1 Reply Latest reply: Dec 26, 2012 9:05 AM by MrHoffman
MacOSXNoob Level 1 (5 points)


I am trying to create an application in AppleScript Editor to give to my friends that will do the following:

Ask them to enter their email

Do some app stuff

Send me the email address discretely (Such as applications "Phone Home" to check for blacklisted serials)



Then, I will email them and say something like "Thanks for getting my app, if there is a problem, email me at this address and I'll try to fix it."


I already have

set x to text returned of (display dialog "Enter your Email" with title "Email Support" default answer "" buttons {"Continue…"} default button 1)

I also know what my app will do. I just need the script to phone home.



MacBook Pro, OS X Mountain Lion (10.8.2)
  • MrHoffman Level 6 (14,782 points)

    FWIW, and without intending offense, and probably not the answer you want, but your current approach is right on the edge of what could be considered malware, and it's an approach involving a whole lot of effort for little or no gain.


    Why?  Consider the implications of what you're doing with an eye toward what the results will be when — and this is definitely a "when" and not an "if" — your "discrete" transmission of that email address and potentially other personally-identifiable information becomes known to your friends (customers).  That tends to annoy some folks.


    Why do I write friends (customers) back there?  Because software intended for friends usually lacks "serials" and a "blacklist".


    Worse, after whatever effort you decide to expend to lock down your code against piracy, the folks that are intent on swiping your code will still swipe it.  That's how piracy works, after all.  Do the minimum to keep your honest and paying customers honest and paying (and not annoyed at you), and don't expect to have any effect on the software pirates.


    What data you don't have and what you don't collect, you can't lose.   Worse — if something goes wrong on your server(s) such as a rogue or run-away application or a data breach — can potentially expose that information.  Some jurisdictions also have regulations around data privacy, too.  Put another way, ask the user for permission before uploading personally-identifiable data, and have a (good) reason to do that, such as license recovery.


    With the Mac App Store, AFAIK you can't collect identifiable data without explicit user permission.


    If you're going to follow this course, then be up front about it.  Ask permission before uploading errors and crashes to your server, and (if you want feedback) provide an entry in the application menus that allows a user to send feedback or bug reports, launching the local mail window or a custom window to do that.  And blocking pirating?  Forget it.  Do the minimum necessary, and don't annoy your friends (or paying customers).


    As for updates and related, if you're never going to upload this application into the Mac App Store, then have a look at the Sparkle framework, or related mechanisms.  These make doing updates far easier and more automatic.  There are software-licensing frameworks around such as elipticlicense and cocoafob, so that you can avoid writing the frameworks and the checks and the servers.  Also a look at the Mac App Store licensing implementation, something which will provide you with some details of what Apple thought was important around securing applications; verifying receipts and all.


    And ask your customers before transmitting personally-identifying data.