This is a warning to anyone who uses the Signal app. There is a chance they are selling transcripts of phone calls and/or messages sent using their app. How do I know? What proof do I have? It's not 100% certainty but it's compelling. Recently I was on a Signal phone call with a friend and a certain college came up as a very brief topic for discussion. This college had only come up once before a week earlier in a message sent through Signal. Before that, going back about 10 years at least, I hadn't spoken with anyone about that college. Not a single person. I also do not live anywhere near the college in question. (The other person does.) So why does this matter? Simply that, immediately after that Signal call, I received a spam SMS message (not in Signal) from what I can only call a shadowy startup called ReUp Education, claiming to offer me a free service that is allegedly tied to that same college. The phone number that I received the SMS on was the one I registered with Signal and the SMS referred to me by name. (Note, the other person did not receive an SMS spam even though they live near said college.) There was no reason other than the Signal call and Signal message for me to be on ReUp's radar or for ReUp to associate me with that college. So I looked into ReUp; their "office" address appears to be a shared mailbox at what appears to be a shared office in Austin Texas. They do not answer phone calls or return messages, they do not answer emails. Their customer service does not respond to inquiries. They appear to be a defunct startup except that there is a ReUp website. This raises the question of whether scammers have taken over their site and are impersonating a defunct startup. The real question though is, who was it that sold my name, phone number and my "interest" in a particular college to them, and by what means? The ReUp spam SMS arrived right after the Signal phone call, not after the Signal message from a week earlier. Thus it is logical to deduce that the phone call was the trigger leading to the SMS, and that means the phone call audio was being transcribed (presumably on a server somewhere) and the transcript or part of it was sold to ReUp. The instantaneous arrival of the spam SMS after the call suggests it was all automated. But how can I be sure the Signal app was the culprit? Checking my phone at the time, I found I had two other apps installed with audio recording permission: the NIOSH decibel meter and SoundHound (I used it to identify a single song, then never again used it). NIOSH was likely running in the background. SoundHound probably was not because I hadn't run it in two months and I believe I rebooted the phone in the meantime. If either of these apps was able to record the Signal phone call while in the background, maybe I could consider them as having means and motive to record and sell my phone call. But according to this response to my other question, it seems they can't (unless Apple is hiding something): https://developer.apple.com/forums/thread/770556 Even if the NIOSH app was able to record and upload the Signal phone call, one has to ask about motive. That app is provided by a federal agency of the US government. Would a government agency really sell a phone call transcript to dubious entities? More likely they'd silently send it to the NSA. But that's a tangent. What about malware, you ask? I had reinstalled iOS 15 on the phone only a couple months earlier. I'm not running sketchy software on the phone. It's just mainstream apps, the most exotic being NIOSH. I don't visit shady websites where I might get hacked through Safari. I don't click on links in SMS spam. I don't open email attachments. The case for malware is weak. My phone is also not jailbroken. Therefore by process of elimination, only the Signal app is a likely culprit. But there were two Signal apps in use: The one on my phone and the one on my friend's device. The fact that I received the spam SMS, referring to me by name, in which "ReUp" claimed to offer a free service involving a college that is 1500+ miles away from me, whereas the person I was speaking to did not receive a spam SMS despite their living near that college, suggests it's the Signal app on my phone that uploaded the audio and transcribed it, tagging it with my details in particular. So I tried to contact Signal. All I wanted was a denial from them that they are not selling transcripts of calls and other user data. It turns out, just like ReUp, Signal does not answer phone calls, they do not return calls, they do not answer emails. Their "customer service" agent responded 1 month after I contacted them and the response was boilerplate from a bot. My interested being piqued, I looked into Signal's financials. People have always said that Signal is a nonprofit and doesn't seek to make money. People say it's encrypted and safe. Or at least that seems to be the mantra from every tech journalist and every computer security expert. A chorus of people are conditioning us to let our guard down. But it turns out, Signal is very profitable. They bring in nearly $37 million per year despite their phone and messaging service being completely free to users. Signal's CEO makes roughly $520k per year. The CTO makes $670k. Here are some details: https://www.causeiq.com/organizations/signal-technology-foundation,824506840/ Are they selling user audio transcripts and/or messages in order to bring in that $37 million? If so they wouldn't be any different than other Silicon Valley tech companies. People have always said, if the product is free, you're the product. That appears to be the case with Signal.

It’s been established that generally speaking background apps cannot record audio while the foreground app is already reading audio data from the microphone, but are there exceptions? For instance, is there an exception for certain Apple apps? If so, and there’s a special exception that most programmers don’t know about but some Apple’s engineers do and perhaps some hackers do as well, wouldn’t the mechanism that allows that eventually be exploited?

I'd like to know: Let's say there's a backgrounded app which has microphone access, such as Signal or SoundHound or Shazam. It's established that these apps are allowed to record audio in the user's environment even after being backgrounded, seemingly for as long as they want and even upload that sound data. But can they ALSO continue recording even while another app that is in the foreground is using the microphone, such as the Phone app or Signal?

I'd like to find out: Can backgrounded apps record audio? In the past as I recall, I found that backgrounded apps were pretty restricted and couldn't do much of anything. However I'm not familiar with the current state of affairs. With iOS 15.8 and above, can backgrounded apps record audio if they've been given permission by the user to access the microphone? Thanks.

I received an email saying this: Your iOS Distribution Certificate will no longer be valid in 30 days. To generate a new certificate, sign in and visit Certificates, Identifiers & Profiles. If I don't correct that situation, what will be the consequences for my apps' users? The Apple documentation is vague on this, because they seem to automatically assume that I plan to comply and renew the cert. However I don't own a Mac at present, nor an iOS device. My apps are monetarily free, so no financial incentive exists to buy either. If I don't renew the distribution cert again (maybe by borrowing a Mac), will my apps' existing users be adversely affected? FWIW, my apps don't support iCloud in any way. I would also note that the "Certificates, Identifiers & Profiles" section isn't visible anywhere; I'm using Firefox.

I've inherited some code thatr seems to have undergone a bad refactor. Instead of separating some code out of BigProject into LittleProject framework and making LittleProject a subproject of BigProject, they did something else: They made the separated code into a separate Target. Unfortunately, the code associated with that separate Target cannot any longer #import the header files of BigProject. But much of the code in there still needs to use parts of BigProject. In addition, adding a Header Path into BigProject's header files and making it recursive has no effect. That is how insane this is. What could cause this inability of code associated with one target to import .h associated with another target? The .m files cannot even see the other target's .h files. How would I fix this? Thanks.

Hi folks, In Xcode, Option-Click brings up a Quick Help popup that contains text that is too small and blurry to read. I did not find any option in the preferences for this. Could it be a genuine oversight by the Xcode team? My employer has provided me with a 1080p monitor, which is why the text is blurry, but the small point size is due to Apple's decision. How can I increase the font size that is used in the Quick Help pop up window? I'm willing to modify the executable if necessary, to save my vision.