Archive for April 12, 2022

Tuesday, April 12, 2022

Tim Cook Attacks Sideloading in Privacy Keynote

Joe Rossignol:

Apple CEO Tim Cook today delivered the keynote speech at the Global Privacy Summit in Washington D.C. The conference, hosted by the International Association of Privacy Professionals, is focused on international privacy and data protection.

[…]

“Here in Washington and elsewhere, policymakers are taking steps in the name of competition that would force Apple to let apps onto iPhone that circumvent the App Store through a process called sideloading,” said Cook. “That means data-hungry companies would be able to avoid our privacy rules and once again track our users against their will. It would also potentially give bad actors a way around the comprehensive security protections we have put in place, putting them in direct contact with our users.”

[…]

“If we are forced to let unvetted apps onto iPhone, the unintended consequences will be profound,” warned Cook. “And when we see that, we feel an obligation to speak up and to ask policymakers to work with us to advance goals that I truly believe we share, without undermining privacy in the process.”

Rich Mogull:

Apple largely has itself to blame. Apple didn’t create a walled garden marketplace merely to ensure consumer safety; it also did so to own the billing model and financial transactions, and thus the customer relationship. Until a week ago, a developer wasn’t even allowed to link to or mention their website for prospects to sign up for subscriptions. For over 13 years, Apple refused to budge to pressure from developers, forcing them to turn to the courts and legislatures.

Let’s distill this down to understand why the App Store is so important for security, how opening iOS up to alternative app stores or sideloading will reduce our safety, and why this now seems inevitable.

Peter N. Lewis:

Of the entire chain of security listed in the article, the only one that is omitted in sideloading is the app store review.

Everything automatic in the App Store review can be done before notarising the app as well.

So the only thing extra is some Apple Employee launching your app and verifying that for the first few minutes that the application vaguely does what it says it does. But nothing stops the application from waiting until next month (or any other signal) and changing its behaviour entirely. So the app review [serves] no security purpose - its purpose is purely to disallow honest developers from breaking Apple’s (often unwritten) rules in how they behave. App Review is entirely to control applications for Apple’s benefit.

There is no additional security in App Review, and therefore no loss of security in sideloading.

Meanwhile there are whole categories of applications that will never be written while Apple has absolute control over what applications can be distributed. This is a huge, unknown, loss to all iPhones users, one that is impossible to quantify.

Ken Harris:

What it’s called now → What we called it for the 50 years before that:

  • “side-loading” → loading
  • “third-party software” → software
  • “app store” → store

Matt Stoller:

Apple’s app store is so full of scams and garbage, and the firm is so inattentive, that one dude on Twitter - @keleftheriou - is constantly embarrassing Apple by showing their claims of protecting users are essentially fraudulent.

Steve Troughton-Smith:

It is incredibly frustrating that Apple has made sideloading a zero sum issue, because they’re pushing regulators to legislate harder than was ever necessary by telling them it’s the only option to curb Apple’s behavior

Michael Love:

25 years ago, Microsoft violated all sorts of laws and lost a decade of innovation in a desperate attempt to stop people from writing apps for Netscape instead of Win32.

Apple is about to let that happen to iOS because they insisted on getting a 30% cut of everyone’s Bag O Gems.

Previously:

Update (2022-04-13): Mike Rockwell:

Would allowing users to install apps from outside the App Store really hurt user privacy? Because right now, Apple knows every single app I have ever installed on every iOS device I’ve ever owned. It would be cool if I could keep that private.

Previously:

Mike Rockwell:

If Apple cares so much about privacy, why can’t I backup my iPhone to a Time Machine share on my network?

DuckDuckGo Browser for Mac Beta

Beah Burger-Lenehan (MacRumors):

With one download you get our built-in private search engine, powerful tracker blocker, new cookie pop-up protection on approximately 50% of sites (with that % growing significantly throughout beta), Fire Button (one-click data clearing), email protection and more – all for free. No complicated privacy settings, just simple privacy protection that works by default.

[…]

By using your computer’s built-in website rendering engine (the same one Safari uses), and by blocking trackers before they load (unlike all the major browsers), you’ll get really fast browsing.

[…]

To get access to the beta of DuckDuckGo for Mac, all you need to do is join the private waitlist.

Previously:

Review of Orion Browser for Mac

Riccardo Mori (Hacker News):

Orion’s approach is utilitarian. It doesn’t want to win users with a fancy UI or quirky æsthetics to appear ‘different’. Its user interface is not that different from Safari. Its design philosophy has to do with how the browser works, not how it looks. And today a browser should be fast (in a Web that’s getting progressively bloated and dragged down by intrusive, resource-consuming scripts), privacy conscious, and adhering to the web’s standards. And that’s what Orion is and does.

[…]

On my Mac, it feels perceptibly faster than Safari. It feels lighter, less encumbered, more responsive.

[…]

Orion supports both Chrome and Firefox extensions

[…]

Being able to easily edit the text on a webpage, I can preview how my translation will look directly on the page. Take Screenshot of the Entire Page is something I’ve wanted in a browser since finding this feature in an old app called LittleSnapper.

Vladimir Prelovac:

In the browser world, Chromium dominance is often a topic.

But at least on Mac, browser diversity is not a problem as the image below illustrates. Consumer has enough choice.

It is up to us, WebKit and Gecko browser makers, to up our game and produce a worthy alternative.

Previously:

A Tour of Apple’s External LCD Displays

Stephen Hackett:

In April 1984, Apple introduced a 1-bit, 7-inch LCD for use with the somewhat-portable Apple IIc[…]

[…]

In July of 2000, to coincide with the launch of the Power Mac G4 Cube,1 the Studio Display was reworked to match the larger and more expensive Cinema Display. This edition kept the 15-inch panel, but wrapped it in the same enclosure introduced the year before for the Cinema Display.

In May 2001, a 17-inch Studio Display (LCD) was added to the line.

I used to have a pair of these 17-inch Studio Displays. They were great, except that there was no video card with two ADC connectors. So, instead of simplifying things by having power and data combined into a single cable, it required a separate powered adapter to connect one of them to a DVI port.

Other than that, I’ve always used third-party displays (even CRTs) until the new Studio Display.

Previously:

Mac S.M.A.R.T. Support: USB-C vs. Thunderbolt

Howard Oakley:

Although macOS has supported storage connected via USB-A ports since 1998 and USB-C since 2015, it has never supported access to S.M.A.R.T. attributes on storage connected using those ports. FireWire support was rather better, and Thunderbolt should give S.M.A.R.T. access by default. This can be confirmed in Disk Utility, or in the Storage item in System Information, where the last entry for each supported physical drive gives its current S.M.A.R.T. status.

Apple’s simplistic entry for S.M.A.R.T. status doesn’t even report when this was last checked, but several excellent third-party utilities give more detailed access. My favourite substitute remains DriveDx, but there are others, and the free command tools in smartmontools which enable you to roll your own with modest effort.

[…]

However, for any third-party utility to be able to monitor storage connected by USB, the SAT SMART kernel extension has to be installed. Although this does apparently run on M1 series Macs as well as Intel models, macOS can’t run at Full Security on an M1 when it requires loading third-party kernel extensions.

Howard Oakley:

The simple answer might be to admit that M1 Macs don’t provide full support for USB-C storage, and that we should use Thunderbolt instead. The current premium for a 2 TB SSD is around $/€/£ 100, whether you buy a complete drive or assemble one yourself using an enclosure. But in many cases, that surcharge is largely wasted.

Xcode 13.3.1

Apple:

Fixed: Exporting an app that uses Swift’s concurrency features from an archive with bitcode might fail when the app targets iOS 13.0–14.7, watchOS 6.0–7.6, or tvOS 13.0–14.7.

When you target iOS 13.4 and later and enable bitcode, the bitcode segment is now stripped correctly. This fixes a crash that prevented some apps from running in older operating systems (iOS 14 and earlier).

I sometimes wonder whether Bitcode was worth it.

You can download it here.

See also: Xcode 13.3 release notes.

Previously: