The IT Nerd

Let’s face it, Apple has been in very deep trouble lately. Starting with the epic security issue where anyone could get root access to a Mac with ease (though that was fixed within a day), followed by vulnerabilities in HomeKit, not to mention numerous other high profile and embarrassing bugs in a variety of Apple products that seems to highlight that their QA process is in free fall. Oh yeah, Apple was caught slowing down iPhones with aging batteries which they tried to explain away, before offering up an apology and cheap battery replacements. But not before being trolled by their competition, having lawsuits filed, and facing two investigations by two governments. And then came the second password bug in macOS that popped up yesterday. That highlights how far Apple has fallen from the days where none of this was thought to be possible.

Here’s the problems with all of this:

1. Apple used to say that “it just works” and you assume that to be true. Now they can’t say that given the scope of all these issues.
2. Apple in the 2000’s trolled Microsoft when they had their security nightmare, and that allowed them to fuel the growth that they’re currently on. Given the screw ups they’ve had lately, it’s safe to say that they’ve become Microsoft and companies are starting to troll them.
3. Apple used to be trustworthy. But with the “Batterygate” fiasco in progress, you have to wonder if that’s true anymore.

So Apple is screwed right? Maybe not. If I were running Apple, here’s what I would do.

1. Every OS that Apple makes needs a code review. And I do mean all of them. Apple needs to take iOS, macOS, watchOS, and tvOS and review every line of code from a functionality and security perspective so that they can find every bug and squash it. Clearly their QA processes aren’t catching bugs, thus a code review is the only way to go.
2. Someone from outside Apple needs to review their security practices, development practices, and their QA practices. I say that because it’s pretty clear that if Apple could have fixed this on their own, they would have done it already. Thus someone from the outside needs help them to do this as an outside party will see and suggest things that someone from the inside can’t or won’t.
3. Apple should stop releasing OSes on a yearly cadence. Why? I would argue that this cadence isn’t helping them put out quality products because they’re too focused on the next big thing rather than making sure that what is out there actually works. Thus they should forget the next big thing and focus on right now.
4. Apple needs to fix bugs quickly as what we’ve seen lately is that if you make a bug public, Apple is far more interested in fixing it fast. But if you disclose it responsibly, it may take much longer for it to be addressed. Thus the take home message to those who find bugs is tell the world because that’s the only way Apple will do something about it in a timely manner. That needs to change. Like right now.
5. Apple needs to have a bug bounty program that’s worth reporting bugs to. I say that because Motherboard among others have pointed out it is far more lucrative to sell bugs to anyone but Apple. On top of that, the bug bounty program is aimed at iOS. They need to expand it to every product they make or risk having one of these bugs slip out to the bad guys.

Do you agree or disagree with this? Did I miss anything? Share your thoughts by leaving a comment.

UPDATE 8/20/2019: Apple now has a bug bounty program. But the rest of this, at least from those looking from the outside appears not to have been addressed.

This entry was posted on January 11, 2018 at 9:30 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.