Apple starts selling Mophie’s take on AirPower

There’s no shortage of AirPower knockoffs on the market. Many have been in the works since Apple took the wraps off its in-house version, positioned as more affordable alternatives. Since the company unceremoniously pulled the plug on the project, however, they’re the only game in town.

We reviewed a $99 one a while ago. It seemed fine, and Amazon is currently overloaded with even more affordable options. It’s probably unfair to lump Mophie in the knockoff. The accessory maker produces pretty premium products at price to match. And unlike the competition, it’s got the Apple seal of approval.

That means the company’s new 3-in-1 charging pad is most likely as close as you’re ever going to get to marching into an Apple Store and leaving with AirPower. Here’s the official description, per Mophie,

The 3-in-1 wireless charging pad conveniently charges iPhone, AirPods and Apple Watch from one central location. To ensure a seamless charging experience for all three devices, it features a dedicated cavity for AirPods, and an integrated charging stand for Apple Watch that holds it at the ideal angle for Nightstand Mode with an unobstructed view of the screen.

Sounds about right, right? The black charging pad operates similarly to most competitors, with designated slots from the three Apple products. That, after all, seems to be the source of the issues with the original AirPower product, making a pad that was capable of charging three different products with different charging needs.

This $99 AirPower knockoff is available for order now

At $140, it’s in line with the AirPower’s price. As stated above, you can get an alternative for much cheaper, but maybe there’s something in the peace of mind of getting the device from a trusted name like Mophie.

from Apple – TechCrunch https://ift.tt/2MS6O30

Amazon’s lead EU data regulator is asking questions about Alexa privacy

Amazon’s lead data regulator in Europe, Luxembourg’s National Commission for Data Protection, has raised privacy concerns about its use of manual human reviews of Alexa AI voice assistant recordings.

A spokesman for the regulator confirmed in an email to TechCrunch it is discussing the matter with Amazon, adding: “At this stage, we cannot comment further about this case as we are bound by the obligation of professional secrecy.” The development was reported earlier by Reuters.

We’ve reached out to Amazon for comment.

Amazon’s Alexa voice AI, which is embedded in a wide array of hardware — from the company’s own brand Echo smart speaker line to an assortment of third party devices (such as this talkative refrigerator or this oddball table lamp) — listens pervasively for a trigger word which activates a recording function, enabling it to stream audio data to the cloud for processing and storage.

However trigger-word activated voice AIs have been shown to be prone to accidental activation. While a device may be being used in a multi-person household. So there’s always a risk of these devices recording any audio in their vicinity, not just intentional voice queries…

A messed up Google Home Mini recorded a tech reporter 24/7

In a nutshell, the AIs’ inability to distinguish between intentional interactions and stuff they overhear means they are natively prone to eavesdropping — hence the major privacy concerns.

These concerns have been dialled up by recent revelations that tech giants — including Amazon, Apple and Google — use human workers to manually review a proportion of audio snippets captured by their voice AIs, typically for quality purposes. Such as to try to improve the performance of voice recognition across different accents or environments. But that means actual humans are listening to what might be highly sensitive personal data.

Earlier this week Amazon quietly added an option to the settings of the Alexa smartphone app to allow users to opt out of their audio snippets being added to a pool that may be manually reviewed by people doing quality control work for Amazon — having not previously informed Alexa users of its human review program.

The policy shift followed rising attention on the privacy of voice AI users — especially in Europe.

Last month thousands of recordings of users of Google’s AI assistant were leaked to the Belgian media which was able to identify some of the people in the clips.

A data protection watchdog in Germany subsequently ordered Google to halt manual reviews of audio snippets.

Google responded by suspending human reviews across Europe. While its lead data watchdog in Europe, the Irish DPC, told us it’s “examining” the issue.

Separately, in recent days, Apple has also suspended human reviews of Siri snippets — doing so globally, in its case — after a contractor raised privacy concerns in the UK press over what Apple contractors are privy to when reviewing Siri audio.

The Hamburg data protection agency which intervened to halt human reviews of Google Assistant snippets urged its fellow EU privacy watchdogs to prioritize checks on other providers of language assistance systems — and “implement appropriate measures” — naming both Apple and Amazon.

In the case of Amazon, scrutiny from European watchdogs looks to be fast dialling up.

At the time of writing it is the only one of the three tech giants not to have suspended human reviews of voice AI snippets, either regionally or globally.

In a statement provided to the press at the time it changed Alexa settings to offer users an opt-out from the chance of their audio being manually reviewed, Amazon said:

We take customer privacy seriously and continuously review our practices and procedures. For Alexa, we already offer customers the ability to opt-out of having their voice recordings used to help develop new Alexa features. The voice recordings from customers who use this opt-out are also excluded from our supervised learning workflows that involve manual review of an extremely small sample of Alexa requests. We’ll also be updating information we provide to customers to make our practices more clear.

from Apple – TechCrunch https://ift.tt/2YPyQOM

The smartwatch category is growing, as Apple remains dominant

Last week Samsung and Fossil kicked off the week by announcing new smartwatches. On the same day. At the same time. From a brief moment, it felt like 2015 all over again, when the world of smartwatches felt exciting and new.

Mid-way through 2019, the good news for smartwatches is that the category continues to grow. Numbers from Strategy Analytics show some truly impressive movement on that front, with shipments from 44 percent year over year in Q2, from 8.6 million to 12.3.

Lots of reason to celebrate there if you’re a smartwatch maker — or, rather, if you’re one very specific smartwatch maker. The very important caveat to the rosy numbers is that they start to look considerably less rosy when you take Apple out of the equation. The Apple Watch accounted for 5.7 million of those Q2 numbers. That’s 46 percent of the category, up slightly from 44 the year prior.

The numbers were reflected in Apple’s last earnings. The wearables category (which, notably, also includes AirPods) was a bright spot in the company’s otherwise disappointing hardware numbers. Compare that to the company with the second-largest numbers for the quarter: Samsung, which shipped two million smartwatches in that time period.

from Apple – TechCrunch https://ift.tt/2ZGx4kh

Apple expands its bug bounty, increases maximum payout to $1M

Apple is finally giving security researchers something they’ve wanted for years: a macOS bug bounty.

The technology giant said Thursday it will roll out the bug bounty program to include Macs and MacBooks, as well as Apple TV and Apple Watch, almost exactly three years after it debuted its bug bounty program for iOS.

The idea is simple: you find a vulnerability, you disclose it to Apple, they fix it — and in return you get a cash payout. These programs are wildly popular in the tech industry as it helps to fund security researchers in exchange for serious security flaws that could otherwise be used by malicious actors, and also helps fill the void of bug finders selling their vulnerabilities to exploit brokers, and on the black market, who might abuse the flaws to conduct surveillance.

But Apple had dragged its feet on rolling out a bug bounty to its range of computers. Some security researchers had flat-out refused to report security flaws to Apple in absence of a bug bounty.

At the Black Hat conference in Las Vegas, head of security engineering and architecture Ivan Krstić announced the program to run alongside its existing iOS bug bounty.

Patrick Wardle, a security expert and principle security researcher at Jamf, said the move was a “no brainer.”

Wardle has found several major security vulnerabilities and dropped zero-days — details of flaws published without allowing the companies a chance to fix — citing the lack of a macOS bug bounty. He has long criticized Apple for not having a bug bounty, accusing the company of leaving a void open for security researchers to sell their flaws to exploit brokers who often use the vulnerabilities for nefarious reasons.

“Granted, they hired many incredible talented researchers and security professionals — but still never really had a transparent mutually beneficial relationship with external independent researchers,” said Wardle.

“Sure this is a win for Apple, but ultimately this a huge win for Apple’s end users,” he added.

Apple said it will open its bug bounty program to all researchers and increase the size of the bounty from the current maximum of $200,000 per exploit to $1 million for a zero-click, full chain kernel code execution attack with persistence — in other words, if an attacker can gain complete control of a phone without any user interaction and simply by knowing a target’s phone number.

Apple also said that any researcher who finds a vulnerability in pre-release builds that’s reported before general release will qualify for up to 50% bonus on top of the category of vulnerability they discover.

The bug bounty programs will be available to all security researchers beginning later this year.

The company also confirmed a Forbes report, published earlier this week, saying it will give a number of “dev” iPhones to vetted and trusted security researchers and hackers under the new iOS Security Research Device Program. These devices are special devices that give the hackers greater access to the underlying software and operating system to help them find vulnerabilities typically locked away from other security researchers — such as secure shell.

Apple said that it hopes expanding its bug bounty program will encourage more researchers to privately disclose security flaws, which will help to increase the protection of its customers.

Read more:
Apple restricts ads and third-party trackers in iPhone apps for kids
New book looks inside Apple’s legal fight with the FBI
Apple has pushed a silent Mac update to remove hidden Zoom web server
Many popular iPhone apps secretly record your screen without asking
Apple rebukes Australia’s ‘dangerously ambiguous’ anti-encryption bill
Apple Card will make credit card fraud a lot more difficult

from iPhone – TechCrunch https://ift.tt/2ZKtzJB

Apple expands its bug bounty, increases maximum payout to $1M

Apple is finally giving security researchers something they’ve wanted for years: a macOS bug bounty.

The technology giant said Thursday it will roll out the bug bounty program to include Macs and MacBooks, as well as Apple TV and Apple Watch, almost exactly three years after it debuted its bug bounty program for iOS.

The idea is simple: you find a vulnerability, you disclose it to Apple, they fix it — and in return you get a cash payout. These programs are wildly popular in the tech industry as it helps to fund security researchers in exchange for serious security flaws that could otherwise be used by malicious actors, and also helps fill the void of bug finders selling their vulnerabilities to exploit brokers, and on the black market, who might abuse the flaws to conduct surveillance.

But Apple had dragged its feet on rolling out a bug bounty to its range of computers. Some security researchers had flat-out refused to report security flaws to Apple in absence of a bug bounty.

At the Black Hat conference in Las Vegas, head of security engineering and architecture Ivan Krstić announced the program to run alongside its existing iOS bug bounty.

Patrick Wardle, a security expert and principle security researcher at Jamf, said the move was a “no brainer.”

Wardle has found several major security vulnerabilities and dropped zero-days — details of flaws published without allowing the companies a chance to fix — citing the lack of a macOS bug bounty. He has long criticized Apple for not having a bug bounty, accusing the company of leaving a void open for security researchers to sell their flaws to exploit brokers who often use the vulnerabilities for nefarious reasons.

“Granted, they hired many incredible talented researchers and security professionals — but still never really had a transparent mutually beneficial relationship with external independent researchers,” said Wardle.

“Sure this is a win for Apple, but ultimately this a huge win for Apple’s end users,” he added.

Apple said it will open its bug bounty program to all researchers and increase the size of the bounty from the current maximum of $200,000 per exploit to $1 million for a zero-click, full chain kernel code execution attack with persistence — in other words, if an attacker can gain complete control of a phone without any user interaction and simply by knowing a target’s phone number.

Apple also said that any researcher who finds a vulnerability in pre-release builds that’s reported before general release will qualify for up to 50% bonus on top of the category of vulnerability they discover.

The bug bounty programs will be available to all security researchers beginning later this year.

The company also confirmed a Forbes report, published earlier this week, saying it will give a number of “dev” iPhones to vetted and trusted security researchers and hackers under the new iOS Security Research Device Program. These devices are special devices that give the hackers greater access to the underlying software and operating system to help them find vulnerabilities typically locked away from other security researchers — such as secure shell.

Apple said that it hopes expanding its bug bounty program will encourage more researchers to privately disclose security flaws, which will help to increase the protection of its customers.

Read more:
Apple restricts ads and third-party trackers in iPhone apps for kids
New book looks inside Apple’s legal fight with the FBI
Apple has pushed a silent Mac update to remove hidden Zoom web server
Many popular iPhone apps secretly record your screen without asking
Apple rebukes Australia’s ‘dangerously ambiguous’ anti-encryption bill
Apple Card will make credit card fraud a lot more difficult

from Apple – TechCrunch https://ift.tt/2ZKtzJB

Apple Music for Artists comes out of beta with an iOS app and Shazam data

Apple Music launched its data dashboard for musicians more than a year ago. Today, the company is taking that product — Apple Music for Artists — out of beta, and adding some new features in the process.

For one thing, it’s no longer a web-only product, because Apple is releasing an iPhone app. On both web and iOS, Apple Music for Artists allows musicians and their teams to see how often a song has been played, how many listeners it’s reaching and how many times it’s been purchased.

There’s also an “insights” section designed to highlight noteworthy data at any given moment, like how the first week of a new song compares to the first weeks of previous songs, or when the popularity of a song is spiking, or if they’ve hit a big milestone like 1 million plays.

Apple is also introducing data from Shazam, the music-recognition app it acquired last year. The idea is to capture listener behavior that’s very different from seeking out an artist or a specific song — it’s more about a moment of spontaneous connection, when you hear a song and think, “Whoa, what’s this?” (This also provides a window to behavior beyond Apple Music listeners.)

One of the goals is to give musicians the data they need to actually guide their decisions. For example, they might see that a song that’s not many plays compared to their big singles, but it’s doing surprisingly well on Shazam — so maybe it’s time to shift promotion.

And the data is also browsable by city, on a map. So if someone’s planning a tour, they can use this to data to choose which cities or visit, or to find the correct venue size in a given market.

Apple says all the data (including Shazam data) goes back to the launch of Apple Music in 2015. Any artist can claim their account for free.

Apple Music surpasses 60 million subscribers

from Apple – TechCrunch https://ift.tt/2KxLBbH

GitHub gets a CI/CD service

Microsoft’s GitHub today launched the beta of a new version of GitHub Actions with full continuous integration and delivery (CI/CD) capabilities built right into the service. General availability is planned for November 13.

The company also today announced that it now has more than 40 million developers on its platform.

Ten months ago, GitHub launched Actions, its workflow automation platform. Developers could already take actions to trigger all kinds of events and use that to build custom CI/CD pipelines. At launch, the GitHub team stressed that Actions allowed for building these pipelines, but that it was a lot more than that. Still, developers were obviously quite interested in using Actions for CI/CD.

“Since we introduced GitHub Actions last year, the response has been phenomenal, and developers have created thousands of inspired workflows,” writes GitHub CEO Nat Friedman in today’s announcement. “But we’ve also heard clear feedback from almost everyone: you want CI/CD! And that’s what we’re announcing today.”

With this updated version of Actions, developers can now build, test and deploy their code on any platform and run their workflows in containers or virtual machines. Developers also can test multiple versions of their applications in parallel thanks to a new feature called “matrix builds,” which lets you, for example, test three different versions of Node.js on Linux, Windows and MacOS at the same time. Because GitHub Actions are defined in a basic YAML file, making those changes is only a matter of adding a few lines to the file.

Supported languages and frameworks include Node.js, Python, Java, PHP, Ruby, C/C++, .NET, Android and iOS. Actions is also integrated with the GitHub Package Registry.

As the application is built, you also get live logs streamed to the Action console, and it’s easy to link to any line in a log file to discuss issues with the rest of your team.

These new features are available for free during the beta and will remain free for all public repositories.

Actions for GitHub Enterprise Server will launch next year and will include a hybrid option that will allow you to keep the code in a private data center and still use GitHub to orchestrate the workflows.

“GitHub Actions is the democratization of CI/CD and software automation. Developers can write workflows reacting to any GitHub platform event and reference open-source GitHub Actions — reusable pieces of code — to supercharge their software lifecycle the same way they are used to writing application code,” said Max Schoening, GitHUb’s senior director of Product Design. “It truly is community-powered CI/CD with a pricing model that works for everyone.”

With this launch, GitHub is now also competing more directly with some of the CI/CD startups that have built businesses on top of the platform. That’s likely to create a bit of friction.

“GitHub has made a commitment to keeping their platform open to all partners, but only time will tell,” CircleCI CEO Jim Rose said in a statement. “Ultimately, developers are smart and will choose the best, most powerful tools available on the market, and we’re confident that that’s where CircleCI will continue to be. […] With more than nine years of data and experience on how teams move from idea to delivery, CircleCI is the leader in CI/CD and we are confident we have the best solution for developers.”

I expect that Rose’s comment will echo that of other CI/CD players, though it’s also worth noting, as Rose did, that Actions can be integrated with other continuous integration services to allow developers to trigger builds on their platforms. These providers can also make their own Actions available on GitHub.

“We see GitHub actions as complementary to what Codefresh does. It’s an additional way that users can leverage Codefresh to build robust pipelines in a scalable way. One interesting thing is that GitHub followed our lead in how they architected Actions. You can actually use GitHub actions as steps inside a Codefresh pipeline. So you see, we’re actually very aligned,” said Dan Garfield, the chief technology evangelist at CI/CD platform Codefresh. “Developers can find the Codefresh action right on GitHub!”

When I asked GitHub about this, Schoening provided the following statement: “GitHub and our community believe in choice and an open ecosystem. That is something we take seriously and build into everything we do. GitHub Actions lets developers integrate with all their existing tooling, mix and match new developer products, and hook into all parts of the software lifecycle, including existing CI/CD partners.”

from Android – TechCrunch https://ift.tt/2Kl7P1I
via IFTTT