{"id":18676,"date":"2022-04-05T08:30:05","date_gmt":"2022-04-05T16:30:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/04\/05\/news-12409\/"},"modified":"2022-04-05T08:30:05","modified_gmt":"2022-04-05T16:30:05","slug":"news-12409","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/04\/05\/news-12409\/","title":{"rendered":"Apple quietly stops meaningful auto-updates in iOS"},"content":{"rendered":"

<\/p>\n

Credit to Author: Evan Schuman| Date: Tue, 05 Apr 2022 09:14:00 -0700<\/strong><\/p>\n

In the mobile world pitting Apple\u2019s iOS devices against Google\u2019s Android devices, Apple has historically had one distinct advantage: patches and updates.<\/span><\/p>\n

Given the fragmented nature of Android (hundreds of handset manufacturers versus just one for iOS), it is simply far easier for Apple to quickly and efficiently push out updates in a way that allows a large percentage of users get updates quickly. That has been true regardless of whether its new functionality or a critical security patch.<\/span><\/p>\n

So what’s the problem? Craig Federighi, Apple\u2019s senior vice president of software engineering, has quietly said that Apple has dramatically slowed down auto updates \u2014 by as much as a month.<\/span><\/p>\n

In a <\/span>Reddit conversation with <\/span>user Mateusz Buda<\/span><\/a>\u00a0\u2014\u00a0it was <\/span>first reported by Forbes<\/span><\/a>\u00a0\u2014\u00a0Federighi said: \u201cWe incrementally rollout new iOS updates by first making them available for those that explicitly seek them out in Settings. And then 1-4 weeks later \u2014 after we\u2019ve received feedback on the update \u2014 ramp up to devices with auto-update enabled.\u201d<\/span><\/p>\n

In short, despite activating auto-update, users may wind up waiting a month for a security patch unless they dig into settings every day on the off chance there\u2019s an update to be found.\u00a0<\/span><\/p>\n

This raises so many questions and some very serious concerns for IT and security admins whose users work with iPhones and iPads for business.\u00a0<\/span><\/p>\n

First, doesn\u2019t this directly contradict the implied intent of auto-update? Users select this option so that they are best protected. The users who are willing to wait are the ones that would have never chosen auto-updates.<\/span><\/p>\n

By the way, auto-updates themselves are not necessarily the safest route. Apple updates have a history of doing bad things to iOS devices. It wouldn’t necessarily be a bad IT policy to deliberately not install the latest updates and to wait to see whether a new update causes things to blow up. Why be a guinea pig if you don\u2019t have to, right? That said, this can be dealt with by delaying things a day or two, not for a month.<\/span><\/p>\n

Not flagging security patches is a tremendous problem. Once a security hole is discovered, bad guys move in immediately, hoping to steal or disrupt what they can before the world patches the hole. Apple creating a patch and keeping it quiet \u2014 in terms of lagging auto-updates \u2014 is nothing shy of reckless.<\/span><\/p>\n

This means IT (or someone who focuses on security) must check every day for updates and then choose whether to blast message\/email that news to all users. That would be fine had IT instructed users to <\/span>not<\/span><\/i> accept auto-update, but for those who wanted users to choose auto-update, it is decidedly not good.<\/span><\/p>\n

From a marketing perspective, Apple is hurting itself. One of the key security arguments for Apple\/iOS over Google\/Android has been faster updates\/patches. Apple is handing Google\u2019s Android a great marketing win by undermining one of Apple\u2019s best advantages and differentiators. And by not publicly announcing this on their homepage and via a news release, Apple comes across as hiding this and deceiving their users. Admitting this in a Reddit chat seems an odd way to tell people.<\/span><\/p>\n

In effect, Apple is turning its more security-conscious users into beta-testers. It seems to be deliberately discouraging most people from patching, so Apple can catch bugs missed internally. That\u2019s a beta program. People expect to be invited to do that and told that they are doing that.<\/span><\/p>\n

There is a compromise move that Apple could have considered: place a blatant red alert on the devices announcing that there is an update available, which Apple sometimes has done. But it won\u2019t install without the user taking explicit action. This saves users and IT the effort to search for possible updates, while also not installing the updates automatically for a month.<\/span><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Evan Schuman| Date: Tue, 05 Apr 2022 09:14:00 -0700<\/strong><\/p>\n

\n
\n

In the mobile world pitting Apple\u2019s iOS devices against Google\u2019s Android devices, Apple has historically had one distinct advantage: patches and updates.<\/span><\/p>\n

Given the fragmented nature of Android (hundreds of handset manufacturers versus just one for iOS), it is simply far easier for Apple to quickly and efficiently push out updates in a way that allows a large percentage of users get updates quickly. That has been true regardless of whether its new functionality or a critical security patch.<\/span><\/p>\n

So what’s the problem? Craig Federighi, Apple\u2019s senior vice president of software engineering, has quietly said that Apple has dramatically slowed down auto updates \u2014 by as much as a month.<\/span><\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[2211,10554,714,24580],"class_list":["post-18676","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-apple","tag-mobile","tag-security","tag-small-and-medium-business"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18676","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18676"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18676\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18676"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18676"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18676"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}