Wednesday Notes: Imminent Releases; Apps - Buy or Subscribe; CSAM in Error; Pegasus Wings Clipped

By Graham K. Rogers

With the holiday season approaching, rumors abound about what Apple will and will not be releasing. I am disappointed that Pixelmator Photo is moving to subscription with a higher outright purchase price for new users. Pricing for a Mac version is not clear: who wants subscriptions? A user in the US was flagged in error for potential CSAM images by Google. It took months to clear the problem. A UK Court decision means that the Saudi government can be held liable for using Pegasus to spy on a dissident. In a total coincidence, the CEO of NSO (Pegasus) stepped aside.

Rumors about Apple and its plans seem to have reached a consensus on 7 September as the date the next iPhone will be announced. Although this is a Wednesday it is explained that the Monday is a holiday (Labor Day) and this gives time for traveling, although if this is to be an online presentation, that may not matter so much. We should expect invitations to be sent out by next Wednesday (31 August) if this really is the day.

As with the iPhone announcement, there are rumors about other products: Apple Watch, iPad, Macs, Mac Pro. All have seen authoritative comments from sources online, although not yet from Apple. They will come (this is an evolutionary process after all) but only Apple really knows what and when. I must admit I am warming to the idea of a new 11" M2 iPad Pro. The current one was released in May 2021 and in 16 months a lot has happened. As the iPad Pro is perhaps my most-used device it would be an easy decision to make. I probably will not replace the iPhone this year, but the Apple Watch is a possibility.

One rumor about an expected development outlines the possibility that TSMC, who produce many of Apple's chips - especially the M-series - are moving to the 3nm process earlier than expected (Jonny Evans, Apple Must). A later rumor suggests that 5nm chips will be used. The M2 chips in the MacBook Air and 13" MacBook Pro that were recently announced use a 5nm process although other models in the range are yet to be updated. Evans speculates that as well as Macs, the 3nm chips could be destined for the iPhone or M2 iPad Pro. Among the benefits of the 3nm process is reduced power consumption, which also reduced the heat that is produced. More power and smaller chips are other pluses.

Stage Manager on iPad - Image courtesy of Apple

There has been much criticism of Apple's Stage Manager and the way that it is working may have caused delays to the release of iPadOS 16. Sami Fathi (MacRumors) mentions Federico Viticci of MacStories in his outline of this although there have been a number of other negative reports. We also note that the updated System Settings app for macOS is not without problems and has several critics (Tim Hardwick, MacRumors) including John Gruber (a long time Apple supporter). There are times when even your friends have to point out errors. Later news tells us that Apple has now put out a beta release for iPadOS 16.1 with a confirmation from Apple that iPadOS will be released after iOS 16 (Brian Heater, TechCrunch) with Stage Manager suggested again as part of the reason for the staggered release. I would rather have a new feature working properly.

I had been using Pixelmator and Pixelmator Pro on my devices, as well as Affinity Photo which are useful substitutes for those who want to avoid Adobe, like me. When Pixelmator announced its Pixelmator Photo app, I signed up right away and when it was released was delighted, as it had some of the look and feel of the lamented Aperture, although certainly not as powerful. It allowed some reasonably extensive photo editing on the iPad. It was intended for the larger device and works best there. It is now also available for the iPhone, although the limited screen space makes the iPad the better option. Straighten, perspective and keystone (in Crop) are better than what is available in Apple Photos on the iPad and iPhone. These are not available on Photos on the Mac. The Repair tool on the Mac is quite good these days (it is not available on the iPad or iPhone), but this tool in Pixelmator Photo produces a far better result.

Pixelmator Photo on iPhone - Unedited image

I was slightly surprised (and disappointed) to see that the developers of Pixelmator Photo are to make this a subscription app ($4.99 per month or $23.99 per year (Joe Rossignol, MacRumors). There is also a one-time purchase option of $59.99 which is far higher than what I had paid for this. I am pleased (of course) that those who have the current version will be excluded from the increased rates. I had stopped using some other, excellent software on the Mac as the developers kept producing new versions while the older software which had been working perfectly (and still does in some cases) was no longer updated. This was in effect a subscription and users were expected to buy the latest version to keep up. As some of the plugins I had bought no longer worked I became tired of this and looked to other solutions. This specific example was mentioned in Pixelmator blog comments.

In the blog post the developers explained the reasons for the change and also dangled news of the upcoming Pixelmator Photo for the Mac: late this year or early next year. My current purchase status will allow for a reduced subscription price for the Mac software. I may end up buying this outright if I can. I detest subscription software (as opposed to subscription services: iCloud, Netflix). I like the idea of a Mac version, particularly as the iPad app reminds me of Apple's Aperture. But not with subscription. Some of the comments on the blog expressed similar ideas and there was considerable negativity from users. I will wait and see.

I have been enjoying the benefits of the Hidrate Spark flask for the last few months. I particularly enjoy the way it records the amount of water that I drink and automatically enters that in the Apple Health app on my iPhone to go with the rest of the statistics I collect over a day (or more): automatically and manually. When I drink tea, coffee or juice, I have to enter that into the Hidrate app which then synchronizes with the iPhone.

My scales enter daily weight measurements automatically to the Health app. I add temperature manually, although there are devices that sync, as well as blood pressure when I visit the doctor. I used to have an automatic blood pressure device, but after some time that broke and I never bothered replacing it. I should. There are several other readings that are entered daily, some from Apple Watch output. The data give me a good overview of the state of my health and I am able to monitor more closely if there is an unusual change: weight, heart rate, and temperature are good places to start.

There are many other data points that are important, such as blood-sugar levels and cholesterol for some people: I have this tested every 6 months and the doctor's eyebrows are a good initial indicator. We do discuss the figures too. If I were diabetic, I would be checking blood-sugar levels more often. Recording water intake was something I had wanted to do for a while. Like many readings which can be done manually (copper, zinc, iron, saturated fats, calcium, vitamin levels, et al) it is less of chore if be done automatically so when the Hidrate bottle appeared on the Apple Store listings here, I ordered this and wrote about what I found.

It was working perfectly until this weekend. I noticed that, towards the end of the day, the input was clearly lower than I usually see after fruit juice, 2 cups of coffee, cups of tea and drinking water throughout the day. When I looked at the history, each item was listed (so I was not cheating), but there was a rotating icon indicating that data was not registering despite some having been entered manually on the iPhone. When I tried to add some more by taking a drink from the bottle, the figure displayed increased then fell back to the previous number. The data had been affected from mid-afternoon onwards.

Hidrate displays: History, Apple Watch, and Home

I tried the usual fixes: close the app, restart the iPhone, stop and restart Bluetooth; but none of these made any difference. I looked at the FAQs and there were some sensible suggestions, including switching on Airplane Mode for 30 seconds, but that did not make any difference either. There was also mention of a Reset button on the "puck" the part of the water bottle that contains the electronics. I tried that the next morning after seeing that the previous day's data was still not loaded; and when I made a manual entry the current day went back to zero.

The reset button was described as being on the top of the puck, next to the power connectors. It was immediately obvious. I pressed it for a few seconds, but as I had removed the puck from the bottle decided also to recalibrate the device: something I do with a recharge as this also needs the puck to be removed. I accessed the current page on the app but initially nothing changed so I restarted the app and the page refreshed. The previous day's entries were now also up to date, so the reset had been the right solution, although quite why the synchronization had gone awry was not answered.

One of the reasons for the outcry last year when Apple announced it was planning to introduce on-device scanning for CSAM images, was that the hashed images could be expanded to include images that were not abuse, so the concept could be used by some countries for political reasons. However, Matt Growcoot (PetaPixel) reports about a situation in which Google flagged images as possible CSAM when a man was asked to send photographs to his doctor to help diagnose a problem (swollen penis) with his young son. With the pandemic restrictions, the consultation was online. His account was frozen; and as flagging an image means that Google is obliged to contact law enforcement, it was not for several months until he was cleared. The article reports that he still cannot access his Google account.

This was covered in detail by Kashmir Hill in the NYTimes and John Gruber's commentary on the situation is worth considering: "Just an awful story, but filled with nothing but good intentions." Gruber walks us through some of the technology noting the comments of Dr. Suzanne Haney, chair of the American Academy of Pediatrics' Council on Child Abuse and Neglect, who advised parents against taking photos of their children's genitals, even when directed by a doctor. She added that most physicians were probably unaware of the risks in asking parents to take such photos. Gruber closes with, "The on-device vs. on-server debate is legitimate and worth having. But I think it ought to be far less controversial than Google's already-in-place system of trying to identify CSAM that isn't in the NCMEC known database.

Other comments from Charles Arthur (The Overspill) are also useful. He mentions that there were two people banned by Google for similar images (I do not access the NYTimes). Like Gruber, he compares the Google server-side approach with Apple's intended on-device scanning and comments that the "downside of false positives [are] very substantial". He adds also that this case seems to be "a sort of mission creep: Google is guessing at what is abuse content, and not being careful enough in its review."

It may not be a coincidence (although I am sure it will be denied) but the head of NSO, the Israeli company that developed the powerful Pegasus spyware is to step down (Guardian - Staff) only a few days after a case between Ghanem Al-Masarir and the Kingdom of Saudi Arabia was heard in London last week before Mr Justice Julian Knowles.

This was not actually a trial but a hearing to rule on whether the Saudis could rely on legal exemptions in the State Immunity Act 1978. As this was decided in favor of Al-Masarir, the case can move on. The circumstances were focused mainly on the use of Pegasus on Al-Masarir's iPhones. Arguments were put forward that, even if the Saudi government did this, they would be exempt under that law for several reasons.

The judge picked his way beautifully through a minefield of events, laws and decisions in the UK and other countries including the death of Jamal Ahmad Khashoggi which shows just how some countries do not like dissent. The judgement opened with the example (supposedly theoretical) of agents of a foreign power coming to London to poison a dissident.

Using previous case law regarding hacking of a computer in London from Russia, and Google's breach of data protection legislation, the judge tells us that, "Where a computer device located in the UK is manipulated and made to perform operations as a result of electronic instructions sent from a computer/operator located abroad then there is authority for the proposition that this is to be regarded as an act within the UK." He mentioned this with regard to the Saudi claim of sovereign state immunity. As well as this there was considerable mention of decisions in other countries (including the USA) regarding state immunity,

Much value was placed on the evidence of Dr Bill Marczak (Paragraphs 157-163) who had forensically examined the phone and reported that this phone and those of other dissidents showed similar patterns in the installation of Pegasus. The techniques used for the Pegasus installation were outlined in some detail (Para 175 - 184). Dr Marczak's statements also included the information, "I focus on companies that sell spyware and hacking tools and services directly and exclusively to governments, including FinFisher (based in Germany), Hacking Team (based in Italy), and Cyberbit and NSO Group (both based in Israel)" (Para 158).

As a side note, I was also amused by the judge's dismissal of comments by two witnesses, citing the Mandy Rice-Davies comment, Well they would say that, wouldn't they" (Para 195).

We are told in the (Guardian article on the resignation of Shalev Hulio as part of a reorganisation of NSO, that the company is to focus on NATO linked countries rather than those it has sold to in the past, including "Saudi Arabia, the United Arab Emirates, Hungary and India." The idea is that it will be "sold only to government agencies to target criminals and terrorists," but who defines who the terrorists are? We note that sales require Israeli government approval, but that does not inspire me with confidence.

A list of hundreds of those targeted (including Jeff Bezos) as well as outline information on the attack method (plus links) is available at Haaretz (Omer Benjakob). The list of phone numbers that had allegedly been targeted was in excess of 50,000, however, and OCCRP - The Pegasus Project has even more information as well as several links.

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. After 3 years writing a column in the Life supplement, he is now no longer associated with the Bangkok Post. He can be followed on Twitter (@extensions_th)