Apple in 2023: The Six Colors Report Card
Jason Snell of Six Colors has released his annual Apple Report Card, with rankings compiled from scores submitted by 58 Apple-adjacent writers, editors, developers, podcasters, and other professionals, including me and longtime TidBITS contributors Glenn Fleishman, Michael Cohen, Jeff Carlson, Josh Centers, Kirk McElhearn, Rich Mogull, and Joe Kissell.
This year, Hardware Reliability, the Mac, and the iPhone topped the list, with the iPad taking over the bottom spot from HomeKit.
Last year, most categories improved or stayed the same, but Apple’s three primary product segments—the iPhone, iPad, and Mac—all dropped (see “Apple in 2022: The Six Colors Report Card,” 9 February 2023). This year, the Mac’s rating was unchanged, the iPhone improved slightly to more than erase last year’s drop, and the iPad continued its precipitous slide. Apple also took it on the chin for the Apple Watch, the Apple TV, Services, and Wearables, all of which fell by significant amounts. However, HomeKit, Hardware Reliability, Software Quality, Developer Relations, and Environmental/Social all gained. For thoughts on why these and other rankings changed as they did in 2023, read the full report, complete with pithy quotes from your favorite Apple pundits.
Reading the report in detail is always interesting. Once you look beyond the usual Apple-is-so-kewl yada yada there’s a lot of interesting insight offered by the various pundits.
But one thing that truly shocked me and I not at all was expecting, is this nugget hand grenade thrown in there by Leo Laporte about what appears to be a backdoor Apple could have been forced to have installed into iOS that could have been used to exploit iOS devices for many years (five Ax chip generations in fact). I had never heard about this before. And unless it’s complete sensationalism garbage (which considering the author and Steve Gibson who he’s interviewing I kind of doubt), I have to wonder if pretty much the entire iOS/iPhone pundit world is asleep at the wheel.
I was impressed by Christina Warren. Every single quote of hers in that report I would sign right away.
And along those lines, kudos to TidBITS’ own @mcohen for daring to speak up and say it like it is (and I say that as a a guy who routinely goes to and really likes TX)
The news has been out for more than a month – among others, Ars Technica:
This part is pure speculation. There was an older story last year in June (perhaps this was the same incident?) where the FSB speculated that Apple created a backdoor to iOS at the direction of the NSA and Apple said that they never would.
https://9to5mac.com/2023/06/01/apple-responds-to-dubious-iphone-security-claim-by-russia-vowing-to-never-create-a-backdoor-to-ios/
Seeing as most of those targeted were staff at embassies of NATO countries, Israel, and China in Russia, it would indeed be quite odd for the NSA to be behind it all. But these days in that world, who knows what makes any sense anymore.
I don’t put a whole lot of faith into anything Apple declares about this. Apple would be required by law to deny if indeed they had been forced to implement backdoors by the US Government. Recall the reason certain organizations have started using canary-in-the-coal-mine statements is that they’re aware they can be compelled to not disclose. So in anticipation of such an event, they disclose each year there were no special requests. Then, one year when they don’t post the usual statement, the canary watchers know that organization has been compromised without them ever having to disclose anything.
On the basis of what criteria were the devices rated? Did everyone use the same criteria?
Surprised that TidBITS never covered the security problem, considering how long it’s been known, how many different iPhone models were affected, and the seriousness of the hack.
And even though it does no longer work with the same procedures on updated systems, not knowing how it was created and by whom, it still leaves open that the hack is still there, but perhaps with a different trigger and changed translation method hidden elsewhere.
It appears that the hack was not “discovered” in the traditional way in the code, but rather the means to access it were revealed and reverse engineered. Highly difficult to know if it still exists elsewhere, unless another user comes forward.
