Apple Card will make credit card fraud a lot more difficult

Apple’s new credit card has a curious security feature that will make it much more difficult to carry out credit card fraud.

The aptly named Apple Card is a new credit card, built into your iPhone Wallet app, which the company says will help customers live a “healthier” financial lifestyle. The card is designed to replace your traditional credit card and give you perks, such as daily cash. Chief among the benefits is a range of security and privacy features, which Apple says — unlike traditional credit card providers — the company doesn’t know where a customer shopped, what they bought or how much they paid.

But its one feature — a one-time unique dynamic security code — will make it nearly impossible for anyone to use the credit card to make fraudulent purchases.

That three-digit card verification value — or a CVV — on the back of your credit card is usually your last line of defense if someone steals your credit card number, such as if your card is cloned or skimmed by a dodgy ATM or stolen from a website through a phishing attack.

But rotating the security code will increase the difficulty for an attacker to use your card without your permission.

The idea of a dynamic credit card number first came about a few years ago with the Motion Code credit card concept, built by Oberthur Technologies, which included a randomly generating number built into a tiny display on the back of the card. The only downside is if someone steals your physical card.

Since then, other credit card makers — including Mastercard, the issuing bank for Apple Card — have worked to integrate biometric solutions instead. By enabling a fingerprint sensor on the card, powered by the card machine it was entered into, it was hoped that fraudulent purchases would be impossible. Other credit cards have worked to roll out biometric-powered credit cards. Again — a big letdown was online fraud, which still accounts for a huge proportion of fraud.

Apple Card seems to meld the two things: a virtual credit card with a rotating security code, protected by a biometric, like Touch ID or Face ID in newer devices. Better yet, the company’s debut physical titanium credit card won’t even have a credit card number.

Now if someone wants to commit fraud, they need to steal your phone and your face or fingerprint.

Like other sensitive data — such as health, financial and biometric data — any banking and credit card data is stored on the device’s security chip, known as the secure enclave.

Apple Card will be available in the U.S. later this summer.

Apple introduces its own credit card, the Apple Card

from Apple – TechCrunch https://ift.tt/2UVHZ7a

Apple Card will make credit card fraud a lot more difficult

Apple’s new credit card has a curious security feature that will make it much more difficult to carry out credit card fraud.

The aptly named Apple Card is a new credit card, built into your iPhone Wallet app, which the company says will help customers live a “healthier” financial lifestyle. The card is designed to replace your traditional credit card and give you perks, such as daily cash. Chief among the benefits is a range of security and privacy features, which Apple says — unlike traditional credit card providers — the company doesn’t know where a customer shopped, what they bought, or how much they paid.

But its one feature — a one-time unique dynamic security code — will make it nearly impossible for anyone to use the credit card to make fraudulent purchases.

That three-digit card verification value — or a CVV — on the back of your credit card is usually your last line of defense if someone steals your credit card number, such as if your card is cloned or skimmed by a dodgy ATM or stolen from a website through a phishing attack.

But rotating the security code will increase the difficulty for an attacker to use your card without your permission.

The idea of a dynamic credit card number first came about a few years ago with the Motion Code credit card concept, built by Oberthur Technologies, which included a randomly generating number built into a tiny display on the back of the card. The only downside is if someone steals your physical card.

Since then, other credit card makers — including Mastercard, the issuing bank for Apple Card — have worked to integrate biometric solutions instead. By enabling a fingerprint sensor on the card, powered by the card machine it was entered into, it was hoped that fraudulent purchases would be impossible. Other credit cards have worked to roll out biometric-powered credit cards. Again — a big let down was online fraud, which still accounts for a huge proportion of fraud.

Apple Card seems to meld the two things: a virtual credit card with a rotating security code, protected by a biometric, like Touch ID or Face ID in newer devices. Better yet, the company’s debut physical titanium credit card won’t even have a credit card number.

Now if someone wants to commit fraud, they need to steal your phone and your face or fingerprint.

Like other sensitive data — such as health, financial and biometric data — any banking and credit card data is stored on the device’s security chip, known as the secure enclave.

Apple Card will be available in the U.S. later this summer.

Apple introduces its own credit card, the Apple Card

from iPhone – TechCrunch https://ift.tt/2UVHZ7a

Apple unveils its $9.99 per month news subscription service, Apple News+

Apple today unveiled a revamped Apple News app, which now includes a premium tier called Apple News+,  offering access to more than 300 magazines and newspapers for $9.99 per month. At launch, the subscription includes magazine titles like Bon Appétit, People, Vogue, National Geographic Magazine, ELLE, Glamour and others, along with top publishers like The Wall Street Journal and Los Angeles Times, and more.

Apple News+ subscribers will be able to access both the current and past issues from the following magazines: The Atlantic, Better Homes & Gardens, Bon Appétit, Condé Nast Traveler, ELLE, Entertainment Weekly, ESPN The Magazine, Esquire, Food & Wine, Good Housekeeping, GQ, Health, InStyle, Martha Stewart Living, National Geographic, New York Magazine, The New Yorker, O, The Oprah Magazine, Parents, People, Real Simple, Rolling Stone, Runner’s World, Sports Illustrated, TIME, Travel + Leisure, Vanity Fair, Vogue, WIRED and Woman’s Day.

TechCrunch’s premium product, Extra Crunch, is among the new participants, on the news side. Other news publishers highlighted onstage include theSkimm, Grub Street, The Highlight by Vox, The Cut, Vulture and Toronto Star.

Combined, the subscriptions provided through Apple News+ would cost more than $8,000 per year, Apple noted.

“When we created Apple news over three years ago, we wanted to provide the best way to read the news on your iPhone and iPad,” said Apple CEO Tim Cook, in introducing the company’s plans for Apple News+. “And we felt we can make a difference in the way that news is experienced and understood — a place where the news would come from trusted sources and be curated by experts,” he added.

Cook also touted how this led Apple News to become the No. 1 news application, but it wasn’t clear how the company determined this ranking — considering it’s preinstalled, it has a bit of an advantage over traditional publishers.

Before diving into the content, Apple introduced the premium news subscription’s new design feature, called “Live Covers,” which shows animated images instead of static photos for a magazine’s cover.

Inside the digital magazine’s pages, readers can view a table of contents, swipe through beautifully designed pages filled with text, photos and infographic content, and more. The experience looks very much like the popular digital magazine app, Flipboard.

 

The magazine publishers can also express their own unique look and feel through their design and photography, noted Apple designer Wyatt Mitchell, in presenting the new service.

The News+ tab is where you can begin to explore the available magazines, which are organized into sections, including a curated “Featured” area, as well as by magazine category like “Business & Finance,” or “Health,” for example.

Meanwhile, the Today tab features more recommendations of articles and issues. The service will also customize itself to your interests, but won’t do so by tracking what you read.

Instead, Apple says the service will download groups of articles from its servers. And then it uses on-device intelligence to make recommendations. That means Apple won’t know what you read and won’t allow advertisers to track you either.

When you subscribe, your whole family can access the magazines through Apple Family Sharing, for the same price.

Apple had signaled its intention to enter the premium news subscription businesses when it acquired digital newsstand startup Texture in spring 2018. Shortly thereafter, reports surfaced that Apple was planning to relaunch Texture’s product as part of the existing Apple News application. The company had been courting high-profile publishers, but industry reaction was mixed.

That appears to remain the case as the service goes to launch. While it does offer The Wall Street Journal — announced ahead of today’s event — other top publishers like The New York Times and The Washington Post have chosen not to participate.

Apple News+ is available in the U.S. and Canada, starting today. In Canada, the service will be $12.99 per month. Later this year, Apple News+ will arrive in Europe, starting with the U.K., as well as Australia.

The first month is free, before the monthly charge kicks in.

from iPhone – TechCrunch https://ift.tt/2YlPEOl

All the videos from Apple’s big media event

Video served as both form and function today at Apple’s media event, and the company wasn’t stingy with classic Apple event videos. Ranging from previews of new services like Apple Arcade to a look at the artists creating content for Apple TV +, the videos should give folks who missed the livestream a quick look at what’s next out of Apple services.

As with most events, today’s kicked off with a teaser video:

The first product Apple announced was Apple News+, which offers access to over 300 magazines and newspapers for $9.99/month. Of note, Apple News+ is the only product Apple announced today that’s also available today.

The second new product out of Apple is Apple Card. Apple Card is essentially an electronic credit card that works anywhere that Apple Pay is accepted. The Apple Card app lets you see your transaction history, pay your card, and earn 2 percent cash back daily on your purchases all within the Wallet app.

And yes, it comes with a physical card, which is made of titanium, laser-etched with your name, and has no number. The Apple Card should make credit card fraud more difficult.

Apple then announced a new gaming subscription service called Apple Arcade.

The service won’t launch until this fall, but will include more than 100 premium games at launch from partners including Disney, Konami and Lego. Importantly, this is a cross-platform product, meaning games are playable on iOS, MacOS and tvOS, giving Apple the chance to leverage iOS to get gaming on the Mac.

This one came with two videos, but no price.

And finally, Apple announced Apple TV+, a forthcoming subscription service that would give users access to Apple’s new library of original content. This includes a new show from Jennifer Anniston, Reese Witherspoon and Steve Carell about a morning news show and an anthology series from Kumail Nanjiana that tells the true story of everyday immigrants, among many others.

And one more thing… Oprah has signed on to do two new shows with Apple TV+.

Apple TV+ doesn’t come out until the Fall and there’s still no word on pricing.

from Apple – TechCrunch https://ift.tt/2Tx9v9u

Oprah offers more details about her partnership with Apple

Apple’s event today, where it announced its streaming plans and more, ended with a whole bunch of celebrities taking the stage to talk about the shows they’re making for the new TV+ service. The boldface names included Steven Spielberg, Reese Witherspoon and Jennifer Aniston — but for the big finish, Apple brought out Oprah Winfrey.

Apple said last year that it had signed “a unique, multi-year content partnership” with Winfrey. That announcement, however, didn’t include any details about the programs she’d be making.

Winfrey described two documentaries today. First, there’s “Toxic Labor,” looking at the effects of sexual harassment in the workplace. There’s also an untitled, multi-part documentary about mental health.

Winfrey also said she’s working on a new version of her book club, which she said will be “the biggest, most vibrant, the most stimulating book club on the planet.” The idea is that by working with Apple, her interviews with authors can be streamed to Apple stores and devices around the world.

“I want to literally convene a meeting of the minds, connecting us through books,” she said.

More broadly, Winfrey said with her Apple content, “I want to reach that sweet spot where insight and perspective, truth and tolerance, actually intersect.” And she’s excited to use their platform to get her message out to an enormous audience: “They’re in a billion pockets, y’all. A billion pockets.”

from Apple – TechCrunch https://ift.tt/2Or0vlB

Apple unveils its streaming service, AppleTV+

To close out today’s press event focused on Apple’s service’s business, the company has officially announced its streaming initiative, Apple TV+.

The company already had a long list of shows in development, which will hopefully put all your “Carpool Karaoke” jokes to rest. They include an “Amazing Stories” reboot executive produced by Steven Spielberg, an adaptation of Isaac Asimov’s classic “Foundation” books and “The Morning Show,” a drama set in the morning TV industry starring Jennifer Aniston and Reese Witherspoon.

Details about the shows have been coming out for more than a year, so the main question was: How would consumers get access to all of this content? And how much would they have to pay for it, if anything?

Reports last fall suggested that Apple might actually give this content away for free to anyone with an iOS or tvOS device, and that the original content would essentially function as an incentive to buy Apple hardware and as a funnel to other services.

And indeed, Apple announced that there’s a new Apple TV app coming in May — as well as Apple TV Channels, which will allow you to subscribe to other streaming services like HBO, Showtime, Starz and CBS All Access.

To highlight the caliber of filmmakers involved in this initiative, Apple showed off a promotional video featuring interviews with Steven Spielberg, J.J. Abrams, Octavia Spencer, Ron Howard, M. Night Shyamalan, Sofia Coppola, Damian Chazelle, Jennifer Aniston and Reese Witherspoon — who are, of course, all involved in making shows for Apple TV+.

Spielberg then took the stage to talk about his childhood love of the Amazing Stories magazine, which he subsequently turned into an ’80s TV series.

“Thanks to the visionary and inventive folks at Apple, my Amblin team and I are going to be resurrecting this 93-year-old brand and offering to multi-generational audiences a whole new batch of Amazing Stories,” he said.

And then  there was a veritable parade of celebrities touting their various shows: Aniston, Witherspoon and Steve Carrell, who are all starring in “The Morning Show; then Jason Momoa and Alfre Woodward, who talked about their science fiction series “See”; Kumail Nanjiani who said his anthology series “Little America” will consist of “human stories that feature immigrants,” then Big Bird (yes, that Big Bird) announced coding-themed shows that Sesame Workshop is making for Apple and then J.J. Abrams and Sara Bareilles — Bareilles performed the theme to their show “Little Voice.”

Updating

from Apple – TechCrunch https://ift.tt/2WncJOJ

Android users’ security and privacy at risk from shadowy ecosystem of pre-installed software, study warns

A large-scale independent study of pre-installed Android apps has cast a critical spotlight on the privacy and security risks that preloaded software poses to users of the Google developed mobile platform.

The researchers behind the paper, which has been published in preliminary form ahead of a future presentation at the IEEE Symposium on Security and Privacy, unearthed a complex ecosystem of players with a primary focus on advertising and “data-driven services” — which they argue the average Android user is unlikely to be unaware of (while also likely lacking the ability to uninstall/evade the baked in software’s privileged access to data and resources themselves).

The study, which was carried out by researchers at the Universidad Carlos III de Madrid (UC3M) and the IMDEA Networks Institute, in collaboration with the International Computer Science Institute (ICSI) at Berkeley (USA) and Stony Brook University of New York (US), encompassed more than 82,000 pre-installed Android apps across more than 1,700 devices manufactured by 214 brands, according to the IMDEA institute.

“The study shows, on the one hand, that the permission model on the Android operating system and its apps allow a large number of actors to track and obtain personal user information,” it writes. “At the same time, it reveals that the end user is not aware of these actors in the Android terminals or of the implications that this practice could have on their privacy.  Furthermore, the presence of this privileged software in the system makes it difficult to eliminate it if one is not an expert user.”

An example of a well-known app that can come pre-installed on certain Android devices is Facebook.

Earlier this year the social network giant was revealed to have inked an unknown number of agreements with device makers to preload its app. And while the company has claimed these pre-installs are just placeholders — unless or until a user chooses to actively engage with and download the Facebook app, Android users essentially have to take those claims on trust with no ability to verify the company’s claims (short of finding a friendly security researcher to conduct a traffic analysis) nor remove the app from their device themselves. Facebook pre-loads can only be disabled, not deleted entirely.

The company’s preloads also sometimes include a handful of other Facebook-branded system apps which are even less visible on the device and whose function is even more opaque.

Facebook previously confirmed to TechCrunch there’s no ability for Android users to delete any of its preloaded Facebook system apps either.

“Facebook uses Android system apps to ensure people have the best possible user experience including reliably receiving notifications and having the latest version of our apps. These system apps only support the Facebook family of apps and products, are designed to be off by default until a person starts using a Facebook app, and can always be disabled,” a Facebook spokesperson told us earlier this month.

But the social network is just one of scores of companies involved in a sprawling, opaque and seemingly interlinked data gathering and trading ecosystem that Android supports and which the researchers set out to shine a light into.

In all 1,200 developers were identified behind the pre-installed software they found in the data-set they examined, as well as more than 11,000 third party libraries (SDKs). Many of the preloaded apps were found to display what the researchers dub potentially dangerous or undesired behavior.

The data-set underpinning their analysis was collected via crowd-sourcing methods — using a purpose-built app (called Firmware Scanner), and pulling data from the Lumen Privacy Monitor app. The latter provided the researchers with visibility on mobile traffic flow — via anonymized network flow metadata obtained from its users. 

They also crawled the Google Play Store to compare their findings on pre-installed apps with publicly available apps — and found that just 9% of the package names in their dataset were publicly indexed on Play. 

Another concerning finding relates to permissions. In addition to standard permissions defined in Android (i.e. which can be controlled by the user) the researchers say they identified more than 4,845 owner or “personalized” permissions by different actors in the manufacture and distribution of devices.

So that means they found systematic user permissions workarounds being enabled by scores of commercial deals cut in a non-transparency data-driven background Android software ecosystem.

“This type of permission allows the apps advertised on Google Play to evade Android’s permission model to access user data without requiring their consent upon installation of a new app,” writes the IMDEA.

The top-line conclusion of the study is that the supply chain around Android’s open source model is characterized by a lack of transparency — which in turn has enabled an ecosystem to grow unchecked and get established that’s rife with potentially harmful behaviors and even backdoored access to sensitive data, all without most Android users’ consent or awareness. (On the latter front the researchers carried out a small-scale survey of consent forms of some Android phones to examine user awareness.)

tl;dr the phrase ‘if it’s free you’re the product’ is a too trite cherry atop a staggeringly large yet entirely submerged data-gobbling iceberg. (Not least because Android smartphones don’t tend to be entirely free.)

“Potential partnerships and deals — made behind closed doors between stakeholders — may have made user data a commodity before users purchase their devices or decide to install software of their own,” the researchers warn. “Unfortunately, due to a lack of central authority or trust system to allow verification and attribution of the self-signed certificates that are used to sign apps, and due to a lack of any mechanism to identify the purpose and legitimacy of many of these apps and custom permissions, it is difficult to attribute unwanted and harmful app behaviors to the party or parties responsible. This has broader negative implications for accountability and liability in this ecosystem as a whole.”

The researchers go on to make a series of recommendations intended to address the lack of transparency and accountability in the Android ecosystem — including suggesting the introduction and use of certificates signed by globally-trusted certificate authorities, or a certificate transparency repository “dedicated to providing details and attribution for certificates used to sign various Android apps, including pre-installed apps, even if self-signed”.

They also suggest Android devices should be required to document all pre-installed apps, plus their purpose, and name the entity responsible for each piece of software — and do so in a manner that is “accessible and understandable to users”.

“[Android] users are not clearly informed about third-party software that is installed on their devices, including third-party tracking and advertising services embedded in many pre-installed apps, the types of data they collect from them, the capabilities and the amount of control they have on their devices, and the partnerships that allow information to be shared and control to be given to various other companies through custom permissions, backdoors, and side-channels. This necessitates a new form of privacy policy suitable for preinstalled apps to be defined and enforced to ensure that private information is at least communicated to the user in a clear and accessible way, accompanied by mechanisms to enable users to make informed decisions about how or whether to use such devices without having to root their devices,” they argue, calling for overhaul of what’s long been a moribund T&Cs system, from a consumer rights point of view.

In conclusion they couch the study as merely scratching the surface of “a much larger problem”, saying their hope for the work is to bring more attention to the pre-installed Android software ecosystem and encourage more critical examination of its impact on users’ privacy and security.

They also write that they intend to continue to work on improving the tools used to gather the data-set, as well as saying their plan is to “gradually” make the data-set itself available to the research community and regulators to encourage others to dive in.  

from Android – TechCrunch https://ift.tt/2FzeDqc
via IFTTT