Checklist 248: A Deeper Dive Into Apple Updates
This week on The Checklist, we’ve got updates about updates — and info on new bugs that will need to be fixed in future updates!
Apple updates include security patches
On Monday, Apple released iOS 15, iPadOS 15, tvOS 15, HomePod 15, and watchOS 8.
In addition to the raft of new features contained in the new OSes, Apple rolled out some interesting security patches as well.
An Apple Insider story explained that iOS 15 fixes a Face ID vulnerability that could have allowed bad actors to use a 3D model of a user’s face to bypass the iPhone’s biometric authentication.
Granted, if you’re not Ethan Hunt, you probably don’t have to worry about that happening to you. But there are also fixes for bugs in CoreML and WebKit, and updates that address memory handling and kernel issues. In other words, plenty of reasons for everyone to update.
New security and privacy features
In addition to the security updates, there are also new security features in iOS 15.
Advanced Fraud Protection will keep Apple Card users safer by periodically changing their three-digit verification number. Apple says that the feature will not affect recurring charges.
iCloud+ users will get access to Private Relay, a VPN-like service that will help to conceal your IP address when you go online. Private Relay works by routing DNS lookup requests to an Apple server — instead of a DNS-resolver operated by your ISP. This means that your ISP won’t know what sites you’re visiting, and websites won’t be able to track you. Note that Private Relay is not a full-fledged VPN. It only applies to network traffic coming from Safari, and won’t protect you if you’re using other apps or browsers.
Hide My Email is another new iCloud+ feature that promises better privacy. It lets you create unlimited random email addresses that will forward directly to your inbox. This way, you can always give out an email address, without giving out your email address. If someone starts spamming you through the burner email address that you gave them, you can just shut it off.
Lastly, the iOS 15 version of Siri will be able to perform certain functions directly on your device. That means that Siri won’t always have to send data to Apple’s servers to process requests. Most iOS users probably feel pretty safe with Apple, but it’s a nice privacy enhancement nonetheless.
Kremlin says “nyet” to Private Relay, Navalny app
Private Relay is not available in countries where local law prohibits citizens from using VPNs and other privacy-protecting technologies. This includes Belarus, China, Saudi Arabia, and now, it seems, Russia.
The latest addition to the list of countries that won’t be getting Private Relay is unsurprising, if a little disappointing. CNET last week reported that Apple and Google had pulled the “Smart Voting” app from their app stores in Russia. The app is sometimes called the “Navalny app”, in reference to Russian opposition politician Alexei Navalny. It was designed to consolidate opposition votes in Russia’s electoral districts. For obvious reasons, the powers that be were not too happy about that!
So … have Apple and Google bent the knee to authoritarians yet again? It does look that way — although both companies will surely claim that they’re just following local laws. Considering that the Russian government had been demanding the removal of the app since mid-August, it’s actually somewhat surprising that Apple and Google held out as long as they did.
In iOS 15, user spies on app!
One of the most interesting privacy changes introduced in iOS 15 is Record App Activity. The feature does exactly what it sounds like: it logs app activity. It can tell you when an app has accessed photos and other media, the camera or microphone, location data, and contacts. It also keeps a record of what domains an app has accessed, and how many times each domain was accessed.
The point of all of this logging is to let users know what apps are really doing on their devices, so they can make informed choices about which apps to keep … and which to delete.
However, the feature isn’t enabled by default. If you want to turn it on, go to Settings > Privacy > Record App Activity. And then? Savor the moment as you turn the tables on all of those apps that have been recording your activity for so long!
A buggy round of updates?
We’ve mostly talked about the iOS 15 updates, because that’s where the bulk of the security and privacy changes are.
But as we mentioned at the start, Apple updated more than just iOS. There were a dozen security fixes in watchOS 8, almost as many in tvOS 15, and a handful of fixes in Safari 15 as well.
That’s a lot of update activity at the same time. Perhaps unsurprisingly, not everything went as planned.
iDownloadBlog says some iOS 15 users are seeing a Settings message warning them that they’re nearly out of storage space. Spoiler: they aren’t. It’s annoying more than anything else, since deleting data and factory resets won’t get rid of the messages. If you’re seeing this notification, you’re probably going to have to wait for Apple to release a patch.
The iOS 15 update has also made some users’ AirTags invisible in the Find My app, Apple Insider reports. They recommend that AirTag owners look in Find My to make sure that everything is still there. If you are missing an AirTag, you’ll need to reset it in order to make it show up again.
We assume that Apple will fix these issues quietly at some point in the near future. However, if there’s an update that you will need to install, we’ll be sure to let you know!
For more Apple news and how-tos, visit The Checklist archives. If you have a question about Apple security, please write to us and let us know! We may answer it on an upcoming edition of the podcast.