I've been looking forward to this feature, but I must say I'm pretty disappointed that most of the personal automations still require a manual approval before they will execute. For example, I can schedule a particular shortcut to always run at a specific time. When that time comes, however, my phone will display a notification which I must physically tap to execute the automation. If I miss the notification, nothing will happen. The same is true for "When I Arrive..." and "When I Leave..." triggers. Which means, often, I'll get a notification in the car, while I'm driving, which I must tap to execute the automation.
I can see why Apple would want to step cautiously with consumer-based automation, but I was really expecting that all of these new automation triggers would fire without needing any manual approval, or at least that there would be a way to configure them to do so.
I have read that you can use a HomePod, Apple TV, or always-plugged-in iPad as a home hub, and my understanding is the triggers offered here will run in a fully automated fashion. I hope to explore that at some point.
Still, I'm very happy to see the progress in Shortcuts, and I expect it will only get better.
The list of auto-approved items seems somewhat arbitrary, but I think they had privacy concerns in mind when they made the list (although it seems stupid that you can't override those protections if you'd like).
All of the ones on the "cannot be run automatically" list are things that a bad actor could do if they had your phone, like wait for a certain time of day, or move your phone to a specific location, or bring it in range of a particular bluetooth or wifi device.
But then, NFC is on the "can be run automatically" list, meaning that a bad actor could touch your phone to a NFC tag to trigger an action, so that doesn't make much sense. The rest of the items on the "can be run automatically" list are all ones that require your phone to be unlocked (I think).
Very odd choice by Apple for something that will be used by relatively few people and would greatly increase the usability of the feature
That's true about the potential for bad actor, but it's also true for many false positives.
Passive automations based on location, bluetooth, wifi, etc. stand a good chance of many accidental triggers. Connections are flaky, location accuracy is flaky; without some form of throttling mechanism or way to better control accidental firings, it should remain manual.
Yes, but what if the NFC tag was on your keychain with your phone, which the attacker also had? That seems far more likely than being able to spoof a Bluetooth device that your phone had already paired with in the past (yet that one is in the list of "not automatic" choices)
I've heard quite a few times now that some of the reasons these automations aren't completely automatic is to avoid them being abused by people with bad intentions.
Say for example someone setting one up on someone else's phone (without their knowledge) to run every X minutes and using it to track someone's location, without them ever knowing about it.
I'm not entirely sure that's the real reason behind these notifications, but it does seem plausible.
I would be perfectly happy to receive a popup that an automation had just run. Also, Apple has been pushing for self-adjusting notification preferences. Imagine a popup like:
"The shortcut 'Foo' wants to run. Do you want to allow it?
- Never
- Not this time
- Run once
- Always"
Put an icon next to each shortcut showing whether it's always (or never) allowed, and it seems like the problem would be largely solved without asking much from the end user.
The malicious person would then click "Always Allow" while they are setting up the shortcut. It might be better if it worked like the location/bluetooth prompt, where some time later, it would prompt you if you still wanted that action to occur.
You don't need them to authenticate again, as the phone would be already unlocked.
What you want to do is periodically (at a random time each time) ask the user if they still want it to do the privacy sensitive action still. This way, it vastly increases the chances of detection if the action was added by a third party.
This sounds like a very reasonable solution. I kinda hope this is the way they end up solving it, if this really is the reason they're not truly automatic.
I don't think it's so much a privacy concern (it certainly is), but more with regards to accidental triggers by actions that are passive and flaky.
Location accuracy isn't always the greatest, particularly indoors; in-and-out connections to wifi/bluetooth are possible when you're on the fringe of its range.
These issues need to be addressed in some form before _true_ automation is given to them.
Apps already do this in the background without end users knowledge. Not saying this is right but it seems odd that it's okay for an app to do this to its users but not a user doing this to themself?
It would be nice if these automations could run automatically but perhaps, notify the user that said automation has run and allow them to easily disable the automation.
I agree with one of the replies that a pop up of some sort saying a shortcut has run is good.
They could also do what Gmail and possibly others do when forwarding is added. An obnoxious red colored warning at top of Gmail for 7 days about new forwarding. iOS could do that in some fashion.
I agree it's disappointing. Any interesting automation is basically impossible. I've also found the arrival and leave triggers to only work about half the time, which seems a lot worse than I would expect from Siri location-based reminders which work pretty well.
I have never gotten location based reminders to work. I've tried setting up reminders when I arrive or leave work / home, but they never fired. The worst thing is that there is no indication that tells you why it didn't work.
My guess is that it's a security issue. Suppose your phone were confiscated and you had an automation that revealed some sensitive information to the possessor of the phone, or a compromised third party. You might not want to run the automation under such conditions.
Ah, just wrote a flattering post here on it, but wasn't aware it still had the manual approval issue which is unfortunate. I understand it for some things like When I arrive home, since otherwise when I'm outside running loops by house, each time I come by the house it would open the garage which wouldn't be good, but so many other cases where manual approval seems odd, and at least should be able to approve with with one click on apple watch with out having to open the notification then approve.
Foursquare third party clients during its hey day that did auto check-in would have a cooling off period of X minutes or hours not to check-in to same location again.
Apple could do something like that. Probably a bit more sophisticated.
I think battery usage could be a primary concern here. Yes, this should continue to improve. Imagine coming home and all your blinds open automatically, lights turn on etc.
I don't think battery usage is the concern, because the alert still triggers - you just have to approve it. By the time you get the alert to approve it, the bluetooth or wifi or location services have already been running (using battery) and triggered the action
This can already be done in the "home automation" side of the shortcuts / home app. My own house lights up whenever my wife or I come home after dark and goes dark again when we leave.
The word "either" implies only two choices, making your opening example confusing when the first "either of" was really picking from three possibilities.
Is it less discoverable than the proposed alternative though?
In both cases one looks up the documentation, in one I find that search for the line start requires a regex with "^" and in the other I find something like "begin with" of Simple Regex Language (SRL). I still need to read (or test) to find what "begin with" means and I still couldn't guess it - why not "start with", "open with", "first character", or a myriad of other possible options.
Since code is read more than it is written, how well do you think a colleague without previous knowledge of regexs could understand '^' vs 'start of line'?
Since you mentioned Swagger--We've started using API Blueprint for internal API design and collaboration. Do you have any plans to support importing from API Blueprint?
I can see why Apple would want to step cautiously with consumer-based automation, but I was really expecting that all of these new automation triggers would fire without needing any manual approval, or at least that there would be a way to configure them to do so.
I have read that you can use a HomePod, Apple TV, or always-plugged-in iPad as a home hub, and my understanding is the triggers offered here will run in a fully automated fashion. I hope to explore that at some point.
Still, I'm very happy to see the progress in Shortcuts, and I expect it will only get better.