iMessage and Safari Make iPhones Less Secure

Andy Greenberg writes about security problems in iMessage and Safari, saying that these products make iPhone less secure.

“If you want to compromise an iPhone, these are the best ways to do it,” says independent security researcher Linus Henze of the two apps…He and other iOS researchers argue that when it comes to the security of both iMessage and WebKit—the browser engine that serves as the foundation not just of Safari but all iOS browsers—iOS suffers from Apple’s preference for its own code above that of other companies.

Apple is in a tough position. If a company isn’t great at security, they could get a third-party to audit its software. But that would create a huge target.

iCloud Cluster****, Or Why You Shouldn't Run Betas On Important Devices

iCloud features in the iOS 13 betas have been removed because of buggy issues (And is probably a big driver behind iOS 13.1 betas). Developer Craig Hockenberry says this resulted in some unhappy customers.

Entire folders were either gone or corrupted. Apple’s mechanism to recover deleted files was of no help. The customers with weird folder duplicates were the “lucky” ones…Anyone who’s not a developer, and hasn’t been burned by a bad OS, does not know the kind of trouble that lies ahead. It’s irresponsible for Apple to release a public beta with known issues in iCloud…As an Apple shareholder, I also worry about how these failures will damage the iCloud brand.

This is exactly why you don’t run beta software on mission-critical devices. It’s not irresponsible of Apple, it’s irresponsible of people who ignore the warning on beta.apple.com to make backups. These people are why there are “Caution: Product May Be Hot” labels on microwaveable food.

iOS 13 Code Hints at Apple AR Headset With 'StarBoard'

Code within iOS 13 hints at an Apple AR headset, with a codename called ‘StarBoard’ that can launch apps, similar to iOS’s SpringBoard.

Namely, internal builds of iOS 13 include a “STARTester” app that can switch in and out of a head-mounted mode, presumably to replicate the functionality of an augmented reality headset on an iPhone for testing purposes. There are two head-mounted states for testing, including “worn” and “held.”

The iOS 13.1 Beta and a Possible Link to Trump Tariffs

Charles Arthur believes that the reason we’re seeing iOS 13.1 betas already could be linked to Trump’s tariffs.

Apple’s management also knows it can just about find a win-win solution here. If 13.1 proceeds as if it were 13.0, then it will be ready roughly when the “normal” 13.0 would have been, roughly a week after the new iPhones are launched, but about a week before they go on sale. That means that it can be the “GM” when it’s announced.

I don’t buy his Occam’s Razor logic because that is about finding an explanation with the fewest assumptions, and not his stated “most rational explanation.” And his theory, although interesting nonetheless, makes more assumptions than the current explanation of “Apple is holding features for iOS 13.1 to make iOS 13.0 more stable.”

The Origins of Unix - Now 50 Years Old

ars technica has posted at terrific story by Richard Jensen on the origins of the Unix operating system back in the late 1960s.

Maybe its pervasiveness has long obscured its origins. But Unix, the operating system that in one derivative or another powers nearly all smartphones sold worldwide, was born 50 years ago from the failure of an ambitious project that involved titans like Bell Labs, GE, and MIT.

A derivative of the original Unix OS, in the family tree of BSD, is the basis for macOS, iOS, and is even running in your Apple Watch.

Rumors Still Live for Apple's Bluetooth Tile Competitor

Apple announced a feature at WWDC 2019 that would let devices running iOS 13 and macOS Catalina to broadcast their location even when offline. The same technology is rumored to show up in a Bluetooth tracking device similar to Tile.

This small beacon device could be attached to personal items such as keys, purses or wallets so that the owner could find them even when out of range of the items. An ARKit “star” image discovered in the Find My app bundle hints at the possibility of using augmented reality to find lost devices or items, similar to Pixie Tracker.

Apple Releases iOS 13.1 Public Beta 1

After confusing people yesterday with the release of iOS 13.1 developer beta, today iOS 13.1 public beta 1 is available.

Beta 1 of iOS 13.1 and iPadOS 13.1 include a handful of features that were removed from earlier iOS 13 and ipadOS 13 betas, most notably enhanced automation with Shortcuts. The testing of beta versions of iOS 13.1 and iPadOS 13.1 may suggest that iOS 13 and iPadOS 13 have been finalized.

Once the public betas wind down, I like to delete my public beta profile so I can get the official iOS release. If you’d like to do the same, instead of waiting for the official iOS 13.1 release, I suggest you delete the profile in Settings > General > Profiles.

Some Companies Don't Like iOS 13 Location Privacy Feature

App developers wrote a letter to Apple saying how much they don’t like iOS 13 location privacy rules, accusing the company of anti-competitive behavior.

We understand that there were certain developers, specifically messaging apps, that were using this as a backdoor to collect user data. While we agree loopholes like this should be closed, the current Apple plan to remove [access to the internet voice feature] will have unintended consequences: it will effectively shut down apps that have a valid need for real-time location.

The letter was signed by Tile CEO CJ Prober; Arity (Allstate) president Gary Hallgren; CEO of Life360, Chris Hullsan; CEO of dating app Happn, Didier Rappaport; CEO of Zenly (Snap), Antoine Martin; CEO of Zendrive, Jonathan Matus; and chief strategy officer of social networking app Twenty, Jared Allgood.

A helpful list of all the apps I’ll never download. I hope Apple does more when it comes to privacy.

iOS 13 Has an Important Bluetooth Privacy Feature

Jared Newman writes about the iOS 13 Bluetooth privacy feature. When an app needs to access Bluetooth, iOS displays an alert so you can allow or deny the request. Bluetooth can be used to track you, which is why Apple added the feature. I’ve seen these alerts a couple of times running the iOS 13 public beta. I disagree with Mr. Newman though; I don’t think it’s too confusing. Just think about the app and whether it legitimately needs Bluetooth. For example, if you need to connect a device to your iPhone, you’ll need Bluetooth. But apps like Google Maps and YouTube don’t need Bluetooth (and I’ve seen alerts and denied them both).

Prior to iOS 13, apps could use Bluetooth to collect detailed location data from users without explicit permission, using tracking beacons in retail stores and other public locations. Even if users had denied an app access their location data, Bluetooth could have provided a workaround.

iOS 13 Will Prevent Location Tracking via SSID, BSSID

During Apple’s WWDC 2019 developer session 713 titled, “Advances in Networking” revealed that iOS 13 will stop location tracking using your device’s SSID/BSSID using the CNCopyCurrentNetworkInfo API. Developers have reported getting an email from Apple that says:

Starting with iOS 13, the CNCopyCurrentNetworkInfo API will no longer return valid Wi-Fi SSID and BSSID information. Instead, the information returned by default will be:

SSID: “Wi-Fi” or “WLAN” (“WLAN” will be returned for the China SKU) BSSID: “00:00:00:00:00:00”

StubHub Apple Pay Rolls Out to iOS Browsers

Starting today, StubHub Apple Pay will be available on the web for iOS devices so that fans can buy tickets easily and safely.

Fans will begin to see Apple Pay as an available payment option for MLB mobile web transactions on the iPhone this week. For more on how to use Apple Pay and connect it with your StubHub account, visit StubHub’s customer help center.

Good to see Apple Pay being offered in more places.