On the iPhone and iPad, you can reveal additional commands and options when you touch and hold many interface elements, including notifications, app icons, widgets, messages in Mail, links in Safari, message and conversation bubbles in Messages, and much more. Thanks to Simon on TidBITS Talk for noting that iOS and iPadOS make the duration of what developers call “long presses” customizable. In Settings > Accessibility > Touch (under Physical and Motor) > Haptic Touch, you can choose Fast to reduce the amount of time you have to touch and hold or Slow to increase it. (Similar options appear in earlier versions of iOS and iPadOS.)

So, if you’ve found the length of time necessary to trigger a touch-and-hold action problematic in either direction, you can use this setting to make your device fit your usage patterns better. I’m an accurate but impatient tapper, so I plan to try the Fast setting to see if I like it better. I could also see people who move more slowly or have trouble touching the screen exactly where they want appreciating the Slow setting. Either way, give it a try with the Touch Duration Test below the choices.

I have worked hard to avoid wasting my time and yours on the brain-sucking minutiae of the years-long antitrust challenge brought by Epic Games against Apple. To make a long story short, Epic wanted to break Apple’s hold on the App Store, bypassing it entirely or at least reducing the 30% commission. At trial in 2021, however, the judge decided in favor of Apple on nine of ten counts. On the remaining count, she ruled that Apple violated the anti-steering provisions of the California Unfair Competition Law by refusing to allow developers to mention external payment options. Both Apple and Epic appealed, and the US Supreme Court just declined to hear either appeal, putting the lower court judge’s ruling into effect.

The practical upshot is that Apple now allows developers to add external payment links, so you may start seeing the option for out-of-app payments in apps. Developers will have to jump through numerous hoops, abide by draconian Apple restrictions about the text and graphic treatment of external payment links, and put up with a scary-sounding warning about how Apple isn’t responsible for anything that happens with purchases made on the Web. Developers must also report all transactions to Apple within 15 days after the end of each month.

That’s because these external payments aren’t commission-free. Apple has long said that the 30% is a commission fee, not a transaction fee (online transaction fees are usually about 3%), and it will continue to charge commissions for external payments. In the end, external payments enjoy only a slight savings—3%, in fact. Apple charges 30% for App Store purchases or 15% for small developers and for the second and subsequent years of auto-renewing subscriptions. The commission structure for external purchases made within 7 days of the link being followed is 27% or 12% for small developers or subscription renewals.

In other words, because developers will have to pay 3% transaction fees to process credit cards, there’s no financial win in adopting external payments—they’ll be paying 30% or 15% regardless. Despite the commission fee wash, some developers, particularly larger ones, may see the extra work involved in external payments as worthwhile in exchange for being able to interact more directly with customers.

Apple has triggered another large set of operating system releases, of which iOS 17.3 is the most notable thanks to its inclusion of the highly anticipated Stolen Device Protection feature (see “Apple to Introduce Stolen Device Protection in the Upcoming iOS 17.3,” 14 December 2023). iOS 17.3, iPadOS 17.3, and macOS 14.3 Sonoma also support collaborative Apple Music playlists, and watchOS 10.3 sports a new Unity Bloom watch face to celebrate Black History Month. Let’s look briefly at each update:

• iOS 17.3: Along with the new Stolen Device Protection, which you toggle in Settings > Face ID/Touch ID & Passcode, iOS 17.3 lets you invite friends to collaborate on playlists in Apple Music, add emoji reactions to collaborative playlist tracks, stream content to TVs in select hotel rooms using AirPlay, and see coverage for all your devices in Settings > AppleCare & Warranty. It also includes a new Unity wallpaper and crash detection optimizations for all iPhone 14 and iPhone 15 models. We’ll write more about Stolen Device Protection soon. iOS 17.3 also addresses 15 security vulnerabilities, one of which is a zero-day vulnerability in WebKit.
  
  
• iPadOS 17.3: As is often the case, iPadOS 17.3 tracks closely with iOS 17.3, offering the same changes apart from the iPhone-specific Stolen Device Protection and crash detection optimizations.
• macOS 14.3: Sticking to the party line, macOS 14.3 supports the collaborative playlists, emoji reactions in collaborative playlists, and the AppleCare & Warranty information in System Settings. It also addresses 16 security vulnerabilities, including the WebKit zero-day. On the enterprise side, macOS 14.3 fixes a bug that prevented Xsan volumes from failing to mount automatically, allows passwords to be changed successfully at the login window, improves reliability authenticating to an SMB print server, and improves reliability using single sign-on when using a proxy for associated domain traffic.
• watchOS 10.3: The watchOS 10 release notes page says the update “includes new features, improvements, and bug fixes” but details only the new Unity Bloom watch. I suspect nothing else is notable. watchOS 10.3 also addresses 12 security vulnerabilities.
• tvOS 17.3: Provides performance and stability improvements and addresses nine security vulnerabilities, including the WebKit zero-day.
• HomePod Software 17.3: Provides performance and stability improvements.
• macOS 13.6.4 Ventura: Addresses 10 security vulnerabilities, including the WebKit zero-day, and fixes a bug that could prevent Xsan volumes from mounting automatically.
• macOS 12.7.3 Monterey: Addresses six security vulnerabilities, including the WebKit zero-day.
• Safari 17.3: Addresses four security vulnerabilities, including the WebKit zero-day.
• iOS 16.7.5 and iPadOS 16.7.5: Addresses nine security vulnerabilities, including the WebKit zero-day.
• iOS 15.8.1 and iPadOS 15.8.1: Addresses two security vulnerabilities, including an older zero-day the company fixed in subsequent versions of iOS and iPadOS last month (see “Apple’s End-of-Year OS Updates Add Promised Features, Security Updates,” 11 December 2023).

Overall, these updates aren’t sufficiently compelling to warrant immediate updates. I recommend updating to iOS 17.3 soon if you want to turn on Stolen Device Protection or regularly stay in hotels that might support AirPlay. Otherwise, I encourage waiting a week to see if issues appear online and then installing to block the zero-day vulnerability.

Over the past week or so, reports have been accumulating from users who have dismissed a macOS notification encouraging an upgrade to macOS 14 Sonoma only to find themselves being upgraded anyway. The first report on TidBITS Talk came from Dave C., a developer and highly technical user who had intentionally been keeping his 2018 Mac mini on macOS 13 Ventura. When the notification appeared, he clicked the ⓧ button to dismiss it, but that was somehow interpreted as a positive consent to install.

Unfortunately, starting with Ventura, Apple has moved from an upgrade process that involved downloading and launching an “Install macOS versionName” app to an update-like process that starts without giving the user an option to quit. Howard Oakley suggests the update approach dramatically reduces the amount of data that needs to be downloaded and shortens the installation time, but it lacks the flexibility of being able to stop the installer easily or point it at another drive.

Several other users on TidBITS Talk chimed in to say that they had also inadvertently triggered the Sonoma upgrade from that notification. Having read the warning post, when user blm dismissed the notification and saw the Sonoma upgrade start, they restarted their Mac immediately and were able to block the upgrade. Jason Kerr had a similar experience and was also able to shut down in time. Will B. triggered the update accidentally but didn’t realize until he was prompted to restart to install it. He eventually prevented the upgrade from installing by turning the Mac off, rebooting into macOS Recovery, turning off System Integrity Protection (which protects certain parts of the system), deleting the downloaded upgrade files, and restarting.

David Brostoff waited a few minutes after dismissing the notification to shut down, but by then, it was too late, and he was upgraded to Sonoma. A few other users, including anch-innk, Ron LaPedis, and Charles Reeves, Jr. were upgraded to Sonoma even though they didn’t remember dismissing the notification. That’s almost more concerning.

In trying to figure out what was going on, TidBITS Talkers have confirmed that the problem affects both Intel-based and M-series Macs. Some were running macOS 13 Ventura and others macOS 12 Monterey. Being logged in as a standard user didn’t protect David C., whereas blm was logged in as an admin user. Nor did automatic update settings appear to be related—several people allowed macOS to “Check for updates” and “Install Security Responses and system files” but not “Download new updates when available” or “Install macOS updates.”

Al Varnell suggested that the notifications were triggered by a background update called macOSInstallerNotification_RC that was pushed to all Ventura users on 10 January 2024, which matches when these reports started. However, the mere presence of a notification shouldn’t trigger updates when the user explicitly dismisses the notification.

Will B. spent 45 minutes talking to a courteous and sympathetic Apple Support Senior Advisor whose responses suggest that this situation is unintended on Apple’s part. He encouraged those experiencing it to call Apple Support and submit reports through the Feedback Assistant app. In particular, he said that Engineering needs a report posted while the Mac is being threatened with the unwanted update so Feedback Assistant can grab all the relevant logs and provide a snapshot of the state of the machine.

There may be a few ways to forestall the upgrade:

• When faced with the Sonoma upgrade notification, choose Details or Info from the Options menu rather than clicking the ⓧ button.
• If you have clicked the ⓧ button, immediately open System Settings > General > Software Update (or System Preferences > Software Update) and look for a Cancel Update button.
• If that doesn’t work, immediately restart the Mac to see if that interrupts the download and thus short-circuits the update process.
• If you are prompted to restart when you haven’t initiated a restart, click Cancel. You’ll probably be prompted again later, and if you restart manually, the upgrade will probably happen. Try following Will B.’s approach of booting to macOS Recovery, disabling SIP, and deleting the upgrade download.

If you’re particularly concerned that you might inadvertently get Sonoma when you don’t want it, it’s possible turning off “Check for updates” in the Automatically options shown above would help, but it’s usually good to be alerted to new updates. P. Boersting also posted a set of steps to install a profile that defers major upgrades. I haven’t tested these, but they might be worth a try.

Stepping back from the nitty-gritty of this situation, I want to end with a few points:

• I don’t believe Apple meant to force Sonoma upgrades on users. That’s actively hostile behavior because there’s no way of knowing why someone might be sticking with an older version of macOS or if it’s a reasonable time to upgrade. It’s unacceptable to trigger a major system update without explicit user permission, and I can’t see Apple doing that deliberately. If nothing else, upgrading users like that doesn’t benefit Apple in any material way.
• This is a nasty bug and is a distinct lapse on Apple’s part. However, I think it’s overstating the case to claim that it’s indicative of a trend or a reason to stick with older versions of macOS. After all, the versions affected are Monterey and Ventura. Plus, because the bug doesn’t affect everyone, it likely relies on specific circumstances that make it difficult to identify in testing.
• Although no one should be forced to upgrade by this bug, there’s no reason to fear Sonoma. It has been out since September and has received several updates to fix bugs, add promised features, and block security vulnerabilities. I’ve been running it on my M1 MacBook Air since the beta with no particular issues and on my 27-inch iMac for about a month with no problems. If you buy a new Mac, it’s what you’ll get.

It’s likely that Apple will quietly fix the bug behind the scenes and say nothing, so keep an eye on online discussions in TidBITS Talk and elsewhere to see when reports of these forced upgrades stop.