Stronger iCloud Security, China Surprises, and Release Candidates

The Daily Observations

Stronger data protection from Apple, surprising news out of China, and a slew of OS release candidates.

Apple Announces Stronger Data Protection Options for Users

Big security announcements from Apple on Wednesday, some for select groups, one for just about every Apple user, some in press release form, and one tipped sort of quietly. We’ll start with the press release. Under the headline “Apple advances user security with powerful new data protections,” the Cupertino-company said it was introducing “three advanced security features focused on protecting against threats to user data in the cloud…” They are iMessage Contact Key Verification, Security Keys for Apple ID, and Advanced Data Protection for iCloud. Those first two are for the select groups I mentioned. 

On iMessage Contact Key Verification, Apple points out that iMessage and FaceTime have been end-to-end encrypted for a while, so that messages and conversations could only be read by the sender and recipients, keeping conversations private and secure. But there are ways third parties could sort of slip into the stream, catching and spying on communications in transit. To be clear, these ways are not easy — sort of the domain of state-sponsored attackers. With iMessage Contact Key Verification, Apple says:

…users who face extraordinary digital threats — such as journalists, human rights activists, and members of government — can choose to further verify that they are messaging only with the people they intend.

“And for even higher security,” says Apple, “iMessage Contact Key Verification users can compare a Contact Verification Code in person, on FaceTime, or through another secure call.”

Designed for the same set of people, Security Keys for Apple ID take Apple’s implementation of two-factor-authentication further. While over “95 percent of active iCloud accounts” currently use 2FA, high profile folks like celebrities, journalists, and government officials have tougher bad guys than most trying to act against them. For added protection, and for users who opt in, Apple says:

Security Keys strengthens Apple’s two-factor authentication by requiring a hardware security key as one of the two factors. This takes our two-factor authentication even further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam.

Finally, Strong End-to-End Encryption for iCloud Backups and More

Then — something for everybody. Apple’s Advanced Data Protection for iCloud basically gives users the choice “to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices.” As it stands now, the company says:

iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data. For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos. 

MacRumors actually ran a full list of additional iCloud data that can shelter under the encryption umbrella. New data categories include:

  • Device Backups and Messages Backups
  • iCloud Drive
  • Notes
  • Photos
  • Reminders
  • Voice Memos
  • Safari Bookmarks
  • Siri Shortcuts
  • Wallet Passes

According to Apple, the only big iCloud data that can’t be covered includes iCloud Mail, Contacts, and Calendar. They’re still cut out because of their need “to interoperate with the global email, contacts, and calendar systems.”

That’s likely not everything we need to know, but we’ve got time to learn more. Apple’s fine print says Advanced Data Protection for iCloud will be available globally in 2023, though it’s available now for US members of the Apple Beta Software Program. It’ll be available to general US users by the end of the year. Security Keys for Apple ID will be available globally in early 2023, while iMessage Contact Key Verification will be available globally sometime in 2023 — early not specified.

Apple Abandons On-Device CSAM Scanning Plans

I said earlier that Apple had tipped a bit of security news sort of quietly. A piece from AppleInsider had the firm abandoning its behind-the-scenes plan to detect child sexual abuse material (CSAM) on Apple devices. They’re not done fighting such material, according to the piece. However, that fight will no longer include “on-iPhone scanning…” AppleInsider says, “After backlash from privacy experts, child safety groups, and governments, Apple paused the feature indefinitely for review.” Now they’ve apparently paused it permanently. Apple issued a statement to a few outlets on Wednesday, including AppleInsider. In part of that statement, Apple said it has: 

…decided to not move forward with our previously proposed CSAM detection tool for iCloud Photos. Children can be protected without companies combing through personal data, and we will continue working with governments, child advocates, and other companies to help protect young people, preserve their right to privacy, and make the internet a safer place for children and for us all.

Morgan Stanley Sees iPhone Miss of 9 Million Units This Quarter

More… well, I started to say “more bad news for December-quarter iPhone shipments,” though — as expectations go, we’ve heard worse. I told you earlier this week that Evercore analysts are looking for Apple to miss between 5-million and 8-million iPhone unit shipments this quarter. Wedbush analysts are less optimistic, seeing a miss of between 10-million and 15-million units. Now, sliding right between those two are analysts from Morgan Stanley.  

AppleInsider highlights a CNBC piece that has the firm dropping their iPhone unit expectations by 3-million. That moves them from a miss of 6-million, to a miss of 9-million, threading the needle between Evercore and Wedbush. That said, Morgan Stanley agrees with the two firms that those missing units will be sales deferred, not sales lost. Quoting Morgan Stanley’s note:

By now it’s well understood by investors that the Dec Q will be challenged due to iPhone supply shortages, and therefore the most important near-term debate is really how much of the lost demand from December is perishable vs. deferrable… We believe demand for the iPhone 14 Pro/Pro Max remains solid, supporting the view that lost demand in December is more likely to be deferred into March than destroyed.

Morgan Stanley has a “Buy” rating on Apple shares. The firm’s price target on the shares is $175.

China Significantly Eases Zero-COVID Policies

Crazy news out of China: A report from the BBC says China is lifting the most severe of its zero-COVID policies. According to the report:

People with Covid can now isolate at home rather than in state facilities if they have mild or no symptoms.

They also no longer need to show tests for most venues, and can travel more freely inside the country.

The news comes a little over a week after zero-COVID measures led to public protests. Those are said to have included people calling for the country’s leader, Xi Jinping, to step down and for the Communist party to step down. Quoting the BBC again:

The sweeping changes indicate China is finally moving away from its zero-Covid policy and looking to “live with the virus” like the rest of the world.

This country is grappling with its biggest wave of infections — over 30,000 each day.

While the move is welcomed by some in China, and will likely be welcomed by other parts of the world, both citizens and experts cited in the piece worry that the country will move too fast in the other direction. One unnamed citizen was quoted in an online post saying:

The medical system will be overwhelmed and many elderly would be infected. It [a major wave of infections] begins now…

“Experts have warned any easing of zero-Covid in China would have to be done slowly,” according to the BBC, “as the country of 1.4 billion people could see a huge jump in cases that could overwhelm its healthcare system.”

Apple Seeds a Spate of Release Candidates for OS Updates

Look for OS updates from Apple in the next week or so. MacRumors put out a number of pieces Wednesday devoted to seeds of release candidates for developers and public testers. They included candidates for iOS and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2, and tvOS 16.2.

Get Ready to Sing

Coming to everything that can take it, Apple Music Sing. That’s the karaoke-esque service Apple announced earlier this week. The iOS, iPadOS, and tvOS betas are making ready for that, according to a few reports. 

iOS 16.2 Should Turn on iPhone 5G for India

It looks like one of the updates will officially flip the switch on 5G for India. Apple said in November that it would turn on the wireless protocol for the subcontinent with a software update soon. Now, it appears to be really soon. 9to5Mac says Wednesday’s release candidate for iOS 16.2 activated 5G for compatible iPhones in the country. “The feature will be supported by customers of Airtel or Jio carriers,” according to the piece, “so long as they are subscribed to a plan that supports 5G networking.”

Shorter AirDrop ‘Everyone’ for Everyone

There’s one other change coming to everyone, even if they don’t want it. According to another piece from MacRumors:

With the launch of iOS 16.2, Apple is expanding an AirDrop limitation that was introduced in China with the launch of iOS 16.1.1. Going forward, AirDrop will be primarily restricted to Contacts Only, and the option to turn on AirDrop for “Everyone” will be limited to 10 minutes.

If it had always been that way, it seems unlikely that anyone would care — that anyone would be clamoring for AirDrop to be always on for “Everyone.” But it hasn’t always been that way, and it comes at a questionable time. Quoting MacRumors again:

Apple reportedly made this change in China in the iOS 16.1.1 beta after protestors in the country used AirDrop to spread anti-government material. Apple said that the feature was actually introduced in an effort to cut down on spam content spread in crowded areas like malls and airports.

But we had a way to stop that if that was something that concerned us, right? 

This change comes at a questionable time.

Today on The Mac Observer’s Daily Observations Podcast 

Two tales of fantasy spun by TMO writer Nick deCourville.  There’s talk of Microsoft working on a Super-App. We’ll talk about what that is and whether we want it. Plus — a side of my geekery you’ve not seen: Nick says the video game Disney Dreamlight Valley is headed to the Mac. Hear about the many hours I have spent playing that game. That’s all today on the Daily Observations Podcast from The Mac Observer.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.