How Apple Improved iMessage Security in iOS 14

· Andrew Orr · Link

Woman using iMessage on iPhone X

Project Zero, Google’s security team, reverse-engineered iMessage to see how Apple improved it in its latest OS 14 releases. Specially, how it has gained new protections against zero-day attacks using BlastDoor, resliding of the shared cache, and exponential throttling.

One of the major changes in iOS 14 is the introduction of a new, tightly sandboxed “BlastDoor” service which is now responsible for almost all parsing of untrusted data in iMessages (for example, NSKeyedArchiver payloads). Furthermore, this service is written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base.

Updates Ahoy! – TMO Daily Observations 2021-01-27

· Kelly Guimont · The Mac Observer's Daily Observations Podcast

TMO Daily Observations Podcast Logo

Charlotte Henry and Andrew Orr join host Kelly Guimont to discuss why the latest iOS update is very important to install, and a look ahead at earnings.

Google Still Doesn’t Have iOS 14 Privacy Labels

· Andrew Orr · Link

Google privacy labels

I’ve been hesitant to keep sharing these stories. At the time this news first appeared I was skeptical, saying that we just got over the holidays so give Google a break. But as the days turn into weeks, this is when it does start to look damning and now it’s time to give Google some heat.

On January 5, Google told TechCrunch that the data would be added to its iOS apps “this week or the next week,” but both this week and the next week have come and gone with no update. It has now been well over a month since Google last updated its apps.

Ending the Year: My Top 3 Favorite Apps of 2020

· Andrew Orr · Quick Tip

Icons of favorite 2020 apps

2020 is finally drawing to a close. As we get ready to (safely) celebrate Andrew wanted to take a moment to share his top three favorite apps.

Facebook Warns of iOS 14 Privacy With App Banners

· Andrew Orr · Link

Mark Zuckerberg

Facebook’s latest move is to display banners in its business apps saying there will be an impact to marketing efforts. In this case, the “users” that Mr. Espósito refers to in his article are the actual users—the advertisers. This banner is seen in Facebook Business Suite and Facebook Ads.  The problem with Facebook’s argument though is that, like Tim Cook tweeted, they can still track you across all the apps like before. What angers Mark Zuckerberg is user consent (sorry, product consent, products being the people that use Facebook).

The fact that Facebook is now showing these messages in its iOS apps criticizing Apple demonstrates that the company is trying to get popular appeal to change Apple’s mind about its new App Store privacy rules.

The ‘Oakstack’ Shortcut Gives You Cityscape Wallpapers

· Andrew Orr · Cool Stuff Found

OAKSTACK is a Shortcut that generates randomized iPhone/iPad wallpapers from a library of industrial cityscape images. With Automations in iOS 14.3 you can have a new wallpaper automatically generated on your own schedule. It costs US$4 to download it but the proceeds will go towards local initiatives to help the homeless.

The ‘Oakstack’ Shortcut Gives You Cityscape Wallpapers

Siri on iOS 14.3 Can Mimic Sounds Like Animals

· Andrew Orr · Link

Siri logo

When you download iOS 14.3 released on Monday, ask Siri if she can quack like a duck. CNBC says she will play a short audio clip of a quacking duck. However, when I asked her she played me an album from Apple Music called “Quack Like a Duck.” But I don’t think I worded it correctly. Ask “What does <blank> sound like?”

If you ask “what does the fox say?”, Siri may simply quote the song that became a YouTube hit in 2013. But asking “what does a fox sound like” brings up an actual call from an arctic fox, which sounds like someone whooping.

Ahead of Apple’s ATT, WhatsApp Explains its Privacy Labels

· Andrew Orr · Link


Ahead of the upcoming iOS 14 App Tracking Transparency feature, Facebook-owned WhatsApp explains the privacy labels people will see on its App Store page. The app will collect contact information like your phone number, your (optional) email address, contacts, financial information to use certain features, shopping activity like product browsing and purchasing data, your IP address, general location, usage data, and diagnostics.

With end-to-end encryption, messages are not stored on our servers after they’re delivered, and in the normal course of operating our services we do not retain a record of the people you may message.

Will Apple’s Crackdown on Data Tracking Hurt Small Businesses?

· Andrew Orr · Link

Apple’s icon to denote privacy.

Ben Thompson publishes good analysis on Stratechery, but I don’t agree with his latest piece. It’s about Apple’s privacy campaign and the new iOS 14 privacy “nutrition labels.” If I understand them correctly, he seems to have two main points: We should feel bad for small businesses because they won’t be able to collect our data in the same capacity as before, and that Apple’s attempts are futile because the internet is a giant shopping mall and “personal data wants to be free.” My summary is an oversimplification but I believe we should be combining Apple’s privacy with regulation like GDPR. In my opinion you can still have ads that don’t invade your privacy.

While transparency for customers is definitely a good thing, Apple’s simultaneous appeals to analog analogies and simplistic presentation of privacy trade-offs risks a similar path when it comes to the GDP of the Internet and to what extent power is disbursed versus centralized.

The iOS 14 and SwiftUI Bootcamp Bundle: $24.99

· Bryan Chaffin · TMO Deals

The iOS 14 & SwiftUI Bootcamp Bundle

We have a deal on the iOS 14 and SwiftUI Bootcamp Bundle, a three course training bundle for making apps for iOS. It includes SwiftUI: The Complete Developer Course, iPhone Apps for Absolute Beginners: iOS 14 & Swift 5, and SwiftUI Apps for All Apple Platforms. There are 341 individual lessons in these courses and 43 hours of content for $24.99 through our deal.