Month: February 2019

Nick Bastone, Business Insider:

In early February, Google announced that its home security and alarm system Nest Secure would be getting an update — users could now enable its virtual assistant technology, Google Assistant.

The problem: Nest users didn’t know a microphone even existed on their security device to begin with.

The existence of a microphone on the Nest Guard (which is the alarm, keypad, and motion sensor component in the Nest Secure offering) was never disclosed in any of the product material for the device.

On Tuesday, a Google spokesperson told Business Insider the company had made an “error.”

I completely believe Google here; a deliberate failure to acknowledge an embedded microphone would be monumentally stupid to a degree they don’t usually approach. Of course, deciding which of Google and Facebook are better on privacy is a bit like trying to decide which species of flesh-eating bacteria is more wonderful to have, but Google isn’t quite the “digital gangster” that Facebook is.

Nevertheless, this is the kind of thing that makes me paranoid of smart home devices. If I owned one of these things and found out that the world’s biggest advertising company hid a microphone in my home for a year, I’d be livid. Wouldn’t anyone?

Steve Kovach, CNBC:

As iPhone sales continue to sink, Apple has made several key moves over the last year as it prepares new offerings to juice growth elsewhere in the business.

If you’ve been listening to CEO Tim Cook’s comments on earnings calls and in interviews recently, none of this should come as a surprise. The company has stopped reporting iPhone unit sales figures, and instead talks more about its growing base of active devices, which the company says can be used to squeeze out more revenue through its digital services like Apple Music, App Store sales and extra iCloud storage.

But it’s not just about those subscription services. Apple has made several shifts in recent months that signal its preparing to move beyond the iPhone in other ways, such as artificial intelligence, the growing smart home market and digital health monitoring.

A framing device I’ve seen a lot amongst tech analysts and journalists since Apple revised its first-quarter earnings forecast is the idea that the company’s increased push into services and other parts of its business is correlated with — or even because of — lower iPhone sales. I think this is a myopic view of the company’s products.

Let’s think about this in the inverse: I don’t see anyone seriously making the argument that Apple would not have increased their investments in services and machine learning if iPhone sales continued to grow.

More to the point, many of these service offerings were rumoured for a long time. Steve Jobs was asked about an Apple Music-like service in 2007. Apple’s apparently-forthcoming Netflix competitor has been rumoured for years. Even their long-rumoured car project was reported as being approved around the same time that the iPhone 6 was launched.

These projects all take lots of time; they are not a result of less-dramatic iPhone sales figures. Apple has been highlighting their subscription services more for a few years now and, in that time, they had their biggest-ever quarter, largely on the back of iPhone revenue. Based on all of this, the most likely reason that Apple is rumoured to be on the cusp of launching new services is simply because they’re ready now. Is this release time frame any different than it would have been if their most recent holiday quarter had surpassed expectations instead of falling short of Apple’s forecast? I don’t think there’s any evidence that supports that.

Timothy Lee, Ars Technica:

Amazon is canceling its controversial plan to build a new corporate campus in the Long Island City neighborhood of Queens. The plan, which included almost $3 billion in subsidies and tax breaks, provoked a grassroots backlash.

“The commitment to build a new headquarters requires positive, collaborative relationships with state and local elected officials who will be supportive over the long-term,” Amazon said in a statement. “While polls show that 70 percent of New Yorkers support our plans and investment, a number of state and local politicians have made it clear that they oppose our presence and will not work with us to build the type of relationships that are required to go forward with the project.”

Barry Ritholtz:

Man, so many people are getting this wrong. No, Amazon did not pull out of the NYC deal — and a lot of people have done a terrible job trying to explain this.


Amazon should have been less mercenary. The world’s wealthiest man running The world’s most valuable company does not need to have everyone else subsidize a for-profit firm.


As a fire-breathing Wall Street working capitalist, allow me to share my crazy idea:

Build your own fucking HQ on your own goddamned dime.

Vishaan Chakrabarti, in an editorial published by Buzzfeed News, was one of the few voices I saw dissenting from the widespread praise for Amazon’s decision to discontinue its New York plans:

Nobody comes out of this looking good: Amazon, city and state politicians and the deal’s proponents and opponents all could have done a better job explaining its pros and cons. But the most worrisome group — and those who now need to be held accountable — are those who simply want no growth at all, believing that New York will somehow thrive forever regardless. Many of them have benefited from the city’s booming economy or rent regulations, and now they want to shut the door behind them. Put simply, they are playing with fire, and it is the rest of us who must either collectively stand up to them, or prepare to get collectively burned.

I think Chakrabarti’s piece is worth contemplating, but I disagree with its premise. I didn’t see a lot of opposition to Amazon’s plans for a New York office strictly or even primarily based on worries about growth. However, what I did see was ample concern about the way this project was handled. Amazon’s public nationwide RFP was a cruel joke, and applicant cities pitched the company in opaque, questionable ways. And this whole process occurred as the public increasingly began to question both enormous tech companies and development incentives.

If Amazon wants to try again, they should. I bet New York would welcome their office like they have Apple’s and Google’s — both of which have expanded in the city. But they do not need a multibillion-dollar incentive package.

Matthew Gardner of the Institute on Taxation and Economic Policy:

The company’s newest corporate filing reveals that, far from paying the statutory 21 percent income tax rate on its U.S. income in 2018, Amazon reported a federal income tax rebate of $129 million. For those who don’t have a pocket calculator handy, that works out to a tax rate of negative 1 percent. The fine print of Amazon’s income tax disclosure shows that this achievement is partly due to various unspecified “tax credits” as well as a tax break for executive stock options.

This isn’t the first year that the cyber-retailing giant has avoided federal taxes. Last year, the company paid no federal corporate income taxes on $5.6 billion in U.S. income.

This is solely at the federal level, but it is nevertheless shameful for one of the world’s largest and richest companies.

TBWA Worldwide announced Clow’s retirement in a press release:

“Think Different (Here’s to the Crazy Ones).” “Dogs Rule.” “Yo quiero Taco Bell.” “Keeps Going and Going.” “Impossible Is Nothing.” “That’s G.” Lee Clow, the visionary creative who touched the hearts of consumers and revitalized brands with iconic advertising campaigns, is retiring.

The Global Director of Media Arts at worldwide advertising collective TBWA, and founder and Chairman of TBWA\Media Arts Lab, will move into an advisory role as Chairman Emeritus of the agency he founded in 2006 to serve Apple and to embody his vision of an agency that impacts culture, rather than just “makes ads.”

Clow’s storied career speaks for itself. He worked on over thirty years’ worth of Apple ads, from the “1984” spot to the “1.24.14” ad shot entirely on iPhones. Truly a legend.

I think this method, written up by Kyle Seth Gray, is probably the best and easiest way to add additional developer accounts to an iOS device. It’s even better than the method I shared yesterday. It’s also a method I haven’t seen documented officially.

This new two-factor authentication requirement for developer accounts feels like it was rushed and poorly communicated.

Jason Snell, writing in 2016 about the tendency of public figures to use screenshots of the Notes app to issue statements:

The report that Twitter may be extending character limits reminded me of a Notes-related trend I noticed once again over the holiday break. When you want to tweet out a long message to your followers, but you’re on your iPhone, what do you do?

Apparently you type up a message in the Notes app, take a screen shot of it, and then post the image in a Tweet.

Bobby Finger, writing in Jezebel the same year, collected several examples of celebrities and organizations doing this:

Apple’s Notes app is an essential supplement to any social media account run by a celebrity. No other text editor makes it easier to share your words with the world — if only because it’s always there, synced to all your Apple devices.

Lindsey Weber, writing for the New York Times earlier this year about how the Notes app is used for apologies:

The reasons for writing these Notes notes vary, but oftentimes they are mea culpas for public errors. Armie Hammer apologized with a Notes app note for criticizing his peers for posting grief selfies after Stan Lee’s death (“I want to apologize from the bottom of my heart and will be working on my Twitter impulse control”). Kendall Jenner apologized for her clothing line’s insensitive use of the Notorious B.I.G.’s and Tupac Shakur’s likenesses (“we are huge fans of their music”). Logan Paul apologized for videotaping a dead body in Japan (“I intended to raise awareness for suicide and suicide prevention”). Cardi B notably did not apologize for secretly marrying Offset (“at least ya can stop saying i had a baby out of wedlock”). Ariana Grande once apologized for licking a doughnut (“I will strive to be better”).

David Mack, writing for Buzzfeed News today (capitalization his):

This benign app isn’t usually used for matters of national or international consequence — until Thursday, that is.

White House press secretary Sarah Sanders used Twitter to share the news, via the trusty Notes app, that the president was going to declare a national emergency.


Appropriately enough, Mack’s article is written in several segmented screenshots of the Notes app. Unfortunately, that means that I had to retype the above in order to quote it. And, if you use text-to-speech software, you won’t be able to listen to this article as none of the alt tags are filled in.

Apple sent this email to developers today:

In an effort to keep your account more secure, two-factor authentication will be required to sign in to your Apple Developer account and Certificates, Identifiers & Profiles starting February 27, 2019. This extra layer of security for your Apple ID helps ensure that you’re the only person who can access your account. If you haven’t already enabled two-factor authentication for your Apple ID, please learn more and update your security settings.

Brent Simmons:

I have two accounts — one for personal use, one for development use — and so do lots of developers.

I don’t know how to make this work. None of my devices are ever signed in to my developer account. That account exists purely for building and distributing apps.

I also have separate personal and developer Apple IDs, and my personal ID is already set up with two-factor authentication. Unlike two-factor verification, one device can be associated with multiple Apple IDs for authentication purposes. However, as far as I can tell, this quickly becomes complicated.

To register an iOS device with two-factor authentication, you must sign out of your personal Apple ID at the system level, which means you’re signing out of iCloud. This is a highly disruptive action. On a Mac, it’s much easier, because you can associate different MacOS users with their own Apple ID. So, the best recourse to set up two-factor authentication is probably to create a separate user account on your Mac, set it up with your developer Apple ID, and then follow Apple’s directions.

But then what? Two-factor authentication codes are sent to trusted devices signed into a particular Apple ID. So you can receive two-factor authentication codes for your developer Apple ID on your Mac when you’re logged into that specific account, but that account won’t be logged into your personal Apple ID’s features, like iMessage or Apple Music. Most solo or small team developers probably have a setup similar to Simmons’, where the developer Apple ID is just for development and nothing else. And that still doesn’t answer the question of how this is supposed to work for iOS devices, where switching between iCloud accounts is more-or-less a destructive action.

Apple is giving developers just two weeks to get two-factor authentication enabled on that account. If you, like me, are required to make other Apple ID account changes prior to setting up two-factor authentication, you should be aware that there is a three day waiting period after making those changes before you can enable two-factor authentication.

I’ve asked Apple about some of this and hope to hear back shortly. So far, I don’t think this requirement has been communicated very well, and I think it’s going to cause a lot of developers some headaches over the next two weeks.

Update: Jonathan Tarud points out that signing out of the Apple ID on the developer MacOS user account created to set this up will cause two-factor authentication to fall back to SMS verification. That isn’t elegant at all.

Anousha Sakoui and Mark Gurman, Bloomberg:

Apple Inc. is planning to unveil video and news subscription offerings next month, the first major new digital services from the company since 2015.

The Cupertino, California-based technology giant is planning a March 25 event to announce both services, according to people familiar with the plan. The iPhone maker invited Hollywood stars, including Jennifer Aniston, Reese Witherspoon, Jennifer Garner and director JJ Abrams, to attend, one of the people said.

This corroborates and builds upon John Paczkowski’s report yesterday, indicating that a video subscription service is likely also in the cards. Jennifer Aniston and Reese Witherspoon created and star in “The Morning Show”, Apple’s first foray into scripted original programming.

Dieter Bohn, the Verge:

You can’t turn on a screen anymore without wondering who is profiting from what your eyeballs are seeing. Eero didn’t really participate in that and Amazon does. So it’s assumed that nothing good can come of Amazon getting yet another potential treasure trove of personal data.

And it could absolutely be a treasure trove. Short of handing over the PIN for your phone or the password to your Snapchat account, there’s not a much more intimate set of information about you than what your Wi-Fi router knows. It knows when you’re home and when you’re away. It can suss out what websites you visit (before the SSL kicks in, anyway) and how many movies you’re streaming.

A few years ago, this would feel like a completely irrational concern. But we’re now living in an age where Facebook acquired a VPN to spy on its users’ activities; then, after Apple kicked it out of the App Store for violating its rules on allowable levels of creepiness, Facebook decided to work around Apple’s rules and pay users — including teenagers — to use it. Amazon traffics in similar practices of mass data collection, so it is truly a legitimate worry that they may — though not “at this time” — explore ways to coax users into giving up their household’s web traffic.

Panic on Twitter:

Many of you noticed a new Coda on the scene — a reimagined document that just launched at — and were concerned about their name. Thanks for looking out for us! We’ve worked with them and resolved the collision — they are Coda and it’s ok.

The big twist: that also means the massive update to Panic’s Coda currently in the works will not be called Coda!!? (It actually makes a lot of sense — it really is a whole new app.) We’ll post some details on this exciting new thing in a few weeks. 2019 is gonna be fun!

Via Jason Snell:

As for, it’s a startup that launched publicly last year that’s billed as a “new kind of productivity doc,” sort of a document that’s also a database that’s also a word processor. It’s a floor wax and a dessert topping.

This is something that Panic hinted at in their 2017 company report:

A lot has changed in the web development world since we first started working on Coda, not the least of which is a new set of really capable (and often free) competitors.

To catch up to today, we had to take a dramatic step. We’ve been informally calling it Coda Next during production. (We may even rebrand the product entirely, since it’s a dramatic step forward from today’s Coda.)

Call me crazy, but “Coda Next” — or, even better, just “Next” — sounds great as the name of a truly next-generation web development environment for Mac users.

John Paczkowski, Buzzfeed News:

Apple has settled on a date for its first big product announcement of 2019. Sources tell BuzzFeed News that the company plans to hold a special event on March 25 at the Steve Jobs Theater on its Apple Park campus. Headlining the gathering: That subscription news service that has been all over the news today. Unlikely to make an appearance: next generation AirPods, or that rumored new iPad Mini.

Sources described the event as subscription services focused, but declined to say anything about Apple’s standalone video streaming service which is also rumored to debut in 2019. Earlier this year, The Information reported that Apple had told studios and networks to prepared for an April launch.

Nothing is impossible, but I would be very surprised if Apple News were the sole focus of this announcement, and if its terms are at all similar to the fifty-fifty split that the Wall Street Journal reported today.

I think MacRumors has one of the best reporting teams around, but I think this story by Joe Rossignol — bearing the headline “WWDC 2019 Dates Confirmed: June 3-7 in San Jose” — misses the mark:

While we were already confident the WWDC 2019 dates would fall on June 3-7, we confirmed with a source that a large annual event of some kind will be taking place during that week at McEnery. Meanwhile, the second and fourth weeks of June are ruled out due to the already-announced O’Reilly Velocity conference on June 10-13 and the Sensors Expo on June 25-27 at McEnery.

In our continued research, we discovered that San Jose requires permitting for large public events such as Apple’s WWDC Bash, which took place at the Discovery Meadow park next to McEnery in 2018.

Following that thread, we unearthed a 2019 events calendar from the City of San Jose’s Office of Cultural Affairs that lists this year’s WWDC Bash at Discovery Meadow on the evening of Thursday, June 6. The event is named “Team San Jose 2019 WWDC” and is organized by “Apple.” An identical WWDC entry was listed in the Office of Cultural Affairs’ 2018 events calendar for the actual WWDC 2018 Bash.

This is great detective work, but I think the use of the word “confirmed” throughout this article and in the headline is misleading. The dates for WWDC are not confirmed until Apple announces them. At best, all independent evidence points to the first week of June as WWDC week in San Jose.

If you are confident in MacRumors’research, I’d start looking for refundable hotel reservations now. Prices on travel websites are already up compared to yesterday, when I last checked; once Apple announces the dates officially, you know they’ll just keep climbing.

Dr. Drang:

What bothers me most, though, is that transparency has no real meaning on the Mac. It’s just decoration, not tied to any spatial sense that we expect from our experience with the physical world. For example, if you start typing in the URL field in Safari, the menu of suggestions that extends down from the URL field takes on a lighter version of the Desktop color, basically the same “semi-transparent” color in the background of the Dock.

This is ludicrous. This menu isn’t directly in front of the Desktop, it’s in front of the browser window (which is white because I was on Google’s home page when I took the screenshot). There is no reason for it to look like you’re seeing through it to the Desktop. That it looks that way screws up the sense of layering, especially since it still has that shadow around its border.

This post, more or less, has been in my drafts folder for months because it’s the kind of thing that, as soon as I noticed it, I could not dismiss it. It’s a dagger through my eye.

For what it’s worth, I don’t necessarily share Drang’s complaints with transparency more generally on the Mac; I think it’s more decorative than helpful, but it’s fine. But I keep the “Reduce Transparency” setting switched on mostly because I prefer a solid background for the menu bar. The resulting layering and compositing doesn’t make any spatial sense and, especially with a saturated desktop picture, is often jarring.

Sarah Perez, TechCrunch:

Apple’s push to get developers to build subscription-based apps is now having a notable impact on App Store revenues. According to a new report from Sensor Tower due out later this week, revenue generated per U.S. iPhone grew 36 percent, from $58 in 2017 to $79 last year. As is typical, much of that increase can be attributed to mobile gaming, which accounted for more than half of this per-device average. However, more substantial growth took place in the categories outside of gaming — including those categories where subscription-based apps tend to rule the top charts, the firm found.


As usual, mobile gaming continued to play a large role in iPhone spending. In 2018, gaming accounted for nearly 56 percent of the average consumer spend — or $44 out of the total $79 spent per iPhone.

The next-biggest categories for spending were Entertainment, Music, and Social Networking — each averaging under $10 per iPhone. It blows my mind that users will spend an average of over forty bucks a year on games; equally, that non-game apps are often on the receiving end of user backlash for daring to charge a flat rate of five or ten dollars. Would it be more acceptable to charge a dollar per month? I would hate if most of the paid apps I use daily switched to that model.


Amazon and eero today announced that they have entered into a definitive merger agreement under which Amazon will acquire eero. eero’s home mesh WiFi systems set up in minutes and blanket every room of a customer’s home in high-performing, reliable WiFi. eero is already delighting Amazon customers with its products and services, as indicated by eero’s 4.6-star product rating on

Every time there’s hot news in the WiFi router space — which, granted, is kind of an oxymoron — I remain mystified that Apple chose to stop making their own, especially in an age of increased consumer awareness of digital privacy and the growing “smart home” market.

Kashmir Hill, Gizmodo:

Critics of the big tech companies are often told, “If you don’t like the company, don’t use its products.” I did this experiment to find out if that is possible, and I found out that it’s not—with the exception of Apple.

These companies are unavoidable because they control internet infrastructure, online commerce, and information flows. Many of them specialize in tracking you around the web, whether you use their products or not. These companies started out selling books, offering search results, or showcasing college hotties, but they have expanded enormously and now touch almost every online interaction. These companies look a lot like modern monopolies.

Since the experiment ended, I’ve resumed using the tech giants’ services, but I use them less. I deliberately seek out alternatives to do what I can, as a consumer, not to help them monopolize the market.

This experiment was pretty extreme, but it shows the amount by which these companies — but, in particular, Google and Amazon — have gained control over the web. It also illustrates just how little Apple exercises theirs. For a company that has often been criticized for platform lock-in and its lack of so-called “openness”, Apple sure does offer consumers a lot of choice: either you buy their stuff, or you don’t. You can’t really say that about the other major tech firms.

Adam Engst of TidBits is mad as hell about autoplay:

The auto-play offense that has pushed me over the edge is Netflix’s Apple TV app, which auto-plays previews for movies and TV shows as you browse through Netflix’s library. Within 3 seconds of when you navigate to a show’s icon, it starts playing a preview for the show, complete with audio. It’s difficult even to read the show’s description in that amount of time, much less reflect on whether you might want to watch the show. As soon as the audio starts, it interrupts whatever thoughts might be going through your head (Josh Centers made this example video; it shows what he hears as his 5-year-old browses).

This behaviour drives me absolutely nuts. It drives everyone I know nuts. And here’s the thing: Netflix knows it drives people nuts. Last year, Dan Jackson of Thrillist cited several pieces pointing out just how awful and irritating and downright shitty this feature is. There’s a Twitter account dedicated to the terribleness of Netflix autoplay.

But there’s nothing we can do about it because I guess whatever metrics they use to measure engagement or whatever are overriding common sense and basic decency. Short of unsubscribing, it seems we’re stuck with this because Netflix simply won’t listen to the complaints of their users.

Kiran Stacey, Financial Times (via Lindsey Barrett):

Companies such as AT&T and Verizon had argued for years against net neutrality rules that forced them to treat all internet traffic equally. The companies said that without such restrictions, they would be able to charge companies more for delivering their internet traffic faster, bringing in money they could use to invest in their networks.

In late 2017 Ajit Pai, the Trump-appointed FCC chairman, announced his organisation would repeal the rules, in one of the most significant pieces of deregulation undertaken by the Trump administration.

Mr Pai said at the time the previous rules had “depressed investment in building and expanding broadband networks and deterred innovation”.

However, the 2018 figures suggest that the change has not led to an immediate investment boom.

Following the introduction of the net neutrality rules in 2015, the big four telecoms companies increased overall capital spending in both 2016 and 2017. Last year, however, investment slipped by 0.4 per cent.

Remember how, just after net neutrality laws were introduced, capital expenditure actually rose? And then how, after those rules were repealed, the telecommunications lobby and Ajit Pai went back in time to ascribe those capex increases to the repeal? Well, now we’ve reached the logical conclusion of this story, where it’s revealed that the capex argument was, of course, complete bullshit all along.

To be clear: I’m fairly certain net neutrality laws have virtually no impact on capital expenditure by ISPs, as stated in Stacey’s article:

Craig Moffett, a telecoms analyst and founding partner at MoffettNathanson, said: “You have to ask whether any sane person would make long-term investments based on a change in FCC policy, especially one that is subject to so much legal and political volatility.”

Mr Moffett estimates the industry will increase its capital spending by 3.3 per cent this year, something he called “relatively restrained” given the favourable tax and regulatory regime the Trump administration has tried to put in place.

Capex will go up and down based on actual demand for broadband, expansion plans, new technologies — Sprint cited 5G rollout for its 2018 increase in capex — and equipment replacement.

So why did Pai and the rest of the Republican commissioners vote to roll back net neutrality rules? Karl Bode, writing in Techdirt in 2017, before the repeal of the laws:

At the heart of the sales pitch for this “modernization” of the FCC and killing of net neutrality rules? An ocean of farmed industry data insisting that net neutrality protections stifle broadband investment, damage the self-esteem of children, harm puppies, and threaten to (rip the Earth off of its orbital axis*. All magically fixed, of course, if we free some of the least-liked and most anti-competitive companies in America from regulatory oversight and public accountability.

In short: an ideologically-compulsive disregard for regulation, even if those regulations are sensible, widely-supported, and necessary in an age of an unrestrained anticompetitive merger and acquisition environment.

Jezz Bezos writing on Medium:

Something unusual happened to me yesterday. Actually, for me it wasn’t just unusual — it was a first. I was made an offer I couldn’t refuse. Or at least that’s what the top people at the National Enquirer thought. I’m glad they thought that, because it emboldened them to put it all in writing. Rather than capitulate to extortion and blackmail, I’ve decided to publish exactly what they sent me, despite the personal cost and embarrassment they threaten.


In the AMI letters I’m making public, you will see the precise details of their extortionate proposal: They will publish the personal photos unless Gavin de Becker and I make the specific false public statement to the press that we “have no knowledge or basis for suggesting that AMI’s coverage was politically motivated or influenced by political forces.”

If we do not agree to affirmatively publicize that specific lie, they say they’ll publish the photos, and quickly. And there’s an associated threat: They’ll keep the photos on hand and publish them in the future if we ever deviate from that lie.

I am not a big Jeff Bezos or Amazon fan — though I am a Washington Post subscriber — but this is such a great move. I can’t imagine a worse person to blackmail than someone who has the power and means to dig dirt forever, especially by a shady tabloid with potentially deep political ties that they would rather not be exposed. By the way, Bezos apparently published this without giving his lawyers a heads-up.

Luppe B. Luppen, who goes by “southpaw” on Twitter, pointed out that A.M.I. agreed last year (PDF) to, among other conditions, not commit any crimes in order to avoid prosecution, as a reward for their cooperation in connection with keeping quiet a story about Donald Trump’s affair with a model to influence the election.

Anyway, A.M.I. is a terrible company and I hope, by overplaying their hand, they get buried.



Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer

Description: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management.

CVE-2019-6223: Grant Thompson of Catalina Foothills High School, Daven Morris of Arlington, TX

I owe readers a correction. The way this bug presented itself caused me to think that video and microphone data was being transmitted from the device before the recipient answered the call. Apple’s phrasing in the “Impact” section here means that I misinterpreted how this bug behaved.

There are three additional security fixes in this update, including one for a vague vulnerability when using Live Photos during a FaceTime call. Apple says that customers who have not applied this security update will not be able to use Live Photos during a FaceTime call.

Juli Clover, MacRumors:

Apple has apologized for missing [the first reports of this bug] and has vowed to improve its bug reporting system to make sure future bug reports are distributed to the right people. Apple will be compensating the Thompson family for finding and reporting the bug, and Apple will be providing an additional scholarship to be put towards Thompson’s education.

Kudos. While they’re at it, Apple should also reward Linus Henze for the bug he found in the MacOS Keychain.