eXtensions - Wednesday 20 September 2017

eXtensions - The Wednesday File (23): Apple Critics and the Spaghetti Principle - Throw Enough and Some May Stick

apple and chopsticks


By Graham K. Rogers


Quick Bites

The latest update of iOS 11 is now available and there are some new features. I have it on a couple of devices, but the iPhone 7 Plus is being recalcitrant and just reports, Update Requested. One of the known differences with this version is that those older 32-bit apps will stop running. I have seen several go. It is a shame developers cannot maintain these. For some it may not be worthwhile. I would expect that QR-code reading apps will disappear as cameras in iOS devices with the latest version can read these. There are other improvements throughout, but still no white balance in Photos. Before updating, make sure the device is backed up. Next week, the macOS High Sierra update will be released.

The new iPhones apparently will have the latest version (v5) of Bluetooth, Daniel Eran Dilger tells us on AppleInsider. This is an enhancement of the Bluetooth 4.2 Low Energy protocol intended to work over greater distances or at faster speeds and this is specifically aimed at the Internet of Things and will work well with iBeacons.

What the new iPhones have also is the A11 Bionic processor and while it was not unexpected that the upgrade would produce a faster processor, this is impressive. Daniel Eran Dilger (AppleInsider) outlines benchmarks from Geekbench that show readings "higher than the base Intel Kaby Lake Core i5 processor Apple uses in its 13 inch MacBook Pro." As I have the 13" MacBook Pro I am a little jealous as well, although the two devices have different functions. The chip is "is 25 percent faster in single core and 80 percent faster in multicore scores".

Facial Recognition FUD

It is 7 days since Apple announced its new iPhones which has produced more misinformation than I think I have ever seen before. Maybe it will just grow year by year until some time a few years hence, the moment Cupertino drops a hint about some new feature, there will be a rush to print with a chorus of, "Can't be done."

I watched the Event last week, writing notes as I went and certainly missed one or two things, such as the mention of the new AirPods box, which I had expected. I was put right on that by Juli Clover of MacRumors who had mentioned these in one of her articles and answered my email right away: "It was only briefly mentioned when Apple introduced the AirPower and said it would charge the AirPods with the new wireless case." I must admit, the eyelids were beginning to weigh somewhat by 2am.

Some put out the idea that the iPhone 8 was really a 7s and therefore unchanged, except for the A11 processor, which didn't really matter as no one will notice the faster speeds; nor would the new camera make any difference, even if the front facing one was now 7mp and the software was improved. People are actually paid for writing trash like this. Andrew Orr (The MacObserver) explains the new cameras properly.

Most negative reports were reserved however for the face recognition software that of course won't work, because Samsung got there first and theirs is easily circumvented. Apart from a few Apple personnel, no one has actually been able to try this out yet in the real world. Those members of the press attending the Event only had a few minutes hands-on with the iPhone X and, while they (the ones who did actually see and try) were impressed, no one has had the longer experience that would be necessary for adequate analysis and impressions. But what do they care when there are Apple-related headlines for the taking?

Right away Ars Technica (Ron Amadeo) put out an item that showed he was worried that FaceID was going to suck, but you need your eyes open for it to work properly and he must have had his eyes closed (even though he does not have the iPhone X yet) as he walked straight into the Macalope:

. . . we know Face ID will be crappy because all the other facial recognition technologies were crappy and it ain't like Apple ever took something that was crappy for a long time an made it better like, oh, computing or digital music or tablet computing or smartphones or fingerprint recognition or a bunch of other things. It's not like that's literally what they do.

I wrote a Cassandra comment on the negatives late last week, and included the grandstanding Al Franken in that who was out of the traps with a 10-point letter in less than 24 hours demanding assurances on what it would do and how user privacy was to be guaranteed. Not paying attention were we? As if that mattered.

Let me highlight part of this letter, which suggests that he was not paying attention over the last couple of years when TouchID was introduced with the iPhone 5s (he never asked about that, of course). In the preamble, he mentions the confusion that online sources have caused, and which he has most certainly added to. He wonders about the ramifications if "Apple itself could use the data to benefit other sectors of its business, sell it to third parties for surveillance purposes, or receive law enforcement requests to access it (sic) facial recognition system. . . ". After the request he made in 2011 about maps data (and the one he did not make about TouchID), one would have thought he would have learned that lesson.

Letter from Franken

It took a while but eventually most did understand that although a fingerprint was used, it was converted to a mathematical representation on the iPhone. This was not sent to Apple or anyone else, but that mathematical data remained in a secure enclave which was part of the processor. When a fingerprint confirmation was needed, for unlocking the device, or making an online purchase, the user's (fingerprint) input was compared with the mathematical data and there was a result: confirmation or denial.

While (in the USA) the authorities cannot make users give up a passcode without a legal fight, the fingerprint is different, even though its use (forced or otherwise) could allow persons to incriminate themselves. This seems to be one of the major criticisms that some have for Apple's version of facial recognition: like a finger, you always have your face with you, although Apple has built in a couple of safeguards here.

Most commentators rushed to post their comments online with a Chicken Little sense of panic - Apple is falling, Apple is falling - but one person did take the time to write an email to Craig Federighi on the point of sunglasses and the feature. Apparently, with most sunglasses, the material used is able to let the IR beam through and will scan the eye. Not all sunglasses, but most, so first the eye needs to be scanned and second, Apple has gone through a process of testing. In the presentation, Phil Schiller made it clear that several other potential weak areas (or at least areas that affect other attempts to use this technology) have been considered, tested and dealt with.

Keith Krimbel of Yoke Remote (reported by Jack Morse, Mashable), who wrote that email, also asked about robbery: forced taking of an iPhone, pointing it at the face, and running. Like SID 6.7 (Russell Crowe) in Virtuosity, Apple keeps coming back with "Uh, uh, uh. I thought of that one, too". Federighi replied, "There are two mitigations: if you don't stare at the phone, it won't unlock," he replied. "Also, if you grip the buttons on both sides of the phone when you hand it over, it will temporarily disable FaceID." Staring suggests that both eyes must be open, so that is a simple answer, but the two buttons seems to need some quick thinking.

There is another potential solution and this is exactly what caught Federighi during the presentation. With the Apple Watch, if I enter the password wrongly more than a couple of times, there is a 1-minute penalty. If I do it repeatedly, this extends to 5 minutes. This happened when I cleaning the Watch and changing bands at the same time. My spurious input gave me a Yellow Card. I stopped and waited. Although this behaved as intended and Federighi switched to a backup, many saw this as a failure (demos do go wrong). Rene Ritchie outlines this and the knee-jerk reactions of most of the press. I watched this on AppleTV and noticed the pause, but also heard what was said.

Likewise with the iPhone, there are time limitations (8 hours overnight) and also trying to entering a fingerprint wrongly 5 times will lock the user out until the passcode is used. And entering the passcode wrongly too many times will also lock the device. With iOS 11, pressing the Home button 5 times will also do that.

Following on from some of the questions aired, including by Franken, and the email answer to Keith Krimbel (above), Kif Leswing on Business Insider reports that Apple plans to release a security "white paper" on Face ID. I look forward to that.

In the midst of all the misinformation I was reading, one of the best outlines of the Apple face recognition system came from a Microsoft Regional Director and MVP, Troy Hunt. It is a fairly long, well-considered analysis in which he explains the history of device security before commenting on FaceID. Looking at the complexity of the identification system (Infrared camera, flood illuminator, proximity sensor, ambient light sensor, camera, dot projector), he writes, "you can't help but think that the breadth of sensors available for visual verification trumps those required for touch alone."

iPhone X sensoring

Reading Hunt's analysis and then taking a close look at the area of the new iPhone where these are located - called The Notch by many, with the same derision that was previously reserved for dongles - there is an impressive technical selection built in there.

Another smart look at the system, in a comparison of what is available now, comes from Robert Triggs on Android Authority. They are not all rabidly anti-Apple over there. Indeed, last week iMore had a piece by MrMobile with some implied criticisms of what is sometimes announced, but is unfinished on that platform. Vlad Savov is also an Android user and a former iPhone owner. I don't agree with everything he writes in his assessment, although I am with him on animated emojis (or maybe this is the doorway to something else) and on his comments on Qi charging: Apple was smart ot go that way. I disagree with his comments on FaceID ("I don't see the value in it"). Later he may appreciate it more.

I think my favourite item of disinformation came from Berkeley Lovelace Jr. at CNBC who found a security expert to create some smoke. Tom Grissen of Daon says, "None of these systems are flawless. And you'll see it with Apple. They can be defeated. Somebody will do that" with no other evidence than what I have. I presume that, according to his words, his own company's systems are also liable to being hacked. As there is nothing to show (as yet) that the TouchID has been hacked since it was introduced, that sounds misplaced, or arrogant. The CNBc report also managed to bring in Al Franken.

Others are chiming in. The combined chorus sounds more like, For whom the bell tolls. . . than a sober look at what Apple has released, and Ben Lovejoy (9to5Mac) cites a Wired article that has found some academics who are not focused on the FaceID but on "differential privacy". Apple and others - only Apple in the headline of course on 9to5Mac - have a practice of analysing user data anonymously, but by use of some reverse engineering, the dots have been joined and it may be possible to identify the users.

Apple denies that this is possible and the academics suggest that this "relies on users trusting Apple not to abuse the data". This seems to be FUD timed to coincide with questions raised about FaceID. Apple is being held to a different standard here and the others (mentioned in the article) who also do the same thing are not even named.

As if this were not enough, Jake Laperruque on Wired (Wired again>) thinks that FaceID is either going to be a winner or a tool for spying. He cites the success of the TouchID and the way Apple defended against requests to make changes, but immediately changes tack (the ever-present, "What If") to write, "if the government attempted to forced Apple to change its operating system at the government's behest . . . it could gain that access" which is nonsensical. I don't mean the idea of a legislative change, which Apple would resist, delay through the courts, and change iOS and hardware so that the original request would be moot. The sentence itself makes no sense: "if the government attempted to forced Apple to change . . . at the government's behest"'; or at best it is tautologous.

Apple does not have the data.

Like Touch ID that is in a mathematical form in an enclave on the device. We know that although most areicles, like this one, seem unable to accept that the fingerprint (in the past) or the face data does not exist: the images information is converted to maths.

Even if the FBI, CIA, NSA or a police department gained access to the device and all of its data, they would have nothing other than a series of numbers (I don't know what form this mathematical data is in) which would be almost worthless. Apart from repeating some of the fears and the main ideas in Al Franken's letter, this is little more than another FUD article that is based on air.

Following on from some of the questions aired, including by Franken, and the email answer to Keith Krimbel (above) Kif Leswing (Business Insider) reports that Apple plans to release a security "white paper" on Face ID. I ,look forward to that.

There is always one commentator who sends an Apple product back or insists they will never buy an Apple product again - one writer in the Bangkok Post who never wrote anything positive about Apple, wrote that on more than one occasion - and the latest iPhones have brought Craig Grannell (who I had never heard of before) out of the woodwork to claim his 15 seconds of fame as the latest device has left him, "dazed and confused". Someone threw one at him?

The "notch" on the iPhone X "haunts" him, but it is FaceID that worries him most and he prefers (not that he has used the iPhone X) the Home button. He is going to stick with the iPhone 8. I think he would better try an Android phone with plastic buttons.

With this and all the information above, I will be ordering an iPhone X.

With the first comments coming from Macalope, the last words belong to John Gruber on Daring Fireball, who has only had a passing acquaintance with the iPhone X and its FaceID, but who does know a number of people inside Apple. His comments on those within Apple, including engineers who are using the system already, and their enthusiasm (trust me, engineers are the first to question any technology) is clear.

He tackles three main points: the disappearance of TouchID which was part of a move towards facial recognition; the supply chain rumours which could be disinformation; and the skepticism towards FaceID. Like Macvalope, he also references the Ars Technica piece by Ron Amadeo.

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. After 3 years writing a column in the Life supplement, he is now no longer associated with the Bangkok Post. He can be followed on Twitter (@extensions_th)



Made on Mac

For further information, e-mail to

Back to eXtensions
Back to Home Page

All content copyright © G. K. Rogers 2017