Octarine Achieves Power and Versatility Without The PKM Rabbit-hole Effect
[Octarine](https://preview.redd.it/z4gqs84rm2qg1.png?width=1747&format=png&auto=webp&s=387643bc3aeb4ec6c5db86d93c21d260bbfcdee6)
I’ve been hearing about [Octarine ](https://octarine.app/)for a while. It’s one of those apps that people whose opinions I trust talk about with a lot of respect. After spending serious time testing it, I understand why.
Octarine is a tool for creating, editing, and organizing information using **plain Markdown files**. Notes stay independent but connected through links, tags, and metadata. It supports images, video, PDFs, and other files, which open in their native apps.
It’s flexible enough to cover several real workflows:
* journaling
* writing and drafting
* documentation
* PKM / linked notes
* project tracking
* task management
# Setup
Octarine runs on **Mac, Windows, and Linux**, but it’s not a heavy Electron app. The download is about **30 MB** and it launches basically instantly.
Installation on macOS is the usual:
1. Open the DMG
2. Drag **Octarine.app** to `/Applications`
On first launch you create or open a **Workspace**, which is just a folder of Markdown files.
That’s the entire setup.
# Filesystem First
Octarine stores everything as **normal Markdown files in normal folders**.
That means:
* You can manage notes in **Finder**
* Open them in **BBEdit, Typora, or any editor**
* Sync them with **iCloud, Google Drive, Syncthing, or Git**
I confirmed this by editing a note in **Typora** and watching Octarine instantly render the change.
It also supports **wikilinks** (`[[note]]` style), so building a network of connected notes is quick.
There’s also a knowledge graph if you’re into that. Just don’t post screenshots of it online unless you enjoy being teased.
# Writing and Formatting
Formatting is handled through a **slash command menu (**`/`**)**. It exposes all the usual Markdown tools plus some extras:
* headers and text styles
* callouts
* code blocks
* Mermaid diagrams
* LaTeX
* tables
* colored text
* templates
You could use Octarine purely as a **Markdown writing environment**. It renders formatting instantly, similar to Typora, but the underlying file is still plain Markdown.
It also converts **pasted HTML to Markdown**, which is surprisingly useful.
# Organization
The sidebar shows a **folder tree** of your workspace.
Beyond folders, Octarine adds structure with:
* **tags**
* **metadata fields**
* **Views**
Views are essentially **dynamic tables of notes** filtered by rules you define.
Think “saved smart searches that behave like a lightweight database.”
For project notes or research collections, this ends up being one of the most powerful features.
# AI (Optional)
Octarine’s AI tools work with:
* **Ollama or LM Studio** for local models
* **Apple Intelligence**
* **OpenAI, Anthropic, and Gemini APIs**
AI operates on the **current note as context**, letting you summarize, rewrite, or expand content.
Pro users can also install a **90 MB local model** that indexes the workspace and provides basic RAG features.
# Pricing
Most features are available in the **free version**.
The **Pro license** is currently **$70 (early supporter price)** and unlocks AI features plus future upgrades.
Not cheap, but it’s in the same ballpark as tools like **iA Writer ($69)**.
# Bottom Line
Octarine feels like what you’d get if someone built a **PKM / Markdown workspace from scratch** without the plugin ecosystem complexity.
If you like the *idea* of tools like Obsidian but don’t want to spend weeks dialing in plugins and settings, Octarine is worth a look.
Curious if anyone here has been using it long-term.
https://redd.it/1rydhb1
@macappsbackup
[Octarine](https://preview.redd.it/z4gqs84rm2qg1.png?width=1747&format=png&auto=webp&s=387643bc3aeb4ec6c5db86d93c21d260bbfcdee6)
I’ve been hearing about [Octarine ](https://octarine.app/)for a while. It’s one of those apps that people whose opinions I trust talk about with a lot of respect. After spending serious time testing it, I understand why.
Octarine is a tool for creating, editing, and organizing information using **plain Markdown files**. Notes stay independent but connected through links, tags, and metadata. It supports images, video, PDFs, and other files, which open in their native apps.
It’s flexible enough to cover several real workflows:
* journaling
* writing and drafting
* documentation
* PKM / linked notes
* project tracking
* task management
# Setup
Octarine runs on **Mac, Windows, and Linux**, but it’s not a heavy Electron app. The download is about **30 MB** and it launches basically instantly.
Installation on macOS is the usual:
1. Open the DMG
2. Drag **Octarine.app** to `/Applications`
On first launch you create or open a **Workspace**, which is just a folder of Markdown files.
That’s the entire setup.
# Filesystem First
Octarine stores everything as **normal Markdown files in normal folders**.
That means:
* You can manage notes in **Finder**
* Open them in **BBEdit, Typora, or any editor**
* Sync them with **iCloud, Google Drive, Syncthing, or Git**
I confirmed this by editing a note in **Typora** and watching Octarine instantly render the change.
It also supports **wikilinks** (`[[note]]` style), so building a network of connected notes is quick.
There’s also a knowledge graph if you’re into that. Just don’t post screenshots of it online unless you enjoy being teased.
# Writing and Formatting
Formatting is handled through a **slash command menu (**`/`**)**. It exposes all the usual Markdown tools plus some extras:
* headers and text styles
* callouts
* code blocks
* Mermaid diagrams
* LaTeX
* tables
* colored text
* templates
You could use Octarine purely as a **Markdown writing environment**. It renders formatting instantly, similar to Typora, but the underlying file is still plain Markdown.
It also converts **pasted HTML to Markdown**, which is surprisingly useful.
# Organization
The sidebar shows a **folder tree** of your workspace.
Beyond folders, Octarine adds structure with:
* **tags**
* **metadata fields**
* **Views**
Views are essentially **dynamic tables of notes** filtered by rules you define.
Think “saved smart searches that behave like a lightweight database.”
For project notes or research collections, this ends up being one of the most powerful features.
# AI (Optional)
Octarine’s AI tools work with:
* **Ollama or LM Studio** for local models
* **Apple Intelligence**
* **OpenAI, Anthropic, and Gemini APIs**
AI operates on the **current note as context**, letting you summarize, rewrite, or expand content.
Pro users can also install a **90 MB local model** that indexes the workspace and provides basic RAG features.
# Pricing
Most features are available in the **free version**.
The **Pro license** is currently **$70 (early supporter price)** and unlocks AI features plus future upgrades.
Not cheap, but it’s in the same ballpark as tools like **iA Writer ($69)**.
# Bottom Line
Octarine feels like what you’d get if someone built a **PKM / Markdown workspace from scratch** without the plugin ecosystem complexity.
If you like the *idea* of tools like Obsidian but don’t want to spend weeks dialing in plugins and settings, Octarine is worth a look.
Curious if anyone here has been using it long-term.
https://redd.it/1rydhb1
@macappsbackup
[unusual proposal] App idea - fully thought through and designed // Giveaway.
https://redd.it/1ryt9o6
@macappsbackup
https://redd.it/1ryt9o6
@macappsbackup
Reddit
From the macapps community on Reddit: [unusual proposal] App idea - fully thought through and designed // Giveaway.
Explore this post and more from the macapps community
I tested every “lifetime” Mac app posted on r/macapps for 7 weeks – 32 apps, 32 bypasses
**TL;DR:** Over 7 weeks I tested 32 “lifetime” Mac apps posted on r/macapps (non–App Store, direct downloads). Every single one had at least one real way to bypass its licensing or Pro checks using only local tools, no binary patching. For most users that just means “someone can get free Pro”, but a few apps had issues serious enough that, in the wrong hands, they could be abused for malicious updates or other supply‑chain style attacks. I named every app and privately reported all issues to the developers. The top two devs (Resurf and How To Convert) handled things almost perfectly. The bottom two (Glyph and Droppy) either blocked me or turned hostile after initially asking how to donate.
I recommend reading this full post or reading the write-up I did of all 32 apps, methodology, and responses.: [https://kamidevs.com/blog/macapps-audit](https://kamidevs.com/blog/macapps-audit)
\---
# Well, before we start, I think it's fair to say, who am I?
Well, kind user, thank you for asking! I'm Kami, also known as SenpaiHunters. I am a developer and a security research engineer. I've been cracking apps for over 7 years, so I've gained enough skills during this time to figure out how a Mac app will always run, whether it is native code like Swift or cross-platform like Electron.
You may also know me as a core developer of Loop, a FOSS window manager.
It's important to tell you that throughout this review, I am not affiliated with, paid for an increased rating, personally know, or otherwise act in disingenuous behavior to benefit a singular or multiple developers to gain a paid or better audience. All of the messages I sent were the first time doing so, and if you'd like more knowledge on an app I've reviewed, you're free to ask!
# What did I do?
From 20 January to 10 March 2026, I opened every post on r/macapps that used the “Lifetime” flair. I skipped Mac App Store–only apps and downloaded every other app that offered a paid lifetime license via direct download.
Every app I looked at was:
* distributed outside the Mac App Store
* signed with a valid Developer ID and passed Gatekeeper / notarization when installed
For each one, I asked a single question:
*"Can I bypass this app’s licensing as a normal user without patching the binary?"*
I limited myself to what a determined but “normal” user could do on their own Mac. I did use a local HTTPS proxy, `defaults`, `plutil`, `security`, Keychain Access, and edits to files under `~/Library` and other common directories. I did not use a disassembler, patch or re‑sign binaries, or attach a debugger to change code in memory. The idea was to see what someone can do with off‑the‑shelf tools, while still running the official build.
In that seven‑week window, I ended up with 32 lifetime‑license Mac apps. All of them passed Gatekeeper and notarization. All of them were bypassable at the licensing level using only local tools.
# Why this matters for normal r/macapps users
You might be asking me, “So if I install a vibe-coded app, am I at greater risk of having my email, passwords, or data exposed?”
Most of the issues I found are license and trial bypasses. For the typical user, that’s not immediately catastrophic, it mostly means:
* some people can get Pro without paying
* trials can be reset indefinitely
* the developer is losing revenue and doesn’t realise how flimsy their checks are
Where it becomes a real user‑safety problem is when the same “vibe‑coded” mindset hits the backend or update logic. In a few apps I saw problems like:
* Supabase row‑level security that allowed authenticated users to edit license or release tables (including update URLs)
* Credentials or tokens that could, if abused, be used to push malicious updates as if they were official
Those are the cases where, yes, installing the app could put you at greater risk. Not because the developer is necessarily malicious, but because they shipped something where an attacker could hijack the update channel or tamper with
**TL;DR:** Over 7 weeks I tested 32 “lifetime” Mac apps posted on r/macapps (non–App Store, direct downloads). Every single one had at least one real way to bypass its licensing or Pro checks using only local tools, no binary patching. For most users that just means “someone can get free Pro”, but a few apps had issues serious enough that, in the wrong hands, they could be abused for malicious updates or other supply‑chain style attacks. I named every app and privately reported all issues to the developers. The top two devs (Resurf and How To Convert) handled things almost perfectly. The bottom two (Glyph and Droppy) either blocked me or turned hostile after initially asking how to donate.
I recommend reading this full post or reading the write-up I did of all 32 apps, methodology, and responses.: [https://kamidevs.com/blog/macapps-audit](https://kamidevs.com/blog/macapps-audit)
\---
# Well, before we start, I think it's fair to say, who am I?
Well, kind user, thank you for asking! I'm Kami, also known as SenpaiHunters. I am a developer and a security research engineer. I've been cracking apps for over 7 years, so I've gained enough skills during this time to figure out how a Mac app will always run, whether it is native code like Swift or cross-platform like Electron.
You may also know me as a core developer of Loop, a FOSS window manager.
It's important to tell you that throughout this review, I am not affiliated with, paid for an increased rating, personally know, or otherwise act in disingenuous behavior to benefit a singular or multiple developers to gain a paid or better audience. All of the messages I sent were the first time doing so, and if you'd like more knowledge on an app I've reviewed, you're free to ask!
# What did I do?
From 20 January to 10 March 2026, I opened every post on r/macapps that used the “Lifetime” flair. I skipped Mac App Store–only apps and downloaded every other app that offered a paid lifetime license via direct download.
Every app I looked at was:
* distributed outside the Mac App Store
* signed with a valid Developer ID and passed Gatekeeper / notarization when installed
For each one, I asked a single question:
*"Can I bypass this app’s licensing as a normal user without patching the binary?"*
I limited myself to what a determined but “normal” user could do on their own Mac. I did use a local HTTPS proxy, `defaults`, `plutil`, `security`, Keychain Access, and edits to files under `~/Library` and other common directories. I did not use a disassembler, patch or re‑sign binaries, or attach a debugger to change code in memory. The idea was to see what someone can do with off‑the‑shelf tools, while still running the official build.
In that seven‑week window, I ended up with 32 lifetime‑license Mac apps. All of them passed Gatekeeper and notarization. All of them were bypassable at the licensing level using only local tools.
# Why this matters for normal r/macapps users
You might be asking me, “So if I install a vibe-coded app, am I at greater risk of having my email, passwords, or data exposed?”
Most of the issues I found are license and trial bypasses. For the typical user, that’s not immediately catastrophic, it mostly means:
* some people can get Pro without paying
* trials can be reset indefinitely
* the developer is losing revenue and doesn’t realise how flimsy their checks are
Where it becomes a real user‑safety problem is when the same “vibe‑coded” mindset hits the backend or update logic. In a few apps I saw problems like:
* Supabase row‑level security that allowed authenticated users to edit license or release tables (including update URLs)
* Credentials or tokens that could, if abused, be used to push malicious updates as if they were official
Those are the cases where, yes, installing the app could put you at greater risk. Not because the developer is necessarily malicious, but because they shipped something where an attacker could hijack the update channel or tamper with
data.
Because at the end of the day, you're deciding if this product is for you and if this money to spend is worth it. Also, consider who the developer is, whether you are willing to give it a shot, and if you believe you should do a quick review yourself.
If you need to think about it, here's what I suggest.
* Gatekeeper and notarization say “this probably isn’t obvious malware right now”, they do not say “this licensing, backend, and updater are robust”. Every app in this audit passed Apple’s checks, and every one was bypassable on the licensing side.
* Vibe‑coded apps (stitched together from docs/AI/snippets) tend to have the same security mistakes: trusting any JSON with `success: true`, keeping license state in UserDefaults or flat files, or misconfigured Supabase where users can edit their own license rows.
* A developer’s reaction to private reports is a strong signal. Some devs treated this as free security work, fixed things, and stayed professional. Others read the report, then ghosted or blocked me. If someone blocks you for reporting a bug, that is not the kind of person you want in charge of your update pipeline.
So if you’re about to buy a “lifetime” app from here and store anything sensitive in it (notes, API tokens, documents, whatever), it is worth taking a couple of minutes to see who built it, whether they have a real contact/security channel, and how they respond to issues.
# The app reviews?
Now, let's get to the fun and reviews. This is only a small snippet, and it will include the top two apps, scoring 10/10, and the bottom two apps, scoring 0/10. The entire write-up of all 32 apps is posted on my blog for you to read. You can quickly use cmd+f to search to see if your installed or favorite app was tested, how they responded, if it is fixed, and what the issue is or was.
**Top 2: best developer responses**
*Resurf* – rating 10/10
This is an Electron app. I found ways to bump it to Pro using both network‑level tricks and local state manipulation. The developer ( u/Hungry_Spite3574 ) responded in roughly 6 hours, asked good questions, and shipped a fix within a day. Communication was respectful and focused on understanding and resolving the problem, not arguing about it.
Email: [[email protected]](mailto:[email protected])
Response time: about 6 hours
Fix: about 1 day
Code quality: some AI usage, but the dev clearly understands their own app and trade‑offs
*How To Convert* – rating 10/10
Here the core issue was a Supabase auth bug that allowed a licensing bypass. I reported it through GitHub’s security process. The developer ( u/jakecoolguy ) fixed it within roughly the same window and there was no drama: no defensiveness, no arguing, just “here’s the issue, here’s the fix”.
Response time: about 10 hours
Fix: about 10 hours
Code quality: clean and understandable
**Bottom 2: worst developer responses**
*Glyph* \- rating 0/10
Glyph uses Gumroad for licensing. The app trusts the JSON response from the Gumroad API directly. With a local HTTPS proxy you can change the response so it looks like a successful activation, and the app unlocks Pro.
I reported this by DM. The DM was ignored and I was then blocked. There was no attempt to engage with the report, no follow‑up questions, and no visible fix.
Response: blocked after report
Fix: none implemented or communicated
*Droppy* \- rating 0/10
Droppy’s backend itself is not the worst in the list, but the client still trusts JSON from the backend too much. A local proxy can flip `valid: false` to `true` and the app accepts it. That’s the technical part.
The interaction was the real problem. The developer was very positive at first, calling the report “awesome” and asking for a way to donate. I sent a Polar link. After that there were more than 9 days of silence despite clear activity elsewhere. When I followed up via email ([[email protected]](mailto:[email protected])), the reply was defensive and described me as “demanding”.
From both a security‑process and user‑support perspective, this was the worst
Because at the end of the day, you're deciding if this product is for you and if this money to spend is worth it. Also, consider who the developer is, whether you are willing to give it a shot, and if you believe you should do a quick review yourself.
If you need to think about it, here's what I suggest.
* Gatekeeper and notarization say “this probably isn’t obvious malware right now”, they do not say “this licensing, backend, and updater are robust”. Every app in this audit passed Apple’s checks, and every one was bypassable on the licensing side.
* Vibe‑coded apps (stitched together from docs/AI/snippets) tend to have the same security mistakes: trusting any JSON with `success: true`, keeping license state in UserDefaults or flat files, or misconfigured Supabase where users can edit their own license rows.
* A developer’s reaction to private reports is a strong signal. Some devs treated this as free security work, fixed things, and stayed professional. Others read the report, then ghosted or blocked me. If someone blocks you for reporting a bug, that is not the kind of person you want in charge of your update pipeline.
So if you’re about to buy a “lifetime” app from here and store anything sensitive in it (notes, API tokens, documents, whatever), it is worth taking a couple of minutes to see who built it, whether they have a real contact/security channel, and how they respond to issues.
# The app reviews?
Now, let's get to the fun and reviews. This is only a small snippet, and it will include the top two apps, scoring 10/10, and the bottom two apps, scoring 0/10. The entire write-up of all 32 apps is posted on my blog for you to read. You can quickly use cmd+f to search to see if your installed or favorite app was tested, how they responded, if it is fixed, and what the issue is or was.
**Top 2: best developer responses**
*Resurf* – rating 10/10
This is an Electron app. I found ways to bump it to Pro using both network‑level tricks and local state manipulation. The developer ( u/Hungry_Spite3574 ) responded in roughly 6 hours, asked good questions, and shipped a fix within a day. Communication was respectful and focused on understanding and resolving the problem, not arguing about it.
Email: [[email protected]](mailto:[email protected])
Response time: about 6 hours
Fix: about 1 day
Code quality: some AI usage, but the dev clearly understands their own app and trade‑offs
*How To Convert* – rating 10/10
Here the core issue was a Supabase auth bug that allowed a licensing bypass. I reported it through GitHub’s security process. The developer ( u/jakecoolguy ) fixed it within roughly the same window and there was no drama: no defensiveness, no arguing, just “here’s the issue, here’s the fix”.
Response time: about 10 hours
Fix: about 10 hours
Code quality: clean and understandable
**Bottom 2: worst developer responses**
*Glyph* \- rating 0/10
Glyph uses Gumroad for licensing. The app trusts the JSON response from the Gumroad API directly. With a local HTTPS proxy you can change the response so it looks like a successful activation, and the app unlocks Pro.
I reported this by DM. The DM was ignored and I was then blocked. There was no attempt to engage with the report, no follow‑up questions, and no visible fix.
Response: blocked after report
Fix: none implemented or communicated
*Droppy* \- rating 0/10
Droppy’s backend itself is not the worst in the list, but the client still trusts JSON from the backend too much. A local proxy can flip `valid: false` to `true` and the app accepts it. That’s the technical part.
The interaction was the real problem. The developer was very positive at first, calling the report “awesome” and asking for a way to donate. I sent a Polar link. After that there were more than 9 days of silence despite clear activity elsewhere. When I followed up via email ([[email protected]](mailto:[email protected])), the reply was defensive and described me as “demanding”.
From both a security‑process and user‑support perspective, this was the worst
interaction in the entire run. If that is how security reports are handled, I would not recommend an app developed by this person.
Response: initially positive, then ghosted, then defensive
Fix: none
Code quality: entirely vibe coded
# What next?
Now that we see these apps, we're at a crossroads. What next? Well, I'll first give some recommendations to you, the user, and then to a developer who may have these issues or wish to look further at their app.
I always recommend that, no matter how much money or how little data it is, you first believe that the developer is telling the truth, is able to actually code (although this is a lot harder; check for common "vibe coding," i.e., emojis, bolded text, gradients, and other junk), how they respond, and whether it is honestly worth it. At the end of the day, I'm not here to tell you how you should spend your time or money; I can only give you tips and help you make an informed decision.
So, let's move on, shall we?
# Common failure patterns I kept seeing?
This is a TL:DR of what's posted in my blog, but,
* Trusting plain JSON from Gumroad / Lemon Squeezy / Polar or custom APIs and only checking simple flags like `success: true` or `activated: true`
* Storing critical license or trial data in UserDefaults or unprotected JSON/MessagePack files in Application Support
* Misconfigured Supabase row‑level security, allowing users to modify their own license rows or even release/update tables
* Treating a specific Keychain item’s existence as “Pro is on”, which can be faked with normal macOS tooling
Now, for those who are looking to develop or have an app that may have a flaw listed here, how can we fix it?
* Validate more than one “success” flag in JSON. Check product IDs, users, expiry, and signatures.
* Keep real license decisions on the server where possible; treat local data as a cache.
* Lock down Supabase RLS so users cannot modify license or release rows they shouldn’t touch.
* Sign or MAC cached license state on disk.
* Publish a clear way to report security issues, and respond like you actually want your app to survive.
Good examples of how to react include Resurf, How To Convert, LowTechGuys (Pipiri), InfiniDesk, Taphouse, Seam, and OS‑Engine. None of them were perfect; they just treated reports as a chance to improve, not as a personal attack.
# The end
If you wish to have your own app reviewed, you can see https://kamidevs.com/application-security. I aim to do free reviews for a developer's first app if they're a student or cannot afford one (see the 32 I just reviewed). For those who wish for a review but are unsure of pricing, discounts may apply.
I am free and open to any and all questions you might have, such as, can you give me tips on managing an app's security in Swift, or other questions, or what an app was like, expanded, i.e., you wish to know my thoughts on the app's UI/UX and security for any of the posted ones, or in general, how was your night? This post is, however, made at the time of posting, 23:50, so I will be going to bed, but you can expect a reply in 12 hours if this post wasn't mass reported or removed!
Now, this, is the end of the post, it's just a small post, on what is fully written in my blog, see that for,
* all 32 apps, names and links
* per‑app notes, ratings, and interaction summaries
* more detailed explanation of “vibe‑coded” apps
* concrete advice for better licensing and update security
Full writeup: [https://kamidevs.com/blog/macapps-audit](https://kamidevs.com/blog/macapps-audit)
# NOTICE
If you’re a developer whose app is on the list and you think I’ve been unfair, or you want a follow-up review, contact me privately; my details are at the end of the blog or in the messages/emails I've previously sent. If you wish for a proper conversation, please send me a message on Discord. I do not like Reddit chats as it lacks functions I normally use.
https://redd.it/1ryvdei
@macappsbackup
Response: initially positive, then ghosted, then defensive
Fix: none
Code quality: entirely vibe coded
# What next?
Now that we see these apps, we're at a crossroads. What next? Well, I'll first give some recommendations to you, the user, and then to a developer who may have these issues or wish to look further at their app.
I always recommend that, no matter how much money or how little data it is, you first believe that the developer is telling the truth, is able to actually code (although this is a lot harder; check for common "vibe coding," i.e., emojis, bolded text, gradients, and other junk), how they respond, and whether it is honestly worth it. At the end of the day, I'm not here to tell you how you should spend your time or money; I can only give you tips and help you make an informed decision.
So, let's move on, shall we?
# Common failure patterns I kept seeing?
This is a TL:DR of what's posted in my blog, but,
* Trusting plain JSON from Gumroad / Lemon Squeezy / Polar or custom APIs and only checking simple flags like `success: true` or `activated: true`
* Storing critical license or trial data in UserDefaults or unprotected JSON/MessagePack files in Application Support
* Misconfigured Supabase row‑level security, allowing users to modify their own license rows or even release/update tables
* Treating a specific Keychain item’s existence as “Pro is on”, which can be faked with normal macOS tooling
Now, for those who are looking to develop or have an app that may have a flaw listed here, how can we fix it?
* Validate more than one “success” flag in JSON. Check product IDs, users, expiry, and signatures.
* Keep real license decisions on the server where possible; treat local data as a cache.
* Lock down Supabase RLS so users cannot modify license or release rows they shouldn’t touch.
* Sign or MAC cached license state on disk.
* Publish a clear way to report security issues, and respond like you actually want your app to survive.
Good examples of how to react include Resurf, How To Convert, LowTechGuys (Pipiri), InfiniDesk, Taphouse, Seam, and OS‑Engine. None of them were perfect; they just treated reports as a chance to improve, not as a personal attack.
# The end
If you wish to have your own app reviewed, you can see https://kamidevs.com/application-security. I aim to do free reviews for a developer's first app if they're a student or cannot afford one (see the 32 I just reviewed). For those who wish for a review but are unsure of pricing, discounts may apply.
I am free and open to any and all questions you might have, such as, can you give me tips on managing an app's security in Swift, or other questions, or what an app was like, expanded, i.e., you wish to know my thoughts on the app's UI/UX and security for any of the posted ones, or in general, how was your night? This post is, however, made at the time of posting, 23:50, so I will be going to bed, but you can expect a reply in 12 hours if this post wasn't mass reported or removed!
Now, this, is the end of the post, it's just a small post, on what is fully written in my blog, see that for,
* all 32 apps, names and links
* per‑app notes, ratings, and interaction summaries
* more detailed explanation of “vibe‑coded” apps
* concrete advice for better licensing and update security
Full writeup: [https://kamidevs.com/blog/macapps-audit](https://kamidevs.com/blog/macapps-audit)
# NOTICE
If you’re a developer whose app is on the list and you think I’ve been unfair, or you want a follow-up review, contact me privately; my details are at the end of the blog or in the messages/emails I've previously sent. If you wish for a proper conversation, please send me a message on Discord. I do not like Reddit chats as it lacks functions I normally use.
https://redd.it/1ryvdei
@macappsbackup
I got tired of tabbing out to random websites mid-coding, so I built this
https://redd.it/1ryvmc0
@macappsbackup
https://redd.it/1ryvmc0
@macappsbackup
Reddit
From the macapps community on Reddit: I got tired of tabbing out to random websites mid-coding, so I built this
Explore this post and more from the macapps community
This media is not supported in your browser
VIEW IN TELEGRAM
Focusdim - Dim, blur, or highlight your active window (Freemium / $4.99 one-time)
https://redd.it/1rywi71
@macappsbackup
https://redd.it/1rywi71
@macappsbackup