> However, I would like to point out that Apple isn't totally wrong here because the accessibility API unfortunately is way too broadly scoped, and because of that you literally get access to everything on the computer like you you can screenshot listen and and move the cursor... This is completely ridiculous and the proper engineering solution would actually be to phase out the accessibility API and replace it with something that is narrowly scoped so you can grant specific permissions individually

If you don't have use of your hands you want that. The whole point of accessibility APIs is allowing arbitrary control of your computer via novel means. One of the big selling points of Dragon Natually Speaking is the ability to tell your computer to do things based on descriptions without a mouse. "open outlook", "click compose", "select subject", "type foo", etc. Unfortunately modern software breaks this a lot. Chrome and anything electron based don't provide any accessibility information to the OS. The interior of the window excluding the tab bar is a void. Yes chrome has an inbuilt screen reader as do a number of electron apps. But if you aren't blind and want to use something like Dragon it doesn't work. Canvas based apps are often the same.

And no the solution here is not computer vision with an LLM. Text and buttons rendered on my computer exist in memory somewhere as text and buttons. We should not need to convert them to pixels and back lossily to recover text and buttons. We should just expose things to the accessibility API and not guess.

> However, I would like to point out that Apple isn't totally wrong here because the accessibility API unfortunately is way too broadly scoped, and because of that you literally get access to everything on the computer like you you can screenshot listen and and move the cursor...

I want apps to be able to do that!

Isn’t that just deliberate on their part? As in, they genuinely don’t want developers to use these APIs and just allow them for accessibility use cases.

undefined

Gradually improve? How many more decades is reasonable to wait? They are what they are and hoping for change makes no sense to me.

Thanks for sharing this. The "phase out the broadly-scoped Accessibility API and replace with narrower permissions" point is exactly the right structural fix. Right now developers have to declare a permission far broader than they actually need, and from the outside the criteria for what counts as legitimate use isn't clearly defined. Interesting that your iOS app got through but macOS didn't. WhisperPad is Mac-only and I haven't gone through the iOS path, so your experience there is useful data. The "demonstrable accessibility" criterion seems to be where everything bottlenecks.

There is something amusing about the fact that WinDirStat, as far as I know, was based on KDirStat (now QDirStat), yet this doesn't even get mentioned on their Wikipedia page, and by and large a lot of people don't even know QDirStat exists. One time someone even asked me if they knew of a good alternative for Linux; good news!

Sounds like something that would instantly get you banned from the app store if it got noticed.

> If you're worried about people not trusting payment to you, might be worth seeing if you could implement this, so anyone who bought on the app store can still access the full feature set. Cuts you out 30% like, but better than nothing maybe.

In other words, Apple is abusing their position by defining overly broad permissions so that they can deny them and pressure people to fork over more cash to them.

Interesting idea. It would basically turn the App Store version into both a discoverability channel and a license anchor for the direct version

Space Gremlin isn't even available on the App Store anymore, presumably because it hasn't been updated to newer versions of macOS. Meanwhile, GrandPerspective is free and uses the exact same visualization as WinDirStat (although the UX is a bit weird for me)

Isn’t it like 15% up to the first or second million in sales?

undefined

Model-in-the-middle LLC

Checks out, what's the problem? /s

I really do understand the desires people have for iOS to be a more open platform, but I'm just gonna say very clearly: I do not want third party apps being able to do what OP's app does. My iPhone is the one computing platform I have where I get the assurance that no third party app can be spying on anything else I do on the device.

Exactly. On iOS, it completely limits the market for a good dictation app with your keyboard, because iOS just doesn't allow you to.

If you're in the EU, consider publishing on an alternative App Store and pointing users that way.

If you're not, ask your representatives why you don't get the same rights.

[dead]

[dead]

I am big fan of VoiceInk which is also local and open-source. I also maintain this list of all the best open-source ones in this awesome-style GitHub repo. People looking for open-source dictation tools, hope you find something that works for you here: https://github.com/primaprashant/awesome-voice-typing

As someone that have tried a few of these apps, I really like this one. I dictated this one just now with ghost pepper. Thanks Matt and thanks orliesaurus for sharing it here!

for most people this is like saying "If you don't like being oppressed, just move to Antarctica!"

Centralized package repositories like the one provided by canonical have similar limitations to the Mac App Store, you need to get your app reviewed, you need to push updates to each platform where you distribute your app and in exchange you get visibility.

I'd argue that installing and updating apps on MacOS is simpler than on Linux distros because most apps have built-in auto-updates (or you can just drag the app to the applications folder) instead of having to rely on snap / apt / insert your package manager which may a lot of outdated and unmaintained packages and apps.

Fair. I run Nobara on my gaming computer and built a similar dictation tool there with no API restrictions, so the trade-off is real. For this project I chose both: App Store reach for the compliant version, direct distribution for the full one. But I know other people wouldnt be comfortable with running something like that so I built this somewhere my mom could use it

Unless... you have a personal or professional need to use apps that don't work on Linux.

I tried very hard to switch to Linux full time some months ago, but I couldn't find a way of getting Microsoft Office to work satisfactorily. There are clever packaged versions of Outlook and Teams, but I need full native installed versions of Word/Excel/Powerpoint, and there just wasn't a good solution. That was a deal breaker, sadly, so I'm back on Mac for the time being.

Other examples would be some of the popular games with anti-cheat that requires Windows.

undefined

You're missing the point: it isn't about the OS. The direct distribution version of the app has full functionality. The problem is with the Mac App Store.

>This is what happens when you run an OS controlled by some random big corporation

You get a channel for installing apps, where someone vetoes random apps that want to have access to control your whole computer and potentially steal sensitive data?

>Install some GNU/Linux distro and you can do whatever you want.

And any random app can get total control and steal your data, unless you know how to enable restrictions. I'd rather have restrictions as the default, and for the most naive users who'd follow every app prompt, and then cry about their lost work/private documents/money, no way to bypass them.

Apple is hardly a random big company. Apple's customers specifically chose to purchase the product. Most of their customers don't realize the significance of the exposure to copy and paste between Apps. Apple has taken the position that monitoring this exposure is part of their duty to the customer. Anyone that is aware of this shortcoming in Apple's product is free to purchase a different device.

Of course, one might construe Apple as an MITM in the relationship between the user an and the software vendor.

Right?!

I get that some people are unfairly targeted but some other times it's people being (extremely) naive or just playing dumb

"Hey you know what would be cool? If we named our bluetooth speaker company bee oh emm bee!!11"

The acronym is unfortunate, you're not wrong. MITM here is "Moogle In The Machine" (the Final Fantasy moogle + machine learning), but the security-context joke is fair and I hear it constantly.

I’ve been doing it for a decade now. I have a list of everything I’ve been rejected for. New apps must satisfy the list before I put them up for first review. New apps pass first try now.

Build system woes are almost always solved by deleting build cache & artifacts and trying again. Often necessary after messing around with deeper dependencies.

They do literally pay people to do that. Then one of those people chose to reject this anyway.

Same approach: CGEventPost with Accessibility permission. The wrinkle was that my App Store reviewer wasn't comfortable with how I was using AX permission for auto-paste, even though the mechanism is the same as other apps already in the store. The clipboard-only version of WhisperPad needs no AX permission and that's what got through. Interesting that your sandboxed app with similar mechanics is approved.

Wondering the same, there is some weirdness around the clipboard and CGEvents though. Are you avoiding the clipboard entirely in your implementation?

The paste-phase failures are exactly where most of my hard problems have been. App switching mid-paste, focus changes, slow-loading fields. It's an ongoing battle. Transcription history and custom prompts (especially for code or technical contexts) are good ideas I should think more about. The privacy trade-off on persistent transcripts is the part I've been chewing on.

The direct version uses CGEventPost to synthesize the paste, which requires Accessibility permission. The App Store version writes to the clipboard only, so no AX permission needed and the user presses Cmd+V manually. The 2.4.5 rejection was specifically about the Accessibility permission use case. Your read sounds right that this path has been gimped for a long time.

Good catch. Easy edge case to miss if you only test on QWERTY. I'll double-check the implementation, thanks for the heads up.

update: You're right, this is a real bug. The Direct version's auto-paste hardcodes the QWERTY keycode for V instead of translating for the active layout, so Dvorak / Colemak / AZERTY users would all hit it. The MAS version is unaffected (clipboard-only; the user presses their own Cmd+V, which is layout-correct). Fix is going into the next release. Thanks for the careful read.

Them you are free to not install them? Why ban them outright?

I'm using https://github.com/cjpais/Handy whichseems to be doing exactly what this app does, and has a very similar background story (author couldn't type die to injury).

I see, that's a really fair point. And I can understand that banking field example. So I can see why they're guarding against it. My disagreement was less with the rule itself and whether Whisperpad's specific use case for users with mobility needs falls on the right side of it.

I would like the option to allow the behaviour selectively

undefined

Pasting doesn't seem very unsafe. Especially not when the app can't know what it's pasting into.

From what I understand Wispr Flow distributes directly from their website and doesn't ship through the Mac App Store, so they don't go through Apple's App Store review at all. They use the Accessibility API the same way the direct version of WhisperPad does. The 2.4.5 limitation really only kicks in if you want App Store presence.

not in the app store?

Useful context, thanks. I hadn't realized Google was tightening similarly. Would be interesting to see how the rationales compare.

[dead]

Apple's built-in dictation works for casual use, but in my own daily use the typo rate was high enough that I was constantly going back to fix things, which defeated the point (with a hand injury, those corrections cost me). WhisperPad uses Whisper models instead, doesn't cut off after 30-60 seconds like Apple's does, supports 99 languages offline, and pastes into any active field via hotkey. There's a 120-minute monthly free tier so you can see if it fits your use case. If Apple's built-in dictation handles what you need, that's a fair answer.

Apple's own dictation is quite limited, doesn't handle multiple languages very well, and many open source dictation models simply do better.

[flagged]

Fair points. The notarization-but-not-App-Store path was actually a workable middle ground in my case. Apple still gates security via notarization, but doesn't gatekeep the use case. The warnings users see when installing non-App-Store apps could be lighter without compromising security.

The direct version is fully signed and notarized by Apple, just not distributed through the App Store. Anyone can install it from mitmllc.com/whisperpad without workarounds. The 2.4.5 rejection was an App Store rule, not a general restriction on the app.