alt.hn

6/2/2026 at 12:00:03 PM

Apple rejected my dictation app for using the accessibility API

 https://www.mitmllc.com/blog/apple-rejected-my-dictation-app/

by RZelaya

6/2/2026 at 3:06:22 PM

I actually had the almost same situation by building an offline voice dictation app for macOS and iOS, and in macOS I was confronted with the exact same situation.

However, I would like to point out that Apple isn't totally wrong here because the accessibility API unfortunately is way too broadly scoped, and because of that you literally get access to everything on the computer like you you can screenshot listen and and move the cursor... This is completely ridiculous and the proper engineering solution would actually be to phase out the accessibility API and replace it with something that is narrowly scoped so you can grant specific permissions individually.

However, Apple, being Apple, is obviously not doing anything, and instead says no accessibility permission for anything that isn't demonstrable accessible. Now, there are obviously some exceptions because Apple is not particularly well known for applying its rule consistently and granting big exceptions for itself. However, they do have a valid point on privacy and data protection. And I say that as somebody who ended up distributing my MacOS app outside the App Store because I only got approval for iOS.

That said, I would definitely appreciate if Apple would gradually improve its developer program experience, because compared to its hardware lineup, the developer program is nothing short of abysmal.

by marvin-hansen

6/2/2026 at 5:18:02 PM

> However, I would like to point out that Apple isn't totally wrong here because the accessibility API unfortunately is way too broadly scoped, and because of that you literally get access to everything on the computer like you you can screenshot listen and and move the cursor... This is completely ridiculous and the proper engineering solution would actually be to phase out the accessibility API and replace it with something that is narrowly scoped so you can grant specific permissions individually

If you don't have use of your hands you want that. The whole point of accessibility APIs is allowing arbitrary control of your computer via novel means. One of the big selling points of Dragon Natually Speaking is the ability to tell your computer to do things based on descriptions without a mouse. "open outlook", "click compose", "select subject", "type foo", etc. Unfortunately modern software breaks this a lot. Chrome and anything electron based don't provide any accessibility information to the OS. The interior of the window excluding the tab bar is a void. Yes chrome has an inbuilt screen reader as do a number of electron apps. But if you aren't blind and want to use something like Dragon it doesn't work. Canvas based apps are often the same.

And no the solution here is not computer vision with an LLM. Text and buttons rendered on my computer exist in memory somewhere as text and buttons. We should not need to convert them to pixels and back lossily to recover text and buttons. We should just expose things to the accessibility API and not guess.

by int0x29

6/2/2026 at 5:32:49 PM

> And no the solution here is not computer vision with an LLM.

Also, even if you hypothetically wanted to use computer vision with an LLM… what API is that LLM going to use to take screenshots and click on stuff?

by Wowfunhappy

6/2/2026 at 4:28:54 PM

> However, I would like to point out that Apple isn't totally wrong here because the accessibility API unfortunately is way too broadly scoped, and because of that you literally get access to everything on the computer like you you can screenshot listen and and move the cursor...

I want apps to be able to do that!

by Wowfunhappy

6/2/2026 at 5:18:37 PM

Yes but miffing to open Privacy & Security & see dozens of apps pretending to need “accessibility” features. Apple has a dozen+ categories there but many poweruser apps I want specifically need accessibility.

Is there an opinionated reason not to break out capabilities?

by Barbing

6/2/2026 at 5:20:44 PM

> Is there an opinionated reason not to break out capabilities?

If you have a disability and need tools to use your computer the last thing you want to do is have those things not only off by default but complicated and involved to turn on.

by int0x29

6/2/2026 at 5:37:28 PM

Is there a reason a capability has to be covered by only a single permission? Why not have one accessibility permission that covers all that and then a bunch of individual permissions for non-accessibility apps?

by skykooler

6/2/2026 at 5:30:52 PM

Apple doesn’t provide another API for this, so apps have to use the one that’s available.

by Wowfunhappy

6/2/2026 at 4:43:11 PM

Then they should use an appropriately scoped API, as OP suggested.

by phainopepla2

6/2/2026 at 5:18:47 PM

Controlling my computer is appropriate scope for an accessibility tool

by int0x29

6/2/2026 at 4:27:40 PM

Isn’t that just deliberate on their part? As in, they genuinely don’t want developers to use these APIs and just allow them for accessibility use cases.

by exitb

6/2/2026 at 4:01:45 PM

Gradually improve? How many more decades is reasonable to wait? They are what they are and hoping for change makes no sense to me.

by Brian_K_White

6/2/2026 at 3:43:21 PM

Thanks for sharing this. The "phase out the broadly-scoped Accessibility API and replace with narrower permissions" point is exactly the right structural fix. Right now developers have to declare a permission far broader than they actually need, and from the outside the criteria for what counts as legitimate use isn't clearly defined. Interesting that your iOS app got through but macOS didn't. WhisperPad is Mac-only and I haven't gone through the iOS path, so your experience there is useful data. The "demonstrable accessibility" criterion seems to be where everything bottlenecks.

by RZelaya

6/2/2026 at 5:52:26 PM

They rejected mine too for the exact same reason, despite press-to-talk being a legitimate accessibility issue.

I wrote about this here [1], and even called out some of the most common disabilities that clearly benefit from it.

They also don’t allow microphone access from keyboard extensions in iOS, which prevented me from shipping an iPhone target (that I really wanted for myself tbh).

It’s a shame and I can only assume they’re trying to protect their built-in dictation, which historically has been laughably bad.

[1] https://tonguetype.app/accessibility

by claviska

6/2/2026 at 12:41:38 PM

SpaceGremlin (mac alternative to WinDirStat) has a similar thing, where some features only work in the independent "SpaceGremlinPro" version downloaded from their site. However, they do some cool stuff with licensing - you can point it to the app store paid/installed version, and it detects the license and unlocks.

If you're worried about people not trusting payment to you, might be worth seeing if you could implement this, so anyone who bought on the app store can still access the full feature set. Cuts you out 30% like, but better than nothing maybe.

by spiral90210

6/2/2026 at 1:34:08 PM

There is something amusing about the fact that WinDirStat, as far as I know, was based on KDirStat (now QDirStat), yet this doesn't even get mentioned on their Wikipedia page, and by and large a lot of people don't even know QDirStat exists. One time someone even asked me if they knew of a good alternative for Linux; good news!

by jchw

6/2/2026 at 5:35:33 PM

To my knowledge, SequoiaView[0] predates even KDirStat - it just didn't have the tree view paired with it.

[0] https://sequoiaview.win.tue.nl/

by Sophira

6/2/2026 at 5:43:09 PM

No doubt KDirStat was based on SequoiaView, but WinDirStat was based directly on KDirStat, as in it was a port of it to Windows. I don't think it is incorrect to mention SequoiaView as the original, but it nonetheless feels weird to skip a hop too. It got not just the tree view but even the name from KDirStat.

by jchw

6/2/2026 at 2:51:44 PM

SpaceSniffer is an even better version of WinDirStat but I rarely see people talk about it, too.

by burnte

6/2/2026 at 2:01:42 PM

It is actually mentioned on the Wikipedia page [1] - and of course, you could add it yourself if that's not enough.

https://en.wikipedia.org/wiki/WinDirStat#Version_history[10]

by squigz

6/2/2026 at 2:42:48 PM

Okay, I stand corrected, but I also stand by that it is interesting that it is pointed out that "The project was inspired by SequoiaView" in the lead section, but not that it was a direct port of KDirStat. It feels odd but also intentional, so I never bothered to change it. I'll leave it up to if anyone else feels similarly enough to do so, because then at least that means there are two of us.

by jchw

6/2/2026 at 2:07:10 PM

Everything I ever added to Wikipedia was removed, within the day, by a very diligent and hard-working Wikipedia person.

by analog8374

6/2/2026 at 2:14:15 PM

Same. My experience with the “concept” of Wikipedia was very high until I had the “direct experience” of Wikipedia, and I realized that the encyclopedia of the commons may not have planned for me to be in the commons.

by realitylabs

6/2/2026 at 2:38:45 PM

Same. Even a single sentence with an easily verifiable fact. Reverted in seconds.

by HoldOnAMinute

6/2/2026 at 2:16:29 PM

Everything I've ever added was kept.

by squigz

6/2/2026 at 2:38:43 PM

Not absolutely everything I've ever contributed was kept, but definitely a lot of it. I genuinely get the feeling that the modern Wikipedia hatred comes from somewhere other than a few unfortunate edit wars, but I'm not in-tune enough to know.

by jchw

6/2/2026 at 2:34:24 PM

Good for you I guess.

Everything I ever added was kept, and I was permanently banned. I created [ciation needed], started the admins noticeboard, reworked the USA Patriot Act article, wrote numerous articles for WiR with extensive referencing, contributed to peer review and good article reviews, and a shitload more, but nope. Not good enough.

Why anyone would contribute to that cesspool is anyone’s guess.

by chris_wot

6/2/2026 at 2:36:24 PM

This comment is a little light on the reasoning for why you were permabanned.

by squigz

6/2/2026 at 2:38:53 PM

I commented on BrownHairedGirl’s RFA. The most toxic user ever on Wikipedia.

I can assure you, there are those on Wikipedia who committed far worse offenses and they remain.

Like I say - a cesspool that doesn’t respect article writers.

by chris_wot

6/2/2026 at 4:56:17 PM

Ah, I see, you were instigating constantly and people were sick of your shit. Seems like a reasonable ban, especially when you violated an IBAN already.

by ChrisClark

6/2/2026 at 1:07:16 PM

Sounds like something that would instantly get you banned from the app store if it got noticed.

by esperent

6/2/2026 at 2:08:25 PM

No, it isn't. A number of developers have done this.

by lapcat

6/2/2026 at 2:52:44 PM

Good thing Apple is well-known for consistently and fairly applying its own App Store rules across multiple, similar apps...

by ryandrake

6/2/2026 at 3:00:29 PM

You're missing the point. We know that countless developers, including the author of the blog post, have received App Store rejections of submissions. On the other hand, to my knowledge, exactly zero developers have ever been banned from the App Store for doing what the commenter claimed would instantly get you banned.

by lapcat

6/2/2026 at 3:17:56 PM

> If you're worried about people not trusting payment to you, might be worth seeing if you could implement this, so anyone who bought on the app store can still access the full feature set. Cuts you out 30% like, but better than nothing maybe.

In other words, Apple is abusing their position by defining overly broad permissions so that they can deny them and pressure people to fork over more cash to them.

by saghm

6/2/2026 at 2:26:35 PM

Interesting idea. It would basically turn the App Store version into both a discoverability channel and a license anchor for the direct version

by BrtByte

6/2/2026 at 3:45:09 PM

Offer a "trial" version on App Store, and ask them to download the "pro" version and buy the license directly from you. (Offer a "30%" discount and point out that's the "Apple Tax" savings they get for not paying through the App Store).

by thisislife2

6/2/2026 at 1:11:28 PM

Space Gremlin isn't even available on the App Store anymore, presumably because it hasn't been updated to newer versions of macOS. Meanwhile, GrandPerspective is free and uses the exact same visualization as WinDirStat (although the UX is a bit weird for me)

by LoganDark

6/2/2026 at 2:57:14 PM

Isn’t it like 15% up to the first or second million in sales?

by SV_BubbleTime

6/2/2026 at 2:52:36 PM

I don't mean to offend, but entrusting every input to a company literally called MITM LLC has a level of absurdity that either greatly entertains or else greatly frightens me.

by atroon

6/2/2026 at 4:39:39 PM

Model-in-the-middle LLC

Checks out, what's the problem? /s

by julianlam

6/2/2026 at 12:59:04 PM

I recently built a similar app, and so hit the same limitations – I wasn't too upset on Mac, happy to distribute without the App Store (though it's a shame).

Where I was more frustrated was how much this limited the potential usability of the iPhone app. Because of app store restrictions it is a far worse app ... though like in your example, still useful to a degree.

I can only hope they use the new CEO as an opportunity to seriously re-evaluate their entire approach to how they work with developers, though I'm not actually expecting them to. If anything, with the increase in apps being created via AI tools I worry they will go the other way.

by robgough

6/2/2026 at 2:16:06 PM

I really do understand the desires people have for iOS to be a more open platform, but I'm just gonna say very clearly: I do not want third party apps being able to do what OP's app does. My iPhone is the one computing platform I have where I get the assurance that no third party app can be spying on anything else I do on the device.

by cmsj

6/2/2026 at 2:58:48 PM

Yea, Accessibility features are kind of OS super-powers and you really, REALLY need to thoroughly vet apps that you grant those powers to. These apps need to be actually using Accessibility to provide assistive technology for users with disabilities. I'm usually uneasy about Apple anointing itself the gatekeeper for this, but someone has to do it.

Lots of shady and well-known developers (like Dropbox) are notorious for trying to weasel their way into getting Accessibility permissions, so they can do god knows what with them to your system.

by ryandrake

6/2/2026 at 4:28:00 PM

Two things can be true, you can choose to install software from a curated store, policed by an entity you trust to do that. I can install whatever trash I want from the internet and risk my own security doing so. These two things aren't in conflict and could be enabled with a change in policy from Apple.

Worried about grandma installing shady apps? Enable parental controls on her phone.

by gumby271

6/2/2026 at 2:26:30 PM

iOS generally lets you reject any permission an app asks for. This would certainly be "risky" enough that iOS would require explicit user permission, and you would be able to say no.

On top of that, the app is completely optional: if you aren't comfortable giving it those permissions, don't install it?

by __float

6/2/2026 at 4:12:25 PM

Locking down your phone to block anything you don't want is doable at your own level. Opening up the ecosystem for those who care about better third party apps can only done by Apple.

Those two desires should both be fulfilled.

by makeitdouble

6/2/2026 at 2:24:36 PM

The Accessibility permission is not granted automatically to apps on the Mac. You have to specifically allow it for an app. So you retain control and assurance even without Apple lockdown.

by lapcat

6/2/2026 at 2:52:13 PM

Exactly. On iOS, it completely limits the market for a good dictation app with your keyboard, because iOS just doesn't allow you to.

by jiehong

6/2/2026 at 1:34:10 PM

If you're in the EU, consider publishing on an alternative App Store and pointing users that way.

If you're not, ask your representatives why you don't get the same rights.

by vrganj

6/2/2026 at 2:38:56 PM

[dead]

by BrtByte

6/2/2026 at 1:02:54 PM

[dead]

by RZelaya

6/2/2026 at 1:13:21 PM

As someone who also experience pains in their hands after a couple of hours of typing... I started to use the great open source app called ghost-pepper [1] that i found on github and has been my daily driver (its like superwhisrp but oss/free and local) the maintainer is really nice and replies to DMs really quickly too.

[1] https://github.com/matthartman/ghost-pepper

by orliesaurus

6/2/2026 at 2:29:11 PM

I am big fan of VoiceInk which is also local and open-source. I also maintain this list of all the best open-source ones in this awesome-style GitHub repo. People looking for open-source dictation tools, hope you find something that works for you here: https://github.com/primaprashant/awesome-voice-typing

by primaprashant

6/2/2026 at 2:23:27 PM

As someone that have tried a few of these apps, I really like this one. I dictated this one just now with ghost pepper. Thanks Matt and thanks orliesaurus for sharing it here!

by emrehan

6/2/2026 at 12:33:19 PM

This is what happens when you run an OS controlled by some random big corporation. I dont mean that it's the person's fault, but just that you should not rely on Apple. they allow you to use your computer, but on their terms.

Install some GNU/Linux distro and you can do whatever you want.

by Muhammad523

6/2/2026 at 12:39:52 PM

for most people this is like saying "If you don't like being oppressed, just move to Antarctica!"

by functionmouse

6/2/2026 at 12:49:10 PM

Maybe more like “Learn how to replace an AC filter by yourself instead of calling an AC repair company”

I just installed PopOS on a laptop recently, and… it just worked. There’s an app store for noobs that I think installs flatpaks. GPU drivers just work. Whole disk encryption. Everything just works.

I don’t see what else my grandma that just uses Facebook would need. Maybe automatic updates?

by callc

6/2/2026 at 12:50:31 PM

No. Changing one's primary operating system takes time, dedication, and is a lifestyle change, similar to moving somewhere remote. Changing ones AC filter is none of those things.

If you and your grandma only rely on the computer for its web browser, then good for you. You have flexibility that is not afforded to most people. But that's not how a person's phone works; phones dig a lot deeper into one's lifestyle, intentionally so. The walled garden was constructed to keep outsiders out, but now it seems the primary purpose is keeping those inside hostage.

by functionmouse

6/2/2026 at 2:15:19 PM

My mother-in-law recently became fed up with Windows and asked me to install Linux for her. I gave her Debian with a Mate desktop.

She loves it. Zero problems. It's been a week and she's using it just fine. No lifestyle upheaval.

by analog8374

6/2/2026 at 2:57:50 PM

Your mother in law asked specifically for Linux?

by onemoresoop

6/2/2026 at 1:34:12 PM

Nobody in my life even notices when they change their 'primary operating system.' They buy a phone based on what looks cool at the time, sometimes it's android, sometimes it's iphone. They move freely between chromebooks, windows, and mac os, because everything is online anyway. It's only 'experts' who have trouble with this.

by stonogo

6/2/2026 at 3:52:59 PM

Partly agree. I once installed Firefox with uBlock Origin for someone who was Chrome user on an old PC and complained it was slow when browsing, and they told me that they didn't even know that there were different browsers available.

by thisislife2

6/2/2026 at 2:18:30 PM

I'm the IT guy to most of the elderly people in my life, and steadily switching them over to Linux Mint over the years. Fact of the matter is, most of them use their OS as a gateway to their web browser, and don't care to do anything else with it. For many non-technical users, switching OSes is literally a non-thing. The only difference vs Windows is that they call me for assistance way less frequently.

by Hugsbox

6/2/2026 at 2:04:13 PM

you are telling me that everyone in your life freely swaps between windows and mac without even noticing a difference? no problems?

i call bullshit. i have worked in very big orgs. changing a single icon can cause a deluge of support tickets.

by john_strinlai

6/2/2026 at 5:13:07 PM

I have family that would gladly use FacebookOS if such a thing existed and automatically loaded that and only that website as soon as you turn on the computer or phone.

by alnwlsn

6/2/2026 at 3:12:34 PM

Congrats on your enormous org. The conversation was about families, indicating a non-enterprise environment. Try to keep up.

by stonogo

6/2/2026 at 1:00:31 PM

You make people sound like they are semi-automatons?

by MichaelZuo

6/2/2026 at 1:01:10 PM

If a 15 years old can do so (me) then other people can do so as well. I did not feel uncomfortable at all when i first installed ElementaryOS and then moved to Fedora. everything just works, i never ever had to worry about drivers or stuff like that

by Muhammad523

6/2/2026 at 1:27:42 PM

I've been using Linux for about 27 years now and yet there are still some things I begrudgingly use Windows for (can also rephrase: one machine that does certain things).

I own more (and have them running right now) machines with linux than anything else and yet I'm not saying people can just switch. The problem is usually not "can do at all costs" but "can do with a reasonable addition of extra steps/relearning/tool does not exist/etc". There's some nuance and when I have some spare time I will (again) try to switch that one machine, but "it just works" maybe can also mean you're not using it for a diverse enough set of things.

In my case the reasons are actually quite boring: some hardware I couldn't get running and some (maybe minor) things that drive me nuts. The hardware is kind of a deal breaker atm. And yes, some people do a lot more weird things at home, my work machines were running Linux for 90% of the time since 2010ish.

by wink

6/2/2026 at 2:07:20 PM

Sure. Can you go down my well to replace the pump? Can you figure out what shots my cat needs? Can verify my companies books balances via GAAP? Can you tell me what the correct slump we need to make sure this bridge stands? The list of things I can ask goes on much much longer. In all cases you can learn to do that, but you cannot live long enough to learn to do all of the above.

by bluGill

6/2/2026 at 1:13:49 PM

As a 15 year old your mind is flexible in ways that most people's are not. As you get older you will realize the cost of changing the way you are used to doing things. Take advantage of your young brain and try all the things

by justaman123

6/2/2026 at 1:46:21 PM

Also, infinite free time to learn, and no real cost to ongoing work by fucking things up

by misnome

6/2/2026 at 1:10:54 PM

Personal ability cannot be the universal baseline, sadly

by norren8

6/2/2026 at 1:11:52 PM

I run Linux across a dozen thin clients and a server class desktop in my home lab. It's rock solid for home assistant, proxmox, routing, etc etc. Set it (hours and hours of work) and forget it exists.

I couldln't imagine having the time to set it up as a daily driver that handles my daily workflows, hardware needs, etc. Terminal in OS X is a close enough approximation out of the box and goes beyond it in DX (IMO) with very little additional setup.

I know this will be an unpopular opinion.

by F7F7F7

6/2/2026 at 3:12:48 PM

I'mm exactly the same. Fluent in Linux, but you'll pry my MacBook out of my cold dead hands.

by cguess

6/2/2026 at 1:00:23 PM

PopOS completely shit the bed for me on a major version upgrade, left the system is a completely inconsistent state. Luckily I was only trying it out on one (multi-boot) laptop and could easily switch, but it's put me off Pop OS.

by breakingcups

6/2/2026 at 1:22:41 PM

> If you don't like being oppressed, just move to Antarctica

No - moving to far away areas is not the right analogy. After all you need to have use cases where those huge companies do not control your business. So the alternative is to avoid becoming dependent on them; or cut off the dependency when possible.

by shevy-java

6/2/2026 at 12:46:00 PM

[dead]

by amelius

6/2/2026 at 3:22:55 PM

Centralized package repositories like the one provided by canonical have similar limitations to the Mac App Store, you need to get your app reviewed, you need to push updates to each platform where you distribute your app and in exchange you get visibility.

I'd argue that installing and updating apps on MacOS is simpler than on Linux distros because most apps have built-in auto-updates (or you can just drag the app to the applications folder) instead of having to rely on snap / apt / insert your package manager which may a lot of outdated and unmaintained packages and apps.

by vanyle

6/2/2026 at 12:44:38 PM

Fair. I run Nobara on my gaming computer and built a similar dictation tool there with no API restrictions, so the trade-off is real. For this project I chose both: App Store reach for the compliant version, direct distribution for the full one. But I know other people wouldnt be comfortable with running something like that so I built this somewhere my mom could use it

by RZelaya

6/2/2026 at 2:14:16 PM

Unless... you have a personal or professional need to use apps that don't work on Linux.

I tried very hard to switch to Linux full time some months ago, but I couldn't find a way of getting Microsoft Office to work satisfactorily. There are clever packaged versions of Outlook and Teams, but I need full native installed versions of Word/Excel/Powerpoint, and there just wasn't a good solution. That was a deal breaker, sadly, so I'm back on Mac for the time being.

Other examples would be some of the popular games with anti-cheat that requires Windows.

by mft_

6/2/2026 at 2:10:29 PM

You're missing the point: it isn't about the OS. The direct distribution version of the app has full functionality. The problem is with the Mac App Store.

by lapcat

6/2/2026 at 12:50:35 PM

>This is what happens when you run an OS controlled by some random big corporation

You get a channel for installing apps, where someone vetoes random apps that want to have access to control your whole computer and potentially steal sensitive data?

>Install some GNU/Linux distro and you can do whatever you want.

And any random app can get total control and steal your data, unless you know how to enable restrictions. I'd rather have restrictions as the default, and for the most naive users who'd follow every app prompt, and then cry about their lost work/private documents/money, no way to bypass them.

by coldtea

6/2/2026 at 12:57:35 PM

It's not true that any app can get total control of your system. If you install them via flatpak, the apps are sandboxed. Also, unless you log in as root, the apps can't do much. Wonder why the most important systems in the world and big tech's servers run GNU/Linux? There's a reason

I dont wanna start a war over this btw, even though it may not seem :)

by Muhammad523

6/2/2026 at 5:54:26 PM

>Also, unless you log in as root, the apps can't do much.

On a personal computer, they "can't do much" to the things you can trivially re-create by reinstalling anyway. Apps, system files, etc.

They can however do everything to your own files, steal your documents, bank account data, and more.

That a progran run as you without root "can't do much" made sense for multi-user Unix services, not for a personal computer and your own files.

>Wonder why the most important systems in the world and big tech's servers run GNU/Linux? There's a reason

Yes, and it's not because "unless you log in as root, the apps can't do much" on your personal laptop.

by coldtea

6/2/2026 at 1:07:35 PM

> I'd rather have restrictions as the default

Then don't install apps and use the web, mobile sandboxing is much weaker compared to any modern browser.

by realusername

6/2/2026 at 3:29:52 PM

Wrong answer...

by Danox

6/2/2026 at 3:31:19 PM

How so? The accessibility API which is causing data exfiltration here doesn't even exist on the web.

by realusername

6/2/2026 at 12:46:56 PM

Apple is hardly a random big company. Apple's customers specifically chose to purchase the product. Most of their customers don't realize the significance of the exposure to copy and paste between Apps. Apple has taken the position that monitoring this exposure is part of their duty to the customer. Anyone that is aware of this shortcoming in Apple's product is free to purchase a different device.

by detourdog

6/2/2026 at 12:51:00 PM

In Apple’s defense, your company name is MITM. Man In The Middle certainly falls on one side of the perception line, don’t you think?

by dmcgill50

6/2/2026 at 3:19:55 PM

Of course, one might construe Apple as an MITM in the relationship between the user an and the software vendor.

by Gormo

6/2/2026 at 4:32:27 PM

In fact, Apple would construe themselves as a MITM, pretty explicitly.

by gumby271

6/2/2026 at 12:55:29 PM

Right?!

I get that some people are unfairly targeted but some other times it's people being (extremely) naive or just playing dumb

"Hey you know what would be cool? If we named our bluetooth speaker company bee oh emm bee!!11"

by raverbashing

6/2/2026 at 12:56:38 PM

The acronym is unfortunate, you're not wrong. MITM here is "Moogle In The Machine" (the Final Fantasy moogle + machine learning), but the security-context joke is fair and I hear it constantly.

by RZelaya

6/2/2026 at 2:06:04 PM

Moogle itself might be copyrighted, too

by butlike

6/2/2026 at 2:46:34 PM

There's a reason I don't write mobile apps, and it's all the flaming hoops you have to jump through: both in the build system and from the random whims of reviewers.

by chuckadams

6/2/2026 at 3:26:04 PM

I’ve been doing it for a decade now. I have a list of everything I’ve been rejected for. New apps must satisfy the list before I put them up for first review. New apps pass first try now.

Build system woes are almost always solved by deleting build cache & artifacts and trying again. Often necessary after messing around with deeper dependencies.

by allthetime

6/2/2026 at 2:03:56 PM

The frustrating part is less that Apple has a boundary here, and more that the boundary seems opaque and inconsistently enforced

by BrtByte

6/2/2026 at 5:31:47 PM

I understand their point of view. I will launch an app on app mac too. I hope it do goes smoothly.

by numron-dev

6/2/2026 at 1:08:31 PM

Some non apple apps get access to accessibility APIs. What gives?

This API is sensitive. I imagine Apple is particularly stringent as to how the access is justified. Not how it uses it but how the reason for using it is explained.

It's not like someone tests the app and all api calls to deem them reasonable or not.

by hirako2000

6/2/2026 at 1:55:24 PM

They do literally pay people to do that. Then one of those people chose to reject this anyway.

by taormina

6/2/2026 at 5:33:08 PM

Can't view the site. Rejected with

net::ERR_CERT_AUTHORITY_INVALID

by MoonWalk

6/2/2026 at 3:26:39 PM

After decades of heavily using the computer keyboard (every day, all day) I started getting pain in my wrists.

I got an ortholinear keyboard that looks like a rectangular grid, just 12 by 4 keys around 10-15 years ago.

I don't recall the last time I felt pain in my hands, completely gone.

by kobalsky

6/2/2026 at 1:07:24 PM

What API are you using? I have a sandboxed app on the Mac Store that synthesizes CGEvents to simulate arbitrary keyboard actions on behalf of the user. It needs accessibility permission, of course.

by hombre_fatal

6/2/2026 at 1:22:48 PM

Same approach: CGEventPost with Accessibility permission. The wrinkle was that my App Store reviewer wasn't comfortable with how I was using AX permission for auto-paste, even though the mechanism is the same as other apps already in the store. The clipboard-only version of WhisperPad needs no AX permission and that's what got through. Interesting that your sandboxed app with similar mechanics is approved.

by RZelaya

6/2/2026 at 1:14:00 PM

Wondering the same, there is some weirdness around the clipboard and CGEvents though. Are you avoiding the clipboard entirely in your implementation?

by jchigg2000

6/2/2026 at 1:10:04 PM

Quick question, I assume you're getting caught by the CGEvent(PostEvent)...but I want to be sure. AX API has been gimped for over a decade so you'd have never made it into the app store that way. Just making certain, in case you have another path. It doesn't appear CGEvent is a universal approval anymore either though.

Have fought similar demons lately, feel your pain.

by jchigg2000

6/2/2026 at 1:22:00 PM

The direct version uses CGEventPost to synthesize the paste, which requires Accessibility permission. The App Store version writes to the clipboard only, so no AX permission needed and the user presses Cmd+V manually. The 2.4.5 rejection was specifically about the Accessibility permission use case. Your read sounds right that this path has been gimped for a long time.

by RZelaya

6/2/2026 at 3:11:42 PM

I’ve had lots of inconsistent app reviews from Apple. Just appeal and/or re-word your language and you’ll be ok. Plan on it taking a few weeks to fully sort out.

by luca-ctx

6/2/2026 at 3:26:19 PM

This is well documented by them which is why a majority of the apps doing this are released outside of the App Store. I built something similar, and I just publish it separately https://github.com/moxiebytescode/speakeasy.

by stokedbits

6/2/2026 at 4:14:55 PM

If you emulate command+V, make sure to check the keyboard layout. You may need to translate the keycode V for the current keyboard layout like DVORAK etc

by longnguyen

6/2/2026 at 4:22:34 PM

Good catch. Easy edge case to miss if you only test on QWERTY. I'll double-check the implementation, thanks for the heads up.

update: You're right, this is a real bug. The Direct version's auto-paste hardcodes the QWERTY keycode for V instead of translating for the active layout, so Dvorak / Colemak / AZERTY users would all hit it. The MAS version is unaffected (clipboard-only; the user presses their own Cmd+V, which is layout-correct). Fix is going into the next release. Thanks for the careful read.

by RZelaya

6/2/2026 at 4:30:31 PM

Good luck. I’ve been building a native AI client[0] for the past 3 years and I didn’t catch this edge case until some of my users asked for it.

[0]: https://boltai.com

by longnguyen

6/2/2026 at 12:36:24 PM

I don't want random apps to paste potentially dangerous things into other apps. Its understandable.

Imagine a banking app, and for example an IBAN field.

by DelightOne

6/2/2026 at 12:40:31 PM

Them you are free to not install them? Why ban them outright?

I'm using https://github.com/cjpais/Handy whichseems to be doing exactly what this app does, and has a very similar background story (author couldn't type die to injury).

by kuboble

6/2/2026 at 12:57:37 PM

Handy is excellent and cross platform, and really elegant. They've got a direct website here which might be easier to navigate than the Github repo:

https://handy.computer/

by SyneRyder

6/2/2026 at 1:03:49 PM

Handy looks great. More tools in this space is a good thing for people who need them.

by RZelaya

6/2/2026 at 12:53:42 PM

In this case it feels like it's a feature that the operating system should be providing or something that could be marked as an accessibility tool, which would allow it to use that API.

The problem from Apples perspective could be that there is a ton of tools that require access to the accessibility API because they want to do stuff that Apple have deemed a security risk and the only way to do it is by abusing the API. Some of these are also because macOS simply lacks certain APIs.

I think Apple overreacting due to previous API misuse by other apps.

by mrweasel

6/2/2026 at 1:00:27 PM

[dead]

by RZelaya

6/2/2026 at 12:45:45 PM

To their defense you cannot rollback apps, so if you did install and only an update had this function, you are out of luck

by amazingamazing

6/2/2026 at 12:51:14 PM

"In their defense, the OS is even more insane with mandatory forced application updates that you have no control of". I hope I won't ever happen to have you representing me as a defense attourney!

by applfanboysbgon

6/2/2026 at 12:41:34 PM

I see, that's a really fair point. And I can understand that banking field example. So I can see why they're guarding against it. My disagreement was less with the rule itself and whether Whisperpad's specific use case for users with mobility needs falls on the right side of it.

by RZelaya

6/2/2026 at 12:39:38 PM

I would like the option to allow the behaviour selectively

by notlive

6/2/2026 at 12:40:07 PM

That's what install outside of the App Store is for. On your own risk-

by DelightOne

6/2/2026 at 12:54:05 PM

Pasting doesn't seem very unsafe. Especially not when the app can't know what it's pasting into.

by boxed

6/2/2026 at 2:12:23 PM

Doesn't Wispr Flow do this though? How did they get past these limitations?

by nullbio

6/2/2026 at 2:26:07 PM

From what I understand Wispr Flow distributes directly from their website and doesn't ship through the Mac App Store, so they don't go through Apple's App Store review at all. They use the Accessibility API the same way the direct version of WhisperPad does. The 2.4.5 limitation really only kicks in if you want App Store presence.

by RZelaya

6/2/2026 at 2:23:55 PM

not in the app store?

by sangeeth96

6/2/2026 at 12:34:17 PM

No surprises here, Google has also been restricting access to its accessibility API.

by -mlv

6/2/2026 at 12:42:08 PM

Useful context, thanks. I hadn't realized Google was tightening similarly. Would be interesting to see how the rationales compare.

by RZelaya

6/2/2026 at 1:09:50 PM

Oof, thats rough. I'll still start facing those issues, just got accepted into the apple's dev program. I predict a ton of rejections coming my way.

by artenesdev

6/2/2026 at 5:16:29 PM

[dead]

by RZelaya

6/2/2026 at 1:33:05 PM

macOS already has a dictation feature that does this exact thing, albeit in real time. I use it extensively.

OP’s description in the linked article doesn’t say much more than this, so what am I missing with this particular app?

by m-s-y

6/2/2026 at 2:06:13 PM

Apple's built-in dictation works for casual use, but in my own daily use the typo rate was high enough that I was constantly going back to fix things, which defeated the point (with a hand injury, those corrections cost me). WhisperPad uses Whisper models instead, doesn't cut off after 30-60 seconds like Apple's does, supports 99 languages offline, and pastes into any active field via hotkey. There's a 120-minute monthly free tier so you can see if it fits your use case. If Apple's built-in dictation handles what you need, that's a fair answer.

by RZelaya

6/2/2026 at 2:54:23 PM

Apple's own dictation is quite limited, doesn't handle multiple languages very well, and many open source dictation models simply do better.

by jiehong

6/2/2026 at 1:54:05 PM

[flagged]

by taormina

6/2/2026 at 2:06:37 PM

Is this just an stealthy ad for another paid dictation app…

by geor9e

6/2/2026 at 1:39:40 PM

Accessibility things should be more useful than to just narrow accessibility uses only. Wheelchair ramps help move heavy objects. The accessibility API makes it possible to introspect all of the keyboard shortcuts an app provides for another app to list them.

Screw Apple and their persnickety, controlling myopia.

by burnt-resistor

6/2/2026 at 1:05:24 PM

Easy, don't make apps for devices which are only leased to people.

Make apps for device, which are 100% owned by people.

by Fokamul

6/2/2026 at 1:21:29 PM

This is another reason why one shouldn't become dependent on those giant companies. Just as Microsoft recently stated, you'll have to pay for GitHub CoPilot soon on a token basis. Apple controls access to its software ecosystem too.

by shevy-java

6/2/2026 at 12:57:05 PM

Eh. I think it’s fair if Apple doesn’t want to publish something on their app store.

I just wish they weren’t so obstinate about people installing from other sources without signing/notarization. I understand it from a security standpoint but it’s also nakedly self-serving.

I’m glad that they’re fine with signing in this case.

by BoggleOhYeah

6/2/2026 at 1:03:22 PM

Fair points. The notarization-but-not-App-Store path was actually a workable middle ground in my case. Apple still gates security via notarization, but doesn't gatekeep the use case. The warnings users see when installing non-App-Store apps could be lighter without compromising security.

by RZelaya

6/2/2026 at 1:56:25 PM

A company called “MITM LLC” which hijacks pastes in other apps.

I have no idea what they’re thinking. Insanity.

by MagicMoonlight

6/2/2026 at 1:12:19 PM

Add it to the antitrust pile.

Microsoft was almost broken up over not allowing third party programs to use certain APIs. Apple abuses their dominant position to suppress competition.

by 2OEH8eoCRo0

6/2/2026 at 1:38:25 PM

Time to turn Linux into a platform where you can upload into a store whatever the fuck you want. And see these behemots burn.

by lofaszvanitt

6/2/2026 at 12:26:45 PM

I guess this app can still be installed locally? It's just that it can't be distributed to others due to signing requirements?

Edit: Ah, it's in the article, this is about AppStore distribution. Walled gardens are going to walled garden.

by oblio

6/2/2026 at 12:31:13 PM

The direct version is fully signed and notarized by Apple, just not distributed through the App Store. Anyone can install it from mitmllc.com/whisperpad without workarounds. The 2.4.5 rejection was an App Store rule, not a general restriction on the app.

by RZelaya

6/2/2026 at 12:44:54 PM

[dead]

by BoxFour

6/2/2026 at 12:38:24 PM

I am still not certain I understand exactly what Apple's reviewer meant by 2.4.5 in my case. My working assumption is that the concern is about an app reaching into every other app on the system to inject text, but I never got a perfectly clear explanation. (Or maybe I'm too dense to understand it.)

If anyone here has more direct experience with this guideline, especially from the App Store review side, I would like to hear it. I would rather understand the policy than just guess at it.

by RZelaya

6/2/2026 at 12:55:43 PM

[dead]

by RZelaya

6/2/2026 at 12:37:50 PM

[dead]

by cumshitpiss