Archive for February 10, 2022

Thursday, February 10, 2022

AirTag Updates to Address Unwanted Tracking

Apple (Hacker News):

In an upcoming software update, every user setting up their AirTag for the first time will see a message that clearly states that AirTag is meant to track their own belongings, that using AirTag to track people without consent is a crime in many regions around the world, that AirTag is designed to be detected by victims, and that law enforcement can request identifying information about the owner of the AirTag.

[…]

We’ve heard from users who have reported receiving an “Unknown Accessory Detected” alert. We’ve confirmed this alert will not display if an AirTag is detected near you — only AirPods (3rd generation), AirPods Pro, AirPods Max, or a third-party Find My network accessory. In the same software update, we will be updating the alert users receive to indicate that AirPods have been traveling with them instead of an “Unknown Accessory.”

Juli Clover:

While these are the immediate changes that Apple is making, Apple is also working on new safety features set to be implemented later this year. Precision Finding, improved display alerts, and louder sounds will make AirTags more difficult to use for people-tracking purposes.

Nick Heer:

But all of these software changes are, necessarily, iOS software updates. The sole recourse available for Android users is downloading the Tracker Detect app — which has apparently been installed over a hundred thousand times since it launched in mid-December — and manually scanning for AirTags every so often.

[…]

Even in the U.S., where iOS is the market share leader, Android still represents 47% of smartphone users. That represents tens of millions of people in the U.S. alone who are vulnerable to being tracked by an AirTag to a precise degree, thanks to iOS’ large market share. What about them?

John Gruber:

The same features that help prevent AirTags from being used to stalk people without their knowing could also alert a thief that whatever it is they’ve stolen has an AirTag attached. There’s no way for AirTags to serve both purposes, so Apple is increasing the protections against unwanted tracking, and emphasizing that AirTags are solely intended for finding your own lost items.

Previously:

Update (2022-02-16): Kashmir Hill (Hacker News):

I decided to examine both claims by planting three AirTags, three Tiles, and a GPS tracker on my husband and his belongings to see how precisely they revealed his movements and which ones he discovered.

[…]

When he got into Manhattan, the AirTag became my most powerful tracker, outperforming the GPS device, and allowing me to tell a photographer exactly where he was at all times.

The Tile tracker was not quite as well-informed. Its system is similar to Apple’s but far fewer people have the Tile app on their phones than own Apple devices.

[…]

The alert said he could make the AirTag play a sound, but when he attempted to do so, his phone wouldn’t connect to the device. This happened multiple times, and he started to get frustrated.

Juli Clover:

New York Attorney General Letitia James today sent out a consumer alert with “safety recommendations” to protect New Yorkers from AirTags (via The Mac Observer).

Update (2022-07-06): Hannah Rose May:

An apple AirTag was put on me to track my location Saturday night. I’m sharing what happened to me so you know what to look for as I had never heard of this prior to Saturday night.

macOS 12.2.1

Juli Clover (download):

Some affected users saw their Mac's battery life drop from 100% to 0% while in sleep mode overnight after installing the macOS 12.2 update, with both Intel-based Macs and Apple silicon-based Macs affected. The problem stopped when Bluetooth was disabled or when Bluetooth accessories were disconnected from the Mac, which was not an ideal solution for users.

Apple addressed the problem in macOS Monterey 12.3 beta 2 yesterday, but now Mac owners will not need to wait for the macOS Monterey 12.3 launch to fix their Bluetooth battery drainage issues.

Apple:

Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Howard Oakley:

Initial testing unfortunately demonstrates that one major bug in 12.0.1, 12.1 and 12.2 hasn’t been fixed: the Finder still leaks memory badly when its Find feature is used.

I hope it fixes this bug introduced in 12.2.

See also: Mr. Macintosh.

Previously:

Update (2022-02-11): Pieter Arntz:

Apple says it has addressed this vulnerability with improved memory management in iOS 15.3.1, iPadOS 15.3.1, macOS Monterey 12.2.1, and Safari 15.3.

[…]

The vulnerability is a use-after-free (UAF) issue in WebKit that could lead to OS crashes and code execution on compromised devices.

Update (2022-02-16): Lloyd Chambers:

Every day now, waking my 2019 Mac Pro from sleep “loses” the LG 5K Thunderbolt 3 display, sometimes 2 or 3 times a day.

[…]

But wait, there is more fun: after rebooting and logging in, the Finder desktop will not appear for 2-3 minutes, and the machine is more or less unusable. Activity Monitor shows no significant CPU, disk or network activit, so I don’t know what this POS is doing. The whole process makes it a 5-minute affair to get back to work, which has all been torn down by having to reboot.

The network/kernel_task hang is no better in macOS 12.2.1. I am now restarting my Mac twice a day to avoid it.

Update (2022-03-07): On the plus side, it seems like macOS 12.2 may have fixed the frequent lsd crashes that I had been getting. However, I’ve now seen several occurrences of a bug where I unlock the screensaver and it’s as if I was logged out—all the apps have to relaunch, with some state not restored properly.

Micro.blog Moving iOS App to React Native

Manton Reece:

We are a small team, and maintaining so many different versions of our apps is difficult. On top of that, why invest so much time in Apple-only frameworks when Apple could upend our business with a new App Store tax or other disruptions?

Going forward, the tentative plan is to abandon most of the current iOS codebase for Micro.blog, instead sharing it predominantly with Android using React Native. This will free up development time to keep making the Mac version even more Mac-like, sticking with AppKit.

Mobile platforms like iOS and Android are much more similar to each other than either one is to the Mac. I love the Mac and don’t want to compromise the UI on macOS with a cross-platform framework. macOS also remains the only open Apple platform, so investing in it feels right.

Previously:

Update (2022-02-11): Micro.blog is combining the Android and iOS apps, whereas 1Password combined Mac with other non-iOS platforms. Apple would like developers to use Catalyst or SwiftUI to combine the iOS and Mac apps, but neither company decided to do that.

David Barnard:

Apple has lost the hearts and minds of so many talented developers. They’ll realize soon enough just how valuable a resource they’ve squandered. Yes, people will still build for their platforms, but when it’s purely transactional, things are just… different.

Manton Reece:

First, to clear up some potential confusion: we are not abandoning iOS! I still love my iPhone, even if I’m very frustrated with how Apple is treating developers. We are embracing Android more fully, and limiting how much time we spend in Apple-only frameworks. Our iOS apps will still be the best we can make them.

[…]

The toolchain for React Native makes me a little nervous. It uses every package manager you can think of: Node, Yarn, Ruby Gems, CocoaPods… It feels fragile, but there are so many thousands of developers using this framework, I’m also not very worried about it breaking.

Update (2022-02-16): Matt Birchler:

Whenever we hear about a company moving to non-native app development, I always hear people say it’s because the company either took massive funding and needs to develop fast, quality be damned.

That’s not the case here.

[…]

I have felt alone out here banging the drum of, “developers don’t use things like React and Electron because they hate you,” so I’m eagerly watching my feeds to see if that’s the conclusion people come to here or not.

Steve Troughton-Smith:

One thing I haven’t heard: are React (Native) & Jetpack Compose dependable? Is SwiftUI outlier here, in how much of a mess it is in production? Or is that inherent in the other UI frameworks it’s competing with?

Apple’s UI frameworks have never been bottom of the barrel before

Rebecca Sloane:

I never said ReactNative is bad. However, based on my experience using ReactNative I can’t think of one person whom I love so little as to be willing to recommend they use it.

See also: Manton Reece.

Interoperable Private Attribution

Martin Thomson:

For the last few months we [Mozilla] have been working with a team from Meta (formerly Facebook) on a new proposal that aims to enable conversion measurement – or attribution – for advertising called Interoperable Private Attribution, or IPA.

IPA aims to provide advertisers with the ability to perform attribution while providing strong privacy guarantees. IPA has two key privacy-preserving features. First, it uses Multi-Party Computation (MPC) to avoid allowing any single entity — websites, browser makers, or advertisers — to learn about user behavior. Mozilla has some experience with MPC systems as we’ve deployed Prio for privacy-preserving telemetry. Second, it is an aggregated system, which means that it produces results that cannot be linked to individual users. Together these features mean that IPA cannot be used to track or profile users.

This has been proposed to the W3C.

Previously:

Update (2022-02-16): See also: Hacker News.