Is Apple getting sloppy? By Chris Baraniuk

Technology reporter Published duration 29 November 2017

image copyright Getty Images image caption Users are not used to finding major flaws in Apple's products

Well, you don't see that every day - Apple has rushed out a patch to fix a major security bug.

It had been revealed that users of its new MacOS High Sierra operating system can access it without using a password.

Just use "root" as a username, leave the password field blank and hit "Enter" a few times.

It's an embarrassing slip-up and not one users are used to from Apple, whose products are often cited as more reliable and secure than its rivals'.

Indeed, the firm admitted that it had "stumbled" with the release of High Sierra.

"We greatly regret this error and we apologise to all Mac users, both for releasing with this vulnerability and for the concern it has caused.

"Our customers deserve better.

"We are auditing our development processes to help prevent this from happening again," the company's statement said.

But the "root" password bug is not as isolated a case as it might at first seem.

Last month, Apple had to release a patch for another password-related issue in High Sierra.

Some users found that when they asked the software for a password hint it simply revealed the password in full instead

While High Sierra appears to be falling over itself to give users access, there have also been issues with iOS - the software on iPhones and iPads.

Earlier this month, iPhone users were frustrated by an irritating bug that caused the letter "i" to be inexplicably auto-corrected to a capital "a" and a question mark.

Again, Apple promptly fixed things. But these cases have left some questioning whether the firm has lowered its standards.

"Apple's quality of business execution is slipping," says Neil Mawston, at Strategy Analytics. He believes the company is becoming "more prone" to business and product glitches.

As a result, Mr Mawston thinks Apple's reputation for offering premium quality and reliability could be at risk.

Bug bounty

Cyber-security expert Prof Alan Woodward, at the University of Surrey, agrees.

"There's definitely a growing perception that perhaps their quality control is not all it should be," he says.

"I use Apple products... because of the level of encryption and the attention they pay to apps in their app store. You didn't used to get these sorts of bugs."

He also points out that while Apple was once a niche brand favoured largely by computing connoisseurs in a handful of industries, today it is a true giant.

That makes its devices increasingly attractive targets for hackers, who tend to look for vulnerabilities in the most popular systems because that way they have more opportunities to scam people or steal vulnerable data.

"People are clearly probing to see if there are interesting back doors out there [in Apple products]," says Prof Woodward. "And, boy, are there."

But perhaps that growth in popularity has also changed how we perceive Apple software bugs, suggests Ian Fogg, at IHS Technology.

The company will ship 88 million iPhones this quarter, along with millions more iPads and Macs, he explains.

image copyright Getty Images image caption The enormous popularity of Apple's iPhones, iPads and Macs make them attractive to hackers

"At that kind of scale, a problem that affects even a small number of people in percentage terms affects a lot of people in absolute terms - that's the issue Apple faces," he says.

The company should still be considered a purveyor of high-quality devices, he says, adding that there remain regular reports of security issues with Google and Microsoft products.

"When a patch does come through [for an iPhone] it gets pushed out very quickly," points out Mr Fogg.

Android phones, in contrast, are not as easy for Google to update en masse because a wide range of different Android versions are used in the wild and only phones made by Google itself receive the most important security updates immediately.

There is a specific list of handsets that receive monthly security updates - but this is far from all Android devices out there.

image copyright Getty Images image caption Android phones don't all receive security updates at the same time

Mr Fogg also says that the iPhone bug that caused the letter "i" to be needlessly auto-corrected is particularly interesting because it appears to have been the result of a machine learning-based approach to spell-checking that went wrong.

Automating processes will be increasingly common in software development, says Mr Fogg, as it can speed up product delivery - but giving an algorithm control does have its downside.

"It's increasingly hard for companies to know that it will work well as it learns," he adds.

The bottom line is: perceptions matter and Apple will want to deal with any signs that quality control is slipping quickly, says Ben Wood at CCS Insight.

"Apple has built its business on a reputation for high-quality, easy-to-use devices with great customer service.

"It will be troubled by these recent issues and it is doubtless moving mountains to fix the High Sierra bug - in particular to ensure MacOS is secure for users."