Saturday, 30 May 2020

This Week in Apps: Facebook launches trio of app experiments, TikTok gets spammed, plus coronavirus impacts on app economy

Welcome back to This Week in Apps, the Extra Crunch series that recaps the latest OS news, the applications they support and the money that flows through it all.

The app industry is as hot as ever, with a record 204 billion downloads and $120 billion in consumer spending in 2019. People are now spending three hours and 40 minutes per day using apps, rivaling TV. Apps aren’t just a way to pass idle hours — they’re a big business. In 2019, mobile-first companies had a combined $544 billion valuation, 6.5x higher than those without a mobile focus.

In this Extra Crunch series, we help you keep up with the latest news from the world of apps, delivered on a weekly basis.

This week we’re continuing to look at how the coronavirus outbreak is impacting the world of mobile applications, with fresh data from App Annie about trends playing out across app categories benefiting from the pandemic, lockdowns and societal changes. We’re also keeping up with the COVID-19 contact-tracing apps making headlines, and delving into the week’s other news.

We saw a few notable new apps launch this week, including HBO’s new streaming service HBO Max, plus three new app experiments from Facebook’s R&D group. Android Studio 4.0 also launched this week. Instagram is getting better AR tools and IGTV is getting ads. TikTok got spammed in India.

Meanwhile, what is going on with app review? A shady app rises to the top of the iPhone App Store. Google cracks down on conspiracy theory-spreading apps. And a TikTok clone uses a pyramid scheme-powered invite system to rise up the charts.

COVID-19 contact-tracing apps in the news

Latvia: Reuters this week reported that Latvia aims to become one of the first countries to launch a smartphone app, Stop Covid, using the new toolkit created by Apple and Alphabet’s Google to help trace coronavirus infections.
Australia: The role of the country’s Covidsafe app in the recovery appears to be marginal, The Guardian reports. In the month since its launch, only one person has been reported to have been identified using data from it. A survey even found that Australians were more supportive of using telecommunications metadata to track close contacts (79%) than they were of downloading an app (69.8%). In a second survey, their support for the app dropped to 64%. The app has been maligned by the public debate over it and technical issues.
France: The country’s data protection watchdog, CNIL, reviewed its contact-tracing app StopCovid, finding there were no major issues with the technical implementation and legal framework around StopCovid, with some caveats. France isn’t using Google and Apple’s contact-tracing API, but instead uses a controversial centralized contact-tracing protocol called ROBERT. This relies on a central server to assign a permanent ID and generate ephemeral IDs attached to this permanent ID. CNIL says the app will eventually be open-sourced and it will create a bug bounty. On Wednesday, the app passed its first vote in favor of its release.
Qatar: Serious security vulnerabilities in Qatar’s mandatory contact-tracing app were uncovered by Amnesty International. An investigation by Amnesty’s Security Lab discovered a critical weakness in the configuration of Qatar’s EHTERAZ contact-tracing app. Now fixed, the vulnerability would have allowed cyberattackers to access highly sensitive personal information, including the name, national ID, health status and location data of more than one million users.
India: India’s contact-tracing app, Aarogya Setu, is going open-source, according to Ministry of Electronics and Information Technology Secretary Ajay Prakash Sawhney on Tuesday. The code is being published on GitHub. Nearly 98% of the app’s more than 114 million users are on Android. The government will also offer a cash bounty of $1,325 to security experts who find bugs or vulnerabilities.
Switzerland: Several thousand people are now testing a pilot version of Switzerland’s contact-tracing app, SwissCovid. Like Lativia, the app is one of the first to use Apple and Google’s contact-tracing API. Employees at EPFL, ETH Zurich, the Army and select hospitals and government agencies will be the first to test the Swiss app before its public launch planned for mid-June.
China: China’s health-tracking QR codes, embedded in popular WeChat and Alipay smartphone apps, are raising privacy concerns, Reuters reports. To walk around freely, people must have a green rating. They also now have to present their health QR codes to gain entry into restaurants, parks and other venues. These efforts have been met with little resistance. But the eastern city of Hangzhou has since proposed that users are given a color-coded health badge based on their medical records and lifestyle habits, including how much they exercised, their eating and drinking habits, whether they smoked and how much they slept the night before. This suggestion set off a storm of criticism on China’s Weibo, a Twitter-like platform.

from Android – TechCrunch https://ift.tt/2U9yNht
via IFTTT

This Week in Apps: Facebook launches trio of app experiments, TikTok gets spammed, plus coronavirus impacts on app economy

Welcome back to This Week in Apps, the Extra Crunch series that recaps the latest OS news, the applications they support and the money that flows through it all.

In this Extra Crunch series, we help you keep up with the latest news from the world of apps, delivered on a weekly basis.

COVID-19 contact-tracing apps in the news

Latvia: Reuters this week reported that Latvia aims to become one of the first countries to launch a smartphone app, Stop Covid, using the new toolkit created by Apple and Alphabet’s Google to help trace coronavirus infections.
Australia: The role of the country’s Covidsafe app in the recovery appears to be marginal, The Guardian reports. In the month since its launch, only one person has been reported to have been identified using data from it. A survey even found that Australians were more supportive of using telecommunications metadata to track close contacts (79%) than they were of downloading an app (69.8%). In a second survey, their support for the app dropped to 64%. The app has been maligned by the public debate over it and technical issues.
France: The country’s data protection watchdog, CNIL, reviewed its contact-tracing app StopCovid, finding there were no major issues with the technical implementation and legal framework around StopCovid, with some caveats. France isn’t using Google and Apple’s contact-tracing API, but instead uses a controversial centralized contact-tracing protocol called ROBERT. This relies on a central server to assign a permanent ID and generate ephemeral IDs attached to this permanent ID. CNIL says the app will eventually be open-sourced and it will create a bug bounty. On Wednesday, the app passed its first vote in favor of its release.
Qatar: Serious security vulnerabilities in Qatar’s mandatory contact-tracing app were uncovered by Amnesty International. An investigation by Amnesty’s Security Lab discovered a critical weakness in the configuration of Qatar’s EHTERAZ contact-tracing app. Now fixed, the vulnerability would have allowed cyberattackers to access highly sensitive personal information, including the name, national ID, health status and location data of more than one million users.
India: India’s contact-tracing app, Aarogya Setu, is going open-source, according to Ministry of Electronics and Information Technology Secretary Ajay Prakash Sawhney on Tuesday. The code is being published on GitHub. Nearly 98% of the app’s more than 114 million users are on Android. The government will also offer a cash bounty of $1,325 to security experts who find bugs or vulnerabilities.
Switzerland: Several thousand people are now testing a pilot version of Switzerland’s contact-tracing app, SwissCovid. Like Lativia, the app is one of the first to use Apple and Google’s contact-tracing API. Employees at EPFL, ETH Zurich, the Army and select hospitals and government agencies will be the first to test the Swiss app before its public launch planned for mid-June.
China: China’s health-tracking QR codes, embedded in popular WeChat and Alipay smartphone apps, are raising privacy concerns, Reuters reports. To walk around freely, people must have a green rating. They also now have to present their health QR codes to gain entry into restaurants, parks and other venues. These efforts have been met with little resistance. But the eastern city of Hangzhou has since proposed that users are given a color-coded health badge based on their medical records and lifestyle habits, including how much they exercised, their eating and drinking habits, whether they smoked and how much they slept the night before. This suggestion set off a storm of criticism on China’s Weibo, a Twitter-like platform.

from Apple – TechCrunch https://ift.tt/2U9yNht

Thursday, 28 May 2020

Google makes sharing Plus Codes easier in a push to simply addressing system globally

Two years ago, Google open-sourced Plus Codes, a digital addressing system to help billions of people navigate to places that don’t have clear addresses. The company said today it is making it easier for anyone with an Android device to share its rendition of an address — a six-digit alphanumeric code.

Google Maps users on Android can now tap the blue dot that represents their current location to view and share their unique six-digit coordinate with friends. Anyone with the code can look it up on Google Maps or Google Search to get the precise location of the destination.

The codes look like this: G6G4+CJ Delhi, India. Google says it divides the geographical surface of the world into tiled areas and attributes a unique six-letter code and the name of the city and country to each of them.

More than 2 billion people on the planet either don’t have an address or have an address that isn’t easy to locate. This challenge is more prevalent in developed markets such as India where a street address could often be as long as a paragraph, and where people often rely on nearby landmarks to navigate their way.

Google is not the only firm that is attempting to simply the addressing system. London-based what3words has broken the world in 57 trillion squares and assigned each of those blocks with three randomly combined words such as toddler.geologist.animated that are easier to decipher and share. The company told TechCrunch earlier that it had partnered with a number of firms including several carmakers to expand its reach.

But what3words and five-year-old project Plus Codes have both struggled to gain wider traction. When Google announced this project in India, its executives told this correspondent that they were exploring ways to work with logistics firms and government agencies such as the postal department to get wider adoption — though none of it has materialized yet. At the time, the company had also tested Plus Codes at some concerts in India, the executives said.

To get wider adoption, Google open sourced Plus Codes in 2018 so that developers and businesses could find their own use cases. “If you’ve ever been in an emergency, you know that being able to share your location for help to easily find you is critical. Yet in many places in the world, organizations struggle with this challenge on a daily basis,” the company said today.

from Android – TechCrunch https://ift.tt/3dbXYXP
via IFTTT

Wednesday, 27 May 2020

Appeals court rules in favor of Google, Apple, Facebook and Twitter in anti-conservative bias suit

The same day Donald Trump took to Twitter to threaten to regulate or shut down social media sites, the U.S. appeals court in Washington D.C. dismissed a lawsuit accusing top tech companies of silencing conservative voices. Filed in 2018 by nonprofit Freedom Watch and rightwing gadfly Laura Loomer, the suit accused Apple, Facebook, Twitter and Google of stifling first amendment rights.

The suit alleged that four of tech’s biggest names “have engaged in a conspiracy to intentionally and willfully suppress politically conservative content.” It specifically cited Loomer’s ban from Twitter and Facebook, following a tweet about Congresswoman Ilhan Omar. Also noted is her inability to grow an audience base and revenue on Google’s YouTube, suggesting that after Trump’s election “growth on these platforms has come to a complete halt, and its audience base and revenue generated has either plateaued or diminished.” Apple’s alleged role is less clear.

After Twitter fact-check, Trump threatens to regulate or close down social media platforms

In the ruling, District Judge Trevor McFadden notes that Freedom Watch and Loomer failed to back up a claim that the companies were “state actors,” involved with the regulation of free speech.

“The Plaintiffs do not show how the Platforms’ alleged conduct may fairly be treated as actions taken by the government itself,” the judge writes. “Facebook and Twitter, for example, are private businesses that do not become ‘state actors’ based solely on the provision of their social media networks to the public.”

In other words, the companies cannot violate the first amendment, because banning users doesn’t constitute government abridgment of free speech. Per the decision, “Freedom Watch fails to point to additional facts indicating that these Platforms are engaged in state action and thus fails to state a viable First Amendment claim.”

from Apple – TechCrunch https://ift.tt/2B9V1Jt

Bang & Olufsen’s latest Beoplay E8 fully wireless earbuds offer top sound and comfort

Bang & Olufsen has an excellent reputation in home audio, and its original Beoplay E8 fully wireless headphones were a category leader when there was barely a category to lead. The company recently launched the third version of the E8, a new generation of hardware that comes with a number of improvements for better audio quality and convenience, including wireless charging, up to seven hours of continuous use on a single charge, and the latest Bluetooth standards for improved audio quality, operating distance and latency.

B&O’s latest wireless headset is a must-have for sound quality enthusiasts as a result, providing all-day comfort and wearability, excellent passive sound isolation and rich, sophisticated audio performance that does a good job of rendering the low end but without sacrificing any detail at higher frequencies, either.

Design

The design of the actual Beoplay E8 buds hasn’t changed much since the original version – but in this case, that’s a very good thing, because the original design has remained one of my all-time favorites for fully wireless in-ear buds. You get a small, sleek bud with a rounded face and touch-sensitive surfaces for manual control.

B&O have made some updates to the design, including getting rid of a irregular nub that stuck out somewhat from the otherwise circular sides of the original, and on the black version I tested, what was once an inner silver-colored metallic accent band on the face now has a shiny black finish. The overall effect is to make them even more understated and attractive.

While the originals also offered great fit, in my use it seems like B&O have improved the physical design on that scale, too. Whereas before I would occasionally have to reseat one or the other of the buds to get a proper noise isolating seal, the E8 3rd generation seems to just fit properly one they’re in, no matter how long you wear them.

The last thing to mention regarding design is the case. It’s somehow both smaller and more pocketable than the case for the original, but also includes wireless charging so that you can set it down on any Qi-based wireless charging pad (the same kind that works with modern iPhones and Android devices) and have it charge both the case, which contains additional battery capacity for the buds (bringing total play time to up to 35 hours, per B&O), and the buds themselves. The case is wrapped in a pebbled leather finish that feels fantastic, and a magnetic clasp ensures it stays closed while in transit. Magnets also help you make sure your buds are properly seated in the case to charge.

Performance

The first point to make about the 3rd generation Beoplay E8 is that they sound fantastic. By just about every measure, they are the best-sounding wireless earbuds I’ve used, including the AirPods Pro and Sony’s WF-1000MX3, both popular options. The E8 manage sound separation and clarity that is sure to please even hardcore audiophiles, and they sound great regardless of what kind of music you’re listening to, but they excel with high-quality, lossless recording formats.

In terms of sound isolation, the Beoplay E8 are also outstanding performers. They don’t have active noise cancellation, but their passive blocking is extremely good at keeping out ambient noise. So much so that it’s good B&O included a transparency feature (accessible by tapping the left earbud) to pipe in ambient sound, which is great for when you want to be more aware of your surroundings. Sound isolation and comfort both get even better when you make use of the included Comply memory foam eartips that ship with the Beoplay E8, which is an excellent bonus since generally speaking, Comply tips require an additional purchase for just about every other set of earbuds.

The E8 is also a great headset for making calls, thanks to onboard mics that provide clear vocals mostly free of background noise. And because they feature both aptX and use Bluetooth 5.1, they’re also excellent for watching video and taking video calls on both mobile devices and computers, without any real noticeable lag.

Bottom line

Bang & Olufsen make premium products, and they come with premium price tags – at $350, the Beoplay E8 3rd Generation is no exception. But for that money, you’re getting premium build quality, great aesthetics and class-leading sound. For those who want the best audio possible in fully wireless buds, these are the ones to get. They’re fantastic for all-day wear for a work-at-home lifestyle, and offer great portability and sound transparency for taking with you on the go, too.

from iPhone – TechCrunch https://ift.tt/2ZFz2Eo

Bang & Olufsen’s latest Beoplay E8 fully wireless earbuds offer top sound and comfort

Design

Performance

Bottom line

from Android – TechCrunch https://ift.tt/2ZFz2Eo
via IFTTT

Quibi inches toward usability by adding AirPlay streaming support

When it launched in April, Quibi carried the express mission statement of offering short-form videos designed to watch on-the-fly. The service’s narrow focus rubbed a lot of potential subscribers the wrong way, with many requesting a more traditional method for watching the service’s series.

Quibi founder Jeffrey Katzenberg blames coronavirus for the streaming app’s challenges

Ultimately, Quibi’s launch was a disappointing one, with founder Jeffrey Katzenberg blaming the COVID-19 pandemic for the service’s rocky start. It was a strange assertion, given how other streaming services have thrived amid lockdowns. In the same interview, the exec also alluded to the addition of support for streaming to TV.

The move followed an earlier suggestion that the feature was already on the roadmap, though the pandemic and Quibi’s disappointing performance may have accelerated the launch of the feature, which honestly ought to have been present since day one. Quibi has just delivered on that promise by adding support for Apple’s AirPlay. That means iOS users can now stream Quibi’s frustratingly short content directly to their AirPlay-enabled sets.

Sure we designed Quibi for on-the-go, but these days visiting the family room is like a day trip… so AirPlay support is live for iOS in Quibi 1.3. Working hard on Chromecast too which will be available in June.

— Tom Conrad (@tconrad) May 26, 2020

Chief Product Officer Tom Conrad noted the change on Twitter, “Sure we designed Quibi for on-the-go, but these days visiting the family room is like a day trip… so AirPlay support is live for iOS in Quibi 1.3.” What’s more, support for Chromecast streaming will arrive next month, according to the executive.

Interesting that the news comes the day HBO is launching its eagerly anticipated Max service, the latest powerhouse in an already crowded streaming market. But it’s certainly nice to see the company continuing to evolve after what’s been mostly regarded as a disappointing launch. Now might we recommend doing something about show length?

from Apple – TechCrunch https://ift.tt/3eq67IG

Apple begins offering Macs with custom configurations in India

Apple is finally giving customers in India the ability to order customized versions of iMac, MacBook Air, Mac Mini and other Mac computers.

The Cupertino-giant has started to offer a full-range of the Mac portfolio with configure-to-order (CTO) or build-to-order (BTO) option in India, allowing customers in the country to request specific custom needs such as additional memory or storage when they purchase a computer.

Customers in India, a key overseas market for American technology giants, have long requested this feature, which Apple offers in several regions. Prior to this, Apple only offered select variants of its Mac computers in India and gave no option to customers to ask for specific upgrades.

Those interested can get in touch with their local Apple Authorized Reseller to discuss the various upgrade options, pricing information, and place the order. The options are also listed on Apple India website.

Apple is currently committing to deliver customized computers in four to five weeks from the time of order.

“This is a very huge deal,” said Preshit Deorukhkar, a Mumbai-based executive who closely tracks Apple development. “Previously, there was no real way to get a built-to-order or configure-to-order Mac in India. So you were stuck with the base models — say a Mac Mini or 13″ MacBook Pro with 8GB of RAM. Now that the company is officially offering this, you get the computer you want and the standard warranty on it.”

“The component upgrade pricing is still whack, though, like charging $400 to go from 16GB to 32GB for the RAM, but at least the option is available now,” he added.

The new move comes as Apple prepares to launch its online store in India this year and open its first brick-and-mortar retail store next year, as chief executive Tim Cook revealed earlier this year.

The company is still on track to launch its online store in India this year despite the coronavirus outbreak, a person familiar with the matter told TechCrunch.

from Apple – TechCrunch https://ift.tt/36wJ6RA

Tuesday, 26 May 2020

AI can battle coronavirus, but privacy shouldn’t be a casualty

Philip N. Howard Contributor

Philip N. Howard is the director of the Oxford Internet Institute and author of the forthcoming "Lie Machines: How to Save Democracy from Troll Armies, Deceitful Robots, Junk News Operations, and Political Operatives."

Lisa-Maria Neudert Contributor

Lisa-Maria Neudert is a researcher with the Computational Propaganda Project at Oxford University's Oxford Internet Institute.

South Korea has successfully slowed down the spread of coronavirus. Alongside widespread quarantine measures and testing, the country’s innovative use of technology is credited as a critical factor in combating the spread of the disease. As Europe and the United States struggle to cope, many governments are turning to AI tools to both advance the medical research and manage public health, now and in the long term: technical solutions for contact tracing, symptom tracking, immunity certificates and other applications are underway. These technologies are certainly promising, but they must be implemented in ways that do not undermine human rights.

Seoul has collected extensively and intrusively the personal data of its citizens, analyzing millions of data points from credit card transactions, CCTV footage and cellphone geolocation data. South Korea’s Ministry of the Interior and Safety even developed a smartphone app that shares with officials GPS data of self-quarantined individuals. If those in quarantine cross the “electronic fence” of their assigned area, the app alerts officials. The implications for privacy and security of such widespread surveillance are deeply concerning.

South Korea is not alone in leveraging personal data in containment efforts. China, Iran, Israel, Italy, Poland, Singapore, Taiwan and others have used location data from cellphones for various applications tasked with combating coronavirus. Supercharged with artificial intelligence and machine learning, this data cannot only be used for social control and monitoring, but also to predict travel patterns, pinpoint future outbreak hot spots, model chains of infection or project immunity.

Implications for human rights and data privacy reach far beyond the containment of COVID-19. Introduced as short-term fixes to the immediate threat of coronavirus, widespread data-sharing, monitoring and surveillance could become fixtures of modern public life. Under the guise of shielding citizens from future public health emergencies, temporary applications may become normalized. At the very least, government decisions to hastily introduce immature technologies — and in some cases to oblige citizens by law to use them — set a dangerous precedent.

Nevertheless, such data and AI-driven applications could be useful advances in the fight against coronavirus, and personal data — anonymized and unidentifiable — offers valuable insights for governments navigating this unprecedented public health emergency. The White House is reportedly in active talks with a wide array of tech companies about how they can use anonymized aggregate-level location data from cellphones. The U.K. government is in discussion with cellphone operators about using location and usage data. And even Germany, which usually champions data rights, introduced a controversial app that uses data donations from fitness trackers and smartwatches to determine the geographical spread of the virus.

Big tech too is rushing to the rescue. Google makes available “Community Mobility Reports” for more than 140 countries, which offer insights into mobility trends in places such as retail and recreation, workplaces and residential areas. Apple and Google collaborate on a contact-tracing app and have just launched a developer toolkit including an API. Facebook is rolling out “local alerts” features that allow municipal governments, emergency response organizations and law enforcement agencies to communicate with citizens based on their location.

It is evident that data revealing the health and geolocation of citizens is as personal as it gets. The potential benefits weigh heavy, but so do concerns about the abuse and misuse of these applications. There are safeguards for data protection — perhaps, the most advanced one being the European GDPR — but during times of national emergency, governments hold rights to grant exceptions. And the frameworks for the lawful and ethical use of AI in democracy are much less developed — if at all.

There are many applications that could help governments enforce social controls, predict outbreaks and trace infections — some of them more promising than others. Contact-tracing apps are at the center of government interest in Europe and the U.S. at the moment. Decentralized Privacy-Preserving Proximity Tracing, or “DP3T,” approaches that use Bluetooth may offer a secure and decentralized protocol for consenting users to share data with public health authorities. Already, the European Commission released a guidance for contact-tracing applications that favors such decentralized approaches. Whether centralized or not, evidently, EU member states will need to comply with the GDPR when implementing such tools.

Austria, Italy and Switzerland have announced they plan to use the decentralized frameworks developed by Apple and Google. Germany, after ongoing public debate, and stern warnings from privacy experts, recently ditched plans for a centralized app opting for a decentralized solution instead. But France and Norway are using centralized systems where sensitive personal data is stored on a central server.

The U.K. government, too, has been experimenting with an app that uses a centralized approach and that is currently being tested in the Isle of Wight: The NHSX of the National Health Service will allow health officials to reach out directly and personally to potentially infected people. To this point, it remains unclear how the data collected will be used and if it will be combined with other sources of data. Under current provisions, the U.K. is still bound to comply with the GDPR until the end of the Brexit transition period in December 2020.

Aside from government-led efforts, worryingly, a plethora of apps and websites for contact tracing and other forms of outbreak control are mushrooming, asking citizens to volunteer their personal data yet offering little — if any — privacy and security features, let alone functionality. Certainly well-intentioned, these tools often come from hobby developers and often originate from amateur hackathons.

Sorting the wheat from the chaff is not an easy task, and our governments are most likely not equipped to accomplish it. At this point, artificial intelligence, and especially its use in governance, is still new to public agencies. Put on the spot, regulators struggle to evaluate the legitimacy and wider-reaching implications of different AI systems for democratic values. In the absence of sufficient procurement guidelines and legal frameworks, governments are ill-prepared to make these decisions now, when they are most needed.

And worse yet, once AI-driven applications are let out of the box, it will be difficult to roll them back, not unlike increased safety measures at airports after 9/11. Governments may argue that they require data access to avoid a second wave of coronavirus or another looming pandemic.

Regulators are unlikely to generate special new terms for AI during the coronavirus crisis, so at the very least we need to proceed with a pact: all AI applications developed to tackle the public health crisis must end up as public applications, with the data, algorithms, inputs and outputs held for the public good by public health researchers and public science agencies. Invoking the coronavirus pandemic as a sop for breaking privacy norms and reason to fleece the public of valuable data can’t be allowed.

We all want sophisticated AI to assist in delivering a medical cure and managing the public health emergency. Arguably, the short-term risks to personal privacy and human rights of AI wane in light of the loss of human lives. But when coronavirus is under control, we’ll want our personal privacy back and our rights reinstated. If governments and firms in democracies are going to tackle this problem and keep institutions strong, we all need to see how the apps work, the public health data needs to end up with medical researchers and we must be able to audit and disable tracking systems. AI must, over the long term, support good governance.

The coronavirus pandemic is a public health emergency of most pressing concern that will deeply impact governance for decades to come. And it also sheds a powerful spotlight on gaping shortcomings in our current systems. AI is arriving now with some powerful applications in stock, but our governments are ill-prepared to ensure its democratic use. Faced with the exceptional impacts of a global pandemic, quick and dirty policymaking is insufficient to ensure good governance, but may be the best solution we have.

from Apple – TechCrunch https://ift.tt/2M0GmT1

Apple fixes bug that stopped iOS apps from opening

Apple has now resolved the bug that was plaguing iPhone and iPad apps over the weekend, causing some apps to not launch at all. The issue was related to a bug with Apple’s Family Sharing system, it appears, as users reported error messages which said “This app is no longer shared with you,” and directed them to buy the app from the App Store in order to still use it.

Following this issue, users on Sunday said they were seeing dozens of pending app updates for their iOS devices, some of which even went back to the app’s last update from well over a week ago. Users reported in forums seeing as many as 10, 20, 50 or even 100-plus new updates to install. This indicated a fix was in the works, as these were not brand-new updates — the apps were already up to date. Instead, these reissued updates seem to have been part of the fix for the Family Sharing problem, as afterward the bug was resolved.

Apple confirmed the issue has been now resolved for all affected customers.

Apple-focused news sites including MacRumors, 9to5Mac, Appleinsider, and others previously reported on the news of bug and the following deluge of app updates. 9to5Mac also offered a plausible explanation for what happened, saying it was likely due to a signing issue of some kind. Apps were essentially behaving as if they were paid downloads and the right to use the app had been removed from the iCloud family circle, the site explained.

Some users discovered they could delete the troubled app then re-download it to resolve the problem. That’s what the forced app updates did, too — they overwrote the parts of the apps causing the issue. Had Apple not reissued the app updates, many iOS users would have likely assumed it was the app developer’s fault. And they may have then left unfair complaints and 1-star reviews on the app’s App Store page as a result.

Apple has not shared any additional details about why the problem occurred in the first place, but if you happened to notice a significant increase in app updates on Sunday, that’s why.

from Apple – TechCrunch https://ift.tt/2zohK45

India’s contact tracing app is going open source

India said it will publicly release the source code of its contact tracing app, Aarogya Setu, in a relief to privacy and security experts who have been advocating for this ever since the app launched in early April.

Ajay Prakash Sawhney, secretary in the ministry of electronics and information technology, made the announcement on Tuesday, slating it as “opening the heart” of Aarogya Setu’s Android app, which has amassed over 115 million users in fewer than 60 days, to allow engineers to inspect and tinker with the code. The source code will be published on GitHub at midnight Tuesday (local time).

Sawhney said the government will also offer cash prize of up to $1,325 for identifying and reporting bugs and vulnerabilities in the code of Aarogya Setu.

More to follow…

from Android – TechCrunch https://ift.tt/2XyIKpd
via IFTTT

A new Android bug, Strandhogg 2.0, lets malware pose as real apps and steal user data

Security researchers have found a major vulnerability in almost every version of Android, which lets malware imitate legitimate apps to steal app passwords and other sensitive data.

The vulnerability, dubbed Strandhogg 2.0 (named after the Norse term for a hostile takeover) affects all devices running Android 9.0 and earlier. It’s the “evil twin” to an earlier bug of the same name, according to Norwegian security firm Promon, which discovered both vulnerabilities six months apart. Strandhogg 2.0 works by tricking a victim into thinking they’re entering their passwords on a legitimate app while instead interacting with a malicious overlay. Strandhogg 2.0 can also hijack other app permissions to siphon off sensitive user data, like contacts, photos, and track a victim’s real-time location.

The bug is said to be more dangerous than its predecessor because it’s “nearly undetectable,” Tom Lysemose Hansen, founder and chief technology officer at Promon, told TechCrunch.

The good news is that Promon said it has no evidence that hackers have used the bug in active hacking campaigns. The caveat is that there are “no good ways” to detect an attack. Fearing the bug could still be abused by hackers, Promon delayed releasing details of the bug until Google could fix the “critical”-rated vulnerability.

A spokesperson for Google told TechCrunch that the company also saw no evidence of active exploitation. “We appreciate the work of the researchers, and have released a fix for the issue they identified.” The spokesperson said Google Play Protect, an app screening service built-in to Android devices, blocks apps that exploit the Strandhogg 2.0 vulnerability.

Standhogg 2.0 works by abusing Android’s multitasking system, which keeps tabs on every recently opened app so that the user can quickly switch back and forth. A victim would have to download a malicious app — disguised as a normal app — that can exploit the Strandhogg 2.0 vulnerability. Once installed and when a victim opens a legitimate app, the malicious app quickly hijacks the app and injects malicious content in its place, such as a fake login window.

When a victim enters their password on the fake overlay, their passwords are siphoned off to the hacker’s servers. The real app then appears as though the login was real.

Strandhogg 2.0 doesn’t need any Android permissions to run, but it can also hijack the permissions of other apps that have access to a victim’s contacts, photos, and messages by triggering a permissions request.

“If the permission is granted, then the malware now has this dangerous permission,” said Hansen.

Once that permission is granted, the malicious app can upload data from a user’s phone. The malware can upload entire text message conversations, said Hansen, allowing the hackers to defeat two-factor authentication protections.

The risk to users is likely low, but not zero. Promon said updating Android devices with the latest security updates — out now — will fix the vulnerability. Users are advised to update their Android devices as soon as possible.

Millions downloaded dozens of Android apps from Google Play that were infected with adware

from Android – TechCrunch https://ift.tt/2X3jWa8
via IFTTT

Saturday, 23 May 2020

Hackers release a new jailbreak that unlocks every iPhone

A renowned iPhone hacking team has released a new “jailbreak” tool that unlocks every iPhone, even the most recent models running the latest iOS 13.5.

For as long as Apple has kept up its “walled garden” approach to iPhones by only allowing apps and customizations that it approves, hackers have tried to break free from what they call the “jail,” hence the name “jailbreak.” Hackers do this by finding a previously undisclosed vulnerability in iOS that break through some of the many restrictions that Apple puts in place to prevent access to the underlying software. Apple says it does this for security. But jailbreakers say breaking through those restrictions allows them to customize their iPhones more than they would otherwise, in a way that most Android users are already accustomed to.

The jailbreak, released by the unc0ver team, supports all iPhones that run iOS 11 and above, including up to iOS 13.5, which Apple released this week.

Details of the vulnerability that the hackers used to build the jailbreak aren’t known, but it’s not expected to last forever. Just as jailbreakers work to find a way in, Apple works fast to patch the flaws and close the jailbreak.

Security experts typically advise iPhone users against jailbreaking, because breaking out of the “walled garden” vastly increases the surface area for new vulnerabilities to exist and to be found.

The jailbreak comes at a time where the shine is wearing off of Apple’s typically strong security image. Last week, Zerodium, a broker for exploits, said it would no longer buy certain iPhone vulnerabilities because there were too many of them. Motherboard reported this week that hackers got their hands on a pre-release version of the upcoming iOS 14 release several months ago.

A powerful spyware app now targets iPhone owners

from iPhone – TechCrunch https://ift.tt/3bVIBkT

Hackers release a new jailbreak that unlocks every iPhone

A renowned iPhone hacking team has released a new “jailbreak” tool that unlocks every iPhone, even the most recent models running the latest iOS 13.5.

The jailbreak, released by the unc0ver team, supports all iPhones that run iOS 11 and above, including up to iOS 13.5, which Apple released this week.

A powerful spyware app now targets iPhone owners

from Apple – TechCrunch https://ift.tt/3bVIBkT

This Week in Apps: Facebook takes on Shopify, Tinder considers its future, contact-tracing tech goes live

Welcome back to This Week in Apps, the Extra Crunch series that recaps the latest OS news, the applications they support and the money that flows through it all.

In this Extra Crunch series, we help you keep up with the latest news from the world of apps, delivered on a weekly basis.

This week we’re continuing to look at how the coronavirus outbreak is impacting the world of mobile applications. Notably, we saw the launch of the Apple/Google exposure-notification API with the latest version of iOS out this week. The pandemic is also inspiring other new apps and features, including upcoming additions to Apple’s Schoolwork, which focus on distance learning, as well as Facebook’s new Shops feature designed to help small business shift their operations online in the wake of physical retail closures.

Tinder, meanwhile, seems to be toying with the idea of pivoting to a global friend finder and online hangout in the wake of social distancing, with its test of a feature that allows users to match with others worldwide — meaning, with no intention of in-person dating.

Headlines

COVID-19 apps in the news

Fitbit app: The fitness tracker app launched a COVID-19 early detection study aimed at determining whether wearables can help detect COVID-19 or the flu. The study will ask volunteers questions about their health, including whether they had COVID-19, then pair that with activity data to see if there are any clues that could be used to build an early warning algorithm of sorts.
U.K. contact-tracing app: The app won’t be ready in mid-May as promised, as the government mulls the use of the Apple/Google API. In testing, the existing app drains the phone battery too quickly. In addition, researchers have recently identified seven security flaws in the app, which is currently being trialed on the Isle of Wight.

Apple launches iOS/iPadOS 13.5 with Face ID tweak and contact-tracing API

Apple this week released the latest version of iOS/iPadOS with two new features related to the pandemic. The first is an update to Face ID which will now be able to tell when the user is wearing a mask. In those cases, Face ID will instead switch to the Passcode field so you can type in your code to unlock your phone, or authenticate with apps like the App Store, Apple Books, Apple Pay, iTunes and others.

Technology can help health officials rapidly tell someone they may have been exposed to COVID-19. Today the Exposure Notification API we created with @Google is available to help public health agencies make their COVID-19 apps effective while protecting user privacy.

— Tim Cook (@tim_cook) May 20, 2020

The other new feature is the launch of the exposure-notification API jointly developed by Apple and Google. The API allows for the development of apps from public health organizations and governments that can help determine if someone has been exposed by COVID-19. The apps that support the API have yet to launch, but some 22 countries have requested API access.

from Android – TechCrunch https://ift.tt/2ZvkdUU
via IFTTT

Friday, 22 May 2020

The FBI is mad because it keeps getting into locked iPhones without Apple’s help

Riana Pfefferkorn Contributor

Riana Pfefferkorn is the associate director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society.

The debate over encryption continues to drag on without end.

In recent months, the discourse has largely swung away from encrypted smartphones to focus instead on end-to-end encrypted messaging. But a recent press conference by the heads of the Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) showed that the debate over device encryption isn’t dead, it was merely resting. And it just won’t go away.

At the presser, Attorney General William Barr and FBI Director Chris Wray announced that after months of work, FBI technicians had succeeded in unlocking the two iPhones used by the Saudi military officer who carried out a terrorist shooting at the Pensacola Naval Air Station in Florida in December 2019. The shooter died in the attack, which was quickly claimed by Al Qaeda in the Arabian Peninsula.

Early this year — a solid month after the shooting — Barr had asked Apple to help unlock the phones (one of which was damaged by a bullet), which were older iPhone 5 and 7 models. Apple provided “gigabytes of information” to investigators, including “iCloud backups, account information and transactional data for multiple accounts,” but drew the line at assisting with the devices. The situation threatened to revive the 2016 “Apple versus FBI” showdown over another locked iPhone following the San Bernardino terror attack.

After the government went to federal court to try to dragoon Apple into doing investigators’ job for them, the dispute ended anticlimactically when the government got into the phone itself after purchasing an exploit from an outside vendor the government refused to identify. The Pensacola case culminated much the same way, except that the FBI apparently used an in-house solution instead of a third party’s exploit.

You’d think the FBI’s success at a tricky task (remember, one of the phones had been shot) would be good news for the Bureau. Yet an unmistakable note of bitterness tinged the laudatory remarks at the press conference for the technicians who made it happen. Despite the Bureau’s impressive achievement, and despite the gobs of data Apple had provided, Barr and Wray devoted much of their remarks to maligning Apple, with Wray going so far as to say the government “received effectively no help” from the company.

This diversion tactic worked: in news stories covering the press conference, headline after headline after headline highlighted the FBI’s slam against Apple instead of focusing on what the press conference was nominally about: the fact that federal law enforcement agencies can get into locked iPhones without Apple’s assistance.

That should be the headline news, because it’s important. That inconvenient truth undercuts the agencies’ longstanding claim that they’re helpless in the face of Apple’s encryption and thus the company should be legally forced to weaken its device encryption for law enforcement access. No wonder Wray and Barr are so mad that their employees keep being good at their jobs.

By reviving the old blame-Apple routine, the two officials managed to evade a number of questions that their press conference left unanswered. What exactly are the FBI’s capabilities when it comes to accessing locked, encrypted smartphones? Wray claimed the technique developed by FBI technicians is “of pretty limited application” beyond the Pensacola iPhones. How limited? What other phone-cracking techniques does the FBI have, and which handset models and which mobile OS versions do those techniques reliably work on? In what kinds of cases, for what kinds of crimes, are these tools being used?

We also don’t know what’s changed internally at the Bureau since that damning 2018 Inspector General postmortem on the San Bernardino affair. Whatever happened with the FBI’s plans, announced in the IG report, to lower the barrier within the agency to using national security tools and techniques in criminal cases? Did that change come to pass, and did it play a role in the Pensacola success? Is the FBI cracking into criminal suspects’ phones using classified techniques from the national security context that might not pass muster in a court proceeding (were their use to be acknowledged at all)?

Further, how do the FBI’s in-house capabilities complement the larger ecosystem of tools and techniques for law enforcement to access locked phones? Those include third-party vendors GrayShift and Cellebrite’s devices, which, in addition to the FBI, count numerous U.S. state and local police departments and federal immigration authorities among their clients. When plugged into a locked phone, these devices can bypass the phone’s encryption to yield up its contents, and (in the case of GrayShift) can plant spyware on an iPhone to log its passcode when police trick a phone’s owner into entering it. These devices work on very recent iPhone models: Cellebrite claims it can unlock any iPhone for law enforcement, and the FBI has unlocked an iPhone 11 Pro Max using GrayShift’s GrayKey device.

In addition to Cellebrite and GrayShift, which have a well-established U.S. customer base, the ecosystem of third-party phone-hacking companies includes entities that market remote-access phone-hacking software to governments around the world. Perhaps the most notorious example is the Israel-based NSO Group, whose Pegasus software has been used by foreign governments against dissidents, journalists, lawyers and human rights activists. The company’s U.S. arm has attempted to market Pegasus domestically to American police departments under another name. Which third-party vendors are supplying phone-hacking solutions to the FBI, and at what price?

Finally, who else besides the FBI will be the beneficiary of the technique that worked on the Pensacola phones? Does the FBI share the vendor tools it purchases, or its own home-rolled ones, with other agencies (federal, state, tribal or local)? Which tools, which agencies and for what kinds of cases? Even if it doesn’t share the techniques directly, will it use them to unlock phones for other agencies, as it did for a state prosecutor soon after purchasing the exploit for the San Bernardino iPhone?

We have little idea of the answers to any of these questions, because the FBI’s capabilities are a closely held secret. What advances and breakthroughs it has achieved, and which vendors it has paid, we (who provide the taxpayer dollars to fund this work) aren’t allowed to know. And the agency refuses to answer questions about encryption’s impact on its investigations even from members of Congress, who can be privy to confidential information denied to the general public.

The only public information coming out of the FBI’s phone-hacking black box is nothingburgers like the recent press conference. At an event all about the FBI’s phone-hacking capabilities, Director Wray and AG Barr cunningly managed to deflect the press’s attention onto Apple, dodging any difficult questions, such as what the FBI’s abilities mean for Americans’ privacy, civil liberties and data security, or even basic questions like how much the Pensacola phone-cracking operation cost.

As the recent PR spectacle demonstrated, a press conference isn’t oversight. And instead of exerting its oversight power, mandating more transparency, or requiring an accounting and cost/benefit analysis of the FBI’s phone-hacking expenditures — instead of demanding a straight and conclusive answer to the eternal question of whether, in light of the agency’s continually-evolving capabilities, there’s really any need to force smartphone makers to weaken their device encryption — Congress is instead coming up with dangerous legislation such as the EARN IT Act, which risks undermining encryption right when a population forced by COVID-19 to do everything online from home can least afford it.

The best–case scenario now is that the federal agency that proved its untrustworthiness by lying to the Foreign Intelligence Surveillance Court can crack into our smartphones, but maybe not all of them; that maybe it isn’t sharing its toys with state and local police departments (which are rife with domestic abusers who’d love to get access to their victims’ phones); that unlike third-party vendor devices, maybe the FBI’s tools won’t end up on eBay where criminals can buy them; and that hopefully it hasn’t paid taxpayer money to the spyware company whose best-known government customer murdered and dismembered a journalist.

The worst-case scenario would be that, between in-house and third-party tools, pretty much any law enforcement agency can now reliably crack into everybody’s phones, and yet nevertheless this turns out to be the year they finally get their legislative victory over encryption anyway. I can’t wait to see what else 2020 has in store.

from iPhone – TechCrunch https://ift.tt/2ZstkFH

The FBI is mad because it keeps getting into locked iPhones without Apple’s help

Riana Pfefferkorn Contributor

Riana Pfefferkorn is the associate director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society.

The debate over encryption continues to drag on without end.

from Apple – TechCrunch https://ift.tt/2ZstkFH