iOS 13 Bug Affects Third-Party Keyboard Apps

A bug in iOS 13 and iPadOS affects keyboard apps. They can be granted full access even if you haven’t approved that.

Third-party keyboard extensions in iOS can be designed to run entirely standalone, without access to external services, or they can request “full access” to provide additional features through network access. Apple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you haven’t approved this access.

Because Apple mentions an “upcoming software update” I assume this bug also affects iOS 13.1.

How to Prepare Your iPad and Update to iPadOS

A bit ahead of schedule, Apple is releasing iOS 13.1 and iPadOS today. I wrote an update guide for iOS 13 and I’ll share that as a linked teaser, because the steps are identical for iPadOS. Just make sure that your iPad is properly backed up to iCloud or iTunes.

Once your iPhone is backed up, you’re ready to install iOS 13. You can either do so via iTunes, or right on your device. Go to Settings > General > Software Update. After a second or two, iOS 13 will appear and you can tap the install button. You can also enable the option for automatic backups. Like iCloud Backup, your iPhone will update automatically.

Answers and Tips for iCloud, iOS 13, iPhone 11, macOS, and More – Mac Geek Gab 781

Lots of new stuff from Apple this week… and lots of technical landmines to navigate. Thankfully, you’ve been sending your questions into John and Dave, and they’ve been doing the research to get you answers. Listen to the answers to your questions – and everyone else’s, too! Press play, and enjoy learning at least five new things… one that might even save your bacon this week!

Subscription vs. Private Cloud, Archiving Data, Geek Challenges Galore – Mac Geek Gab 780

Many Dropbox users are going to experience a device-limit issue with new iPhones coming this week. Listen as John and Dave talk through how to use your Synology DiskStation to solve this problem. That’s not all, though: Mac Geek Gab always aims to have everyone learn at least five new things. Your two favorite geeks answer questions about managing email, archiving your backups, mesh networks, iOS upgrade strategies, and more. Press play and enjoy!

New Exploit Shows We Should Just Skip to iOS 13.1

A contacts exploit was discovered in iOS 13 that lets a person bypass Face ID / Touch ID to see an iPhone’s contacts.

Relatively little is at stake with this exploit. Beyond the inherent danger of an assailant having your iPhone, this method only allows someone to view the contacts within the target iPhone, provided that they have physical access to the target phone and can complete the VoiceOver exploit.

Little is at stake, but there have been so my iOS exploits in the news lately that we might as well go straight to iOS 13.1.

iMessage and Safari Make iPhones Less Secure

Andy Greenberg writes about security problems in iMessage and Safari, saying that these products make iPhone less secure.

“If you want to compromise an iPhone, these are the best ways to do it,” says independent security researcher Linus Henze of the two apps…He and other iOS researchers argue that when it comes to the security of both iMessage and WebKit—the browser engine that serves as the foundation not just of Safari but all iOS browsers—iOS suffers from Apple’s preference for its own code above that of other companies.

Apple is in a tough position. If a company isn’t great at security, they could get a third-party to audit its software. But that would create a huge target.

iCloud Cluster****, Or Why You Shouldn't Run Betas On Important Devices

iCloud features in the iOS 13 betas have been removed because of buggy issues (And is probably a big driver behind iOS 13.1 betas). Developer Craig Hockenberry says this resulted in some unhappy customers.

Entire folders were either gone or corrupted. Apple’s mechanism to recover deleted files was of no help. The customers with weird folder duplicates were the “lucky” ones…Anyone who’s not a developer, and hasn’t been burned by a bad OS, does not know the kind of trouble that lies ahead. It’s irresponsible for Apple to release a public beta with known issues in iCloud…As an Apple shareholder, I also worry about how these failures will damage the iCloud brand.

This is exactly why you don’t run beta software on mission-critical devices. It’s not irresponsible of Apple, it’s irresponsible of people who ignore the warning on beta.apple.com to make backups. These people are why there are “Caution: Product May Be Hot” labels on microwaveable food.