• androidiosphone
  • 02/06/2022

Apple says it never intended iOS 14 security updates to last forever [Updated]

Update, 3:30pm: Apple has pointed us a support page, published in September of 2021, that mentions iOS 14 receiving updates for "a period of time" as evidence that iOS 14 security updates were always intended to be a short-term offering. That notice's lack of specificity doesn't address our core complaint about Apple's lack of security timelines and transparency, but we've updated the article accordingly.

Original story: When iOS 15 was first unveiled, Apple announced that the upgrade wouldn't be mandatory for people who wanted to stick with iOS 14. The new operating system would still be offered to every device that could run it, but iOS 14 would keep getting security updates so that people wouldn't be left vulnerable just because they were happy with the performance and stability of the OS they were already running.

But last week, 9to5Mac and others noticed that the iOS 14.8.1 update had stopped being offered to phones running iOS 14. The only upgrade option was for the latest version of iOS 15, currently 15.2.1. We've confirmed with Apple that this isn't an error; iOS 14 is no longer being updated, and anyone who wants the latest security updates will also need to accept the other changes in iOS 15.

Apple says it never intended iOS 14 security updates to last forever [Updated]

Apple told Ars that it always intended the iOS 14 security update option to be temporary. Essentially, people could have a short grace period while Apple worked out the worst of the new operating system's early bugs, but you would always eventually have to upgrade to stay patched.

PSA: Apple isn’t actually patching all the security holes in older versions of macOS

The features page for iOS 15 merely says that users can "continue on iOS 14 and still get important security updates," with no mention of any sort of time limit, though this support page published after iOS 15's release does mention that iOS 14 security updates will only be available for a vague "period of time." This approach isn't consistent with how Apple handles macOS, where the two previous versions of the OS continue to receive security updates in (albeit imperfect) lockstep with the latest macOS version.

There was also a precedent for Apple keeping an older iOS version updated long term, namely iOS 12, which got security updates throughout the iOS 13 and iOS 14 life cycle. The difference is that iOS 12 was the last version of the OS that could run on several iDevices, including the iPhone 5S, 6, and 6 Plus, as well as the original iPad Air and the iPad mini 2 and 3. All devices that can run iOS 14 are capable of upgrading to iOS 15. Presumably, the next time an iOS update drops support for a swath of devices, Apple will also be more generous with its security update timeline.

And that gets us back to the main problem with Apple's security update policy—a lack of transparency, predictability, and communication. Giving iOS 14 users the option to stay secure before eventually pushing them toward iOS 15 actually seems like a reasonable compromise, letting users skip the bugs that come with any all-new iOS update while still giving developers the benefit of a large unified platform where you can reasonably assume that most people are running the same version of the OS.

But Apple should have been clearer about the limited time window for that strategy if it was the intention from the start. Users of older hardware and software shouldn't need to guess, based on past precedent and tea-leaf reading, whether their devices will continue to be secure because they aren't running (or can't run) the latest version of the OS. For example, it seems like support for iOS 12 has ended, since its last update was in September of 2021 and Apple has released several new iOS updates since then—but with no actual announcement, all we can do is assume.

Apple likes keeping secrets and hates talking in public about its future plans. But these are all mature operating systems with well-established update patterns. For the sake of the people who use this hardware and software, and for the developers and administrators who support Apple's devices out in the real world, a little more transparency would go a long way. And we'll keep saying that until Apple actually gives it to us.