When Apple caved to pressure from the Chinese government and yanked an Ios app that let users avoid being attacked by the city-state's murderous, rampaging police forces, it was merely continuing a long tradition of capitulation to Chinese authorities, who control access to some of Apple's most important customers as well as the factories that make the bulk of Apple's products. Read the rest

Last month, a developer called Axi0mx released an Iphone crack called Checkm8, which attacks a defect in the Ios bootrom, a low-level piece of code that has not been successfully attacked since 2010. The bootrom is read-only, making its defects effectively unpatchable, short of removing the chip and swapping it for one with more robust code (the attack also works on version 1, 2 and 3 Apple Watches). Read the rest

A bit of good news for pro-democracy protesters in Hong Kong, and the app developers trying to help them not get injured or killed by police. Read the rest

Hkmap Live is a crowdsourced app that uses reports from a Telegram group to track the locations of protesters, police, and traffic, as well as the use of antipersonnel weapons like tear gas, mass arrests of people wearing t-shirts associated with the protest movement, and mass transit closures in proximity to demonstrations (it's a bit like Sukey, the British anti-kettling app). Read the rest

Early this month, Google's Project Zero revealed a breathtaking attack on multiple OSes, including Apple's Ios, in which a website that served Uyghur people was found to be hosting at least five different kinds of Ios malware that exploited previously unknown defects in Apple's code (the attack is presumed to have been the work of the Chinese state, which has been prosecuting a genocidal campaign against Uyghurs, whose high-tech fillips have seen both cities and apps suborned to aid in the pogrom). Read the rest

Apple has temporarily disabled the 'Walkie Talkie' iOS app for Apple Watch after a vulnerability was revealed that could allow a third party to eavesdrop on your iPhone. Read the rest

You're browsing a news app on your phone in bed, alone, late at night. Did you know your physical location and IP address are being shared with the app maker? Read the rest

In a new paper for IEEE Security, a trio of researchers (two from Cambridge, one from private industry) identify a de-anonymizing attack on Iphones that exploits minute differences in sensor calibration: an Iphone user who visits a webpage running the attack code can have their phone uniquely identified in less than a second, through queries to the sensors made through automated background processes running on the page. Read the rest

Bad Hombre is an award-winning satirical game created by 16-year-old Jackie George. Two days after it won the Shortly Award and was recognized in her school newsletter, Bad Hombre was removed from both Apple's App Store and Google Play (George notes that her town of Naples, FL is very conservative with a lot of Trump supporters and is suspicious that one of her neighbors reported the app). Read the rest

This week, we learned that the notorious Israeli cyber-arms-dealer NSO Group had figured out how hijack your Iphone or Android phone by placing a simple Whatsapp call, an attack that would work even if you don't answer the call. Read the rest

Spotify has asked the EU Commission to intervene in its business relationship with Apple, citing the fact that Apple takes a 30% vig on all customer revenues from people who join the service or buy songs through an Iphone app, while Apple's own competing Itunes store does not have to pay this commission. Read the rest

Absher is a kind of Saudi equivalent to China's Weibo, an all-in-one service that manages payments, interaction with government services, and, key to the Saudi system of sadistic, totalitarian medieval patriarchy, it lets men track the whereabouts of their wives, daughters, and employees, sending alerts to "guardians" when women use their passports. Read the rest

If you need to build an app quickly and easily, you might decide to use Facebook's SDK, which has lots of bells and whistles, including easy integration of Facebook ads in your app's UI. Read the rest

Senator Ron Wyden has publicly denounced both Apple and Google for hosting mobile apps that connect to Absher, a Saudi government service designed to allow Saudi men to track their spouses and employees' whereabouts at all times. Read the rest

Yesterday, Techcruch published a deeply reported account of Facebook's "Project Atlas,", a "research" app whose users were paid up to $20/month (plus affiliate fees) to install on Ios devices, which exploited third parties with access to Apple's developer program to install a man-in-the-middle certificate that allowed Facebook to harvest every conceivable kind of data from its users' Iphones and other Ios devices. Read the rest

The "Facebook Research" VPN is an app that circumvents Apple's ban on certain kinds of surveillance by cloaking itself as a beta app and distributing through the Applause, Betabound and Utest services, rather than Apple's App Store: users get up to $20/month, plus referral fees, to run the app, which comes with a man-in-the-middle certificate that lets Facebook intercept "private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed." Read the rest