Two vulnerabilities that Apple patched in its latest iOS 12.1.4 update were successfully exploited by hackers before they were known to Apple, according to a top Google security engineer.
Ben Hawkes, team leader at Google's Project Zero security research group, revealed in a tweet that vulnerabilities identified as CVE-2019-7286 and CVE-2019-7287 in Apple's iOS 12.1.4 security change log had been exploited in the wild as "zero day".
A zero-day vulnerability refers to a security hole in software that is unknown to the software developer and the public, although it may already be known by attackers who are quietly exploiting it.
As ZDNet notes, it's unclear under what circumstances the vulnerabilities were used, but one exploit involved the iOS Foundation component and a memory corruption issue that could allow an app to gain "elevated privileges" on an iPhone 5s and later, iPad Air and later, or iPod touch 6th generation. The second vulnerability potentially allowed for kernel privileges and affected the same devices.
CVE-2019-7286 and CVE-2019-7287 in the iOS advisory today (https://t.co/ZsIy8nxLvU) were exploited in the wild as 0day.
— Ben Hawkes (@benhawkes) February 7, 2019
Apple credited "an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero" for discovering both vulnerabilities.
Dark Sky has gained an optional Dark Mode in the latest version of the hyperlocal weather app for iOS.
The update means users can check weather information in the app with white text on a dark background, a new design that's supposed to be easier on the eyes in dimly lit environments.
In addition, Dark Sky v6.2 also gains an optional Daylight mode that automatically enables the black interface when the sun goes down.
The new settings can be accessed by tapping the cog wheel icon in the top-right of Dark Sky's main screen, where a new Appearance menu lets users select from Light, Dark, or Daylight.
Dark Mode is becoming increasingly popular in smartphone apps, and iOS 13 will reportedly include a system-wide dark mode to match the dark mode that was first introduced on Mac with macOS Mojave. The upcoming setting will allow for "easier nighttime viewing," according to Bloomberg.
Dark Sky users on iOS can get the new update for free starting today, and those who haven't downloaded the app yet can do so for $3.99 [Direct Link].
Apple CEO Tim Cook is set to deliver the keynote address to Tulane graduates at the university's 2019 commencement event, set to take place on May 18 in the Mercedes-Benz Superdome, the university announced today.
Tulane University shared the news with students through a cute video that spelled out Cook's visit in emoji.
Tulane President Mike Fitts said that Cook represents the "kind of success" that the university hopes that all graduates can attain.
"At Tulane, we are committed to addressing global challenges, giving back to our community and always acting with integrity and wisdom. Tim shows us how we can incorporate these values into life beyond graduation, and we are thrilled to have him as part of our commencement celebration."
Cook said that he "can't wait" to celebrate alongside new Tulane graduates later this year.
"Tulane's dedication to its students and the diverse community around them is an awesome example of the lessons we all learn when we come together, recognize our responsibilities to each other and give back," said Cook. "At Apple we believe that education is a powerful equalizing force, and I can't wait to celebrate alongside this year's students who have worked hard, followed their passions and who stand ready to change the world."
Yesterday, TechCrunch discovered that multiple popular iPhone apps from major companies are using intrusive analytics services that capture data ranging from taps and swipes to full screen recordings, all without customers knowing about it.
Today, Apple has informed app developers that this kind of screen recording analytics code needs to be clearly disclosed to customers or removed from iOS apps. From an Apple spokesperson's email to TechCrunch:
"Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity."
"We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary," the spokesperson added.
At least one developer has already been told to remove the code that recorded app activities. From an email to the developer:
"Your app uses analytics software to collect and send user or device data to a third party without the user's consent. Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity."
Apple is serious about getting rid of this code and gave the developer in question less than a day to remove it and resubmit the app before it would be pulled from the App Store.
High-profile apps like Abercrombie & Fitch, Hotels.com, Air Canada, Hollister, Expedia, and Singapore Airlines are using Glassbox, a customer experience analytics firm with a "session replay" screen recording feature.
Session replays are designed to let developers screenshot or record or a user's screen and then play back those recordings to see how users interact with their apps. Taps, button pushes, and keyboard entries are all captured and provided to app developers.
None of the apps above disclosed that they were recording a user's screen in their privacy policies, which is apparently in violation of Apple's App Store rules.
Apple also requires apps that record the screen to have a little red icon on the top left corner of the phone to make it clear that the screen is being recorded, and it sounds like Apple is going to enforce this rule for this kind of analytics tracking.
Most likely, apps will need to remove this feature because customers are not going to willingly use an app that's recording everything that they're doing and displaying a persistent red icon while the app is open.
There are many other analytics companies that have similar practices like Appsee and UXCam, so there are undoubtedly many more apps that are using these secret screen recording features without customer knowledge.
Update: Glassbox, the company that many apps use for screen recording analytics capabilities, provided the following statement to MacRumors on the issue:
"TechCrunch's piece raised valid concerns. Yet we believe it is partial and doesn't adequately convey the many benefits for our customers and their users; or reflect the security and privacy capabilities inherent in Glassbox.
Glassbox and its customers are not interested in "spying" on consumers. Our goals are to improve online customer experiences and to protect consumers from a compliance perspective. Since its inception, Glassbox has helped organizations improve millions of customer experiences by providing tools that record and analyze user activity on web sites and apps. This information helps companies better understand how consumers are using their services, and where and why they are struggling.
We are strong supporters of user privacy and security. Glassbox provides its customers with the tools to mask every element of personal data. We firmly believe that our customers should have clear policies in place so that consumers are aware that their data is being recorded -- just as contact centers inform users that their calls are being recorded.
Furthermore: No data collected by Glassbox customers is shared with third parties, nor enriched through other external sources. Glassbox meets the highest security and data privacy standards and regulations (e.g. SOC2, GDPR), and all data captured via our solution is highly secured and encrypted.
We provide our customers with the ability to mask every piece of data entered by a consumer, restrict access to authorized users, and maintain a full audit log of every user accessing the system.
We don't simply record data and provide customers with session replay. Brands come to us because Glassbox means source-proof, tamper-proof, encrypted records of digital activity. These characteristics make Glassbox invaluable, not to 'spy' on customers, but to (a) aid in creating the best and easiest digital journey, and (b) protect both brands and customers with evidential truth that allows for safe and compliant digital experiences."
Apple recently added obstetrician Dr. Christine Curry to its health team, reports CNBC. With this hiring, Apple is said to be looking in to how to bolster its efforts in women's health.
Curry comes to Apple from a stint at Kaiser Permanente in Redwood City, California, which is located not too far from Apple's Cupertino campuses.
Apple employs dozens of doctors at its "AC Wellness clinics" designed for Apple employees. Sources that spoke to CNBC said that while Curry has an interest in women's health, she will be working on "various health issues across the health teams."
When Apple first launched its Health app and HealthKit service, there was no section for reproductive health, but it was later added. There is now a full Reproductive Health section available within the Health app that integrates with period and fertility trackers.
Apple CEO Tim Cookrecently said that he believes Apple's ultimate contribution to mankind will be its improvements to the health field.
Netflix today announced the launch of a new Smart Downloads feature that's designed to streamline the process of downloading content for offline viewing.
With Smart Downloads, when you finish viewing an episode of a TV show that you've downloaded, Netflix will delete it and then automatically download the next episode. Smart Downloads is designed to download content only when you're connected to Wi-Fi so it's not using your cellular data plan.
Netflix users can choose to use or disable the Smart Downloads feature, which is available on iOS and Android devices. Turning off Smart Downloads will keep watched content on your device.
On iPhone and iPad, you can tap the Downloads icon, choose "My Downloads" and select "Smart Downloads" to toggle it on or off.
Apple's Group FaceTime servers are back online, but because the issue has not been fixed in iOS 12.2, Group FaceTime is not working on beta devices.
We have been testing Group FaceTime since the servers came back online, and while we can get calls to work between multiple people on devices running iOS 12.1.4, calls do not go through on devices running iOS 12.2 beta 2.
Developers and public beta testers will need to wait until the Group FaceTime bug fix is added to the next iOS 12.2 beta before being able to use the feature.
Group FaceTime is also unavailable on devices running iOS 12.1.3 or earlier, and will remain unavailable until the devices are upgraded to iOS 12.1.4. The same goes for Macs that are not running the newly updated macOS 10.14.3 update. Group FaceTime on Mac doesn't work on Macs running the older version of macOS 10.14.3 or the new macOS 10.14.4 beta update.
Apple today uploaded a new video to its YouTube channel that's dedicated to showing off the Depth Control feature available on the iPhone XS, iPhone XS Max, and iPhone XR.
Entitled "The Backdrop," the video features the Depth Control in action on a shot of a woman taken on a busy street with a lot going on in the background.
Depth Control is used to blur the background out, putting the focus on the woman in the picture.
Introduced on Apple's newest iPhones, Depth Control is a Portrait Mode feature. Once you capture a Portrait Mode image, you can use the Depth Control slider to change the amount of blur in the background.
Apple also recently shared a new video on the Smart HDR feature in the new iPhones. Smart HDR is an automatic feature designed to bring out more detail in highlights and lowlights in iPhone photos.
The video was created as a behind-the-scenes look at the techniques used by Jia Zhangke in his recent short film captured to celebrate Chinese New Year.
Following the release of iOS 12.1.4, Apple today issued an apology to customers and said that it had found and fixed the Group FaceTime bug and an additional security vulnerability involving Live Photos in the FaceTime app.
From a statement provided to MacRumors:
Today's software update fixes the security bug in Group FaceTime. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS."
Going forward, Apple says that the Live Photos feature will not be available in FaceTime on older versions of iOS and macOS. Capturing a Live Photo will require iOS 12.1.4 or the new version of macOS 10.14.3. Apple is also restricting Group FaceTime from devices running earlier versions of iOS.
Apple fixed a logic issue that existed in the handling of Group FaceTime calls with improved state management, and the Group FaceTime testing led to the discovery of the Live Photos issue. Apple says that the Live Photos bug was fixed with "improved validation on the FaceTime server."
Additional Foundation and IOKit bugs were fixed in iOS as well, addressing memory corruption issues that could lead to elevated privileges for applications.
Apple lists Grant Thompson of Catalina Foothills High School as one of the people who discovered the FaceTime bug. Thompson and his mother made multiple attempts to get into contact with Apple to inform the company of the bug well ahead of when it went public. Daven Morris of Arlington, TX is also listed as a person who discovered the vulnerability and reported it to Apple.
Apple has apologized for missing those messages and has vowed to improve its bug reporting system to make sure future bug reports are distributed to the right people. Apple will be compensating the Thompson family for finding and reporting the bug, and Apple will be providing an additional scholarship to be put towards Thompson's education.
While the patent application does not refer to the HomePod by name, it describes a voice-controlled assistant device such as a "countertop speaker" with various sensors and cameras that "gather hand gestures and other three-dimensional gesture input." This could include waving, clapping, and so forth.
Interestingly, the HomePod could have LEDs woven into the fabric to provide visual feedback for the hand gestures. The LEDs could also be configured to display alphanumeric characters through the fabric that change depending on time of day.
3D hand gesture support on the HomePod could utilize technology Apple gained from its acquisition of PrimeSense in 2013. In 2016, for example, Apple filed a patent for hand gestures on the Mac such as push, up, and wave that could be used to perform basic app interactions like scrolling through a menu.
Gestures described herein include focus gestures and unlock gestures. A focus gesture enables the user to engage (i.e., take control of) an inactive non-tactile 3D user interface. An unlock gesture enables the user to engage a locked non-tactile 3D user interface, as pressing a specific sequence of keys unlocks a locked cellular phone. In some embodiments, the non-tactile 3D user interface conveys visual feedback to the user performing the focus and the unlock gestures.
Examples of unlock gestures include an "up" gesture (e.g., raising hand 30 a specified distance), a sequence of two sequential wave gestures, and a sequence of two sequential push gestures, as described in detail hereinbelow.
PrimeSense's technologies were initially used by Microsoft for its Kinect motion sensor for Xbox. Apple later incorporated some of the technologies into the TrueDepth system that powers Face ID on the iPhone X and newer.
As for Face ID, the patent explains that the HomePod could identify users in the vicinity of the speaker using "facial recognition," as well as measure the distance of users to the speaker. This could allow for biometric authentication of Personal Requests, multiple user profiles, and more on a future HomePod.
In late 2017, the president of Apple supplier Inventec said his company sees a trend towards both facial and image recognition technology being incorporated into smart speakers, without specifying which speakers in particular. This led Apple analyst Jeff Pu to predict the launch of a Face ID-enabled HomePod in 2019.
The exhaustive patent goes on to describe a variety of other potential features for a future HomePod, such as ambient light sensing, displaying a sunshine icon if sunny weather is forecast, displaying the logo of a sports team that wins a game, heart rate sensing, and much more.
One quirky feature mentioned is an emoji-based avatar that would adapt to a user's mood or actions. If the user is sad, for example, the emoji may reflect sadness. Or, if a user asks the HomePod for information on purchasing a birthday gift, the speaker may display a happy emoji to present results.
The patent application was filed with the U.S. Patent and Trademark Office in July 2017, six months prior to the launch of the current HomePod, but it was only published in late January due to a standard 18-month confidentiality period.
Apple files numerous patent applications every week, of course, and many of the inventions do not see the light of day. Patents are also very detailed, encompassing many possible ideas, even ones that Apple might not have any plans to advance. So, the exact implementation if any remains to be seen.
Note: MacRumors is an affiliate partner with B&H Photo. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
B&H Photo is discounting Apple's 11-inch iPad Pro in multiple configurations this week, but one particular model is seeing its lowest-ever price point during the sale. Specifically, the 256GB and Wi-Fi only 11-inch iPad Pro (Space Gray) is priced at $799.00 ($150 Discount), down from $949.00.
This is a limited-time sale and it will last through tomorrow, February 8 at 5:15 p.m. ET (note that only the Space Gray color is being discounted at this time). Head to our full Deals Roundup for information on even more sales.
Update 2/8: B&H Photo has ended the sale early and is no longer offering this model at $799.
Group FaceTime has been unavailable as a feature on all compatible devices since the FaceTime bug was publicized on Monday, January 28.
As Apple worked on a permanent fix for the bug, the company disabled the Group FaceTime feature to prevent it from being used.
The bug allowed iPhone users to exploit a Group FaceTime flaw that let one person connect to another person and her conversations (and see video, in some cases) without the other person ever having accepted the call.
Apple was first informed of the bug right around January 20 by the mother of a teenager who discovered it, but the company did not begin working on a fix until it went viral and spread across the internet.
System Status page when Group FaceTime was unavailable
Apple has since apologized and said that it is working on a way to better ensure that serious bug reports get to the proper people to prevent such a situation from happening in the future.
With the Group FaceTime servers back online, Group FaceTime is once again functional, but it is now limited to iOS devices that are running iOS 12.1.4 or later. The feature will remain disabled on devices running iOS 12.1.3 and earlier.
Apple today released a new version of macOS 10.14.3, which is designed to address a major Group FaceTime bug affecting both iOS and macOS. The update comes three weeks after the initial release of macOS Mojave 10.14.3.
The new macOS Mojave 10.14.3 update can be downloaded by going to the "Software Update" section of System Preferences, a new installation method that was introduced with the Mojave update.
While the release notes for the update specify security updates, the fix in question is the Group FaceTime bug. While not as widely publicized, this issue affected Macs in addition to iOS devices.
The Group FaceTime bug allowed someone to call you through FaceTime and then enter their own phone number again to force a Group FaceTime call. With the Group FaceTime interface activated, the person could hear everything on your end of the phone even if you had never picked up the call.
On your end, it just looked like the Group FaceTime call hadn't been initiated, all while the other person was listening in on what you were saying. After the bug came to light last Monday, Apple took its Group FaceTime servers offline until a fix could be prepared.
With an update now available, Group FaceTime should soon be fully functional and working once again on iOS devices running iOS 12.1.4 or later and Macs running the new version of macOS 10.14.3.
Apple today released a new iOS 12.1.4 update for the iPhone, iPad, and iPod touch, with the new software designed to fix an insidious privacy-invading Group FaceTime bug that could be exploited to eavesdrop on conversations.
The new iOS 12.1.4 software can be downloaded on all eligible devices over-the-air using the Settings app. To download it, go to Settings --> General --> Software update.
Though Apple's release notes for the update list "security updates" without going into specifics, the issue that's being fixed here is the Group FaceTime vulnerability. After the bug was widely publicized last week, Apple promised a fix, which was delayed to this week.
The FaceTime bug allowed someone to spy on you without your permission or knowledge. By exploiting the bug, a person could initiate a FaceTime call with you and then add themselves to the call again to force a Group FaceTime connection.
When this happened, the bug caused the person to be able to hear the audio on your end, despite the fact that the call was never answered and still looked like a standard FaceTime incoming call interface. In some situations, if you pressed the side button to silence a call, it would even give the person access to your video.
It was a serious bug, so serious that Apple took its entire Group FaceTime server offline as the company took the time to prepare the iOS 12.1.4 update. The Group FaceTime bug was publicized last Monday and Group FaceTime has been offline since then.
The Group FaceTime bug may have required some major under-the-hood changes to FaceTime given that it took Apple nearly two weeks to fix the issue. Following today's update, the Group FaceTime bug will no longer be able to be exploited and Apple will be able to bring its Group FaceTime server back online.
It continues to be unclear just how long the Group FaceTime bug was available for. Group FaceTime was introduced last October, and Apple has not let us know if the bug has been around since that launch date or if it was introduced in a later iOS 12 update.
Apple is today releasing an updated version of iOS 12.1.4, which is designed to address a major FaceTime bug that was widely publicized last Monday. The new update comes two weeks after the launch of iOS 12.1.3, an update that introduced bug fixes.
The iOS 12.1.4 update will be available on all eligible devices over-the-air in the Settings app. To access the update, go to Settings --> General --> Software Update. Apple typically releases new iOS software at 10:00 a.m. Pacific Time or 1:00 p.m. Eastern Time, so that's when the update should become available.
With this update, Apple is fixing an insidious FaceTime bug that could allow someone to spy on you without your permission or knowledge. By exploiting this bug, someone could force a FaceTime call with you, giving them access to your iPhone, iPad, or Mac's audio or video even without you accepting the FaceTime call.
To do this, all someone needed to do was initiate a FaceTime call with you and then add their own phone number to the FaceTime call to convert it to a Group FaceTime call, which, apparently, forces a FaceTime connection.
From there, the person would be able to hear your audio, even though on your end, it would look like the call hadn't been accepted. If you hit the power button to make the call go away, it would give the person access to your camera.
In our testing, the bug was able to be initiated on iPhones running both iOS 12.2 and iOS 12.1.3, and it affected iPhones, Macs, and iPads running the latest version of Apple's software.
Shortly after the bug was publicized last Monday, Apple said that it was aware of the issue and was already working on a fix set to be released later in the week, which was later delayed until this week. Apple also temporarily made Group FaceTime unavailable by taking the server offline, which put a stop to the bug. Going forward, Group FaceTime will only be available on devices running iOS 12.1.4 or later.
With today's update, the FaceTime bug will no longer be able to be exploited, though it remains unclear if it has been available for use since Group FaceTime launched in October last year or if it became an issue in a later software update.
Reliable accessory brands Anker and Aukey have a new suite of discount codes this week, offering customers the chance to save on portable battery packs, Lightning cables, wall chargers, car chargers, USB-C accessories, and much more.
Below you can find the full list of Anker and Aukey discount codes available this week. Note that all of Aukey's codes will expire on February 13, and as always both companies are offering their discounts on Amazon.
Anker Codes
Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
I've been using the Safe & Sound for a few months now, and I must say, it's turned out to be more useful than I'd initially thought it would be.
Installation
The Onelink Safe & Sound is a hardwired smoke detector, so you'll have to use this in a location that's tied into your home's electrical system rather than being able to rely on battery power. But if you've already got hardwired smoke detectors, swapping them out for Safe & Sound units is simple and straightforward for anyone with a modicum of do-it-yourself experience. Just make sure you turn off power to your existing detector at the breaker, unscrew the detector from the ceiling, and disconnect the wiring.
Once you've got the bare wires hanging out of the ceiling, it's just a matter of attaching the Safe & Sound's mounting plate to the ceiling (likely by simply screwing it directly into the existing junction box in the ceiling), plugging in the proper wiring harness to the back of the Safe & Sound, connecting it to the house wiring with included wire nuts, and attaching the body of the detector to the mounting plate with a twist.
Turn the power back on at the breaker, run through the setup for Onelink, HomeKit, and Alexa in the Onelink app on your iOS device, and you're good to go. It sounds like quite a few steps, but they're all pretty easy and quick to accomplish.
Setup
The Onelink app makes it easy to set up the Safe & Sound, walking you through a series of illustrated steps to ensure your device has Wi-Fi and Bluetooth active, configure Wi-Fi for the Safe & Sound, and pair it to your device with optional notifications for various events. From there, you can scan the HomeKit code on the body of the alarm to allow the Safe & Sound to show up alongside your other HomeKit devices, while also assigning it a name and location within the house and setting a name Siri will recognize.
If you have multiple detectors, you'll need to set them up one at a time in the Onelink app, but as you add them to the same home in the app it will automatically interconnect them so that an alarm activated in one area of the home will be repeated on all other alarms to ensure everyone in the house is alerted in the event of an emergency.
Verbal Cues
When the alarm activates, it includes both loud alert sounds and voice instructions urging residents to evacuate the premise. Using names given to the various locations for the alarms, the voice instructions will say, for example, "Smoke detected in the hallway." A carbon monoxide alarm trigger will include the location of the detected danger and the peak level of carbon monoxide detected.
Onelink App
Once the detector is set up, the app continues to be used as the place to manage it. The app lets you adjust various settings on the Safe & Sound, as well as activate a testing mode to ensure everything is working properly. First Alert recommends the alarms be tested weekly, although most people likely won't do it nearly that frequently once the novelty wears off.
The app can also be used to set the color and brightness of the nightlight feature of the detector, which I've found to be a nice addition considering its location in the upstairs hallway where my children and guests may need to find their way to the bathroom in the middle of the night.
Beyond the alarm and nightlight functions, the app is also where you can manage the Alexa and speaker functions of the Safe & Sound, which are the more unique aspects of this product.
Speaker Functionality
A distinguishing feature of the Safe & Sound is its ability to function as a Bluetooth speaker, allowing you to stream music to it directly from your phone, computer, or other Bluetooth-enabled sources. The sound is actually fairly decent with a surprising amount of depth considering the limitations of putting a speaker in a smoke detector. It's not going to win audio awards, but it's good enough if you just want some tunes or a podcast beamed to a centrally located speaker for background sound.
Following my original installation several months ago, I did notice a bit of choppiness over Bluetooth, particularly at the beginning of tracks as they were buffered. Performance improved the closer I got to the speaker, but given the fixed placement of the Safe & Sound, it's not always convenient to get closer to it. That choppiness has, however, improved significantly in recent months, presumably through firmware updates to the Safe & Sound. I can now reliably stream audio from my phone to the Safe & Sound from at least 20 feet away in another room with no choppiness.
Alexa
Not only does the Onelink Safe & Sound act as a Bluetooth speaker, but it also supports direct access to Amazon's Alexa voice assistant. My kids in particular have found it handy to use Alexa as an encyclopedia or dictionary, as it's the only Alexa-enabled device on our second floor.
I've found the Safe & Sound to be quite sensitive to the Alexa wake word, to the point where the Safe & Sound in our upstairs hallway will activate instead of the Amazon Echo in our living room even when I'm speaking in the living room. As with other Alexa products, we do experience the occasional spurious activation of the voice assistant, which isn't helped by having a kid named Alex, but aside from that, it will occasionally wake up in response to speech that isn't obviously close to the intended wake word.
If you've got Alexa set up to handle other functions in your house such as phone calls, smart home control, and more, you can also access those functions from the Safe & Sound.
If you're listening to audio content on the Safe & Sound over a Bluetooth connection, you can still access Alexa. The Safe & Sound will reduce the Bluetooth audio to a whisper for the duration of your interaction with Alexa, returning it to normal volume when you're done.
With Alexa, you can also access a variety of music services, letting you stream songs and other content from Spotify, Amazon Music, Pandora, SiriusXM, iHeartMedia, Audible, and TuneIn. Playback can be controlled via voice and a simple info/control screen in the Onelink app, or in the Amazon Alexa iOS app to some degree. You won't have full app support in the Alexa app, but if you just need to access a playlist, album, or song, it's easy enough to get it going on the Safe & Sound.
For Apple fans with Alexa devices around the house, a welcome recent addition is support for Apple Music, letting you play content from your Apple Music subscription right from your Alexa devices. Unfortunately, the feature is currently limited to Amazon's own Echo devices, so Apple Music isn't supported on the Onelink Safe & Sound at this time. Amazon has, however, said it plans to extend support to third-party Alexa devices in the future.
HomeKit and Siri
With HomeKit support, the Onelink Safe & Sound detectors become part of your larger home automation ecosystem, meaning you can organize them into Rooms for grouping various HomeKit items in the same location. The detectors will also show up in some other apps such as the Eve and iDevices Connected apps, enabling you to see all of your connected devices and check on their status.
HomeKit support also means First Alert's smoke and carbon monoxide detectors work with Siri commands. Given that these detectors are generally passive devices that primarily only need to be interacted with on rare occasions, it's not a critical feature, but can be a handy one for those times. Available commands include variations of:
- How is my [location] CO detector? - How is my [location] smoke detector? - Do I have a smoke detector? - Is the [location] smoke alarm tripped? - Is the [location] CO alarm tripped? - Change the brightness on my [location] smoke detector to [x] percent.
Even though I don't use HomeKit and Siri controls very often with the Safe & Sound, it's nice to know they're available and that I can quickly use Siri or the Home app to check on my alarms while away from home if the need arises.
AirPlay 2
From the time of the Safe & Sound's original announcement at CES 2018 and launch in mid-2018, First Alert has promised future support for AirPlay 2, which would let the Safe & Sound's speaker functionality integrate with other devices and speakers in the Apple ecosystem for synchronized multi-speaker playback, Siri music support, and more. Unfortunately, a firmware update to add AirPlay 2 support to the Safe & Sound has yet to appear, and First Alert has not committed to a timeframe for a launch, so we're still waiting for that feature to make its debut.
Reliability
When I first had the opportunity to test the Onelink Safe & Sound, I was skeptical about how it would perform. I had a pair of first-generation Onelink Smoke and Carbon Monoxide Alarms (one hardwired and one battery) back in 2016 that simply failed to perform well, and that's a major issue when these detectors can be a matter of life and death. Despite being rated for a ten-year lifetime, my original battery-powered unit began chirping a low-battery warning within a matter of weeks. A replacement unit died within a similar timeframe. It wasn't clear whether something with my network setup or some other factor was causing excessive battery drain, and First Alert later issued a firmware update intended to address the battery life issue.
When it came to my original hardwired Onelink Smoke and Carbon Monoxide Alarm, that detector performed a bit more reliably than the battery-powered version, although it did lose its connection to the app and HomeKit and have to be reset a few times. And after a year, it stopped accepting firmware updates, with the app reporting the detector's firmware was up to date when it definitely was not. First Alert did replace the detector free of charge (as it did with the battery-powered ones that failed), and the replacement had no similar issues.
Those experiences gave me significant pause when considering the Onelink Safe & Sound, but in over six months of testing, I've had absolutely no problems with its reliability. It's maintained a connection to my HomeKit setup ever since the initial configuration, and I've had no trouble connecting to it via the Onelink app.
Besides the Safe & Sound, First Alert recently launched second-generation versions of its basic Smoke and Carbon Monoxide Alarms, so hopefully lessons learned from the original version and incorporated into the Safe & Sound have also made their way to the new standalone detectors.
The Future
Just last month at CES 2019, First Alert announced its second-generation Onelink Safe & Sound that includes built-in mesh Wi-Fi technology as part of First Alert's push into home Wi-Fi with an upcoming Onelink Surround Wi-Fi system that will be able to use second-generation Safe & Sound units as nodes for a mesh network.
Wrap-up
I thankfully haven't had an opportunity to test out First Alert's Onelink Safe & Sound alarm capabilities in a real-life scenario, but I've been pleased with the easy setup and solid reliability in connecting to the Onelink app and HomeKit.
The Alexa and speaker capabilities are a nice bonus, and I was pleasantly surprised to find it's able to produce decent sound, certainly sufficient for casual music listening and providing assistant functions like answering questions, setting timers, and more. Music service integration through Alexa is rather basic with only barebones app support, but Bluetooth gives you another option for piping music straight from another device.
If you're okay with being part of the Alexa ecosystem, it's a convenient package, but the Onelink Safe & Sound's price tag will undoubtedly give many potential customers pause. It carries an MSRP of $249.99, although it can regularly be found through some retailers such as Amazon for around $199.
Granted, the technology packed into the Safe & Sound necessitates a premium price, but this probably isn't something you're going to want to buy a six-pack or more of and scatter all around your house wherever you need a smoke detector. But if you want to put one or two in central areas of your home to supplement your more basic smoke detectors, it's an interesting product.
AirPlay 2 could really be a game-changer for the product, delivering a lot of extra value to those in Apple's ecosystem by helping deliver whole-home audio through an array of speaker products. Unfortunately, the long-promised feature has yet to appear and we don't have an estimate of when it might show up. So at least for now, I'd recommend making any buying decisions under the assumption that AirPlay 2 may never arrive, and if it does, it'll be a nice bonus.
Note: First Alert provided MacRumors with a Onelink Safe & Sound for the purpose of this review. No other compensation was received. MacRumors is an affiliate partner Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
Toyota today ahead of the Chicago Auto Show announced that its 2020 model year Tacoma, Tundra, Sequoia, and 4Runner vehicles will feature CarPlay, Android Auto, and Amazon Alexa in the United States.
CarPlay in 2020 Toyota Sequoia
CarPlay will be a standard feature in each vehicle, but screen size will vary by trim. With the 2020 Tacoma, for example, the base SR trim will feature a 7-inch touchscreen while SR5 trims and higher as well as TRD Pro trims of the Tundra, Sequoia, and 4Runner will feature a larger 8-inch touchscreen.
The press release doesn't specify whether the CarPlay implementation is wired or wireless, but it is presumably wired in line with its 2019 and newer Avalon, Corolla Hatchback, Camry, RAV4, Sienna, and C-HR. Toyota will offer wireless CarPlay in the 2020 Supra since it is based on a BMW platform.
Toyota was one of the last major automakers to offer CarPlay, which provides convenient dashboard access to iPhone apps such as Phone, Messages, Apple Maps, Google Maps, Waze, Apple Music, and Spotify. These will be the first-ever Tacoma, Tundra, Sequoia, and 4Runner models with factory-installed CarPlay.
CarPlay availability in Toyota vehicles may vary outside of the United States. Pricing and availability were not disclosed.
2020 Volkswagen Passat in Europe
In related news, Volkswagen this week announced that the 2020 Passat will be its first vehicle with wireless CarPlay, although the press release is for the European market. It's unclear if or when Volkswagen will offer wireless CarPlay in the United States or other countries—we've reached out to ask.
Two vulnerabilities that Apple patched in its latest iOS 12.1.4 update were successfully exploited by hackers before they were known to Apple, according to a top Google security engineer.
Note: MacRumors is an affiliate partner with B&H Photo. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
