Apple shares progress report on supplier usage of clean energy

Apple announced that there are now 44 suppliers that have committed to use clean energy for Apple production. It doesn’t mean all suppliers are using renewable energy, it also doesn’t mean that they use 100 percent clean energy for all their clients. But it’s still good news.

All of Apple facilities already run on clean energy, such as offices, retails stores and data centers. But Apple is well aware that it manufactures a ton of devices and works with a ton of suppliers. That’s why the company has created a fund to help finance renewable energy projects in China. Apple is also allocation $2.5 billion in green bonds.

Thanks to these initiatives, Apple has financed solar rooftops in Japan, a custom alloy made of recycled aluminum that you can find the MacBook Air and Mac Mini.

Overall, Apple expects to reach its 2020 goal of injecting 4 gigawatts of renewable energy into its supply well before 2020. In fact, the company now says that it will indirectly generate around 5 gigawatts of clean energy.

Suppliers in the program include Foxconn, Wistron, TSMC, Corning, STMicroelectronics and dozens of names that are mostly unknown to end customers.

from Apple – TechCrunch https://tcrn.ch/2G4c8LA

Prince Harry is partnering with Oprah Winfrey on Apple TV+ series about mental health

Prince Harry is the latest big name attached to Apple’s upcoming streaming service, Apple TV+, which was formally introduced last month. According to an announcement published to Prince Harry and Meghan Markle’s official Instagram account, Prince Harry and Oprah Winfrey are co-creators and executive producers on an Apple TV+ docuseries focused on mental health.

“I truly believe that good mental health – mental fitness – is the key to powerful leadership, productive communities and a purpose-driven self,” said Prince Harry, in a statement.

“It is a huge responsibility to get this right as we bring you the facts, the science and the awareness of a subject that is so relevant during these times. Our hope is that this series will be positive, enlightening and inclusive – sharing global stories of unparalleled human spirit fighting back from the darkest places, and the opportunity for us to understand ourselves and those around us better. I am incredibly proud to be working alongside Oprah on this vital series,” he shared.

Oprah’s involvement with Apple TV+ was first announced in June 2018, with news that she signed a multi-year deal to produce original content for Apple’s then still unnamed streaming service.

At Apple’s press event in March, the company brought Winfrey on stage to offer more details about what she had planned. That includes “Toxic Labor,” a documentary that examines the effects of sexual harassment in the workplace, and another untitled multi-part series about mental health.

Prince Harry’s involvement was not mentioned at the time.

However, he has been involved for several months, today’s announcement states.

The series, according to Winfrey, will look at how “the scourge of depression, and anxiety, post-traumatic stress, addiction, trauma, and loss, is just devastating lives daily across the globe.” The show, if it does its job right, aims to replace shame and stigma around mental health issues with “compassion and honesty,” she had said.

The topic of mental health is one Prince Harry has been focused on himself, before agreeing to co-produce the series.

As the announcement explains:

“The dynamic multi-part documentary series will focus on both mental illness and mental wellness, inspiring viewers to have an honest conversation about the challenges each of us faces, and how to equip ourselves with the tools to not simply survive, but to thrive.

This commitment builds on The Duke of Sussex’s long-standing work on issues and initiatives regarding mental health, where he has candidly shared personal experience and advocated for those who silently suffer, empowering them to get the help and support they deserve.”

Winfrey also went on “CBS This Morning” to talk more about mental health, the series, and how she came to partner with Prince Harry on the project.

She had asked him what he thought were the most important issues facing the world, and he had replied with two: climate change and mental health.

“As you know, he’s spoken about his own issues and what he went through after his mother died and how being able to talk about it has benefitted him,” Winfrey told CBS. “It’s a passion of his and at the end of the conversation, I said, ‘Oh, I’m going to be doing this thing with Apple. I said it’s a big concern of mine, too … And I was telling him about this Apple platform and he said at the end of the conversation, ‘If there’s anything I can do to help.’ And I go ‘as a matter of fact…”

The multi-part docuseries still doesn’t have a name, but will arrive in 2020 following the public debut of Apple TV+, scheduled for later this fall. 

 

from Apple – TechCrunch https://tcrn.ch/2IoEe6R

Google turns your Android phone into a security key

Your Android phone could soon replace your hardware security key to provide two-factor authentication access to your accounts. As the company announced at its Cloud Next conference today, it has developed a Bluetooth-based protocol that will be able to talk to its Chrome browser and provide a standards-based second factor for access to its services, similar to modern security keys.

It’s no secret that two-factor authentication remains one of the best ways to secure your online accounts. Typically, that second factor comes to you in the form of a push notification, text message or through an authentication app like the Google Authenticator. There’s always the risk of somebody intercepting those numbers or phishing your account and then quickly using your second factor to log in, though. Because a physical security key also ensures that you are on the right site before it exchanges the key, it’s almost impossible to phish this second factor. The key simply isn’t going to produce a token on the wrong site.

Because Google is using the same standard here, just with different hardware, that phishing protection remains intact when you use your phone, too.

Bluetooth security keys aren’t a new thing, of course, and Google’s own Titan keys include a Bluetooth version (though they remain somewhat controversial). The user experience for those keys is a bit messy, though, since you have to connect the key and the device first. Google, however, says that it has done away with all of this thanks to a new protocol that uses Bluetooth but doesn’t necessitate the usual Bluetooth connection setup process. Sadly, though, the company didn’t quite go into details as to how this would work.

Google says this new feature will work with all Android 7+ devices that have Bluetooth and location services enabled. Pixel 3 phones, which include Google’s Titan M tamper-resistant security chip, get some extra protections, but the company is mostly positioning this as a bonus and not a necessity.

As far as the setup goes, the whole process isn’t all that different from setting up a security key (and you’ll still want to have a second or third key handy in case you ever lose or destroy your phone). You’ll be able to use this new feature for both work and private Google accounts.

For now, this also only works in combination with Chrome. The hope here, though, is to establish a new standard that will then be integrated into other browsers, as well. It’s only been a week or two since Google enabled support for logging into its own service with security keys on Edge and Firefox. That was a step forward. Now that Google offers a new service that’s even more convenient, though, it’ll likely be a bit before these competing browsers will offer support, too, once again giving Google a bit of an edge.

from Android – TechCrunch https://tcrn.ch/2P2szvU
via IFTTT

Apple could release a 31.6-inch 6K external display this year

Analyst Ming-Chi Kuo has released a new report about future Apple products — 9to5mac obtained the report. The company could be working on a new 31.6-inch external display with a 6K resolution that could work particularly well with the Mac Pro. New iPad and MacBook Pro models with better displays are also in the works.

Apple used to sell external displays but stopped selling the latest model in 2016. The 27-inch Apple Thunderbolt Display had an aluminum case and an LED-backlit LCD display. It had four times less pixels than the 27-inch 5K iMac with a resolution of 2560×1440 pixels. And it never made the switch to Thunderbolt 3.

When Apple told TechCrunch that it was working on a Mac Pro, the company confirmed that there would be a new external display. “We want them to know we are going to work on a display for a modular system,” Apple SVP of Worldwide Marketing Phil Schiller told Matthew Panzarino.

According to Ming-Chi Kuo’s report, the new display will come earlier rather than later. Apple plans to launch the device during the second or third quarter of this year. I wouldn’t be surprised to see an announcement on June 3 at WWDC.

As for new iPad and MacBook Pro models, Ming-Chi Kuo has learned that Apple will use mini-LED technology to improve color gamut, contrast ratios, etc. This new technology should also improve battery performance compared to traditional LED displays.

Those new devices with mini-LED displays will arrive on the market at the end of 2020 or at some point during the first half of 2021. It’s unclear if Apple plans to update the MacBook Pro before then.

from Apple – TechCrunch https://tcrn.ch/2Kn38q3

A powerful spyware app now targets iPhone owners

Security researchers have discovered a powerful surveillance app first designed for Android devices can now target victims with iPhones.

The spy app, found by researchers at mobile security firm Lookout, said its developer abused their Apple-issued enterprise certificates to bypass the tech giant’s app store to infect unsuspecting victims.

The disguised carrier assistance app once installed can silently grab a victim’s contacts, audio recordings, photos, videos and other device information — including their real-time location data. It can be remotely triggered to listen in on people’s conversations, the researchers found. Although there was no data to show who might have been targeted, the researchers noted that the malicious app was served from fake sites purporting to be cell carriers in Italy and Turkmenistan.

Researchers linked the app to the makers of a previously discovered Android app, developed by the same Italian surveillance app maker Connexxa, known to be in use by the Italian authorities.

The Android app, dubbed Exodus, ensnared hundreds of victims — either by installing it or having it installed. Exodus had a larger feature set and expanded spying capabilities by downloading an additional exploit designed to gain root access to the device, giving the app near complete access to a device’s data, including emails, cellular data, Wi-Fi passwords and more, according to Security Without Borders.

Screenshots of the ordinary-looking iPhone app, which was silently uploading a victim’s private data and real-time location to the spyware company’s servers (Image: supplied)

Both of the apps use the same backend infrastructure, while the iOS app used several techniques — like certificate pinning — to make it difficult to analyze the network traffic, Adam Bauer, Lookout’s senior staff security intelligence engineer, told TechCrunch.

“This is one of the indicators that a professional group was responsible for the software,” he said.

Although the Android version was downloadable directly from Google’s app store, the iOS version was not widely distributed. Instead, Connexxa signed the app with an enterprise certificate issued to the developer by Apple, said Bauer, allowing the surveillance app maker to bypass Apple’s strict app store checks.

Apple says that’s a violation of its rules, which prohibits these certificates designed to be used strictly for internal apps to be pushed to consumers.

It follows a similar pattern to several app makers, as discovered by TechCrunch earlier this year, which abused their enterprise certificates to develop mobile apps that evaded the scrutiny of Apple’s app store. Every app served through an app store has to be certified by Apple or they won’t run. But several companies, like Facebook and Google, used their enterprise-only certificates to sign apps given to consumers. Apple said this violated its rules and banned the apps by revoking enterprise certificates used by Facebook and Google, knocking both of their illicit apps offline, but also every other internal app signed with the same certificate.

Facebook was unable to operate at full capacity for an entire working day until Apple issued a new certificate.

The certificate Apple issued to Connexxa (Image: supplied)

But Facebook and Google weren’t the only companies abusing their enterprise certificates. TechCrunch found dozens of porn and gambling apps — not permitted on Apple’s app store — signed with an enterprise certificate, circumventing the tech giant’s rules.

After researchers disclosed their findings, Apple revoked the app maker’s enterprise certificate, knocking every installed app offline and unable to run.

The researchers said they did not know how many Apple users were affected.

Connexxa did not respond to a request for comment. Apple did not comment.

Researchers find a new malware-friendly hosting site after a spike in attacks

from iPhone – TechCrunch https://tcrn.ch/2Illl4Y

A powerful spyware app now targets iPhone owners

Security researchers have discovered a powerful surveillance app first designed for Android devices can now target victims with iPhones.

The spy app, found by researchers at mobile security firm Lookout, said its developer abused their Apple-issued enterprise certificates to bypass the tech giant’s app store to infect unsuspecting victims.

The disguised carrier assistance app once installed can silently grab a victim’s contacts, audio recordings, photos, videos, and other device information — including their real-time location data. It can be remotely triggered to listen in on people’s conversations, the researchers found. Although there was no data to show who might have been targeted, the researchers noted that the malicious app was served from fake sites purporting to be cell carriers in Italy and Turkmenistan.

The app is one of several under the so-called “stalkerware” umbrella, apps that can be surreptitiously installed on a victim’s phone to spy on their activity, location and messages in real-time.

Researchers linked the app to the makers of a previously discovered Android app, developed by the same Italian surveillance app maker Connexxa.

The Android app, dubbed Exodus, ensnared hundreds of victims — either by installing it or having it installed. Exodus had a larger feature set and expanded spying capabilities by downloading an additional exploit designed to gain root access to the device, giving the app near complete access to a device’s data, including emails, cellular data, Wi-Fi passwords and more, according to Security Without Borders.

Screenshots of the ordinary-looking iPhone app, which was silently uploading a victim’s private data and real-time location to the spyware company’s servers. (Image: supplied)

Both of the apps use the same backend infrastructure, while the iOS app used several techniques — like certificate pinning — to make it difficult to analyze the network traffic, Adam Bauer, Lookout’s senior staff security intelligence engineer, told TechCrunch.

“This is one of the indicators that a professional group was responsible for the software,” he said.

Although the Android version was downloadable directly from the Google’s app store, the iOS version was not widely distributed. Instead, Connexxa signed the app with an enterprise certificate issued by Apple to the developer, said Bauer, allowing the surveillance app maker to bypass Apple’s strict app store checks.

Apple says that’s a violation of its rules, which prohibits these certificates designed to be used strictly for internal apps to be pushed to consumers.

It follows a similar pattern to several app makers, as discovered by TechCrunch earlier this year, which abused their enterprise certificates to develop mobile apps that evaded the scrutiny of Apple’s app store. Every app served through an app store has to be certified by Apple or they won’t run. But several companies, like Facebook and Google, used their enterprise-only certificates to sign apps given to consumers. Apple said this violated its rules and banned the apps by revoking enterprise certificates used by Facebook and Google, knocking both of their illicit apps offline, but also every other internal app signed with the same certificate.

Facebook was unable to operate at full capacity for an entire working day until Apple issued a new certificate.

The certificate Apple issued to Connexa. (Image: supplied)

But Facebook and Google weren’t the only companies abusing their enterprise certificates. TechCrunch found dozens of porn and gambling apps — not permitted on Apple’s app store — signed with an enterprise certificate, circumventing the tech giant’s rules.

After they researchers disclosed their findings, Apple revoked the app maker’s enterprise certificate, knocking every installed app offline and unable to run.

The researchers said they did not know how many Apple users were affected.

Connexxa did not respond to a request for comment. Apple did not comment.

Researchers find a new malware-friendly hosting site after a spike in attacks

from Android – TechCrunch https://tcrn.ch/2Illl4Y
via IFTTT

New iPhones sport three-camera arrays in latest rumors

One thing we count on for sure in this unpredictable world of ours: the will, indeed, be new iPhones. Another thing that’s looking — at the very least — pretty likely is the inclusion of a three-camera array. A number of different rumors from different sources are currently circling around the addition of a third lens for 2019 models.

New reports from “reliable sources” in the Chinese supply chain (by way of 9 to 5 Mac by way of Macotakara, a Japanese Apple blog) have the three-camera system popping on on models with 6.1 inch and 6.5 inch OLED screens, marking another real estate for the base level model of the flagship.

The larger camera configuration (which may well induce minor trypophobia among some users) is said to be a driving factor in the decision to increase screen size). We’re still very much in the “grain of salt” portion of the Apple rumor cycle, through as 9 to 5 notes, the source has had a solid track record with these sorts of rumors before.

All of that, one assumes, would also come with a price increase for the handset, which has been pushing the $1,000 mark for a couple of years now. And all of this in a year when the company’s still not quite ready to pull the trigger on 5G. All signs currently point to a 2020 date on that one.

from iPhone – TechCrunch https://tcrn.ch/2OTOCF5