iOS 13 Automatic running of shortcuts require clicking run still?

Actually someone has just comeback to me and said that Reminders works as a non unlock action for them, but I cant repeat it. Would be nice to have a list of which actions do/dont require unlocking although can probably guess at a lot of them.
Reminders/Messages/Music all confirmed as no unlocking on automations that say some actions require unlocking

I think what @viticci said seems to be pretty accurate:

any trigger that has a distinct “user interaction” of any kind (like tapping an NFC sticker, or getting into a car, or opening an app) can execute in the background.

triggers that might occur without the user noticing can not run without a confirmation.

one could of course argue that arriving or leaving a place is a physical action the user is aware of - but even like this the story checks out in my mind.

also, I am pretty sure that it is not about battery, but about Apple being Apple.
they will not allow you to accidentally do funky things you are not aware of - even if you really want to. like it or not: sounds 100% on purpose to me

any trigger that has a distinct “user interaction” of any kind (like tapping an NFC sticker, or getting into a car, or opening an app) can execute in the background * depending on the actions in the Shortcut

Attended automations, vs unattended its kind of a perfect example of Apple thinking about design in terms of interactions. Interactions are of course important and always will be, but other considerations like situation should be considered and given more weight at times, Apple often seems to not get this, Ive is a great loss to the company, but have to wonder if this is an example of how a different design philosophy, because its not just about the curves, could help Apple.
Or possibly I’m being a bit pretentious as I’m not sure how I got from automations to design.

Yeah, it’s Apple being Apple. Still, I don’t get the reason why? The user sets up the automatons along with the schedule. I think this goes a bit deeper. I could see this may be putting pressure on their servers. Like automatically add text to a clouded service multiple times a day along with automated messages. More and more I sense it’s not about protecting the user but making sure apple can handle the load. I mean we can today do all of this without user interaction on a mac, which is a couple of millions. But with iPhones, the scale is quite different.

“User sets up”…

… If I send you a Shortcut and you install it then the author is ME, not YOU. If I were malicious… :slight_smile:

I know what you mean, but I feel like if a user is not savvy enough to check this before they set up an automation, then they’re not any more likely to check it before they click ‘run’ on the notification.

I feel like the warnings that you’re going to access an API/the internet/whatever that have been introduced are a better safeguard against that kind of malicious Shortcut.

Maybe I’m not understanding you correctly. The user cannot install third party shortcuts outside the store without allowing it under settings. So the safeguard is already there or am I missing something?

But does the average user walk through the shortcut, figuring out what it does and if it’s safe?

(And nobody vets the “store”.)

No, but those in control of the store does.

Yes. There is a use case where you don’t have to be next to your phone. When you create a new automation, there is an option of “when I arrive”. Location based automation. When you arrive, it should be able to send a message without requiring me to unlock the phone. Automation of this type is pretty useless if it requires you to be active and unlocked.

Well last time I tried that it prompted me to run the shortcut.

It’s outside of Shortcuts, but when attempting to set up an automation through the Home app it displays a message that gives a little insight.

My attempt was to make my garage door automatically open as I arrive home. Unfortunately that isn’t an option. I can understand why, but also be bummed that I couldn’t make it happen. The garage door button in CarPlay is pretty dope tho.

“This automaton required confirmation to run because it may allow entry to your home”

So the scenario apple envisions is:

  • The user creates a shortcut that opens his garage door when arriving home.
  • Thief watches users create the shortcut.
  • Thief steals iPhone and goes to users’ home and loots it.

First, it seems pretty unlikely, second, it is the person that owns the housing choice to make if they are so paranoid then put up a warning while creating the shortcut.

I’m on the current 13.1 public beta (iOS and iPadOS) and the situation is the same

Pop to neighbours for a nice cup of tea, neighbours is on edge of geo boundary. Door keeps unlocking with a click, courier delivering hears this and decides to have a look around.
Live in flats, stalker waits by front door. You reach the ground floor within geoboundary, door unlocks, stalker walks in and waits whilst your taking the lift.

If (non whitelisted human detected) {
    unleash gamma cannon
    wait 60
    activate roomba
    spray pine air freshener 
}
2 Likes

The bluetooth lock market must be going through hell right now…ohh wait it isnt.

Point being, its not necessary for a bad actor to view your creating a Shortcut.
What’s bluetooth locks got to do with geofencing, when they use bluetooth to unlock?

Because Bluetooth is about as reliable as geofencing and people still use it to unlock doors. Anyway, all this is possible on Android and there has not been a wave of Android-related break-ins. If Apple is so paranoid then write a good disclaimer and as with location sharing ask the user. Otherwise, do not implement it, focus on something else.

Bluetooth can have a 10m/100m range. Just because bluetooth locks can unlock doesnt mean the accompanying app is allowing a 100m range geofence, they might be using 10m. Allowing 100m geofence could still be inadvisable, especially as location data isnt always accurate. Preventing people from doing it on 100m range seems very sensible.

You can have auto unlock doors for Homekit that unlock with a 10m bt range