Open ghost opened 9 months ago
bernerdad
commented
9 months ago Hi. We discussed doing this earlier this year. We would have to strip features from the app to make it compliant with the restrictions enforced by the Apple Store and did not want to confuse users by having a fully featured app on our website and a stripped down store version. The app available on our website is notarized by Apple, so one can be quite confident there are no issues with it.
ghost
commented
9 months ago Hi. We discussed doing this earlier this year. We would have to strip features from the app to make it compliant with the restrictions enforced by the Apple Store and did not want to confuse users by having a fully featured app on our website and a stripped down store version. The app available on our website is notarized by Apple, so one can be quite confident there are no issues with it.
I understand, maybe a lite version ? (if not I understand).
And do your app follow the sandboxing restriction ? (if possible can you add it somewhere in the FAQ or so ?), I ask because a minority of us do want app that implement this security
Thanks
bernerdad
commented
9 months ago We do not follow the sandboxing restriction, as that would block some necessary features in the app. We do enable the hardened runtime feature.
celenityy
commented
4 months ago @bernerdad Do you mind elaborating on what the necessary features are that'd be blocked? The reason I ask is for instance, ProtonVPN is fully sandboxed and appears to work without any issue. Mullvad has also said sandboxing their app is on their to-do list.
This is the one thing holding me back from using Windscribe, because otherwise, the client is excellent.
bernerdad
commented
4 months ago @bernerdad Do you mind elaborating on what the necessary features are that'd be blocked? The reason I ask is for instance, ProtonVPN is fully sandboxed and appears to work without any issue. Mullvad has also said sandboxing their app is on their to-do list.
This is the one thing holding me back from using Windscribe, because otherwise, the client is excellent.
Any of the features requiring admin access, currently implemented by our helper daemon, would be blocked. This would include split tunneling, firewall modifications, and custom DNS support, to name a few. It's possible we could implement a fully featured app, compliant with Mac App Store requirements, by implementing this functionality as a Network Extension. That would however require some significant engineering time, which would divert us from other important features and improvements we are currently developing.
ghost
commented
4 months ago @bernerdad Do you mind elaborating on what the necessary features are that'd be blocked? The reason I ask is for instance, ProtonVPN is fully sandboxed and appears to work without any issue. Mullvad has also said sandboxing their app is on their to-do list. This is the one thing holding me back from using Windscribe, because otherwise, the client is excellent.
Any of the features requiring admin access, currently implemented by our helper daemon, would be blocked. This would include split tunneling, firewall modifications, and custom DNS support, to name a few. It's possible we could implement a fully featured app, compliant with Mac App Store requirements, by implementing this functionality as a Network Extension. That would however require some significant engineering time, which would divert us from other important features and improvements we are currently developing.
so it's more we don't want to rather that because of the sandboxing we can't :) (I say that without judging i understand your point)
bernerdad
commented
4 months ago It's more of a "we can't at this time" than a "we don't want to". We can't at this time justify pulling a developer off our current task list and putting them on a task that may or may not be feasible. If any reading this would be interested in tackling this task, we'd be more than happy to liaise with you on it.
ghost
commented
4 months ago It's more of a "we can't at this time" than a "we don't want to". We can't at this time justify pulling a developer off our current task list and putting them on a task that may or may not be feasible. If any reading this would be interested in tackling this task, we'd be more than happy to liaise with you on it.
For me the simple fact you are willing is already a good thing, in my case I would not even be surprised if the first version (if happen) would simply be a connection tool with a simple kill switch and the list of server (and after adding feature by feature (who is feasible with the apple restriction of course)).
celenityy
commented
4 months ago @bernerdad
Thanks for the response, I guess just to confirm: Is this something eventually on the roadmap after the other features/improvements are developed and when time/resources are available?
bernerdad
commented
4 months ago It is on our board to investigate further when time permits, but it may be quite some time before we can allocate a resource to it.
Can you please release this app trough store for desktop (macOS, linux, windows)
Store (in Mac OS case) enforce some security feature (sandboxing) that are not enforced if externally installed and since there is virtually no way to check if those additional security are there the most secure way to install app are trough the official store.
It's why I do ask if you can publish it trough Apple Store (Mac OS) since the only one who have done it is NordVPN, and I would like to use your app on my Mac instead of using the wireguard app.
Thanks