Study: Popular iOS apps use 'background app refresh' to send your location and IP address

You're browsing a news app on your phone in bed, alone, late at night. Did you know your physical location and IP address are being shared with the app maker? Read the rest

In less than one second, a malicious web-page can uniquely fingerprint an Iphone, Pixel 2 or Pixel 3 without any explicit user interaction

In a new paper for IEEE Security, a trio of researchers (two from Cambridge, one from private industry) identify a de-anonymizing attack on Iphones that exploits minute differences in sensor calibration: an Iphone user who visits a webpage running the attack code can have their phone uniquely identified in less than a second, through queries to the sensors made through automated background processes running on the page. Read the rest

Apple removed a teen's award-winning anti-Trump game "Bad Hombre" because they can't tell the difference between apps that criticize racism and racist apps

Bad Hombre is an award-winning satirical game created by 16-year-old Jackie George. Two days after it won the Shortly Award and was recognized in her school newsletter, Bad Hombre was removed from both Apple's App Store and Google Play (George notes that her town of Naples, FL is very conservative with a lot of Trump supporters and is suspicious that one of her neighbors reported the app). Read the rest

Discovering whether your Iphone has been hacked is nearly impossible thanks to Apple's walled garden

This week, we learned that the notorious Israeli cyber-arms-dealer NSO Group had figured out how hijack your Iphone or Android phone by placing a simple Whatsapp call, an attack that would work even if you don't answer the call. Read the rest

Spotify's antitrust complaint against Apple is a neat parable about Big Tech's monopoly

Spotify has asked the EU Commission to intervene in its business relationship with Apple, citing the fact that Apple takes a 30% vig on all customer revenues from people who join the service or buy songs through an Iphone app, while Apple's own competing Itunes store does not have to pay this commission. Read the rest

Google says it won't remove Saudi government app that lets men track and monitor their wives and domestic employees

Absher is a kind of Saudi equivalent to China's Weibo, an all-in-one service that manages payments, interaction with government services, and, key to the Saudi system of sadistic, totalitarian medieval patriarchy, it lets men track the whereabouts of their wives, daughters, and employees, sending alerts to "guardians" when women use their passports. Read the rest

Mobile apps built with Facebook's SDK secretly shovel mountains of personal information into the Zuckermouth

If you need to build an app quickly and easily, you might decide to use Facebook's SDK, which has lots of bells and whistles, including easy integration of Facebook ads in your app's UI. Read the rest

Ios and Android app stores both host Saudi government app that lets men track their spouses' movements

Senator Ron Wyden has publicly denounced both Apple and Google for hosting mobile apps that connect to Absher, a Saudi government service designed to allow Saudi men to track their spouses and employees' whereabouts at all times. Read the rest

Facebook cancels its all-spying, secret "research" program, Apple cancels Facebook's developer account

Yesterday, Techcruch published a deeply reported account of Facebook's "Project Atlas,", a "research" app whose users were paid up to $20/month (plus affiliate fees) to install on Ios devices, which exploited third parties with access to Apple's developer program to install a man-in-the-middle certificate that allowed Facebook to harvest every conceivable kind of data from its users' Iphones and other Ios devices. Read the rest

Apple was slow to act on FaceTime bug report, which came from mother of 14 year old who found it

Go get a developer account and send us a formal bug report, Apple reportedly told them.

Project Atlas: Facebook has been secretly paying Iphone users to install an all-surveilling "VPN" app

The "Facebook Research" VPN is an app that circumvents Apple's ban on certain kinds of surveillance by cloaking itself as a beta app and distributing through the Applause, Betabound and Utest services, rather than Apple's App Store: users get up to $20/month, plus referral fees, to run the app, which comes with a man-in-the-middle certificate that lets Facebook intercept "private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed." Read the rest

FaceTime bug lets you hear or see through someone else’s iPhone, even if they haven’t answered

“We’re aware of this issue and we have identified a fix that will be released in a software update later this week.” — Apple.

Apple's bi-annual report on government data requests is available to read

A couple of times a year, Apple plops out a report detailing all of the user data requests made by government and law enforcement agencies from around the world. In the latest bi-annual report, it looks like information requests have increased since the last reporting period.

From Engadget:

According to the report, which covers the first half of this year, Apple received 32,342 demands for user data from governments -- up 9 percent from the previous period -- spanning access to 163,823 devices. Germany made the most requests (42 percent), the majority of which were due to "stolen devices investigations," issuing 13,704 requests for data on 26,160 devices.

The US was in second place with 4,570 requests for 14,911 devices. More than half of these requests (2,397) were for users' basic account information or content, revealed Apple. The US also asked for 918 financial identifiers -- which cover suspected fraudulent credit, debit, or gift card transactions -- attributing them to iTunes gift card fraud.

It used to be that the report was only offered as a dense, boring PDF. But Apple, in an attempt to boost their corporate transparency, has made their report numbers available to peruse via an interactive website that can be searched by country and the month that the user data was requested.

According to Engadget, Apple's report doesn't include the number of FISA requests made, as there is a legally binding six-month delay required on reportage of such requests.

If you're an Apple hardware or services user, it's worth taking a quick jaunt over to the company's transparency website to see what kind of user information your government has been trying to get their hands on. Read the rest

Apple bothering people with unwanted "Carpool Karaoke" push notifications

Apple's Carpool Karaoke... isn't great. But despite scathing critical reviews of the show, Apple keeps trying to make it happen. In fact, they're so horny for the show to succeed that they've been forcing advertisements for it out to iOS users. According to The Verge, many iPhone, iPad and Apple TV users have been receiving unwanted Carpool Karaoke push notifications from Apple, via the iOS TV app for the past few weeks.

From The Verge:

We’re not sure how many iPhone users received the notifications, but it looks like Apple has tried plugging its show at least twice in recent weeks: once on December 7th for an episode where Kendall Jenner and Hailey Baldwin grill each other using a lie detector test, and once on December 14 for an episode featuring joint singalongs with comedian Jason Sudeikis and the Muppets.

Developed in house by Apple, the TV app doesn't ask for user permission to send along push notifications the first time that it's launched, like third-party developed iOS apps do. The shit and giggle part of this is that Apple App Store policy makes it very clear to developers that unsolicited notifications pushing advertising, features or promotions are not OK. If you know your way around iOS, turning off notifications spewed out by any app is as easy as flipping on a light -- but not all of Apple's users are software-savvy. So, without help, they could be stuck putting up with the company's unwanted solicitations.

It's a case of "do as we say and not as we do," I suppose. Read the rest

Cydia, the app store for jailbroken iOS devices, will no longer sell apps

Almost immediately after buying my first iPhone in 2009, I became hooked on jailbreaking. Despite the fact that my iPhone 3GS met all of my mobile computing needs, I couldn't resist the temptation to tweak my user experience: tethering my computer on the go, messing with the color and style of my onscreen keyboard--you name it. If it was available for download via Cydia app, I gave it a spin. Some apps and hacks were worth paying for. Many weren't. I never dabbled in pirated apps, but I could have! That's what was so wonderful about Cydia: it offered the possibility of wandering off the path of what was normally a walled garden.

Sadly, after years of service to the homebrew and jailbreaking community, Cydia is shuttering its store.

From Engadget:

Service creator Jay Freeman (aka Saurik) has shut down the Cydia Store citing a combination of costs and security issues. It "loses [him] money" and, when there were multiple staffers, cost him a significant chunk of his "sanity." And while Freeman had already planned to close the store by the end of 2018, he bumped it up a week after learning of a security hole that let let someone buy apps through your account if you were logged in and browsing untrusted app repositories.

The good news is that you’ll still be able to gain access to apps previously purchased in the Cydia store – at least for the time being. As sad as it is to see Cydia winding down, this isn’t the end of the road for jailbreaking. Read the rest

Supreme Court looks ready to let customers sue Apple for abusing its App Store monopoly

The Supreme Court hearing on Pepper v Apple has not gone well for Apple; the Supremes are considering whether App Store customers are entitled to sue Apple over its monopoly control over the Ios App Store. Read the rest

Moment is offering a new telephoto smartphone lens and I'm so there for it

I'm a big fan of Moment's lens system for Android and iOS smartphones. The company is staffed by folks who are just as passionate about mobile photography as I am. More importantly, they seem to understand that having to buy entirely new lenses every time you land a new handset is twelve different kinds of Bullshit. With Moment's second generation lens system, all you need to do when you invest in a new smartphone is plunk down some new cash for a new photo case and you're in business. Their business model makes me feel comfortable with fielding the relatively steep cost of their high quality smartphone accessory lenses and other kit.

Today, Moment announced that they're releasing a new 58mm telephoto lens. If you're using it with a single lens smartphone like the Google Pixel 3, it'll provide you with 2X optical zoom. Have a dual camera lensed phone like my iPhone 7 Plus? You can expect 4X optical telephoto zoom. That means better photos of far away subjects, portraits and landscapes without having to deal with the pixilation that comes from using digital zoom. Having this option makes me feel much less obligated, in many cases, to bring along an actual camera with me.

I've got one on the way to me and can't wait to try it out. I'm curious to see how it performs versus the last incarnation of their tele lens. I'll post a review with a few choice shots of the lens in action just as soon as I can. Read the rest

More posts