Apple continues to support OS updates on the iPhone 6s, a device released almost 6 years ago. Nor is it reserved for their flagship models - the 2016 iPhone SE also gets the latest and greatest.
Meanwhile, my flagship android phone from 2018, the Samsung Galaxy S9, is stuck on the last version of Android. At least it still gets security updates, some manufacturers don't even go that far.
If in October 2013 you bought a just released Google Nexus 5, you would have had official updates until December 2016. At the end of support, you could have then bought the recent Google Pixel (1). And you would have had official updates until December 2019. A little over 6 years out of two devices is as good as it gets on Android, at least it's as good as it got in the mid-late 2010s.
If in October 2013 you bought a just released iPhone 5S, you would have had official updates until - apparently - June 2021. Three months ago. Assuming that was really the last security update to iOS 12.
An official Apple device has received one and a half year's worth more updates than two official Google devices put together. The difference between Android support and iOS support is insane.
It's easy to point out that you'd probably need to get your battery fixed at least once to make a 5S last that long, and in 2021 it won't be any fun to use. The people that want to make things last have had the option though, and that's what's important. And with Moore's Law being dead and buried, it's going to be a lot easier to get things to last, too.
If you bought a Nexus 5X or 6P, your device eventually bricked itself due to overheating literally melting the solder connections between the CPU and mainboard. Software support isn't the only thing Android vendors are skimping out on.
>As time went on, many began to experience bootloops and random shutdowns, including myself. If you happened to order the Nexus 6P from the Google Store, you might have gotten lucky and been given a replacement Pixel phone.
However, for many of us, we were simply left with a brick of a useless phone with no resolve.
I have a lot of older relatives that love the "hand-me-downs" of older iPhones and other i-gadgets. They're not power users, they just want to FaceTime with their grandkids and take photos of the flowers they grew in their yard.
This is one reason I pay the Apple premium: as a family, we get a lot more mileage out of the devices. Also, I don't have to stress about security, because I know they will be protected by updates and cloud backup for years and years to come.
>If in October 2013 you bought a just released Google Nexus 5, you would have had official updates until December 2016.
Wait a second are you sure about that? The last official version released was 6.0.1 which was released in October of 2015.
I remember this because the Nexus 5 was the phone that finally sealed the deal for me in leaving the Android ecosystem for good.
These "engineers" on the Android team did not QA their software so when I upgraded to 4.4.4, it broke the camera such that every video I recorded had messed up garbled audio. It totally ruined a special eurotrip where I had taken tons of video. I guess it was my mistake for trusting Google enough to update right before the trip started.
Anyway seeing that there is a section on Wikipedia devoted to all the hardware/software issues of the Pixel line, I think I made a wise choice to stop wasting my time with this ecosystem.
Went to a used iPhone 5S and ended up using that phone for 5 years. Was the best phone I ever owned.
So those seem like backported security updates. This is different from iOS where they receive the full OS system update, including new features (unless a required piece of hardware is missing, ie. Force Touch)
To be fair to Google and Apple, the iPhone 5S has also only had security updates since 2018. They did add contact tracing features, but so did Google through the Play Store.
iPhone 5S started on iOS 7 released on September 20, 2013 and received a full upgrade to every version of iOS up to and including iOS 12 when it was dropped in iOS 13 in 2019. After that happened, Apple went back and backported security fixes to iOS 12 with the latest release in June of 2021.
Thats 6 years, 5 days of "full updates" if you consider the release day of iOS 13 to be the end of life support.
My daughter inherited my 4S from 10 years ago that was sitting in the drawer for 6 years now since I got my 6s (the week it came out, oct 2015). She’s bot yet 12.
The 4S never had a screen or battery change. It’s battery doesn’t last long with YouTube or video calls, but if charged at night and used for emails and voice calls, will last the whole day. It is perfectly usable, can do FaceTime etc.
We will need to replace it soon, though. Her school buddies all use WhatsApp which is no longer supported on iOS 9 (the latest on 4S).
I wouldn’t let her use it much longer for lack of security updates. The hardware - and even battery - are still usable at 10 years. Almost pleasant, even. Best form factor ever.
While I agree completely with the idea, I have trouble deciding how secure the 5S should be considered. I couldn’t find anywhere Apple state the level of support, and it seems to receive some security patches but not others. Did the June update patch all known vulnerabilities at that point? Is it now insecure again since it did not receive a patch for ForcedEntry?
The 6S/SE might be better examples? iOS 15 is now available on both.
It's ironic that unofficial builds have been able to support these devices so much longer than their makers. LineageOS has done great things. And Amazon has shown that longer support is possible. The Kindle Fire HDX, released on September 25, 2013, and still somehow their best tablet, received its last security update on November 3, 2020.
Here’s the thing with unofficial Android upgrades: they don’t have complete coverage in their security updates.
LineageOS and Amazon can’t generally provide security updates for older chips. Only Qualcomm can compile new kernels for the Snapdragon 800, say. And Qualcomm stops giving you updates after four years (recent change: it used to be the three).
The updates LineageOS and Amazon and anyone else provides are updates to Android’s open source components. That’s all great - but they’re not complete security updates, and driver issues are a big vector.
This is true, and Qualcomm vulnerabilities have been some of the worst. This makes Google’s shift to custom silicon exciting if they’ll commit to long-term support. We should start thinking of the value of phones in terms of cost per supported year.
> Meanwhile, my flagship android phone from 2018, the Samsung Galaxy S9, is stuck on the last version of Android.
That's inexcusable, and this attitude carried over to security updates is a big reason some corporates left Samsung and went to Apple -- e.g. the A5, a midrange phone comparable with the iPhone SE, lost access to updates when the device was perfectly usable.
Samsung must've felt the feedback, because this year they announced a formal policy on security updates -- too late for the S9, but customers from S10 onwards ought to benefit[1]. They've been a lot better with Android updates on newer phones too -- Project Treble probably played a role.
> Galaxy devices will now receive regular security updates for a minimum of four years after the initial phone release. By extending support for security updates delivered on a monthly, quarterly or biannual basis
The only reason I buy a new phone at this point is because it falls out of security support.
I'm at the point of thinking of ditching the android ecosystem for the apple ecosystem for my next phone precisely because no android carrier seems to want to support devices for much longer than 3 years.
There are no hardware problems which keep me from using the phone, just the lack of software updates.
The other issue is that we seem to be at somewhat of a plateau of phone performance. My pixel 5 is not significantly faster than my old pixel 2XL.
It's worth noting that Apple also sometimes releases security updates for devices that no longer support the latest iOS. For example, Apple released security update iOS 12.5.4[1] on June 14, 2021 for the iPhone 5s and iPhone 6.
But does it really do anything to secure a device that’s past EOL? Or is it a marketing action?
Long official support is absolutely a benefit when looking at smartphones, however, articles keep popping up about Apple basically buying and sitting on vulnerabilities for latest and greatest iOS, because that’s what works economically.
What? Yes, Security updates for eol devices is clearly better than doing nothing. Apple’s externally facing vulnerability management program has a bunch of issues but I don’t see how that is relevant
Better for whom? It’s EOL. Are they just plugging high-visibility issues? That’s not doing anything for individual device’s security. They need a giant INSECURE sign instead of giving that false hope for people: “they might patch me past EOL if it’s bad enough”.
Better for the users and for Apple. "less bad" is another way to put it, but it's the same result. I don't see what you're not getting: one security fix is good, even if there's 3 other huge security gaps. Makes the overall situation less bad (or "better"). You can debate about the magnitude of the improvement, but I really don't see how it can be argued there is no improvement...
Leaving updates up to carriers makes it super hard to test mobile apps. You get a bug where it only happens on Samsung Whatever on Android 11, but the phone you bought for QA hasn't yet gotten that update. So you test on an emulators which, of course, don't reproduce the bug.
We had an issue at my previous company where our mobile game was crashing for like, one user. He had this whatever model of Samsung phone, but we had hundreds of people using that phone and no one else had issues.
Turns out that, despite the model numbers and identifiers being identical, this one phone in this one country in SE Asia had a slightly different GPU setup and there was a bug in the drivers it shipped with that was crashing our game.
So even though we worked with this user for like two weeks to try and figure out why it was just him, it turns out that it was because the Android manufacturer/carrier partnership situation is a gigantic mess for no discernible reason; the manufacturer didn't distinguish between two phones that had technically different specs, and the carrier didn't give a shit enough to ship the updated driver that would fix the issue.
>Samsung must've felt the feedback, because this year they announced a formal policy on security updates -- too late for the S9, but customers from S10 onwards ought to benefit[1].
Well yea. The longer the lifespan of a phone, the higher the resale value, and the higher the retail price you can support. If you want to sell at AAPL prices, you should be able to support devices for AAPL durations.
Quarterly and biannual are still a joke. It's not like Google is keeping all patches and releases them at once without notifying vendors. Nokia was a little known a few years ago for releasing security patches before Google did for their Pixel models. Sadly, this has changed.
Send regards to the Android architecture team at Google. The fact that OS is tightly coupled to the underlying hardware has no justification. Not does the fact that they have not yet reviewed the architecture…
Microsoft managed to sufficiently standardize / commoditize the hardware running Windows to the point where supporting old devices was fairly easy. Android devices have more in the firmware.
This is why I started buying iPhones. The resale value of a device after 2 years of usage is over 50% of the original cost if it's in good condition
OEM quality is all over the place for Android, crapware is standard. It's been 4 years of iPhone for me and the only complaint I have is how bad Apple Maps can be
I bought my iPhone 13 Pro, and there was an option right there on the page to trade in my existing hardware. I chose yes, and, because I bought that phone with my same apple account which I also have linked to the hardware, my phone showed up right there as an option. I tapped on it, said yes it's in good condition, and got like $530 CDN off my purchase.
Could I sell my phone for more than $530? Yes. Is it worth my time to deal with asshats on Craigslist who arrange a time to meet up and then ghost you for three days, just to get a bit more out of it? Nah.
(Despite initially trying to sell it, my iPhone Xs sat on a shelf for two years until someone saw it and said "Hey are you selling that? My phone is dying.")
Presumably that also means that the phone is going to get refurbished, or maybe stripped for parts and recycled by Apple's fancy disassembly robots, which is nice.
I like the interface of Apple Maps, but where I live (Turkey) the map data itself is very limited and buggy. It shows a literally 15-min walk as 2 days 16 hours by taking me through Greece and the islands instead of a simple crosswalk, for example.
I was a big fan when I lived in London, but I recently moved away to a new town that I don't know very well and on Friday it sent me on a 1hr walk that should have taken 25 minutes. When I looked at the route it took me afterwards, it made absolutely no sense at all.
I'm in the US but outside California. I find Apple Maps has better estimates for directions, but Google Maps is much more likely to have small businesses in its data set. I've also had experiences where it makes me drive across the street from my destination/1 block or two away
I want to like it because, as you pointed out, it's a cleaner interface
Yeah. I'm in Austin, which probably means my local data gets more attention than most
They do have a mechanism for filing corrections from within the app, which I've used a couple times and it seems to actually result in fixes, which is great
Hopefully they give more priority to a wider set of areas in the future
I like the zoom level to information ratio a lot on Apple Maps, especially in the UK. It’s not very good in my country so I reluctantly use Waze instead when needed.
Definitely helps to be in a major metro area. Even then, while I think Portland has pretty good detail, it was noticeably improved when I drove through the Bay Area last weekend. When that level of detail is available everywhere (in the US, at least), Google may have something to worry about.
This, exactly, is why I switched to iPhones. The only way Android devices are cheaper is if you run them into the ground and don't upgrade until you must. Invariably they go on 50% off sale within a year for the flagship models, which tanks their resale value. Combined with the utter lack of support more than the first couple years of ownership.
I can upgrade my iPhone every 2 or 3 years and spend a lot less overall. My wallet was always open when I tried to stay current with Android flagships.
I found it too easy to run Android devices to the ground... I've run into boot loop, suddenly dead, too slow after an upgrade, battery starts running too hot, etc. on my android devices. Quality was severely lacking and somehow the devices are priced the same or higher than an iPhone!
That and hardware support for my. When my HTC developed a camera issue -, HTC wanted $200 and a month to fix it. It turned out to be a manufacturing defect and they eventually (after a year) gave me a new one. But by then I had moved to the iPhone.
This is a good approach to many things, computers, cars, phones — there is an enormous premium paid to be the “first to open the box”. If you can rid yourself of that particularly successful marketing trick, you cut your costs boatloads.
It worked out pretty well. Paid ~£300 for a second hand Samsung S7 mid 2017 and it lasted until last month (so ~4 years) where it completely died (stuck on the rebooted and then stuck on the boot screen getting really hot). Somehow it was even still getting occasional security updates, although I think that was just luck.
Currently using a cheap backup device I normally use for app dev while I workout what my plan for the next one is.
It got 2 years worth of feature updates (possibly 3 if it got one before I bought it).
I’m actually typing this on an iPhone 6S that I usually use for app development. I’ve just upgraded it to iOS 15, and honestly it’s still a great phone. UI is very snappy. Probably the best budget phone on the market right now, considering you can get one for ~£70 (I paid £100 a year ago for one that had had it’s battery replaced)
Maybe worth noting that, internally, the first-gen iPhone SE is an iPhone 6s; same CPU, GPU, and RAM. It's missing some hardware features, like 2nd gen TouchID, 3D Touch, hardware image stabilization, and some other minor things, but from a performance/capability perspective it's the same phone.
The screen is identical, though, which is awesome— I was rocking an iPhone 5S and was able to buy for dirt cheap someone's cracked-screen SE and swap the screen over.
I fully intend for my next device to be an iPhone 8 so that I can eventually pull the same thing with an upgrade to the SE 2.
Interesting. If I'm remembering correctly, the SE actually used a worse display than the 5S -- Anandtech's review found that the display calibration matched that of the 5. So I guess I should look for a cheap 5S screen if I want an easy screen upgrade...
It's one of my biggest gripes with Android. At best, I have gotten 2 years of updates (updates which come 8-12 months after the official Android release).
I could, of course, install a custom ROM. But that usually means (in my experience) that not all hardware features work, battery life is worse, I have to install updates myself and I am usually not as confident about device security. Despite these, I used to install and love custom ROMs a lot in college. when I had the time but not anymore.
On my iPad (while it lasted, RIP), I would get updates on the same day as official iOS release. Night and day difference.
I don't think I've even gotten two years of Android updates on any phone. I don't tend to buy my phones right at the release date and it seems most Android phones offer 2 years of updates from the first day the phone was available, not 2 years from purchase/activation.
What led you to not buy the official android phone? Are you aware of it?
Considering all the major non-Google Android phone manufacturers are also the same that manufacture Black Friday TVs that fail on schedule, don't you sense this was a problem not with Android but with your choice of manufacturer?
I assume you're referring to the Pixel/Nexus devices. I've had two, I don't think either got updates after 3 years or so. A far cry from the 6 years that Apple is now offering with the 6S, and the 5 years most of their devices got before that.
I remember my Nexus program devices getting support longer than this. Hopefully we see a change in this trend over the next few years now that phones are generally more powerful and don't age as quickly except by battery degradation.
This is the key reason I'm moving to iPhone. The mobile hardware / software that utilizes it are no longer moving quickly enough to justify buying a new phone every few years for my use case.
Getting meaningful updates for the duration of how long I want to use the hardware for is a huge differentiator to me.
It's so aggravating on the Android side. While a Motorola One 5G Ace might not be a flagship, it came out in 2021 and I'm stuck on Android 10. I don't know if Motorola (who says I should expect Android 11) is the issue or if it's my carrier. Android 11 came out 4 months before the Motorola One 5G Ace came out. A year later, no Android 11.
I guess it's probably even more frustrating if you're paying Apple-like prices for a Galaxy S series device and not getting updates. At least I can think, "well, I got what I paid for."
At the same time, I do have to admit that things got very, very slow on the original SE. Maybe it’s the battery life throttling thing, but just felt at the end of its life, even though the software kept updating.
Probably a deteriorated battery — I’m still using my SE 2016 and it’s still going very strong. But I have replaced the battery twice, once every 2-3 years.
It’s very much worth replacing a battery on year 3 if you’re planning on keeping an iPhone to end of life. Harder to justify on year 5+, but still a real quality of life improvement.
They have slowly been forced to offer longer support, but are still currently at half as many years as Apple.
>One aspect in which Android has always fallen behind iOS is updates, with iPhones receiving as many as six years worth of updates, while some Android phones are lucky to get two years. In this area, Google’s Pixel series have held the crown, offering their phones three full years of updates, including monthly patches and three major Android versions. The original Google Pixel was gradually updated from Android 7.1 Nougat to Android 10 — an extension from the original promise to only offer two major updates.
Usual Android phones' support is bounded by Qualcomm's commitment, which had been 3 years. I think they now have extended it to 4 years though. This is one of the biggest motivation of why Google is developing its own silicon.
(Added) Of course, this doesn't explain why Samsung doesn't provide longer support. And I also don't know the reason but I guess their mobile division perhaps doesn't have enough power to negotiate against its chip division...
Usually get 3 years. Pixel 3 launched in October 2018, and its updates end in about a month. I feel like that's still way too short, and causes many millions of still-usable phones to be trashed or recycled every year. Aftermarket OSes aren't an option for a lot of people, because some apps will refuse to run on an unofficial OS.
A lot of aftermarket Pixels are useless because they have a locked boot loader as well. So even if you wanted to run an unofficial rom, you can't. This has tanked the resale value of these phones, which I'm sure the carriers are fine with.
> Apple continues to support OS updates on the iPhone 6s, a device released almost 6 years ago. Nor is it reserved for their flagship models - the 2016 iPhone SE also gets the latest and greatest.
I'm not sure whether this is a good thing though. After each major update, older devices become less and less usable. I would appreciate security updates, but I'd gladly skip all these new features that make my phone crawl.
You actually have that option now. I don't the specifics (how you do it) but I believe you can choose from two tracks: the traditional "update to iOS15" and "stay on 14 but get security updates". It's new this year though, so who knows how it will work in practice
Also all the updated assumes a 21:9 aspect ratio that started with the iPhone X. Sometimes I can't use apps on the 2016 SE because part of the menu will render off screen or the interface is terrible because the true area of interest gets squashed down to the side of two postage stamps.
My 2012 iPad is stuck on iOS 9 and can't load many websites anymore, such as Reddit, because its Safari version is too old to support the "let" keyword, etc. This is one of two reasons Apple only allows Safari on iPhones. Besides this forced obsolescence, the other reason is that Apple can auction to the highest bidder who is the default search engine on Safari; Googe pays billions to be the default search.
I think it used to be a good thing and people actually like the update. But now they got update fatigue, mostly because updating aren't exactly a smooth process and doesn't actually add any value to their usage.
They should go back to the old style where major OS update happens every two years. Although I am not sure the current Apple understand this.
Why do iOS upgrades past one major version always slow down my devices so much though. It's been such a disappointing waste of system resources.
Personally this is why I tried out Android and have so far stuck with it, (splitting my devices up between two OSes but whatever). So far my Androids get 2 years of bi-monthly security updates and at least 2 major Android releases by manufacturer policy, which is all I've needed, and they don't effectively render my device useless (so far, fingers crossed).
Every major iOS update adds more functionality that consumes more CPU cycles even in the background. Unless something strictly requires new hardware to work, they include the features.
Maybe if Apple refused to support new features on old hardware it would solve this issue, but then you just anger users who are forced to buy new hardware to get a new feature...
Every major iOS update adds more functionality that
consumes more CPU cycles even in the background.
The very best OS updates also revise or replace existing code to run better (more reliably, more securely, more quickly, etc).
The larger issue, in any case, is that Apple prohibits reverting an iPhone to a prior version of iOS.
This inexorably leads users of old devices to one day install that final update that turns their device into a turkey.
At that point the customer buys a new phone, a year or two before they intended, and the old phone, which is too slow to be useful as a back-up device or hand-me-down, goes into a landfill.
Certainly there's a creative workaround for this theoretical bind in which Apple find themselves? Refuse to support OR enable more functionality to the point of wrecking the user experience seems like a suspicious dichotomy.
My 2nd attempt at android was a Samsung Note 5? Or 4? I forget. Anyway when it arrived it was crazy fast!!! Loved it. After 2 months it was annoyingly slow. Reset it. Fast. Downloaded no apps. Got slower and slower. After 1 year I switched to iPhone for the first time (6) never had an issue ever since. (I did have an iPhone 4 at one stage which made me go MS Phone cos the crashing was so bad)
This too, but Apple was caught a while back slowing down older phones at major version updates (their reasoning was to extend battery life / device on time).
It was not just battery life, it was also to prevent phones from spontaneously rebooting.
Apple’s CPUs are very bursty, and that causes them to suddenly draw a large current from the battery. Older batteries cannot handle this so the CPU doesn’t get enough power and reboots. What Apple did was to stop the CPU from suddenly ramping up speed, which means the battery doesn’t have to deal with a sudden spike in power demand and can keep up even if it’s degraded.
This does, of course, slow the phone down as it can’t ramp up as aggressively.
Personally, I don’t, but I was trying to convey a neutral stance. That said, I didn’t like their approach of secrecy and, at least seemingly and anecdotally, doing it when receiving updates rather than over time based on some metric such as battery cycle count. I find this possibly related to their anti-repair practices.
> seemingly and anecdotally, doing it when receiving updates rather than over time based on some metric such as battery cycle count.
You have absolutely no evidence to support this statement.
> That said, I didn’t like their approach of secrecy
Apple is under no obligation to disclose every practice or behavior, especially one which is completely innocuous and benefits the customer with zero downside. The alternative to slowing down the processor to account for increased internal resistance is "the phone crashes", which is exactly what iPhone 6S models did until Apple released the fix in an iOS 10 update.
Several generations of iPhones have been clearly specifically designed to make the battery and screen easy to replace (Apple even uses pull-tab-releaseable adhesives for the battery), and doesn't place the lightning connector on the main board unlike damn near every Android phone; it's an easily replaced module.
The "slowdown" was specifically to increase the amount of time before the phone's battery would have to be replaced. Other manufacturers have done the same.
How strange that this anti-repair anti-consumer company's OS releases support their phones far longer than any other phone manufacturer...
> You have absolutely no evidence to support this statement.
Correct. That’s why I said “seemingly” and “anecdotally”.
> Apple is under no obligation to disclose every practice or behavior, especially one which is completely innocuous and benefits the customer with zero downside.
I didn’t say they did, I just said I didn’t like it.
A convenient mansplain, as it does not match up with the fact that the devices in question here were not in the state you described, nor did you inquire. I wonder why we are giving OS upgrades such a free pass here anyway, since they are notorious for this.
Over the life of my S9, I got one major OS update, a change from a builtin obnoxious "Samsung news" feed to another equally obnoxious feed, and updates to the builtin apps that brought almost no new important features (the only new feature I actually use is the option to use a Spotify song in the alarm app). It just does not compare against six years of full blown OS updates.
Oh, and the S9 comes with so much preinstalled, unremovable shit that it's not even funny. It's a shame, because the phone itself is really nice, and the Samsung custom UI and apps can be awesome at times. The problem is that Samsung sells a premium phone at prices similar to Apple's (if you buy brand new at release time), but this doesn't translate into a premium experience. This also happen with other Samsung products such as TVs.
Yeah I have 3 iPhone 6 from 6 years ago with new batteries but can't update iOS or install modern apps. No hardware issues at all but will have to throw them into the garbage for the sake of Apple software support policy
Don't you have access to most of these similar improvements through updates to the respective Android apps (Photos, Messages, Translate, Camera, etc) rather than OS updates?
Even Apple's mobile device security update lifespan is pathetic compared to desktops and laptops. If you bought a computer with Windows XP when it first came out, you got 13 years of support, and even more if it could upgrade to Windows Vista or 7. And if you're willing to run Linux or BSD, you can easily run supported software on decades-old hardware. This is the standard we should be holding mobile device manufacturers to.
We will eventually, but mobile devices are still changing rapidly. We have giant performance, battery, storage, screen improvements every other year. Comparing a iPhone 3 to iPhone 13 is like comparing a 286 with ThreadRipper.
And how is the condition of that 15 year old Thinkpad's battery, keyboard and fans?
Meanwhile, after having every single major iPhone version since the original jesusphone, I'm switching from iOS to Android because I'd rather run out-of-date hardware and slightly more out-of-date software just to not have my phone spy on my local media contents for a remote master.
Apple's days as a head-and-shoulders above clear winner are over.
I've seen this before. Somehow people convince themselves that moving from Apple to Google somehow gives them more privacy. It's really an incredible phenomenon.
I haven't made any moves away from Apple yet, but I'm cautious about upgrading because it isn't clear to me where the code for the scanning is in the current releases. They announced they were going to start scanning one day before the planned rollout, but it wasn't mentioned that an update was necessary so it seemed like it could've already been in iOS 14.x. I am willing to update to the newest version so long as there's still an opt out option by not upgrading to whatever version will include the on-device scanning. But if the code is bundled in already and is just dormant until some undetermined date then I'll be moving on. I'm not sure how I'll even know if it's safe to upgrade, but I'm hoping if there's any concern there'll be some news about it in the coming weeks.
It is not the same result. Scanning on your device using inaccurate methods is not the same thing as uploading your photos.
The method that Apple is describing is going to cause more harm than good. Look how faulty their methodology is - even they agree it needs to be fixed.
I have looked at it, carefully, and there really isn't any way for it to do harm. If you want to claim there is, I will want to hear the exact steps you are thinking of, and how they match the published details of the system.
Run an on-device scan against a hash database. Using a technology shown to have very frequent collisions.
And then they notify law enforcement if they get a hit. Which means even if you're innocent - all your devices get confiscated for months, you probably rack up tens of thousands of dollars in legal fees, maybe lose your job, probably lose your friends and get the boot from any social organizations or groups.
They're waiting for two things.
One, CSAM to get out of the news cycle and the furor among users about CSAM to die down. This is standard corporate PR "emergency" management practice.
Two, to slide it into a point release after some minor, inconsequential change to say they "listened to users." iPhones with auto-updates enabled won't automatically upgrade to a new major release, but they will happily automatically upgrade to a point release.
You can of course upgrade to iOS 15 and turn off auto-updates, but then you won't get security updates, like the people staying on iOS 14.
Stay on iOS 14 until Apple surrenders completely on this.
> Run an on-device scan against a hash database. Using a technology shown to have very frequent collisions.
Google and Microsoft have been scanning everything in your account against a hash database for the past decade.
Also, unlike Apple's system which doesn't even notify Apple of the first 30 positive results (to protect you from the inevitable false positives) Google and Microsoft offer users no such protection.
>then they notify law enforcement if they get a hit. Which means even if you're innocent - all your devices get confiscated for months, you probably rack up tens of thousands of dollars in legal fees, maybe lose your job, probably lose your friends and get the boot from any social organizations or groups.
Again, Google and Microsoft have already been doing this for the past decade.
>a man [was] arrested on child pornography charges, after Google tipped off authorities about illegal images found in the Houston suspect's Gmail account
Scanning content on-server means that a single false positive is sitting there, ready to be maliciously misused by any prosecutor who cares to issue a dragnet warrant.
These sorts of dragnet warrants have become increasingly common.
>Google says geofence warrants make up one-quarter of all US demands
It's not like we haven't seen Google's on-server data hordes misused to falsely accuse users before.
>Innocent man, 23, sues Arizona police for $1.5million after being arrested for MURDER and jailed for six days when Google's GPS tracker wrongly placed him at the scene of the 2018 crime
Apple's system is designed to protect you from being associated with false positives, until that threshold of 30 matches is reached. Even then, the next step is to have a human review the data.
Google has never been willing to hire human beings to supervise the decisions an algorithm makes.
While I’m generally unhappy that Google never supervises its AI moderation systems, in this case it’s a criminal matter.
Our police and prosecution ought to be enough review on its own. If our own elected government fails to do something so simple, I say fix the government. I don’t want to be forced to rely on the goodwill of a for-profit company.
>Our police and prosecution ought to be enough review on its own.
They are not.
>Innocent man, 23, sues Arizona police for $1.5million after being arrested for MURDER and jailed for six days when Google's GPS tracker wrongly placed him at the scene of the 2018 crime
When I said ought… I mean it in the prescriptive sense not the descriptive.
The government should be held to a high standard, and when it fails we, the people, should fix it and not turn to private companies and ask why they didn’t step up to the plate.
Great advice and great job repeating the manipulative framing of “if you’re not a pedophile, you have nothing to fear.”
Also, if you have anything that may be matched by unknowable and unverifiable matching hashes and algorithms provided by multiple nation states now or ever in the future, including but not limited to political activists, protests, anti-animal-abuse activists, climate activists, and select ethnicities, or copyright violations of any kind… switch off iCloud sync.
Until that switch gets ignored.
This cannot and will not be limited to CSAM. The matching is much more complicated than “hashes of existing images.”
Here’s a good in-depth interview on the tech and the issues.
> Apple also has been doing this for photos uploaded to iCloud as they are not currently encrypted.
Nope. Google and Microsoft have been scanning your entire account for the past decade. Apple has not.
>TechCrunch: Most other cloud providers have been scanning for CSAM for some time now. Apple has not. Obviously there are no current regulations that say that you must seek it out on your servers, but there is some roiling regulation in the EU and other countries. Is that the impetus for this? Basically, why now?
Erik Neuenschwander: Why now comes down to the fact that we’ve now got the technology that can balance strong child safety and user privacy. This is an area we’ve been looking at for some time, including current state of the art techniques which mostly involves scanning through entire contents of users’ libraries on cloud services that — as you point out — isn’t something that we’ve ever done
If they get 30 (?) hits then they review the data and then they refer it to law enforcement if the reviewers determine that they were CSAM images. It's not for a single collision and it's not immediately referred to law enforcement. There are still major risks and concerns with this model, but at least describe it correctly.
Why should technology so bad it needs thirty mulligans have the power to completely destroy your life?
And exactly how are they obligated to keep those policies? Answer: they aren't. There isn't some law saying '30 hits before we report you', and Apple is certainly going to drop the number as the public gets more used to the idea of CSAM. They'll keep dropping it until the news articles start coming out about how it's destroying lives.
This is corporate law enforcement. You don't have a right to due process, any say in their policies, or protection via any sort of oversight.
Again, Google and Microsoft have already been scanning everything on your account for the past decade without any such protections against incriminating users based on false positives.
"Before an image is stored in iCloud Photos, the following on-device matching process is performed for that
image against the blinded hash table database."
I'm guessing you haven't been following the issue.
More details in [1], but briefly:
They hash the images that you're uploading to iCloud. If it matches one of the hashes in the database, then it gets encrypted and transmitted to them. No single data packet can be decrypted, they need 30 (?) matches with that database in order to get a decryption key that then allows them to review the uploaded images. They don't send the actual images to the reviewers, it's altered in some way. At that point the reviewer will have 30 (?) thumbnails (?) to review. If the images look like CSAM, then they'll report it to NCMEC who then report it to law enforcement (NCMEC is not, itself, a law enforcement agency).
The ? are because I don't think they've publicly stated (or I've not read) what the threshold for decryption is or how they modify the images that get sent to the reviewers.
> Each file is broken into chunks and encrypted by iCloud using AES128 and a key derived from each chunk’s contents, with the keys using SHA256. The keys and the file’s metadata are stored by Apple in the user’s iCloud account. The encrypted chunks of the file are stored, without any user-identifying information or the keys, using both Apple and third party storage services—such as Amazon Web Services or Google Cloud Platform—but these partners don’t have the keys to decrypt the user’s data stored on their servers.
As far as I can tell, they don't say anything specific about where or how Apple stores the keys and metadata, so it should be assumed that Apple could decrypt your photos if they wanted to.
End-to-end encryption prevents a third party from reading your content, but if you are getting your encryption software from the same people that are storing your encrypted data, the only thing stopping them from reading your data is corporate policy.
Which is fine, because I use iCloud and many other cloud services, but you have to acknowledge the fact.
iCloud photos are not E2E encrypted. Apple has announced no plans whatsoever to make them such. Apple, their sysadmins, and the government can see every photo you have in iCloud.
Apple had plans (and, an inside source tells me, an implementation) to do E2E for iCloud Backup, but the FBI asked them not to, so they scrapped it:
This undermines the credibility of those who are claiming, without evidence, that this clientside CSAM scanning is a prelude to launching E2E for iCloud data.
Okay, so basically they are just sort of pinky-swearing that your iCloud photos are encrypted on iCloud, but not in any way that prevents Apple or the government from decrypting them anyway.
This raises the followup question of "why bother scanning the images on-device?", but I can infer two fairly obvious answers. First, the encryption still keeps AWS/Azure/GCP from seeing my photos. Second, and more cynically, they'd have to pay to do computation in the cloud; on-device computation is free to them.
> This undermines the credibility of those who are claiming, without evidence, that this clientside CSAM scanning is a prelude to launching E2E for iCloud data.
I agree; this is consistent with my initial point of confusion. Thanks!
> Okay, so basically they are just sort of pinky-swearing that your iCloud photos are encrypted on iCloud, but not in any way that prevents Apple or the government from decrypting them anyway.
How do you imagine that Google and Microsoft are able to scan the entire contents of your account? They can all read the data on their servers
>This raises the followup question of "why bother scanning the images on-device?
Because running the scan on device and encrypting the results protects users from having their account associated with the inevitable false positives that are going to crop up.
Apple can't decrypt the scan results your device produces until the threshold of 30 matching images is reached.
If someone issues a warrant to Apple for every account that has a single match, they can honestly report that they don't have that information.
Google and Microsoft give you no such protection. Any data held on their server is wide open for misuse by anyone who can issue a warrant.
If their end goal is to go full E2E encryption for iCloud Backup, but they have to be able to prove to the FBI first that they are doing "due diligence" to meet warrant needs then of course device-side CSAM scanning is a prelude for being able to turn on E2E for iCloud data!
The fact that the FBI stopped them once before and they've been working to build active solutions to what the FBI tells them their needs are should be evidence alone that E2E is their goal. It seems pretty credible to me.
That's why the CSAM scanner is on your device. It computes the hashes in place on then unencrypted images before uploading encrypted copies to iCloud.
That's why from some perspectives it is a net privacy win versus Google/Microsoft's similar tools that require them to have decryption backdoor keys on their clouds to process these CSAM requests and other FBI/TLA/et al warrants. Apple is saying they don't have backdoor keys at all on iCloud and if they are forced to do CSAM scanning it has to be on device, without leaving the device to have access to the unencrypted images. Only if you hit the reporting threshold (supposedly 30+ hash violations) would it also encrypt copies to a reporting database on iCloud (and again only if you were uploading those photos to iCloud in the first place).
That would also be true for any use of iCloud Photos, no? If you don't trust this, then you also can't trust them to be storing them encrypted on their servers.
More that I need a smart phone for work and life but there are no viable alternatives to iOS and Android, and I trust Apple slightly more than Google not to spy on me and use it against me
They're not a very viable alternative unless you plan on never trying to run any major/popular apps, because they all use Google Play Services APIs/libraries/toolboxes.
Install Google Play Services and Google gets whatever info they want from your phone.
> Two, to slide it into a point release after some minor, inconsequential change to say they "listened to users."
I doubt it will happen. Apple is not known for that sort of interaction. Whatever will happen it will happen silently without Apple admitting to bend down to any backlash.
Also, the pressure to implement device scanning is coming from governments. So it is naive to think Apple will ever surrender. Most probably in the near future every single electronic device will try to leak your data as much as it physically can do.
> Apple is not known for that sort of interaction.
Apple was not known to err on the side of "think of the children" or "let's help catch criminals" instead of personal privacy. But now they're known for new things.
I wonder if upgrading to iOS 15 will increase the chance of receiving this spyware when they do roll it out?
I mean 15.X - 15.Y will likely occur automatically while the phone is connected to WiFi and charging.. but 14 to 15 should require user approval, meaning we should be safe as long as we never upgrade >14..?
They're not "overanalyzing" it. Turning off automatic updates means you miss security updates. Point upgrades are automatic, full versions aren't. Apple is clearly going to backdoor this in a 15.1 or 15.2 release, which means you then can't get any security updates and your only option is to go back to a backup of your device from iOS 14.
I think switching off automatic updates and running a few months behind is the safest plan. There are risks around not getting security updates as fast, but they are probably not large for any individual user.
I’m hoping they’ll realise that they confused privacy and trust and get back on track soon enough.
Considering that they got the algo reverse engineered from 14 (it is already in the code running on all those devices) there seems to be a possibility that a security update could bring it online on 14 as well. Just my speculation but it seems plausible.
If you look at it as reducing their liability for hosting CSAM, then more likely it’ll become a requirement at some point in order to upload your photos to iCloud at all, no matter which version of iOS you’re on.
Or just don't use iCloud photos since the local device scanning for CSAM is limited to the Photos app and only scans prior to upload to iCloud photo library which is easy to turn off.
It's also not too difficult to have your unencrypted photos synced to Google Photos, Dropbox, One Drive or another provider as an alternative. They will scan your photos in the cloud which people on this site seem to have a vastly strong preference for. If you don't trust any of those then you're probably already using NextCloud or something like it.
I smashed the iphone I had into pieces, and I'm wondering what to do with my mac. Maybe install some linux or something, but I don't really know much about that! It'll take me a couple months of reading on it.. I am still using Mojave anyways.
Crushing a device is a normal response from someone who needs to stop hidden device tracking and cannot afford to possibly get it wrong and have some tracking slip through.
it's also worth noting that ios 14 is supposed to get security updates even after ios 15 is released, so if you care about that kind of stuff it's probably better not to upgrade.
I would assume no. People decompile binaries all the time and would likely catch it. It also could introduce dependencies and bugs that would require QA work and dev work.
I mean they just announced it is delayed, didn't they had it enabled in Beta for testing? Could cause more problems if you remove it completely in a rush.
Apple Maps is so close to being a fantastic app, but is sorely missing “search along route” that Google has. Right now, you can press the “coffee” or “gas” button but there’s no way to say, search for a CVS on the way back home from work. I really wish Apple added this instead of just suggesting searches that might be useful.
Agreed. Aside from my general distaste for Yelp and their business practices, it is also an objectively bad user experience.
Makes me wonder if Apple made some exclusive Yelp agreement before Apple Maps launched, so they'd have good ratings data, and we have to wait for the agreement to expire before Apple can move on.
To me it would make good market sense for Apple to fully compete with Google Maps and offer Apple Maps on the web. It would give them more data to feed back into their review/ratings/business info database to further improve the mobile experience.
I just installed iOS 15 an hour ago. So I checked to see if the new Apple Maps' ratings was in there. There is now a "Thumbs Up/Thumbs Down" button that allows you approve or disapprove of a restaurants Food & Drink, Customer Service, Atmosphere, and Overall experience. It also uses your on device location data to suggest photos that you took while at the restaurant, to include in your review. So it looks like it's finally live! (At least for some people)
Interestingly enough, it still has Yelp reviews beneath it. Hopefully that just gets removed completely once Apple has collected enough of their own reviews.
In iOS 15 it does look like you can browse more photos directly on a restaurant page before confronted with the Yelp button. So that’s an improvement I’d say.
“Use this JavaScript API to embed interactive maps directly into your webpages or apps across different platforms and operating systems, including iOS and Android. Like MapKit for native apps, you can also add annotations and overlays to the map to call out points of interest or user destinations.”
However, would that really give them more data? I would guess it would get a tiny fraction of the traffic that mapping apps would generate.
Agree on this and multi-stop routes. I've been using Apple Maps with CarPlay for the last few years and I can confidently say it is better than google maps by a wide margin. The voice, UI, traffic and routing, map design won me over. The aerial and street view quality, while not the most important, are second to none.
Agreed! I live in NYC and don't drive too often. I just got back from a two-week trip with a car rental and was really surprised at how great Apple Maps was. The map design is nice and clean and it works well with CarPlay. I also felt like the audio instructions were very clear and easy to follow. E.g., "pass this light and turn right at the next one." I also liked the "Share your ETA" feature which I used a few times. Really nice job Apple!
Agreed. I don't know if Apple is handicapping Google maps on iOS (ie locking system APIs) but Apple maps is smoother, cleaner, and exactly what I want out of a helpful navigation assistant. Apple Maps give instructions in the way I as a navigator would. Things like "take a right turn after the next light" are way better than Google/Waze. Apple Maps just struggles in discovering an area and planning a journey - both of which Google excels in.
Just an FYI, you can definitely do this when using CarPlay and Apple Maps. There is a set list of categories you can search while currently navigating. I wish you could make an arbitrary on route search, but you can't.
Adding onto this. You can actually ask Siri specifically the added stop and append "along the way", so something like, "Starbuck on the way". It has always found my requests on the route I was already on as well as the added time it will take away from me.
I have consistently found the apple maps experience to be subpar when compared to competing navigation apps, most lately with laggardly updates to road closure status due to wildfires here in California. Other apps updated the roads in a fairly timely manner, but apple showed roads closed for several days after they were reopened by authorities.
I’d also really like multi-stop navigation planning like Google Maps has. I’m planning on a cross-country road trip to see family for the holidays and I’d love if Apple could improve upon the multi-stop planning experience that Google threw together. It’s nice, but it’s also cumbersome.
does it support offline maps/offline navigation? why don't they support offline maps? it's not like they have to pay royalty fees to support it when they own it end to end.
Posting on HN is probably more valuable when your feedback is requesting new featureful changes and not just bugs. There are likely quite a few Apple engineers that browse this subreddit which might be able to make an internal push for these changes (eventually).
I'd still report them through the normal channels. I wouldn't bet on any given Apple employee of the right team to happen to read a specific comment on HN.
Agreed! But it can also be helpful to submit the requests through the usual channels. Engineers on HN can then point PMs and management to this data versus "someone on HN asked, create the story."
This has been my experience and is also why I push to get a feature request submitted, and then ask for some link to it. Also as a customer, sometimes when I’m writing out my request I realize an existing way to get what I want without needing to wait for them.
In NYC, Apple Maps this last weekend suggested I go way out of my way on one subway line and then backtrack on another to get to my destination. It also suggested none of the other direct routes that Citymapper was able to discern. Not sure what happened in the 3+ years that I’ve stopped using Apple Maps but I used it the whole way there and the experience was awful. I will continue not using it.
CN: No Grid View Facetime Featured, No street-view walking directions, no "driver’s license or state ID" Wallet feature, no "Visual Look Up", no anonymous "Hide My Email" relay feature
JP: No Wallet (license/state id/hotel&garage unlock), no visual lookup
This is just the difference in how the page are displayed and I didn't go and check to see if the actual features are there or not
- Weather: "precipitation" isn't mentioned, and Weather app is just more "powerful", not "more engaging and powerful" (US). Air Quality maps are available for India, not sure about other maps.
- Immersive walking directions
- redesigned transit map
- Nearby transit
- Home Keys does not mention "Hotel Keys" or "Corporate Access Badges"
Meanwhile, my flagship android phone from 2018, the Samsung Galaxy S9, is stuck on the last version of Android. At least it still gets security updates, some manufacturers don't even go that far.