eXtensions - Wednesday 27 December 2017


eXtensions: The Wednesday File (37) - Security Fallout and Merging Platforms

By Graham K. Rogers


Apple recently took a couple of hits with security weaknesses that were made public, and an iOS feature that reduced power on older iPhones while extending charge times. That was not well-received. As a nod to the future, there is speculation that apps could be developed that run on Macs and iOS, which some think could lead to a merging of the two platforms.

Despite a number of successes during the latter end of the year, Apple seems to be ending on a relatively low note, although how low (if at all) may depend on the way this is all examined.

Although we were warned all during the year that the new iPhones would be failures and Apple had supply chain problems, when the iPhone 8 and latterly the iPhone X were released it seems that a lot of people bought them, despite what experts had been insisting. This happens so often (take the record last quarter for example) that one would think people would have the idea by now. I am of course joking.

Selling Apple short makes headlines, makes hits and so makes some people money. At the beginning of this week, despite apparent high sales, another report of missed targets appeared. This morning, Neil Hughes (AppleInsider) reports that another analyst disputes these suggestions and confirms that iPhone X production is on schedule, noting that sales in China are good. I will wait for the next quarterly results.

iPhone 8 iPhone X

iPhone 8 (left) and iPhone X

I am one of those who has been convinced about the security of Apple systems ever since I can remember, with the occasional off-day. December saw more than a one-off problem with security, and Phil Schiller characterising it as a "bad week" was not really cutting it, especially as the following week there was another incident report, suggesting more about the philosophy inside Apple software development than about the company as a whole.

UNIX It began with the information that it was possible to enter a Mac Root account with a couple of simple keystrokes. This had been reported weeks before and nothing had apparently been done. It was only when someone put the details online that panic set in and action was taken to fix the gaping hole.

OS X and macOS have no Root password by default, unlike other Unix (and Linux) systems. I can remember setting up Silicon Graphics computers running IriX and the first thing done was to create a Root account. With no password on the OS X Root account, it was impossible to guess the password (you can't guess what doesn't exist) and any Root tasks need Admin account actions, which could not be done other than by the physical presence of a logged in user: no viruses for you.

When the weakness became known, several online sources recommended adding a password and then disabling it. I presumed (rightly) that a fix would be coming and waited this one out as it would need physical access to the computer to use this exploit. I keep my Macs close to me and a fix was released in a day or so, although some users still had problems with the rushed fix.

A few days later, there was an iOS problem when some found that on 2 December the devices were crashing unless they changed the date. Again a fix was put out; but this one appeared quickly and for me it was on a Saturday afternoon: highly unusual.

HomeKit On Thursday last week, there was another report, this time about a weakness in HomeKit. Like the macOS problem, this had been reported to Apple, but little had been done to fix it. Now, HomeKit was always touted as being safer than other IOT solutions. It initially needed a specific chip, but this year Apple changed to a software solution and more manufacturers expressed interest.

Unfortunately, a developer, who goes by the name Khaos Tian, found a weakness in HomeKit back in October and told Apple who fixed one part of the problem, but opened another door even wider. With a lack of action, and poor communication, he contacted 9to5 Mac who released bare details about the problem: Apple finally acted and a fix has now been produced.

I picked this up first on The Verge (Thomas Ricker), but the earlier story on 9to5 Mac which I had missed (Zac Hall) that appeared 2 weeks ago is more worrying. In the macOS Root situation and this HomeKit one, the team at Apple who should be taking care of the locks and keys, let us (and Apple) down and it is not until there is a public airing of dirty laundry that anything was done.

After the macOS Root publicity, Apple stated that the auditing process was to be reexamined and shortcomings would be addressed. Another example here suggests that these shortcomings have an unusual urgency.

As well as security problems, Apple was in for some criticism when it was confirmed that with a recent release of iOS, to improve the battery performance, it slowed the performance on some older iPhones. The conspiracy theorists and Apple-haters saw this as confirmation that when new models arrive updates from Apple are designed to push users to buying those new phones. They ignore the point that this has only just happened and that information was released to the tech Press (although few took this up) in February this year.

I wrote a comment about this on Sunday. At that time there were three law cases filed, but this has grown to 9 now, with one at a ridiculous $999 billion (Patently Apple). A later article from Andrew Orr (The MacObserver) outlines the comments of a battery scientist: these experts regard capacity falling to around 70% - 80% as the battery's end of life (EOL). With other comments as to cause and effect, it appears that Apple acted reasonably in its update that throttles power. The problem is not so much with the act, but conveying the Why to users.

Apple told us that the iPhone OS (now iOS) was derived from OS X when it was announced in 2007. Almost since the time that apps have been available, people have been urging Cupertino to merge the two systems. This had more of a push when the iPad Pro was announced as Apple was also telling users that all their computing could be done on the one device. Although not everyone agrees, a lot of users could (and do) suffice with a tablet device. Many commented that these were not desktop class apps, perhaps because Google and Microsoft had tried this and not seen success. History should suggest reserving judgement would be wiser.

Many commentators also saw this as the end for macOS, especially with the push that Apple was having for these new hand-held devices. I found that I could ignore the app in most cases and focus on the task I wanted to do. It is immaterial which platform I am working on.

Apple was ignored when it kept telling critics and users that the macOS would continue: as would the development of new Macs. Even the announcement and subsequent release of the iMac Pro did little to reduce this. Note that Apple sold 5.386 million Macs in its most recent quarter, which was up 10% on the same quarter of the previous year. That is over $20 billion a year: the sort of revenue that some companies envy, for what some critics see as a niche product: some niche.

iPad Pro Mac

iPad Pro (image courtesy of Apple) and Mac Pro

Others want the nimbleness of iOS with full desktop abilities, including keyboard, mouse and screen: plug the iPhone in and work. Samsung does this, I am told, but there has always been a line - fuzzy at times - between Macs on one side and iOS devices on the other. Some would like that line to vanish and the idea of Apple-designed ARM chips has often been put forward; but not by Apple, although the MacBook Pro has an in-house designed chip for the touch bar.

There was a bit of a surprise last week when the first reports of Project Marzipan (sounding like a renamed Android OS) appeared. Apple was apparently intending to allow developers to produce apps that would run on Macs and iOS devices (Mark Gurman, Bloomberg).

I can see some limits here, for example with Final Cut Pro, although there are apps like FiLMIC Pro (and others) that allow some good video work to be done on iOS devices. Photo-editing apps abound of course, including some that have roots on the Mac. With Keynote, Numbers and Pages, I just work on the platform that is most convenient, although I concede that creating a presentation is easier on the Mac.

There is also the fine example of Affinity Photo that I use on the Mac and iPad. This also runs on Windows because of the early development done on the core engine of the app which makes it more easy to port to different platforms. There was considerable speculation about this, for example Dan Moren (Six Colors), who also looks towards "a future unified platform."

More information is expected to be forthcoming at the next WWDC in June, although with Apple, they may start everything earlier, or simply drop the idea (although I doubt that). There are some Mac apps I would love to have on the iPhone and vice versa: there are so many great iOS apps that would beef up the Mac if I could use them on that platform. As a useful note, Michael Simon (Macworld) writes about 30 free Mac apps. I have some of these and do not agree with all of his choices, but there are several good ideas that even regular Mac users could think about,

And if you have read this far, I wish you a wonderful new year.

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. After 3 years writing a column in the Life supplement, he is now no longer associated with the Bangkok Post. He can be followed on Twitter (@extensions_th)



Made on Mac

For further information, e-mail to

Back to eXtensions
Back to Home Page

All content copyright © G. K. Rogers 2017