A few weeks ago, the blogosphere raised concerns about the Windows version of Apple Software Update for offering new software installations (e.g., Safari) disguised as product updates. At the time, we “blogged about it”:http://blogs.stopbadware.org/articles/2008/03/24/apple-updates-raise-eyebrows and said we were looking into it. It turns out that we were prepared to release an alert today identifying the product as badware. I’m glad to report, however, that we don’t have to, as Apple yesterday released an updated version that addresses the concerns that bloggers and StopBadware.org raised with them.
Here’s some additional information about our recent activity on this issue:
On Monday, I called Apple’s PR department to notify them that we were preparing to release a badware alert about Apple Software Update on Thursday (i.e., today). (It is our standard policy to give advance notice and send a copy of the draft to the software producer before we release a badware alert.) When I hadn’t received a call by Tuesday, I e-mailed the draft to several PR people at Apple whose job titles seemed most likely to be relevant to the issue. I never did receive a response.
The alert draft made one clear recommendation to Apple:
bq. Clearly differentiate, in a manner understandable to a typical computer user, between software updates and installations of new applications.
Our detailed report draft, which accompanied the alert, also included the following observation:
bq. Apple does not appear to have a software license agreement (SLA) or privacy policy for Apple Software Update. None is included during installation, none can be found in the application itself, and none is listed on “Apple’s SLA web page”:http://www.apple.com/legal/sla. We have not been made aware of any behaviors in Apple Software Update that affect user privacy.
Late on Wednesday, one of our staff noticed that Apple Software Update was notifying him of a new version of itself. This morning, I ran Apple Software Update myself and, sure enough, I saw a new version of Apple Software Update available (listed as version 2.1, reported in the app as 2.1.0.110). I chose to install it and was immediately presented with an SLA for Apple Software Update. After accepting, the update installed and prompted me to reboot. After the reboot, I ran the new version of Apple Software Update, and I saw this:
Notice the difference in how the new applications (in this case, Safari and iTunes + QuickTime) are presented compared to the old version:
Note also the difference in language in the line under “New software is available from Apple.” We had noted the old language, which explicitly referred to updates, in our report draft.
Apple clearly responded to the concerns of the community in making these changes, and consumers will benefit. The previous version of Apple Software Update was confusing to users and had the potential to lead users to stop trusting in the update process, a process that is critical to security efforts. With this change, and hopefully additional changes as the community provides additional feedback to this latest iteration, users can feel more comfortable with what they’re agreeing to when installing updates and new software via Apple’s tool.
