The One-Security-Fix Edition Thursday, January 13, 2022

iOS 15.2.1 And iPadOS 15.2.1 Fix Messages Bug And HomeKit Vulnerability, by Josh Centers, TidBITS

There’s only one security fix, and it’s for a nasty HomeKit vulnerability, in which a maliciously crafted HomeKit accessory name (containing some 500,000 characters) could cause iOS and iPadOS devices that loaded it to be disrupted, even after rebooting—the only solution was to reset and restore the device.

On Privacy

Apple Reaffirms iCloud Private Relay Availability, Refutes T-Mobile’s Accusation Of A Bug iOS 15.2, by Filipe Espósito, 9to5Mac

In a statement to 9to5Mac, Apple said that none of its carrier partners have blocked iCloud Private Relay, and that there is no bug in iOS 15.2 that would prevent the feature from working.


T-Mobile also sent a statement to 9to5Mac about the situation. This time, the carrier says that users may see the error message if they previously disabled the “Limit IP Address Tracking” option in the Cellular Data settings.

Apple Clarifies iCloud Private Relay Wording In iOS 15.3 To Prevent Confusion Over Carrier Support, by Juli Clover, MacRumors

Apple’s current wording does not allow for the possibility that ‌iCloud‌ Private Relay is unavailable because it has been disabled in the Settings app. ‌iCloud‌ Private Relay can be turned on or turned off for specific WiFi and cellular networks, and there may be an iOS 15.2 bug that is causing some users to have these settings disabled by default.

On App Stores

It's Not Just Wordle, The App Store Is A Total Mess, by Jason Cross, Macworld

The App Store is absolutely rife with scam apps, knockoffs, deceptive and exploitive subscription fees, and fake reviews that prop it all up. You need look no further than this week’s Wordle kerfuffle for an example.

The problems are obvious to anyone familiar with the App Store and broader app ecosystem, but perhaps less obvious to the casual user. And that’s worse—that’s why iPhone users are getting hoodwinked into downloading apps that aren’t what they think they are and paying monthly subscription fees for trash that often doesn’t work.

It doesn’t have to be this way, and it’s way past time for Apple to clean house.

Game Maker Says Apple, Google Selling Rip-offs In New Lawsuit, by Blake Brittain, Reuters

The maker of the popular game "PlayerUnknown's Battlegrounds" says in a new U.S. lawsuit that a Singapore-based company made rip-off versions of its game, and Apple and Google have refused to stop selling them.


Krafton said it asked Garena, Apple, and Google to stop selling the Free Fire games in December to no avail. It asked the court to block sales of the Free Fire games in addition to requesting damages that include the companies' profits from Free Fire sales.

Wordle Is Being Punished By App Stores For Choosing The Open Web, by Owen Williams, TechCrunch

The choice to make Wordle a web app, rather than something downloaded from a store makes sense, given that it was developed as a passion project rather than by a business, and it’s a simple, fun game that isn’t really designed to make money.

A side effect of that choice, however, is that Wordle is suddenly being ripped off in app stores by other developers who smell a quick way to make money off of unsuspecting users that either don’t care or don’t know any better.

Wordle And IP Law: What Happens When A Hot Game Gets Cloned, by Kyle Orland, Ars Technica

Today, all of those copycat apps are gone, the apparent result of a belated purge by App Store reviewers following some social media attention. But this likely doesn't mean the end of Wordle clones. Those quick removals paper over the complicated legal and social landscape surrounding copycat apps and the protections developers can claim on their game ideas.


On Third-party Apple Watch Apps, by Jesse Squires

The overall state of third-party apps for Apple Watch is just so disappointing, and somewhat surprising to me.

I have yet to explore watch development, so I remain curious about the limits of the hardware and the watchOS SDK. Are they still this bad? Still too constrained and limited? Or do all these big tech companies just not care? If we assume that the lack of investment from these companies is due to a lack of users, then does it even make sense to pursue a watch app as an indie developer?

Apple Outlines $30M Bag Check Lawsuit Settlement On Legal Website, by Juli Clover, MacRumors

Apple in November settled a long-running lawsuit over employee bag checks, with the Cupertino company agreeing to pay $29.9 million to employees who were subjected to off-the-clock bag searches, and now details about the settlement are available on Apple’s website.

Microsoft Hires Key Apple Engineer To Work On Custom Chips, by Mark Gurman, Dina Bass, and Ian King, Bloomberg

For Apple, Filippo’s exit marks another loss of a high-profile engineer. He joined Apple in 2019 as a chip architect after serving as a top designer of semiconductors at Arm for a decade. He was at Intel for about five years before that. Filippo is credited with advancing the capabilities of Arm’s underlying technologies in phones and other devices.

Bottom of the Page

I've been using iCloud Private Relay since day one (when the new OSes are out of beta), and so far have not encountered any issues. Oh, there were a few times when the service went down and Apple warned me. There were also a few times when loading of websites were slow, but I have no idea whether it was the Relay's fault.

I've also no idea if my ISP can still track the websites and the URLs I've visited. I guess I'll have to trust Apple on that.


Cats, the movie, is now on Netflix. Should I watch it just to see how bad it is, or should I don't bother so as not to mess up Netflix's recommendation engine?

Or maybe Netflix's engine has a settings to discount movies that they know people are just watching to see how bad they are?


Thanks for reading.