpassing 100 million downloads since its launch in September 2020. A number that I can’t really wrap my mind around. A number larger than the population of all but 14 countries (🤯).

I was very conflicted about whether I should share and observe this milestone publicly. I am by nature a very shy, quiet person and not one to seek the spotlight.

Ultimately I decided to share this milestone for two reasons: Gratitude and Community.

Couldn’t have happened to a nicer guy, truly. Widgetsmith is proof that you just never know when something is going to really resonate and take off. Smith is a very talented developer (and designer) with a bunch of successful apps, but Widgetsmith in particular is a genuine sensation. Just like Smith, 100 million downloads is a number I can’t even get my head around.

‘aCropalypse’: Android and Windows Bugs Allow Cropped-Out Content From Screenshots to Be Recovered ★

Simon Aarons:

Introducing acropalypse: a serious privacy vulnerability in the Google Pixel’s inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot. Huge thanks to @David3141593 for his help throughout!

David Buchanan:

The bug lies in closed-source Google-proprietary code so it’s a bit hard to inspect, but after some patch-diffing I concluded that the root cause was due to this horrible bit of API “design”: https://issuetracker.google.com/issues/180526528.

Google was passing "w" to a call to parseMode(), when they should’ve been passing "wt" (the t stands for truncation). This is an easy mistake, since similar APIs (like POSIX fopen) will truncate by default when you simply pass "w". Not only that, but previous Android releases had parseMode("w") truncate by default too! This change wasn’t even documented until some time after the aforementioned bug report was made.

The end result is that the image file is opened without the O_TRUNC flag, so that when the cropped image is written, the original image is not truncated. If the new image file is smaller, the end of the original is left behind.

I ran a few cropped screenshots from my Pixel 4 running Android 13 through their proof-of-concept tool, and some of them revealed quite a bit of cropped-out content.

And it’s not just Android: Buchanan today discovered that Windows 11 and 10 have a similar bug.

Solid State Volume Buttons and Mute Switch on iPhone 15 Pro Models ★

Chance Miller, writing for 9to5Mac:

Earlier this month, 9to5Mac exclusively reported that the upcoming iPhone 15 Pro will have new unified volume buttons and a new “pressing type” mute button. Now, freshly-leaked CAD files have corroborated our report and offered a closer look at the new design.

This year’s phones will adopt new solid-state buttons with haptic feedback, similar to the Home button introduced with iPhone 7. This means that the buttons will no longer have moving parts and will identify the pressure level to work.

I trust Apple on this, because they absolutely nailed it with the iPhone 7 home button. That button was better than the buttons that actually clicked. Same thing for Apple’s modern trackpads — their simulated haptics clicks are better than the old trackpads that actually clicked. But I’m damn curious about two things:

• How will the mute switch work? It’s a real benefit that you can discern the current state of the mute switch by feel alone, while the iPhone remains in your pocket or purse. (And lo these many years later, I still remain baffled that among all the umpteen design elements that Android phones have copied from iPhones, no popular or even semi-popular Android phones have ever had hardware mute switches. Not even Nothing, whose first phone unapologetically apes the iPhone frame.)

• How will these haptic buttons work with cases? And gloves? Is pressure sensitivity enough? Or will iPhone 15 cases need to have pass-through capacitive buttons?