An anonymous reader quotes a report from Gizmodo: A 22-year-old boss backed by a gangster cabal of "internet buddies" has been thwarted and convicted in their attempt to blackmail Apple, the UK's National Crime Agency reports. In 2017, London-based Kerem Albayrak made Apple an offer they couldn't refuse: deliver $100,000 in iTunes gift cards or $75,000 in cryptocurrency or kiss 319 million iCloud accounts goodbye. On Friday, a court sentenced him to a two year suspended jail term.

On March 12th, 2017, Albayrak, don of hacker syndicate the "Turkish Crime Family," sent Apple Security and several media outlets a YouTube video showing him apparently logging in to two victims' iCloud accounts. The NCA reports that Albayrak had threatened to factory reset the accounts and sell the database vis-a-vis his "internet buddies," boasting to outlets that he'd had access to 300 million accounts (a figure which was later increased to 559 million). They gave Apple until April 7th to fill their demands, Apple Insider has reported. One week and zero gift cards later, they upped their demands and reportedly sent ZDNet a set of 54 sample accounts. ZDNet confirmed their authenticity, though the plot thickened: at least one account had been compromised years prior. Apple and UK authorities ultimately found that the Turkish Crime Family had not, in fact, successfully compromised the network, and concluded that the data came from an unrelated breach of largely defunct third-party services. Albayrak pleaded guilty to one count of blackmail and two counts of unauthorized acts with intent to impair the operation of or prevent/hinder access to a computer. He was handed a two year suspended jail term, 300 hours of unpaid labor, and six months of "electronic curfew" (an ankle bracelet).

A popular messaging app billed as a secure way to chat with friends and family is actually a spying tool used by the United Arab Emirates to track the activities of those who download it, The New York Times reported Sunday. From a report: The app, which debuted only a few months ago, has been downloaded millions of times around the world. The app is a mass surveillance tool, The Times reported, capable of monitoring every conversation, movement, relationship, appointment, sound and image of its users. The majority of the app's users are in the Emirates but recently surged in popularity in the US. An analysis and interviews with computer security experts suggest the company behind ToTok, Breej Holding, is a front for DarkMatter, an Abu Dhabi-based cyberintelligence and hacking firm that employs Emirati intelligence officials, former National Security Agency employees and former Israeli military intelligence operatives, The Times reported. The app was recently removed from the Apple and Google app stores, but it's still functional until users delete it from their device.

At its developer conference in June this year, Apple introduced Project Catalyst that aims to help developers swiftly bring their iOS apps to Macs. Developers have had more than half a year to play with Catalyst. Here's where things stand currently: The crux of the issue in my mind is that iOS and Mac OS are so fundamentally different that the whole notion of getting a cohesive experience through porting apps with minimal effort becomes absurd. The problem goes beyond touch vs pointer UX into how apps exist and interact within their wider OSes. While both Mac OS and iOS are easy to use, their ease stem from very different conventions. The more complicated Mac builds ease almost entirely through cohesion. Wherever possible, Mac applications are expected to share the same shortcuts, controls, windowing behavior, etc... so users can immediately find their bearings regardless of the application. This also means that several applications existing in the same space largely share the same visual and UX language. Having Finder, Safari, BBEdit and Transmit open on the same desktop looks and feels natural.

By comparison, the bulk of iOS's simplicity stems from a single app paradigm. Tap an icon on the home screen to enter an app that takes over the entire user experience until exited. Cohesion exists and is still important, but its surface area is much smaller because most iOS users only ever see and use a single app at a time. For better and worse, the single app paradigm allows for more diverse conventions within apps. Having different conventions for doing the same thing across multiple full screen apps is not an issue because users only have to ever deal with one of those conventions at a given time. That innocuous diversity becomes incongruous once those same apps have to live side-by-side. Columnist John Gruber of DaringFireball adds: I think part of the problem is Catalyst itself -- it just doesn't feel like nearly a full-fledged framework for creating proper Mac apps yet. But I think another problem is the culture of doing a lot of nonstandard custom UI on iOS. As Wellborn points out, that flies on iOS -- we UI curmudgeons may not like it, but it flies -- because you're only ever using one app at a time on iOS. It cracks a bit with split-screen multitasking on iPadOS, but I've found that a lot of the iPad apps with the least-standard UIs don't even support split-screen multitasking on iPadOS, so the incongruities -- or incoherences, to borrow Wellborn's well-chosen word -- don't matter as much. But try moving these apps to the Mac and the nonstandard UIs stick out like a sore thumb, and whatever work the Catalyst frameworks do to support Mac conventions automatically doesn't kick in if the apps aren't even using the standard UIKit controls to start with. E.g. scrolling a view with Page Up, Page Down, Home, and End. Further reading: Apple's Merged iPad, Mac Apps Leave Developers Uneasy, Users Paying Twice (October 2019).

Laura June, reporting for Input: Two days after Input reported that there were hundreds of unofficial -- often disturbing -- knock-off Disney and Nickelodeon gaming apps aimed at children in Apple's App Store, the company has begun removing the apps from the store. Some of the games found had been available for longer than a year. It remains unclear -- partially due to the way App Store guidelines are written -- on exactly how many fronts the apps in question violated Apple's policies, though many of the titles at least infringed on the IP of the characters they portrayed. It's also unclear if the apps were removed because Disney and other companies filed complaints, or if Apple removed them on its own. As of this afternoon, it seems nearly all of the apps mentioned by name in the initial report were no longer available in the App Store.

Apple has formally opened its bug bounty program today to all security researchers, after announcing the move earlier this year in August at the Black Hat security conference in Las Vegas. From a report: Until today, Apple ran an invitation-based bug bounty program for selected security researchers only and was accepting only iOS security bugs. Starting today, the company will accept vulnerability reports for a much wider spectrum of products that also includes as iPadOS, macOS, tvOS, watchOS, and iCloud. In addition, the company has also increased its maximum bug bounty reward from $200,000 to $1,500,000, depending on the exploit chain's complexity and severity.

Apple has a secret team working on satellites and related wireless technology, striving to find new ways to beam data such as internet connectivity directly to its devices, Bloomberg reported Friday, citing people familiar with the work. From a report: The Cupertino, California-based iPhone maker has about a dozen engineers from the aerospace, satellite and antenna design industries working on the project with the goal of deploying their results within five years, said the people, who asked not to be identified discussing internal company efforts. Work on the project is still early and could be abandoned, the people said, and a clear direction and use for satellites hasn't been finalized. Still, Apple Chief Executive Officer Tim Cook has shown interest in the project, indicating it's a company priority. Apple's work on communications satellites and next-generation wireless technology means the aim is likely to beam data to a user's device, potentially mitigating the dependence on wireless carriers, or for linking devices together without a traditional network. Apple could also be exploring satellites for more precise location tracking for its devices, enabling improved maps and new features.

Veteran tech columnist, who retired two years ago, returns with one story to cap the end of the decade: Apple hasn't said how many Watches and AirPods it's sold, but they're widely believed to be the dominant players in each of their categories and, in the grand Apple tradition, the envy of competitors that scramble to ape them. Neither of these hardware successes has matched the impact or scale of Jobs' greatest hits. Even the iPad, despite annual unit sales that are sharply down from its heyday, generated almost as much revenue by itself in fiscal 2019 as the entire category of "wearables, home and accessories" where the Apple Watch and AirPods are slotted by Apple. [...] Cook does bear the responsibility for a series of actions that screwed up the Macintosh for years. The beloved mainstream MacBook Air was ignored for five years. At the other end of the scale, the Mac Pro, the mainstay of professional audio, graphics, and video producers, was first neglected then reissued in 2013 in a way that put form so far ahead of function that it enraged its customer base. Some insiders think Cook allowed Ive's design team far too much power and that the balance Jobs was able to strike between the designers and the engineers was gone, at least until Ive left the company earlier this year.

The design-first culture that took root under Cook struck again with the MacBook Pro, yielding new laptops so thin their keyboards were awful and featuring USB-C ports that required sleek Macs to be used with ugly dongles. Apple has only recently retreated back to decent keyboards on the latest MacBook Pro, and it issued a much more promising Mac Pro. But dongles are still a part of the Apple experience across its product lines. Cook's other success this decade was to nurture the iPhone along as smartphone sales first plateaued and then began to decline. The biggest change he made came in 2014, before the dip, when Apple introduced two new iPhone 6 models, which belatedly adopted big screens that Android phones had pioneered. Sales took off like a rocket, and there's been a big iPhone option every year since.

Google, Amazon, Apple, and other technology companies have teamed up to develop a smart home connectivity standard that makes it easier for software and devices to play ball across the smart home ecosystem. From a report: Connected Home Over IP, as the new working group is called, will be spearheaded by the Zigbee Alliance, a group of companies that develop and maintain the ZigBee standard, which enables close-proximity devices (e.g light switches, smart speakers, locks) to talk to each other in the home. Smart home devices can use any number of protocols, such as Bluetooth, Wi-Fi, Wireless USB, Z-Wave, and ZigBee. Google also develops two open source protocols -- called Weave and Thread. All of these various protocols have inherent benefits and may appeal to equipment manufacturers and IoT system makers for different reasons, but manufacturers have to invest considerable resources to ensure their devices will work with all the others. So the working group is setting out to achieve a common standard for the smart home, based on internet protocol (IP).

Rewound, the basic music player app released last week that you could skin to make your iPhone look remarkably like an iPod Classic, has been pulled from the App Store, according to Rewound blog post published on Medium. The Verge reports: The blog says that Apple pulled the app because it copied the iPod's design, charged for Apple Music features, and people could mistake the app for an Apple product. The blog makes the case that the app had a pretty basic interface that looked nothing like an Apple app, and the iPod classic skins didn't come preinstalled. (You had to download them after you had already installed the app.) We've asked Apple for comment, and we'll update this story when we hear back.

The Rewound blog says the iOS app can't be updated without "breaking the app for all 170,000+ users," but the developer, Louis Anslow, says he will attempt to bring the app back in some way. On a GoFundMe page for continued development of Rewound, Anslow says he will "try some tweaks to get Rewound resubmitted" on the App Store and that the GoFundMe will help support development of a web app and an Android app. On the GoFundMe page, Anslow says it "isn't clear if Apple will ever allow Rewound back on the [App Store]," and states that "we are not promising fully finished versions" of any of the apps.

Apple says it goes out of its way to protect the safety and security of its young users. The App Store of 2019 tells a different story. Laura June, writing for InputMag: One of the most insidious forms of abuse on modern content platforms is the way unknown creators can co-opt well-known characters. Off-brand Spider-Man and fake Elsa and Anna pop up all over YouTube. I discovered this the hard way two years ago, when I found my daughter watching fake Peppa Pig videos on YouTube, many of them horrific and violent, and preying on the very young (Peppa Pig is a very popular television show for preschoolers). But YouTube, unlike Apple's App Store, is a platform where pretty much anyone can upload anything. And Google, which owns YouTube, doesn't peacock on stage like Tim Cook does, looking down his nose at Facebook and other companies for their lax attitudes on user safety. Given Apple's reputation, it was with some surprise that I found myself in a very similar position several weeks ago, while browsing Apple's App Store for games for my nearly 6-year-old daughter.

[...] Keep in mind, I was not looking for fakes. I fully expected to find only official apps for these company's characters. I didn't expect to find Paw Puppy Smashy Patrol in the store above the official Nickelodeon app PAW Patrol Pup Rescue Pack. Some apps boldly use the official Disney characters in their titles, literally advertising themselves with the copyrighted, intellectual property of a currently airing Disney show. But even the ones that aren't using Disney names in their titles depict characters that look nearly identical to Vampirina, Elsa and Anna, Sofia the First, and so on. The quality of the design varies, but some of them really do feature characters who look exactly like the ones you've come to know and trust (even if they've not-so-cleverly disguised themselves with names like Paw Puppy Smashy Patrol and Ice Queen Adventure). The apps are designed to fool you; fooling you is the goal. They're designed to make you think, "Oh right, Disney! We love Disney, we trust Disney. Let me download that for you, kid!"

Security researchers are accusing Apple of abusing the Digital Millennium Copyright Act (DMCA) to take down a viral tweet and several Reddit posts that discuss techniques and tools to hack iPhones. Lorenzo Franceschi-Bicchierai, reporting for Vice: On Sunday, a security researcher who focuses on iOS and goes by the name Siguza posted a tweet containing what appears to be an encryption key that could be used to reverse engineer the Secure Enclave Processor, the part of the iPhone that handles data encryption and stores other sensitive data. Two days later, a law firm that has worked for Apple in the past sent a DMCA Takedown Notice to Twitter, asking for the tweet to be removed. The company complied, and the tweet became unavailable until today, when it reappeared. In a tweet, Siguza said that the DMCA claim was "retracted." Apple confirmed that it sent the original DMCA takedown request, and later asked Twitter to put the Tweet back online.

At the same time, Reddit received several DMCA takedown requests for posts on r/jailbreak, a popular subreddit where iPhone security researchers and hackers discuss techniques to jailbreak Apple devices, according to the subreddit's moderators. "Admins have not reached out to us in regards to these removals. We have no idea who is submitting these copyright claims," one moderator wrote.

Apple started selling its new Mac Pro desktop computer on Tuesday, complete with eye-watering pricing options that can push the cost north of $50,000. From a report: The new machine, built in Austin, Texas after Apple got tariff relief from the Trump administration, starts at $5,999 for specifications that some programmers, video editors, and photographers might consider measly. Fully loaded, the computer costs more than $52,000, and that's excluding the optional $400 wheels for easily moving the machine around an office. For some professional users, the cost of Apple's new computer is just part of doing business. But for most consumers, the Mac Pro's price is shocking. As one of the most expensive personal computers in the world, some Apple users quickly compared the cost to a car. The base product includes 256 gigabytes of storage, low for professional computers in the same price range. A 4 terabyte option is an extra $1,400. An 8 terabyte upgrade is coming later, according to Apple's website, but pricing hasn't been announced. To increase the computer's RAM memory from 32 gigabytes to 1.5 terabytes is $25,000 extra, the main reason the price can exceed $52,000. Apple said a version of the Mac Pro designed to be racked in data centers costs an extra $500 and will launch later. The Mac Pro does not include a display. Apple put a new Pro Display XDR on sale Tuesday for $4,999.

Apple is suing the former chief architect of its iPhone and iPad microprocessors, who in February quit to co-found a data-center chip design biz. From a report: In a complaint filed in the Santa Clara Superior Court, in California, USA, and seen by The Register, the Cupertino goliath claimed Gerard Williams, CEO of semiconductor upstart Nuvia, broke his Apple employment agreement while setting up his new enterprise. Williams -- who oversaw the design of Apple's custom high-performance mobile Arm-compatible processors for nearly a decade -- quit the iGiant in February to head up the newly founded Nuvia. The startup officially came out of stealth mode at the end of November, boasting it had bagged $53m in funding. It appears to be trying to design silicon chips, quite possibly Arm-based ones, for data center systems; it is being coy right now with its plans and intentions.

[...] Apple's lawsuit alleged Williams hid the fact he was preparing to leave Apple to start his own business while still working at Apple, and drew on his work in steering iPhone processor design to create his new company. Crucially, Tim Cook & Co's lawyers claimed he tried to lure away staff from his former employer. All of this was, allegedly, in breach of his contract. The iGiant also reckoned Williams had formed the startup in hope of being bought by Apple to produce future systems for its data centers. [...] Apple's side of the story, however, has been challenged by Williams, who accused the Mac giant of wrongdoing. Last month, his team hit back with a counter argument alleging that Apple doesn't have a legal leg to stand on. The paperwork states Apple's employment contract provisions in this case are not enforceable under California law: they argue the language amounts to a non-compete clause, which is, generally speaking, a no-no in the Golden State. Thus, they say, Williams was allowed to plan and recruit for his new venture while at Apple. [...] They also allege that Apple's evidence in its complaint, notably text messages he exchanged with another Apple engineer and conversations with his eventual Nuvia co-founders, were collected illegally by the highly paranoid iPhone maker.

For the first time in nearly three decades, Apple is officially returning to the Consumer Electronics Show in Las Vegas next year. The company is planning to discuss its stance on consumer privacy, "rather than pitch a new hardware product," reports Bloomberg. From the report: The company's senior director of privacy Jane Horvath will be speaking on a "Chief Privacy Officer Roundtable" on Jan. 7, according to the CES agenda. Horvath, along with executives from Facebook Inc., Procter & Gamble Co., and a commissioner from the Federal Trade Commission, will discuss how companies build privacy at scale, regulation and consumer demands. Apple's last major official appearance at CES was in 1992 when then Chief Executive Officer John Sculley gave a presentation at a Chicago version of the summit to introduce the failed Newton device.

Two years ago, Apple launched an aggressive battle against ads that track users across the web. Today executives in the online publishing and advertising industries say that effort has been stunningly effective -- posing a problem for advertisers looking to reach affluent consumers. The Information reports: Since Apple introduced what it calls its Intelligent Tracking Prevention feature in September 2017, and with subsequent updates last year, advertisers have largely lost the ability to target people on Safari based on their browsing habits with cookies, the most commonly used technology for tracking. One result: The cost of reaching Safari users has fallen over 60% in the past two years, according to data from ad tech firm Rubicon Project. Meanwhile ad prices on Google's Chrome browser have risen slightly.

That reflects the fact that advertisers pay more money for ads that can be targeted at people with specific demographics and interests. "The allure of a Safari user in an auction has plummeted," said Rubicon Project CEO Michael Barrett. "There's no easy ability to ID a user." This shift is significant because iPhone owners tend to be more affluent and therefore more attractive to advertisers. Moreover, Safari makes up 53% of the mobile browser market in the U.S., according to web analytics service Statscounter. Only about 9% of Safari users on an iPhone allow outside companies to track where they go on the web, according to Nativo, which sells software for online ad selling. It's a similar story on desktop, although Safari has only about 13% of the desktop browser market. In comparison, 79% of people who use Google's Chrome browser allow advertisers to track their browsing habits on mobile devices through cookies. (Nativo doesn't have historical data so couldn't say what these percentages were in the past.)

Mark Wilson quotes BetaNews: Apple has failed in an attempt to block a class action lawsuit being brought against it by a customer who claimed the company concealed the problematic nature of the butterfly keyboard design used in MacBooks.

The proposed lawsuit not only alleges that Apple concealed the fact that MacBook, MacBook Pro and MacBook Air keyboards were prone to failure, but also that design defects left customers out of pocket because of Apple's failure to provide an effective fix.
Engadget argues that Apple "might face an uphill battle in court.

"While the company has never said the butterfly keyboard design was inherently flawed, it instituted repair programs for that keyboard design and even added the latest 13-inch MacBook Pro to the program the moment it became available. Also, the 16-inch MacBook Pro conspicuously reverted to scissor switches in what many see as a tacit acknowledgment that the earlier technology was too fragile."

An anonymous reader quotes a report from Bloomberg: Apple is taking delivery this month of the first batch of carbon-free aluminum produced by a Montreal-based venture, helping move the iPhone maker closer to its greenhouse-gas reduction goal. Elysis, a joint venture between Rio Tinto Group and Alcoa Corp. backed by Apple, uses new technology that emits pure oxygen when producing aluminum. Apple has said in an environment report that 80% of its emissions from an iPhone 8 came during the production phase. The metal is also used in iPads, Macs and Apple watches. Rio's commercial network is handling the first delivery to Apple, a Rio spokesman said in an email. The metal being shipped to Apple was produced at the Alcoa Technical Center in Pittsburgh. "This first sale is tangible evidence of our revolutionary work to transform and disrupt the conventional smelting process by making a process that is both more efficient and more sustainable," Benjamin Kahrs, an Alcoa executive vice president and Chief Innovation Officer, said in a statement.

Apple analyst Ming-Chi Kuo says there will be four new OLED iPhone models in 2020, followed by a new iPhone without a Lightning port in 2021. 9to5Mac reports: In 2021, Kuo is predicting a followup to the iPhone SE 2 as well as a new iPhone model without Lightning connectivity. Kuo says that this would "provide the completely wireless experience," meaning there would be no ports at all rather than a switch to USB-C from Lightning. Kuo implies that Apple only plans to remove the Lightning port from the "highest-end model" at first, rather than from the entire iPhone lineup at once. Kuo says The 2021 followup to the iPhone SE 2, which Kuo refers to as the "iPhone SE 2 Plus," will reportedly feature an all-screen design without a Home button. Kuo predicts this device will have a screen size of either 5.5-inches or 6.1-inches. Interestingly, Kuo says the iPhone SE 2 Plus still won't include Face ID authentication. Instead, Apple is reportedly planning to integrate Touch ID into the power button on the side of the device. As for the 2020 OLED iPhones, here's what Kuo had to say: Kuo predicts that Apple will introduce 5.4-inch, two 6.1-inch, and a 6.7-inch OLED iPhone models in 2020. He says that all four of these iPhones will also feature 5G connectivity. The difference between all of these models, other than screen sizes, will be camera technology. According to Kuo, the 5.4-inch OLED iPhone will feature a dual-camera setup on the back. The lower-end 6.1-inch iPhone will feature a similar dual-camera system. The higher-end 6.1-inch model and the 6.7-inch model will include triple-lens camera setups as well as time-of-flight 3D sensing technology. In terms of design for the 2020 OLED iPhone, Kuo says the form factor will be "similar to the iPhone 4."

Apple's Activation Lock is an anti-theft feature built into iOS, watchOS, and macOS Catalina that prevents people from restoring your Apple devices without your permission. "With the release of macOS Catalina earlier this fall, any Mac that's equipped with Apple's new T2 security chip now comes with Activation Lock," writes iFixit's Craig Lloyd. What this means is that there will likely be thousands of perfectly good Macs being parted out or scrapped instead of being put into the hands of people who could really use them. From the report: Activation Lock was designed to prevent anyone else from using your device if it's ever lost or stolen, and it's built into the "Find My" service on iPhones, iPads, and other Apple devices. When you're getting rid of an old phone, you want to use Apple's Reset feature to wipe the phone clean, which also removes it from Find My iPhone and gets rid of the Activation Lock. But if you forget, and sell your old iPhone to a friend before you properly wipe it, the phone will just keep asking them for your Apple ID before they can set it up as a new phone. In other words, they won't be able to do much with it besides scrap it for parts.

That seems like a nice way to thwart tech thieves, but it also causes unnecessary chaos for recyclers and refurbishers who are wading through piles of locked devices they can't reuse. This reduces the supply of refurbished devices, making them more expensive -- oh, and it's an environmental nightmare. [...] The T2 security chip, however, erases any hope and makes it impossible to do anything on a Mac without the proper Apple ID credentials. Attempting any kind of hardware tinkering on a T2-enabled Mac activates a hardware lock, which can only be undone by connecting the device to Apple-authorized repair software. It's great for device security, but terrible for repair and refurbishment. While recyclers may not be dealing with as many locked Macs as locked iPhones (especially since Activation Lock on Macs is still very new, and there are specific software criteria that need to be met), it's only a matter of time before thousands upon thousands of perfectly working Macs are scrapped or shredded, for lack of an unknown password.

Brian Krebs: One of the more curious behaviors of Apple's new iPhone 11 Pro is that it intermittently seeks the user's location information even when all applications and system services on the phone are individually set to never request this data. Apple says this is by design, but that response seems at odds with the company's own privacy policy. The privacy policy available from the iPhone's Location Services screen says, "If Location Services is on, your iPhone will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations."

The policy explains users can disable all location services entirely with one swipe (by navigating to Settings > Privacy > Location Services, then switching "Location Services" to "off"). When one does this, the location services indicator -- a small diagonal upward arrow to the left of the battery icon -- no longer appears unless Location Services is re-enabled. The policy continues: "You can also disable location-based system services by tapping on System Services and turning off each location-based system service." But apparently there are some system services on this model (and possibly other iPhone 11 models) which request location data and cannot be disabled by users without completely turning off location services, as the arrow icon still appears periodically even after individually disabling all system services that use location.