MacRumors

Apple today began selling refurbished 2018 models of the MacBook Air and Mac mini for the first time, although availability is currently limited to Europe. Listings for refurbished 2018 MacBook Air models have also gone live in the United States, but the purchase button does not work yet.

In the UK, the base model ‌MacBook Air‌ is priced at £1,019, which is £180 off Apple's regular price of £1,199 brand new. The base model Mac mini is priced at £679, reflecting savings of £120 off £799 brand new.

The refurbished ‌MacBook Air‌ models will start at $1,019 in the United States when they become available to order. That is a discount worth passing over, as authorized resellers such as Amazon and B&H are currently offering the 2018 ‌MacBook Air‌ brand new in box for $999, a savings of $200:

• Amazon: 1.6GHz Core i5 / 128GB SSD / 8GB RAM / Space Gray
  

• Amazon: 1.6GHz Core i5 / 128GB SSD / 8GB RAM / Silver
  

• B&H: 1.6GHz Core i5 / 128GB SSD / 8GB RAM / Space Gray
  

• B&H: 1.6GHz Core i5 / 128GB SSD / 8GB RAM / Silver

‌Mac mini‌ deals are less common, so refurbished models could be worth considering. Orders placed today are estimated for delivery by early next week in the United Kingdom. We recommend using Refurb Tracker to monitor inventory.

Apple says certified refurbished ‌MacBook Air‌ and ‌Mac mini‌ models are thoroughly inspected, tested, cleaned, and repackaged, with all manuals and cables included in the box. In our view, a refurbished Mac is virtually indistinguishable from a brand new one, and is also backed by Apple's standard one-year warranty.

A refurbished Mac's warranty can be extended to three years from the refurbished purchase date with AppleCare+.

Update: Refurbished 2018 ‌MacBook Air‌ and ‌Mac mini‌ models are also available in other European countries such as Spain, France, Germany, Ireland, Belgium, and Italy. Thanks to Jean-Baptiste from iPhoneAddict.

Note: MacRumors is an affiliate partner with Amazon and B&H. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Apple today shared a trio of new Memoji ads on its YouTube channel featuring Ariana Grande, Khalid, and Florida Georgia Line.

The videos highlight today's release of Grande's full album "Thank U, Next," yesterday's release of Khalid's single "Talk," and the upcoming release of Florida Georgia Line's country album "Can't Say I Ain't Country" on February 15. All of the songs and albums can be streamed with Apple Music.

Grande and Florida Georgia Line are nominees for the 61st GRAMMY Awards, airing this Sunday on CBS at 8 p.m. Eastern Time. Grande and fellow nominees Shawn Mendes and Kacey Musgraves are featured on Memoji billboards in Los Angeles.

In a support document outlining the security content of iOS 12.1.4, Apple credited both 14-year-old Grant Thompson of Catalina Foothills High School in Tucson, Arizona and Daven Morris of Arlington, Texas with reporting a major Group FaceTime bug to the company that allowed users to eavesdrop on others.

Thompson and his mother are widely known for being the first people to discover and report the bug to Apple, over a week before it made headlines on January 28, but nothing was known about Morris until now.

The Wall Street Journal today shared a few details about Morris, noting he is a 27-year-old software engineer who reported the bug to Apple on January 27, several days after the Thompsons but one day before it made headlines. He apparently discovered the bug a week earlier while planning a group trip with friends.

Apple on Thursday said it will compensate the Thompson family for finding and reporting the bug and make an additional gift toward Grant Thompson's education. Apple hasn't disclosed the exact sums of the donations. It's unclear if Morris will also be compensated by the company for reporting the bug.

In a statement issued to MacRumors, Apple apologized for the bug a second time and assured customers that it has been fixed in iOS 12.1.4, as has a previously unreported vulnerability in the Live Photos feature of FaceTime:

Today's software update fixes the security bug in Group FaceTime. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS.

Apple has reenabled its Group FaceTime servers, but the feature will remain permanently disabled on iOS 12.1 through iOS 12.1.3.

Widely publicized last month, the ‌FaceTime‌ bug allowed one person to call another person via ‌FaceTime‌, slide up on the interface and enter their own phone number, and automatically gain access to audio from the other person's device without that person accepting the call. In some cases, even video was accessible.

We demonstrated the bug in a video at the time:

Apple already faces a lawsuit in Texas, a proposed class action lawsuit in Canada, questions from a U.S. Congress committee, and an investigation by New York officials over the bug and its serious privacy implications.

Sprint has filed a lawsuit in federal court against AT&T for its false "5G Evolution" claims that appeared on some iPhones in iOS 12.2 beta 2 earlier this week, and on Android phones in January (via Engadget). AT&T says that this "5GE" label indicates to customers when they are in an area where 5G Evolution "may be available," but it's really just an upgraded version of 4G LTE, because any form of 5G on an iPhone is impossible at this point.

Apple will have to release new hardware to support 5G services, a launch that isn't expected until 2020. Because of this, Sprint has filed an injunction to prevent AT&T from using ‌5GE‌ tags on its devices or in advertising, claiming that AT&T is damaging the consumer reputation and understanding of true 5G, and potentially hurting Sprint's upcoming launch of 5G in the process.

In the claim, Sprint explains that it commissioned a survey and found that 54 percent of consumers believed that the "‌5GE‌" networks were the same as, or even better, than true 5G. Forty-three percent thought that if they purchased an AT&T smartphone today it will be 5G capable, both of which are not true.

Now, Sprint wants to stop AT&T from damaging the 5G brand while it builds a "legitimate early entry into the 5G network space." Like every other network carrier, Sprint has been working on a wide-scale 5G network that has previously been said to launch in late 2019. True 5G networks will grant users faster data speeds and lower latency on compatible smartphones and other cellular devices.

For Apple, the company won't release an ‌iPhone‌ that can connect to 5G data networks until at least 2020. While other companies will begin supporting 5G in smartphones in 2019, Apple is delaying support due to expected issues with early 5G launches, like poor coverage. Apple took the same strategy during the launch of 3G and 4G, the two previous generations of high-speed mobile services.

Update: AT&T has provided the following statement to MacRumors:

“We understand why our competitors don’t like what we are doing, but our customers love it. We introduced 5G Evolution more than two years ago, clearly defining it as an evolutionary step to standards-based 5G. 5G Evolution and the 5GE indicator simply let customers know when their device is in an area where speeds up to twice as fast as standard LTE are available. That’s what 5G Evolution is, and we are delighted to deliver it to our customers.

We will fight this lawsuit while continuing to deploy 5G Evolution in addition to standards-based mobile 5G. Customers want and deserve to know when they are getting better speeds. Sprint will have to reconcile its arguments to the FCC that it cannot deploy a widespread 5G network without T-Mobile while simultaneously claiming in this suit to be launching ‘legitimate 5G technology imminently.’”

Apple CEO Tim Cook is set to deliver the keynote address to Tulane graduates at the university's 2019 commencement event, set to take place on May 18 in the Mercedes-Benz Superdome, the university announced today.

Tulane University shared the news with students through a cute video that spelled out Cook's visit in emoji.

Tulane President Mike Fitts said that Cook represents the "kind of success" that the university hopes that all graduates can attain.

"At Tulane, we are committed to addressing global challenges, giving back to our community and always acting with integrity and wisdom. Tim shows us how we can incorporate these values into life beyond graduation, and we are thrilled to have him as part of our commencement celebration."

Cook said that he "can't wait" to celebrate alongside new Tulane graduates later this year.

"Tulane's dedication to its students and the diverse community around them is an awesome example of the lessons we all learn when we come together, recognize our responsibilities to each other and give back," said Cook. "At Apple we believe that education is a powerful equalizing force, and I can't wait to celebrate alongside this year's students who have worked hard, followed their passions and who stand ready to change the world."

Cook has given commencement addresses at multiple universities over the years, including his alma mater Auburn University, Duke University, George Washington University, and MIT.

Yesterday, TechCrunch discovered that multiple popular iPhone apps from major companies are using intrusive analytics services that capture data ranging from taps and swipes to full screen recordings, all without customers knowing about it.

Today, Apple has informed app developers that this kind of screen recording analytics code needs to be clearly disclosed to customers or removed from iOS apps. From an Apple spokesperson's email to TechCrunch:

"Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity."

"We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary," the spokesperson added.

At least one developer has already been told to remove the code that recorded app activities. From an email to the developer:

"Your app uses analytics software to collect and send user or device data to a third party without the user's consent. Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity."

Apple is serious about getting rid of this code and gave the developer in question less than a day to remove it and resubmit the app before it would be pulled from the App Store.

High-profile apps like Abercrombie & Fitch, Hotels.com, Air Canada, Hollister, Expedia, and Singapore Airlines are using Glassbox, a customer experience analytics firm with a "session replay" screen recording feature.

Session replays are designed to let developers screenshot or record or a user's screen and then play back those recordings to see how users interact with their apps. Taps, button pushes, and keyboard entries are all captured and provided to app developers.

None of the apps above disclosed that they were recording a user's screen in their privacy policies, which is apparently in violation of Apple's ‌App Store‌ rules.

Apple also requires apps that record the screen to have a little red icon on the top left corner of the phone to make it clear that the screen is being recorded, and it sounds like Apple is going to enforce this rule for this kind of analytics tracking.

Most likely, apps will need to remove this feature because customers are not going to willingly use an app that's recording everything that they're doing and displaying a persistent red icon while the app is open.

There are many other analytics companies that have similar practices like Appsee and UXCam, so there are undoubtedly many more apps that are using these secret screen recording features without customer knowledge.

Update: Glassbox, the company that many apps use for screen recording analytics capabilities, provided the following statement to MacRumors on the issue:

"TechCrunch's piece raised valid concerns. Yet we believe it is partial and doesn't adequately convey the many benefits for our customers and their users; or reflect the security and privacy capabilities inherent in Glassbox.

Glassbox and its customers are not interested in "spying" on consumers. Our goals are to improve online customer experiences and to protect consumers from a compliance perspective. Since its inception, Glassbox has helped organizations improve millions of customer experiences by providing tools that record and analyze user activity on web sites and apps. This information helps companies better understand how consumers are using their services, and where and why they are struggling.

We are strong supporters of user privacy and security. Glassbox provides its customers with the tools to mask every element of personal data. We firmly believe that our customers should have clear policies in place so that consumers are aware that their data is being recorded -- just as contact centers inform users that their calls are being recorded.

Furthermore: No data collected by Glassbox customers is shared with third parties, nor enriched through other external sources.
Glassbox meets the highest security and data privacy standards and regulations (e.g. SOC2, GDPR), and all data captured via our solution is highly secured and encrypted.

We provide our customers with the ability to mask every piece of data entered by a consumer, restrict access to authorized users, and maintain a full audit log of every user accessing the system.

We don't simply record data and provide customers with session replay. Brands come to us because Glassbox means source-proof, tamper-proof, encrypted records of digital activity. These characteristics make Glassbox invaluable, not to 'spy' on customers, but to (a) aid in creating the best and easiest digital journey, and (b) protect both brands and customers with evidential truth that allows for safe and compliant digital experiences."

Following the release of iOS 12.1.4, Apple today issued an apology to customers and said that it had found and fixed the Group FaceTime bug and an additional security vulnerability involving Live Photos in the ‌FaceTime‌ app.

From a statement provided to MacRumors:

Today's software update fixes the security bug in Group FaceTime. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS."

Going forward, Apple says that the ‌Live Photos‌ feature will not be available in ‌FaceTime‌ on older versions of iOS and macOS. Capturing a Live Photo will require iOS 12.1.4 or the new version of macOS 10.14.3. Apple is also restricting Group ‌FaceTime‌ from devices running earlier versions of iOS.

Apple in a security document released this morning outlines the specific fixes that were implemented in iOS 12.1.4 and the macOS 10.14.3 supplemental update.

Apple fixed a logic issue that existed in the handling of Group ‌FaceTime‌ calls with improved state management, and the Group ‌FaceTime‌ testing led to the discovery of the ‌Live Photos‌ issue. Apple says that the ‌Live Photos‌ bug was fixed with "improved validation on the ‌FaceTime‌ server."

Additional Foundation and IOKit bugs were fixed in iOS as well, addressing memory corruption issues that could lead to elevated privileges for applications.

Apple lists Grant Thompson of Catalina Foothills High School as one of the people who discovered the ‌FaceTime‌ bug. Thompson and his mother made multiple attempts to get into contact with Apple to inform the company of the bug well ahead of when it went public. Daven Morris of Arlington, TX is also listed as a person who discovered the vulnerability and reported it to Apple.

Apple has apologized for missing those messages and has vowed to improve its bug reporting system to make sure future bug reports are distributed to the right people. Apple will be compensating the Thompson family for finding and reporting the bug, and Apple will be providing an additional scholarship to be put towards Thompson's education.

A recently published Apple patent application suggests that a future HomePod could feature support for 3D hand gestures, Face ID, and much more.

While the patent application does not refer to the ‌HomePod‌ by name, it describes a voice-controlled assistant device such as a "countertop speaker" with various sensors and cameras that "gather hand gestures and other three-dimensional gesture input." This could include waving, clapping, and so forth.

Interestingly, the ‌HomePod‌ could have LEDs woven into the fabric to provide visual feedback for the hand gestures. The LEDs could also be configured to display alphanumeric characters through the fabric that change depending on time of day.

3D hand gesture support on the ‌HomePod‌ could utilize technology Apple gained from its acquisition of PrimeSense in 2013. In 2016, for example, Apple filed a patent for hand gestures on the Mac such as push, up, and wave that could be used to perform basic app interactions like scrolling through a menu.

Gestures described herein include focus gestures and unlock gestures. A focus gesture enables the user to engage (i.e., take control of) an inactive non-tactile 3D user interface. An unlock gesture enables the user to engage a locked non-tactile 3D user interface, as pressing a specific sequence of keys unlocks a locked cellular phone. In some embodiments, the non-tactile 3D user interface conveys visual feedback to the user performing the focus and the unlock gestures.

Examples of unlock gestures include an "up" gesture (e.g., raising hand 30 a specified distance), a sequence of two sequential wave gestures, and a sequence of two sequential push gestures, as described in detail hereinbelow.

PrimeSense's technologies were initially used by Microsoft for its Kinect motion sensor for Xbox. Apple later incorporated some of the technologies into the TrueDepth system that powers ‌Face ID‌ on the iPhone X and newer.

As for ‌Face ID‌, the patent explains that the ‌HomePod‌ could identify users in the vicinity of the speaker using "facial recognition," as well as measure the distance of users to the speaker. This could allow for biometric authentication of Personal Requests, multiple user profiles, and more on a future ‌HomePod‌.

In late 2017, the president of Apple supplier Inventec said his company sees a trend towards both facial and image recognition technology being incorporated into smart speakers, without specifying which speakers in particular. This led Apple analyst Jeff Pu to predict the launch of a Face ID-enabled HomePod in 2019.

The exhaustive patent goes on to describe a variety of other potential features for a future ‌HomePod‌, such as ambient light sensing, displaying a sunshine icon if sunny weather is forecast, displaying the logo of a sports team that wins a game, heart rate sensing, and much more.

One quirky feature mentioned is an emoji-based avatar that would adapt to a user's mood or actions. If the user is sad, for example, the emoji may reflect sadness. Or, if a user asks the ‌HomePod‌ for information on purchasing a birthday gift, the speaker may display a happy emoji to present results.

The patent application was filed with the U.S. Patent and Trademark Office in July 2017, six months prior to the launch of the current ‌HomePod‌, but it was only published in late January due to a standard 18-month confidentiality period.

Apple files numerous patent applications every week, of course, and many of the inventions do not see the light of day. Patents are also very detailed, encompassing many possible ideas, even ones that Apple might not have any plans to advance. So, the exact implementation if any remains to be seen.