MyAppleMenu

The Security-Talks Edition Saturday, September 7, 2019

A Message About iOS Security, by Apple

First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously.

Apple Takes Flak For Disputing iOS Security Bombshell Dropped By Google, by Dan Goodin, Ars Technica

One of the things most deserving of criticism was the lack of sensitivity the statement showed for the Uyghur population, which over the past decade or longer has faced hacking campaigns, internment camps, and other forms of persecution at the hands of the Chinese government. Rather than condemning an egregious campaign perpetrated on a vulnerable population of iOS users, Apple seemed to be using the hacking spree to assure mainstream users that they weren’t targeted. Conspicuously missing from the statement was any mention of China.

[...]

Apple had an opportunity to apologize to those who were hurt, thank the researchers who uncovered systemic flaws that caused the failure, and explain how it planned to do better in the future. It didn't do any of those things. Now, the company has distanced itself from the security community when it needs it most.

Apple Doesn’t Want Google ‘Stoking Fear’ About Serious iOS Security Exploits, by Devin Coldewey, TechCrunch

Apple points out that “when Google approached us, we were already in the process of fixing the exploited bugs.” That’s great. But who then wrote up a long technical discussion of the issue so that other security researchers, along with consumers, will be aware?

It’s a bit troubling for Apple to say that “iOS security is unmatched” during the discussion of an incredibly dangerous and powerful exploit that was apparently deployed successfully against an ethnic minority by, almost certainly, the only nation-state that has any interest in doing so. Has Apple explained to the Uighurs whose phones were invisibly and completely taken over by malicious software that it’s okay because “security is a never-ending journey”?

The Stakes Are Too High For Apple To Spin The iPhone Exploits, by T.C. Sottek, The Verge

Even if we take Apple’s word that the exploit was only operational for two months, that’s potentially tens of thousands (or more) of unwitting victims who are members of a vulnerable population that is currently being targeted by a repressive government. “Taking the safety and security of all users extremely seriously” would keep the focus on the users under attack, not the Google researchers who discovered the exploits.

Apple Has Confirmed Uighurs Were Targeted In Wide-Ranging Phone Hacking Scheme, by Ryan Mac, Buzzfeed

Xinjiang is one of the most surveilled places in the world and the Chinese government has been cracking down on the ethnic minorities who live there under the guise of public safety. Since 2017, more than a million people have been detained in internment camps in Xinjiang in a practice that’s been decried by the US government and the international community.

Retail Openings

Apple Fifth Avenue's Reimagined Glass Cube Opens Soon, by Michael Steeber, 9to5Mac

For Manhattan locals and sightseers, the wait is almost over. After nearly three years of significant expansion and remodeling work, Apple’s landmark Fifth Avenue glass cube retail store is set to reopen soon. Apple is promoting the new 24/7 space with the tagline “Always Open to Open Minds.” No date is published on the face of the building.

Grand Opening: Apple Marunouchi Arrives At Tokyo Station, by Michael Steeber, 9to5Mac

frames front squared natural wood and plaster ceilings. Marunouchi is a store of contrasts. Apple’s latest space in Japan is also nearest its oldest store, Ginza. Side by side, the two locations tell the story of Apple’s retail architecture evolution.

Stuff

Shuttercase Makes Your iPhone Feel Like A Classic Camera, by David Pierini, Cult of Mac

Shuttercase restores the ergonomic sensibility of your ancient DSLR to the iPhone with a grip and mechanical shutter button for quicker, reactive shooting.

Here Are The Best Mindfulness Apps To Download For Relaxation And Stress Relief, by Kelly Wynne, Newsweek

As more people learn about mindfulness, mindfulness-based apps have proliferated. There are apps for almost everything, from meditation to journaling. Here are a few for people looking to get started.

Develop

An Apple Developer For 10 Years, by Markos Charatzas

I don’t feel motivated knowing what is possible will be subpar, constrained, unwelcome, unappreciated and on the bad side of Apple. I feel crippled as an Apple Developer to make the best of all available platforms and technologies.

To some extend this a cautionary tale about falling in love with a brand when an organisation is behind it. When the needs of the business precede those of the individual. Still, there is more. In the case of Apple and its developers, this is about our livelihood.

Notes

Apple Made Siri Deflect Questions On Feminism, Leaked Papers Reveal, by Alex Hern, The Guardian

An internal project to rewrite how Apple’s Siri voice assistant handles “sensitive topics” such as feminism and the #MeToo movement advised developers to respond in one of three ways: “don’t engage”, “deflect” and finally “inform”.

The project saw Siri’s responses explicitly rewritten to ensure that the service would say it was in favour of “equality”, but never say the word feminism – even when asked direct questions about the topic.