Archive for December 17, 2021

Friday, December 17, 2021

Apple Music Feedback Made It to Cook

Dave B (previously: 1, 2, 3):

In the 6+ years since Apple Music was released in June of 2015, it has been a controversial app, to put it mildly. In those 6 years, I’ve written extensively on Apple Music’s flaws — both big and small. Some of these flaws have been resolved, many haven’t, and some new ones have been introduced. It’s been a while since my 2017 list of Apple Music’s shortcomings, so it’s time for a 2021 update.


Apple Music is trying to appeal to both crowds and in my opinion, it doesn’t get either one right. It’s stuck in the middle, doing a sort of half-hearted job at both. The result is that it provides a mediocre product to both Group A and Group B.

Most Group B people will tell you that Apple Music’s recommendations are simply not as good as Spotify’s. Whatever suggestion algorithms Apple uses just aren’t nearly as accurate as they ought to be. They’ve improved over time, but they still have a long way to go. And it’s worth noting that tapping the ‘Love’ hearts or the ‘Suggest Less Like This’ button is supposed to improve the suggestion algorithms, but it doesn’t seem to work very well in practice. The curation often feels more like advertising, where the feature is less catered around what the end user wants, and more around what the content providers (i.e. Apple and/or the record labels) wish to foist upon them. That’s a problem, as it makes the app feel like a collection of billboards, rather than a user-focused experience.

And for Group A people (of which I am one), the tools to be able to organize, sort, sift through, maintain, and play back a music library — are just sorely lacking and lead to a terrible experience.


Playlist management needs to be improved, with better folder functionality, more views, and a better use of space. Even a 5.4" and 6.1” iPhone screen only displays 5 line items at a time. By comparison, my old 2.5” iPod Classic displayed 9 line items. With only 5 lines, that means you have to scroll so much to get anywhere. And you still can’t place Apple Music playlists in folders. It also seems odd to me that the “New Playlist…” function is a line item rather than a button.

Dave B:

I sent a lengthy email to Tim Cook’s public email address all about Apple Music. I’ve been writing for years, thorough articles and analyses all about how I think the Apple Music app just isn’t very good and doesn’t meet the standards I’d expect from Apple. I’ve posted popular Medium articles, Reddit threads, countless Tweets directed at people in the Apple community (external and internal), and I’ve sent dozens of pieces of feedback to Apple via the iOS Feedback app.


I got an email and voicemail from someone in Tim Cook’s office who told me she wants to chat on the phone because Tim actually saw my email, personally read it, and forwarded it to people in engineering and on the product design team for Apple Music. She said she’d like to set up a call with me, so of course I jumped at the chance. We chatted on the phone a few days later, and she told me that Apple took my email seriously and may potentially implement some of my suggestions, although she obviously couldn’t promise anything or tell me anything about future plans, as that’s all confidential, and Apple is a super secret company, as we all know.

She did specifically point out that it was very rare to have Tim Cook send his teams product suggestions he received via email - and she had never personally seen that happen before - so she was almost congratulatory to me in the fact that my email seemed to have impact.


I can just say that between this and Apple’s recent Primephonic acquisition, I’m more excited for the future of Apple Music than I have been in a long time.

Steve Troughton-Smith:

It’s nearly 2022 and Apple Music still can’t reliably add albums to your library without duplicating things all over the place, all to prop up a legacy iTunes library compatibility system I haven’t used in six years 😪

Meanwhile, I use the legacy stuff and feel like the app is geared towards upselling me to Apple Music rather than meeting my needs. As I was writing this post, I got another notification on the home screen icon telling me that I can get a free Apple Music trial.

I wish I could use the old iPod app instead. I liked the simple lists of artist, album, and song names. The Music app now confuses that by mixing in grid views of album covers. Other apps like Cesium offer lists, but they are harder to read because (like in Music) each row has two lines of text (“Artist/n songs” or “Song Name/Artist”). Text is small because both lines have to fit within the height of the thumbnail. I end up seeing fewer list items at a time, and they’re harder to scan.

Craig Mod:

it’s an interesting “experiential skeuomorphic” decision by apple to make so slow that it feels like getting up, lifting a tonearm, putting an old record back, and pulling out a new one each time you try to navigate to a new screen in the thing


Update (2021-12-20): Marco Arment:

Since Monterey, I think, Music inexplicably scrolls Songs view to the bottom of the list a few seconds after you change the star rating of a song, which sucks when you have… a LOT of Phish.

Update (2022-03-09): Jack Wellborn:

My favorite example of how @AppleMusic is so obviously broken is stations, where you can’t even go to the previous track.

Runner up is how the entire Song menu is disabled whenever you play any song from Apple Music (as opposed to the Library).

Update (2022-03-16): Pierre Igot:

Apple’s #Music app for #macOS:

- non-customizable toolbar
- no toolbar button labels
- no tooltip when mouse hovers over toolbar buttons

Update (2022-06-09): Dave B:

I was hoping for 75% of the list, would have been happy with 50%, and would have been disappointed with under 30%. We got 0%.


Update (2023-08-22): Dave B:

Is @Apple ever going to fix the @AppleMusic backend?

How is it still such a mess?


Apple Music sees I like Song X because I have and play Song X. And then instead of putting Song X in the algorithmic playlist, it takes a different download of the exact same thing and feeds me back that alternate download. That creates so much duplication and clutter and disorganization across the service.

Apple Removes References to Controversial CSAM Scanning Feature

Tim Hardwick (Hacker News):

Apple has quietly nixed all mentions of CSAM from its Child Safety webpage, suggesting its controversial plan to detect child sexual abuse images on iPhones and iPads may hang in the balance following significant criticism of its methods.

John Gruber (tweet):

I wouldn’t read too much into this. […] I think the CSAM fingerprinting, in some form, is still forthcoming, because I suspect Apple wants to change iCloud Photos storage to use end-to-end encryption. Concede for the moment that CSAM identification needs to happen somewhere, for a large cloud service like iCloud. If that identification takes place server-side, then the service cannot use E2E encryption — it can’t identify what it can’t decrypt. If the sync service does use E2E encryption — which I’d love to see iCloud Photos do — then such matching has to take place on the device side. Doing that identification via fingerprinting against a database of known and vetted CSAM imagery is far more private than using machine learning.


Put another way, if governments, authoritarian or otherwise, were able to force Apple (or Google, or Microsoft) to add secret snooping features — like say finding photos of Tank Man on Chinese users’ devices and reporting them to the CCP — to our operating systems, the game is over.

They don’t need to force Apple to do anything because Apple never sees the photos in the CSAM databases, only the fingerprints. They would need to compromise two of the databases and infiltrate Apple’s human reviewers.

Jeff Johnson:

You can already upload illegal photos to iCloud Drive, and have Apple host them, as long as you encrypt the files yourself first on disk. Nobody can do anything about that, including Apple.


It doesn’t seem like they’re even interested in catching criminals, because they already publicly announced you can “opt out” by simply not using iCloud Photos.

Consequently, the real goal must be to trick everyone else into giving up their legal rights and their principles.

And once the “opt out” allows all or most of the criminals to avoid getting caught, is this going to be a bait and switch where they say, “Well, we didn’t catch anyone, so we have to get rid of the opt out and scan everyone”?

Or perhaps the real goal is to avoid wittingly hosting illegal photos. No one is going to blame Apple for hosting encrypted content that it can’t read.

Jeff Johnson:

There’s not even any reason why there can’t be end-to-end encrypted iCloud without scanning, either on device or on the server. It could have and should have happened already.

John Gruber:

I don’t disagree with you on (almost) any of this. But, politics is a reason. I think Apple considers it politically unfeasible to do E2EE for photo syncing without throwing some sort of bone to the crowd who think civil liberties should not override CSAM concerns.

Jeff Johnson:

Which crowd? I haven’t heard a single politician of either party even mention it. Not an issue in the public debate, until Apple made it one.

The most important crowd ought to be the half billion Apple customers. Who weren’t clamoring for it either.

John Gruber:

Politics is hard because it’s such a soft science. You can’t prove anything. But here’s one optimistic spitball: maybe Apple tossed this CSAM proposal out, as a concession to the anti-CSAM die hards. It went over like a lead balloon. Now, they’re like fine, we’ll wait.


And so now they don’t say they’re going to do it, but don’t say they’re not going to do it either. They have political cover from both sides so long as it remains in limbo.


My read is that they know they fucked up by not designing all of iCloud to be E2EE like iMessages from the get-go. But feel like they can’t put that genie back in the bottle.


Update (2021-12-17): See also: Jeff Johnson, Glenn Fleishman.

FORCEDENTRY iMessage Zero-click Remote Code Execution

Ian Beer & Samuel Groß (Hacker News):

Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we’ve ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states.

The vulnerability discussed in this blog post was fixed on September 13, 2021 in iOS 14.8 as CVE-2021-30860.


Using this “fake gif” trick, over 20 image codecs are suddenly part of the iMessage zero-click attack surface, including some very obscure and complex formats, remotely exposing probably hundreds of thousands of lines of code.

My question answered: iMessage was calling into ImageIO from outside of the Blast Door sandbox.

The CoreGraphics PDF parser doesn’t seem to interpret javascript, but NSO managed to find something equally powerful inside the CoreGraphics PDF parser…


As mentioned above, the substitution based compression output is lossy. After a round of compression and decompression the rendered output doesn’t look exactly like the input. But JBIG2 also supports lossless compression as well as an intermediate “less lossy” compression mode. […] Rather than completely encoding the entire difference in one go, it can be done in steps, with each iteration using a logical operator (one of AND, OR, XOR or XNOR) to set, clear or flip bits. Each successive refinement step brings the rendered output closer to the original and this allows a level of control over the “lossiness” of the compression. The implementation of these refinement coding steps is very flexible and they are also able to “read” values already present on the output canvas.


The heap groom also places the current page’s backing buffer just below the undersized syms buffer, such that when the page JBIG2Bitmap is unbounded, it’s able to read and write its own fields[…]


JBIG2 doesn’t have scripting capabilities, but when combined with a vulnerability, it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary memory. So why not just use that to build your own computer architecture and script that!? That’s exactly what this exploit does. Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture with features such as registers and a full 64-bit adder and comparator which they use to search memory and perform arithmetic operations.

Matthew Green:

I got to this part in the exploit description and it stopped being an exploit, became something more like art.


Expectations When Opting Out of Tracking

Hartley Charlton (tweet):

“Loose” interpretations of Apple’s privacy policies allow apps such as Facebook and Snapchat to continue tracking users for targeted advertising even when they have asked to not be tracked, The Financial Times reports.


Apple has instructed developers that they “may not derive data from a device for the purpose of uniquely identifying it,” which developers have interpreted to mean that they can still observe “signals” and behaviors from groups of users instead, enabling these groups to be shown tailored ads anyway.

Apple has not explicitly endorsed these techniques, but they allow third parties to track and analyze groups of users regardless of whether or not they have given consent to user-level tracking. In addition, Apple reportedly continues to trust apps to collect user-level data such as IP address, location, language, device, and screen size, even though some of this information is passed onto advertisers.

Nick Heer:

Is this actually a “shift” in the way this policy is interpreted? The way Apple has defined tracking in relation to the App Tracking Transparency feature has remained fairly consistent — compare the current page against a snapshot from January. Apps cannot access the device’s advertising identifier if the user opts out and, while Apple warned developers creating unique device identifiers, it does not promise it can prevent the tracking of users, and especially not in aggregate.

It is concerning to me that Apple’s advertising and dialog box text may create the impression of a greater privacy effect than they may realistically achieve. Perhaps Apple’s definition of “tracking” does not align with public expectations[…]

Heather Kelly:

The app store’s “nutrition labels,” which launched at the end of last year in the App Store, say what different third-party apps are accessing. However, because much of the information is self-reported, our reporting found it was not always accurate. The App Privacy Report doesn’t have the same loopholes, but there are some things it still can’t tell us, like exactly what data is being collected or sent by these apps. For example, you might see that a dog-sitting app accessed your contacts but not know what it took (there are few limitations on what apps can pull from your contacts). Or you might notice that a plant-identification app contacted multiple outside domains, but not know what sort of data was sent to those addresses.


Privacy and Repairs

Nick Heer:

Apple’s announcement last month that it would soon sell users the parts they need to repair devices themselves reignited discussion about the perceived advantages and drawbacks of self-repair, and promoted questions about how many users would actually take advantage of the program. My guess is that it will be proportionate to the number of people who repair their own vehicles: not many. That is a shame because replacing an iPhone’s display or a MacBook Air’s battery is not very difficult, and I find it emotionally rewarding.

Regardless of whether that resonates with anyone else, one reason more people should be able to repair their own devices is to maintain control over their data. This is not theoretical.


The above cases are symptomatic of the objectification of women, almost always by men, that is commonplace at all levels of society and which we desperately need to correct. But privacy concerns are not limited to these flagrant violations. There are also items that all of us have on our computers that would make us concerned if a technician accessed them. These privacy incursions are certainly less egregious, but are damaging in their own way. We keep records of our conversations, banking history, health, and so much more on devices we would be reluctant to hand to a stranger on the street.

Nick Heer:

You reminded me of something I forgot to throw in there: if you provide your iPhone’s passcode to a tech, they also get your keychain if you have iCloud Keychain turned on.