Checklist 228: Updates, Transparency, and Security

This week on The Checklist, we’ll talk all about Apple’s recent round of updates, including:

• opening your iPhone while wearing a mask
• App Tracking Transparency (ATT)
• pushback from advertisers
• a major Mac security update

Who is that masked iPhone user?

This week’s Apple updates saw the release of iOS 14.5, iPadOS 14.5, watchOS 7.4, tvOS 14.5, and macOS 11.3. One of the most important changes introduced is that you can now unlock your iPhone while wearing a face mask.

That doesn’t mean, however, that Face ID can recognize you when you’re masked up! It’s more that Face ID will unlock for any masked face … if and only if the following conditions are met:

• You’re using an iPhone X or later with Face ID
• It’s paired with an Apple Watch Series 3 or later — and that watch is nearby
• You’re running iOS 14.5 or later
• You’re running watchOS 7.4 or later
• You’ve enabled the Unlock With Apple Watch feature on your iPhone

If all of that applies, then your iPhone will unlock for a masked face. But what if someone else grabs your iPhone and tries to unlock it?

Apple has you covered. Whenever an iPhone unlocks using the new feature, you’ll get a haptic and a notification on your Apple Watch. That watch notification lets you re-lock your iPhone with a tap, at which point the passcode will be required to unlock it again.

If you want to turn this feature on, open up your iPhone and go to Settings > Face ID & Passcode. Then find the Unlock With Apple Watch setting and toggle it on.

To track or not to track

The most eagerly anticipated privacy change in iOS 14.5 was the full rollout of App Tracking Transparency (ATT).

ATT requires apps to get a user’s permission before tracking them across apps and websites. If you turn on ATT, you’ll begin seeing prompts whenever apps want to track you. The prompts let you choose between “Allow” or “Ask App Not to Track”.

It gets better: You can also opt out of tracking altogether. ATT has an option that lets you say “no” to every app on your device with a single click. To do this, go to Settings > Privacy > Tracking. Then toggle the Allow Apps to Request to Track switch to off. If you do that, all apps that try to track you will be blocked from even asking you for your permission, and they will be sent an automatic “no” instead.

In addition, Apple’s guidelines prohibit app developers from offering incentives for users who allow tracking, or from limiting an app’s functionality for users who say no to it … so no need to worry about the hard sell!

ATT’s detractors

Of course, not everyone is happy about ATT, and the pushback has already started. One ad industry group in Germany has even filed an antitrust complaint against Apple over the change.

So why is ATT so upsetting to online advertisers? The reason is pretty understandable: They’re expected to lose up to 60% on sales made through Apple platforms. The lawyers in the German antitrust suit, however, claim that it’s app users who will suffer the most. They say that the loss of ad revenue will simply get passed on to the consumer, because apps that were previously supported by advertising will have to start charging.

That’s what they say, anyhow, but it remains to be seen if it’s actually true — or if developers and advertisers will adapt and find new ways to stay profitable.

Despite the legal challenges, it looks like the end of an era for online advertisers. On the web browser side of things, even Google is getting ready to phase out tracking cookies (although their proposed replacement, FLoC, may not be much better). For mobile apps, iOS 14.5 means that app tracking as we knew it is finished … at least on Apple devices, anyway.

But Apple isn’t completely insensitive to the situation faced by advertisers, and they plan to roll out some privacy-friendly ad tools to help. The forthcoming Private Click Measurement will allow advertisers track ad clicks and actions within apps and websites, but without using data that identifies users individually. In iOS 14.6, Apple will reportedly introduce a new version of the SKAdNetwork API, which will let advertisers measure the effectiveness of their ads more precisely — but again, without giving away any individual user data.

Time to update your Mac

Apple patched a major security vulnerability in macOS 11.3, and this one is serious enough that all Big Sur users should update immediately. (The issue is also addressed in Security Update 2021-002 Catalina.)

The bug could have allowed attackers to create a malicious application that would completely bypass a Mac’s core security features. If a user double-clicked on the app, it would launch — without any of the normal macOS warnings or prompts! Even worse, security researchers at Jamf say that the vulnerability has already been exploited in the wild.

In short, it’s time to update your Mac … today! To do this manually, head to System Preferences > Software Update > Update Now. It might also be a good idea to scan your Mac for malware, just to make sure nothing slipped through before Apple was able to patch the flaw.

In addition to fixing this bug, Apple addressed 52 other security issues in Big Sur, 44 vulnerabilities for iOS and iPadOS, and dozens for watchOS and tvOS as well. So if you have any kind of Apple device, take a moment to make sure that it’s up to date.

To learn more about digital security and privacy, head over to The Checklist archives, where we keep all of our past episodes (both full audio and show notes). If you’d like to ask us a question, or suggest a topic for a future show, please write to us!