Apple has begun inviting journalists to its next big event, which will take place on 10 September 2019 at 10 AM PDT in the Steve Jobs Theater on Apple’s Cupertino campus. Apple will likely stream the event on its Apple Events page and in the Apple Events app on the Apple TV, as it has in previous years.

Here’s what’s expected at the event:

• New iPhones, naturally. The rumors this year suggest three camera lenses on the back of the phone and a possible “iPhone Pro” that will support the Apple Pencil.
• Ship dates for macOS 10.15 Catalina, iOS 13, iPadOS 13, watchOS 6, and tvOS 13.
• Something about the Apple Watch, though we don’t know what. Right now, the rumors point to a minor Apple Watch Series 4 refresh, with new case materials like ceramic added to the lineup.
• Possibly new iPads, but we haven’t heard much on that front.
• Mac hardware announcements don’t usually happen at the iPhone event, but we’re still awaiting details about the launch of the upcoming Mac Pro, so Apple may mention it then.

We’ll be chatting with TidBITS readers during the keynote in the #events channel of our SlackBITS group. To join the group, go to slackbits.herokuapp.com, enter your email address, and agree to the code of conduct. You’ll receive a Slack invitation in email right away.

The Apple world was stunned last month when a whistleblower revealed that Apple contractors were listening to recorded Siri interactions, a process Apple calls “grading” and that is intended to improve Siri interactions (see “Apple Workers May Be Listening to Your Siri Conversations,” 29 July 2019). It’s a common industry practice—Amazon, Google, and Microsoft all do it to improve their respective voice assistants—but Apple users had assumed that Apple’s stance that privacy is a fundamental human right would preclude such clearly creepy behavior.

Apple quickly suspended the program and told TechCrunch that it would be making changes (see “Apple Suspends Siri’s “Response Grading” Eavesdropping,” 2 August 2019). Now Apple has apologized formally, saying:

As a result of our review, we realize we haven’t been fully living up to our high ideals, and for that we apologize.

The company also said that it plans to resume the grading program once updated versions of its operating systems become available within the next few months, with the following changes:

• The resumed program will be opt-in only.
• Apple will no longer retain audio recordings from Siri but will continue to rely on computer-generated transcripts to improve Siri.
• Only Apple employees will be allowed to listen to Siri audio samples.
• Apple will “work to delete” any recordings of inadvertently triggered Siri interactions.

In a support note titled “Siri Privacy and Grading,” Apple also pointed out that less than 0.2% of Siri requests were reviewed under the grading program and that Siri uses a random identifier while processing your data, which is never tied to an Apple ID. Apple said that Siri uses as little data as possible to answer queries. For instance, when you ask Siri to read your messages, the text of those messages are never passed to a server.

Apple is doing the right thing here, but it’s regrettable that it took a whistleblower to prompt this change. That fact alone damages Apple’s privacy-focused image. It’s also unfortunate that Apple isn’t taking Adam Engst’s suggestion to empower Siri users by letting them make their own corrections—see “Why Can’t Users Teach Siri about Its Mistakes?” (14 August 2019). And there’s a human cost to Apple’s privacy reforms: at least 300 contractors have lost their jobs as a result.

Our friends who continue to carry the Take Control torch have been hard at work over the past two months learning everything they can about the betas of macOS 10.15 Catalina, iOS 13, and iPadOS 13. We’ll likely learn when those operating systems will ship during Apple’s September 10th announcements, but it will be soon. Even if you haven’t been playing with the public betas, you can get a sense of what to expect and learn how to prepare for your upgrades with three new Take Control books: Take Control of Upgrading to Catalina, Take Control of Catalina, and Take Control of iOS 13 and iPadOS 13. They’re available separately or for 40% off in a three-book bundle.

Take Control of Upgrading to Catalina

Back in 2003, when Tonya and I started Take Control, Joe Kissell’s Take Control of Upgrading to Panther was the book that launched the series. Joe is of course the publishing poobah of Take Control now, but he’s still updating this essential book every year, and the 1.0 version of Take Control of Upgrading to Catalina is now available for $12.99.

Joe has once again covered what you need to know to upgrade from a previous version of macOS. But with Catalina, there are some special gotchas if you’re running a much older version of macOS or relying on certain types of software that are no longer supported, including 32-bit apps and third-party kernel extensions (or KEXTs). He also explains what’s new in System Preferences, how to deal with the vast number of permissions requests that apps will be making in Catalina, and how Catalina affects your bootable duplicates, among much else.

Take Control of Catalina

Joe focuses on the act of upgrading, but once you’ve finished his post-installation tune-up, it’s time to explore all that Catalina has to offer. That’s where Scholle McFarland once again parlays her experience as a Macworld editor into helpful documentation of syncing iOS devices in the Finder, understanding Catalina’s new privacy and security features, learning all about the new Reminders and the updated Notes apps, using your iPad as an external display for your Mac, and more. The 1.0 version of Take Control of Catalina costs $14.99.

The 144-page book covers the Catalina beta. Soon after macOS ships in its final form, a free 1.1 edition of the book will add details about the iTunes replacement apps, controlling your Mac with the new Voice Control, using Screen Time to manage your kids’ use of the Mac, and lots of little enhancements.

Take Control of iOS 13 and iPadOS 13

Apple has split iOS into two operating systems—iOS and iPadOS, reflecting the iPad’s unique features—which has both increased the number of pages in Josh Centers’s book about iOS and lengthened the title. The 202-page Take Control of iOS 13 and iPadOS 13 builds on previous versions of the book to ensure that essential features remain documented while adding coverage of iOS 13’s new activity views, Dark mode, and Find My app. Josh also looks at the significant accessibility improvements in iOS 13, examines what’s new in major apps like Reminders and Files, and walks you through the new text editing tools.

On the iPadOS side of things, the book explains how to work with the new Home screen, Dock, and onscreen keyboard before delving into the iPad’s improved multitasking capabilities, the new desktop-class version of Safari, and the massively updated Camera and Photos apps.

As with the other two, Take Control of iOS 13 and iPadOS 13 is available on its own for $14.99, but it makes a lot more sense to pick up all three books for the 40%-off bundle discount, which drops the combined price to $25.80.

After taking justified flak in the media for user-hostile actions toward independent hardware repair shops (see “Apple Continues to Harass Tiny Norwegian Repair Shop,” 10 June 2019) and even individuals who want to repair their own devices (see “Apple Starts Locking iPhone Batteries to Thwart Independent Repair,” 9 August 2019), Apple has seemingly reversed course.

The company has announced the Independent Repair Program, which will provide independent repair businesses, regardless of size, with the same genuine parts, tools, training, repair manuals, and diagnostics for iPhone repairs as it gives to Apple Authorized Service Providers. After piloting the program with 20 repair business in North America, Europe, and Asia, Apple is launching the program in the United States with plans to expand it to other countries.

There’s no cost for repair shops to join the Independent Repair Program, although the application information notes that applicants must be established businesses in a commercially zoned area, and all repairs using genuine iPhone parts must be performed by an Apple-certified technician.

While Apple deserves praise for finally acknowledging that it needs the help of independent repair businesses to meet the burgeoning repair needs of the hundreds of millions of iPhone users, there are some caveats and questions to keep in mind.

• iPhone only: The Independent Repair Program is explicitly only for the iPhone. It’s conceivable that Apple could expand it to other devices in the future, but the company may not want to encourage competition in areas where it feels it and Apple Authorized Service Providers can meet demand.
• Common repairs only: In its description, Apple says that the Independent Repair Program will cover “a variety of out-of-warranty iPhone repairs, such as iPhone display and battery replacements.” It’s not clear what will happen if you take a broken iPhone to an independent shop and the problem turns out to be outside the scope of what the Independent Repair Program covers. Will the shop ship the broken iPhone to Apple for you? Will they tell you to do it? Or will they go ahead and repair the iPhone anyway, even if they can’t do it with Apple’s blessing?
• Cost: In its coverage, iFixit notes that although batteries were priced reasonably during Apple’s pilot program, replacement screens for the iPhone XS Max were priced above Apple’s own out-of-warranty repair rate. That means shops will have to charge quite a bit more than Apple to pay for labor costs and overhead. Will this be a case of Apple allowing independent repair, but pricing it such that it won’t be able to compete on cost?
• Right to Repair: Nothing Apple said in relation to the Independent Repair Program suggest that it would be designing its hardware with ease of repair in mind, or in such a way that individuals would be more able to repair their own devices. Having just spent 5 or 6 hours with my son Tristan disassembling and reassembling a dead 2011 27-inch iMac so we could bring its video card back to life by baking it in the oven, I can say with assurance that Apple doesn’t make things easy. (Our efforts paid off, and the iMac works once again!)

Unsurprisingly, Apple continues to frame the entire situation in terms of “safety” and “reliability.” Jeff Williams, Apple’s chief operating officer, said:

We believe the safest and most reliable repair is one handled by a trained technician using genuine parts that have been properly engineered and rigorously tested.

It’s undoubtedly true that repairs are best made with properly engineered parts, but Apple’s rhetoric rings a bit hollow given that fires caused by Apple-genuine batteries caused the 2015 MacBook Pro to be banned by various airlines (see “Stop Using Your 2015 15-inch MacBook Pro,” 20 June 2019). (As an aside, read the comments on “FAA Warns Airlines about 2015 15-inch MacBook Pros,” 14 August 2019, for suggestions on what paperwork to bring with you if you need to travel with either an unaffected or repaired MacBook Pro.)

Regardless, the Independent Repair Program is absolutely a positive move for Apple, and we applaud the company for making it. But we remain somewhat troubled by Apple’s paternalistic tone and the implications implicit in it. Apple’s Williams said, “When a repair is needed, a customer should have confidence the repair is done right.”

That’s also true, but it’s none of Apple’s business unless Apple is doing the repair. If I choose to take my iPhone to an independent repair shop that is clearly not affiliated with Apple, the relationship is between that repair shop and me, and Apple is not a party to it. If I’m unhappy with the repair, it would be unreasonable to assume it was Apple’s fault in any way, and I’d take it up with the repair shop.

It’s just like with cars. Most of the time, I choose to have my Nissan Leaf serviced by a local independent mechanic who I trust more than the nearby dealer. I don’t need or want Nissan involved with general maintenance like having the brakes done. But for concerns related to the fact that it’s an electric car, I’d be happy to take it to the Nissan dealer so they could bring their proprietary tools and expertise to bear. (Happily, being an electric car with many fewer moving parts and fewer fluids, it hasn’t suffered from as many issues as the gas cars we’ve owned.)

On 29 August 2019, Google’s Project Zero security research team released the details of a major series of attacks against iOS using sophisticated, zero-day exploits on a scale unprecedented in the iOS world. (Wired has a less technical summary of the Project Zero report, which is aimed at security professionals.) This is the most significant iOS security incident we are aware of since the launch of the iPhone. And while it’s extremely unlikely that any TidBITS readers had their devices compromised, the news remains a concerning development.

What Happened

In early 2019, Google Project Zero researchers discovered a series of exploits hosted on hacked Web sites. While most of the attacks worked only on older versions of iOS, one of them could compromise devices running the latest version of iOS and all its security patches. In the security world, that’s called a “zero-day” attack, and yes, that’s where Google’s security research team got its name.

Google reported the vulnerabilities to Apple in February 2019, and Apple patched them 6 days later with the release of iOS 12.1.4. At the time, iOS 12.1.4 seemed more important for its fix of a FaceTime bug that let a caller listen in on another FaceTime user while the device was ringing (see “Apple Re-Enables Group FaceTime with iOS 12.1.4 and macOS 10.14.3 Supplemental Update,” 7 February 2019). But if you look at the security notes for iOS 12.1.4, you’ll notice fixes for problems in Foundation and IOKit that acknowledge an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, and Ian Beer and Samuel Groß of Google Project Zero. (Beer and Groß wrote the Project Zero report as well.)

How Did the Attack Work?

Infection was easy: if a user visited one of the hacked Web sites using an iOS device, that device would be infected with implanted malware without having to interact with the user in any way. That malware could monitor the infected device’s GPS location data in real time, up to once per minute. It could also steal files on the device, which allowed it to:

• Read plain text just like the device’s owner sees in instant messaging apps whose communications are otherwise end-to-end encrypted (Messages, WhatsApp, Telegram, and Google Hangouts)
• Access the user’s email in apps like Gmail
• Download a complete copy of the user’s contacts database
• Extract copies of all the user’s photos
• Read login tokens that would allow accounts to be compromised in other ways
• Report the device ID back to command-and-control servers, and receive commands to read data from newly specified apps

The attack was not persistent, so restarting an infected device cleared the malware. However, most people don’t restart their iPhones often, so this probably didn’t help many of the victims.

As noted, these attacks didn’t target individuals but were aimed at anyone visiting certain Web sites. That’s what the security world calls a “watering hole” attack, since the attacker just waits for its prey to come to drink, much as a crocodile waits for a thirsty animal to get a little too close.

Although Google’s description did not identify the Web sites in question, it suggested that the attack type “indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.” Within a few days, sources familiar with the matter told TechCrunch’s Zach Whittaker that the Web sites hacks were part of a state-backed attack—almost certainly the Chinese government—designed to target the Uyghur community in China’s Xinjiang state. This isn’t a stretch; Coda has documented numerous other ways that China surveils the Uyghurs of Xinjiang.

If it seems odd to you that the Chinese government would target only Uyghurs using iOS, you’re not alone. Anonymous sources have now told Thomas Brewster of Forbes that Android and Windows were also targeted. It’s unclear if Google’s researchers even realized that the sites were targeting other operating systems, and one source told Forbes that Project Zero had only seen iOS exploits being served from the hacked sites. No details about those attacks have been revealed yet, but the iOS attacks are more relevant to Apple users.

Am I at Risk?

Unless you’re part of or involved with the Uyghur community in Xinjiang, almost certainly not. First off, because Google reported all the exploits to Apple quickly, and Apple responded by patching them all in iOS within days, you’re protected from these particular attacks as long as you’re running an updated version of iOS. The implant malware could also be removed merely by restarting the iPhone.

Second, there’s no indication that these attacks were distributed beyond Uyghur-focused Web sites. Had these attacks been used to target users—particularly higher value government or corporate users—they would likely have been discovered much more quickly. These particular attacks weren’t subtle in how they transmitted data back to their command-and-control servers, not even encrypting it with HTTPS. Such unusual upload patterns would likely be detected by savvy network administrators.

Third, iOS remains the safest consumer computing platform available, especially on current devices that feature additional hardware defenses. There will always be exploits, but it’s worth noting that iOS exploits are the most expensive available from “digital arms dealers” on the underground market for security vulnerabilities. Thus, they’re most likely to be used by deep-pocketed governments (or their private contractors) for political and military purposes.

None of this should be interpreted as meaning that we’re safe from as-yet-undiscovered attacks. Of course, that’s always true.

What Should I Do?

We have to assume that attacks like this are still happening and will continue into the future. So what should everyday users do?

Unfortunately, apart from staying up to date with security fixes, there’s nothing we as users can do to protect ourselves from these and similar sorts of attacks. Stories like this show why sticking with an old version of an operating system can result in unanticipated problems. Using recent devices will also help, since Apple continually improves hardware defenses.

However, if you’re in a sensitive situation due to a government or corporate job, or due to your political activity, you should get security advice from professionals, not from articles you read on the Internet.

What Should Apple Do?

For the most part, Apple should continue to do what it has been doing for years. The company puts significant effort and resources into hardening its devices and operating systems, and the more secure Apple hardware and software products are, the less likely that Apple users will be vulnerable to attacks from hostile governments or organized crime. It’s unfortunate that increased security sometimes makes it harder to perform tasks that were once simple, but when Apple, a company known for emphasizing ease of use, makes those tradeoffs, there’s a good reason.

One improvement that Apple could make would be to develop an Administrator app that a security or other technology professional could install to gain insight into what their phone is doing by reading logs, showing running processes, reporting on open network connections, and so on—think of it as the iOS love child of the Mac’s Activity Monitor, Console, and Network Utility. Some researchers are calling for Apple to open iOS to certain categories of security tools, but that risks the bad guys exploiting such raw capabilities as they have on basically every other platform. Apple already has such monitoring running as internal processes—iOS is still Unix, after all—so creating a trusted, on-device-only tool could both help security professionals identify unusual activity indicative of a compromised device and help regular system administrators with common support tasks. It wouldn’t meet every research need, but it could be a valuable middle ground to provide professionals with better visibility into their devices.

In addition, Apple should keep paying bug bounties to researchers. Apple is currently expanding that program, and it offers some of the highest dollar payouts in the industry. That’s essential, given that Apple—like Google and Microsoft—is competing against the underground market for security vulnerabilities.

Apple should also continue to hold the line on strong encryption and device defenses. Creating backdoors for law enforcement of any nation, including the United States, will almost certainly lead to the company being forced to open access to other governments, or to leaks and compromises that will lead to the oppression of entire populations.

In the end, we hope we’ve conveyed the significance of what Google’s Project Zero revealed: a widespread attack targeting an entire population that both evolved and remained undetected for several years. It’s essential that we understand the level to which our phones can be used against us, which means that there will always be those who will try to convert them into tools for monitoring and control. Simultaneously, we hope you understand that most—perhaps all—TidBITS readers have nothing to worry about, either from these particular attacks or from similar watering hole attacks in the future. And note that this is yet another instance of the increasing tension between governments and the tech giants. How that story will continue to play out remains to be seen.