Apple "has faced mounting pressure from the Chinese government in recent weeks to comply with local regulations, including that all games show proof of a government granted license," writes Engadget.

And now it's finally come to a head, CNBC reports: Apple has blocked updates on tens of thousands of revenue-generating iPhone games on its App Store in China amid rising tensions between Washington and Beijing, according to a report from The Financial Times...

There are currently around 60,000 mobile games hosted on the China App Store that are paid for or have in-app purchases, according to AppinChina figures cited by the FT. However, China's regulators have only issued slightly more than 43,000 licenses since 2010, while just 1,570 were given out in 2019... Developers were told in February that they'd finally have to comply with China's mobile video game laws by June 30...
"Android app stores have largely observed the license rule since 2016," notes Engadget. "Apple, however, took a looser approach, allowing developers to publish their games while they waited for authorization, which could take months." (CNBC points out that "Grand Theft Auto" maker Rockstar Games "relied on the loophole for years.")

They also report that Apple's App Store earns more money in China than any other country -- including about 20% of all of Apple's in-app advertising revenue. A columnist at The Street estimates that Apple earned about $2.2 billion last year from App Store revenue in China. "If I am right in my calculations, gaming app revenues from China add up to roughly one-sixth of the total company's number" for App Store revenues

Long-time Slashdot reader dhammabum writes: As reported in the recent slashdot story, starting in September we system admins will be forced into annually updating TLS certificates because of a decision by Apple, abetted by Google and Mozilla. Supposedly this measure somewhat rectifies the current ineffective certificate revocation list system by limiting the use of compromised certificates to one year... But in an attempt to prevent this pathetic measure, could we instead use DNS to replace the current certificate revocation list system?

Why not create a new type of TXT record, call it CRR (Certificate Revocation Record), that would consist of the Serial Number (or Subject Key ID or thumbprint) of the certificate. On TLS connection to a website, the browser does a DNS query for a CRR for the Common Name of the certificate. If the number/key/thumbprint matches, reject the connection. This way the onus is on the domain owner to directly control their fate. The only problem I can see with this is if there are numerous certificate Alternate Names — there would need to be a CRR for each name. A pain, but one only borne by the hapless domain owner.

Alternatively, if Apple is so determined to save us from ourselves, why don't they fund and host a functional CRL system? They have enough money. End users could create a CRL request via their certificate authority who would then create the signed record and forward it to this grand scheme.

Otherwise, are there any other ideas?

A group of European digital advertising associations on Friday criticized Apple's plans to require apps to seek additional permission from users before tracking them across other apps and websites. From a report: Apple last week disclosed features in its forthcoming operating system for iPhones and iPads that will require apps to show a pop-up screen before they enable a form of tracking commonly needed to show personalized ads. Sixteen marketing associations, some of which are backed by Facebook and Google, faulted Apple for not adhering to an ad-industry system for seeking user consent under European privacy rules. Apps will now need to ask for permission twice, increasing the risk users will refuse, the associations argued. Facebook and Google are the largest among thousands of companies that track online consumers to pick up on their habits and interests and serve them relevant ads. Apple said the new feature was aimed at giving users greater transparency over how their information is being used. In training sessions at a developer conference last week, Apple showed that developers can present any number of additional screens beforehand to explain why permission is needed before triggering its pop-up.

Two days after India blocked 59 apps developed by Chinese firms, Google and Apple have started to comply with New Delhi's order and are preventing users in the world's second largest internet market from accessing those apps. From a report: UC Browser, Shareit, and Club Factory and other apps that India has blocked are no longer listed on Apple's App Store and Google Play Store. In a statement, a Google spokesperson said that the company had "temporarily blocked access to the apps" on Google Play Store as it reviews New Delhi's interim order. Apple, which has taken a similar approach as Google in complying with New Delhi's order, did not respond to a request for comment. Some developers including ByteDance have voluntarily made their apps inaccessible in India, a person familiar with the matter told TechCrunch. India's Department of Telecommunications ordered telecom networks and other internet service providers earlier this week to block access to those 59 apps "effective immediately." Websites of many of these apps have also become inaccessible in India.

An anonymous reader quotes a report from Wired: The threat of ransomware may seem ubiquitous, but there haven't been too many strains tailored specifically to infect Apple's Mac computers since the first full-fledged Mac ransomware surfaced only four years ago. So when Dinesh Devadoss, a malware researcher at the firm K7 Lab, published findings on Tuesday about a new example of Mac ransomware, that fact alone was significant. It turns out, though, that the malware, which researchers are now calling ThiefQuest, gets more interesting from there. In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in. The spyware component also lurks persistently as a backdoor on infected devices, meaning it sticks around even after a computer reboots, and could be used as a launchpad for additional, or "second stage," attacks. Given that ransomware is so rare on Macs to begin with, this one-two punch is especially noteworthy.

Though ThiefQuest is packed with menacing features, it's unlikely to infect your Mac anytime soon unless you download pirated, unvetted software. Thomas Reed, director of Mac and mobile platforms at the security firm Malwarebytes, found that ThiefQuest is being distributed on torrent sites bundled with name-brand software, like the security application Little Snitch, DJ software Mixed In Key, and music production platform Ableton. K7's Devadoss notes that the malware itself is designed to look like a "Google Software Update program." So far, though, the researchers say that it doesn't seem to have a significant number of downloads, and no one has paid a ransom to the Bitcoin address the attackers provide. [...] Given that the malware is being distributed through torrents, seems to focus on stealing money, and still has some kinks, the researchers say it was likely created by criminal hackers rather than nation state spies looking to conduct espionage.

Apple will close 30 additional stores in the United States by Thursday, the company said, bringing the total number of reclosures in the United States to 77 as Covid-19 cases rapidly rise in several regions around the country. CNBC reports: Stores in Alabama, California, Georgia, Idaho, Louisiana, Nevada and Oklahoma will close Thursday. Other stores in Florida, Mississippi, Texas and Utah are closed as of Wednesday. Apple has 271 stores in the United States. An Apple spokesman said in a statement: "Due to current COVID-19 conditions in some of the communities we serve, we are temporarily closing stores in these areas. We take this step with an abundance of caution as we closely monitor the situation and we look forward to having our teams and customers back as soon as possible." The closings announced on Wednesday include the last two remaining stores open in Florida, as well as a number of stores around the Los Angeles area.

Apple is pushing its suppliers to try to reduce production delays for its first 5G iPhones as the U.S. tech company aims to limit the fallout from the coronavirus pandemic. From a report: Apple is facing delays of between four weeks and two months for mass production of the four models in its 5G lineup after postponements caused by factory lockdowns and workplace absences during the pandemic, sources told the Nikkei Asian Review. Apple has been betting heavily on the 5G range to help it against rivals including Samsung and Huawei Technologies, which introduced 5G-capable smartphones last year. But sources said Apple has aggressively tried to cut delays and was now less likely to face a worst-case scenario of postponing the launch until 2021, the situation it was in three months ago. The estimated delays are based on the stage that development would normally be at for a release in September.

The tech giant and its suppliers are working overtime to make up for lost time, people with knowledge of the matter said. "What the progress looks like now is months of delay in terms of mass production, but Apple is doing everything it can to shorten the postponement. There's a chance that the schedule could still be moved ahead," one of the sources told Nikkei. California, where Apple is based, came under "shelter at home" restrictions in March, though the order was revised in June to allow more businesses to reopen. Part of Apple's hardware development team returned to the head office last month as the company attempted to expedite the final configuration of the new iPhones and keep as close as possible to the intended September release date, according to another source familiar with the situation.

The Apple executive in charge of the App Store in Europe said that the company's policies ensure a level playing field for developers and ease-of-use for customers as regulatory scrutiny over the platform mounts. From a report: "Our efforts to help developers succeed are broad, deep and ongoing, and they extend to apps -- in music, email, or a variety of other categories -- that compete with some aspect of our business," Daniel Matray, the iPhone maker's head of App Store and media services in Europe, said in a speech Tuesday at a four-day virtual conference hosted by Forum Europe. The speech comes as Apple faces antitrust probes in the European Union and U.S. over rules it imposes on developers. In particular, regulators are taking aim at the requirement that apps use the company's in-house payment service, which takes a cut of 15% to 30% of most subscriptions and in-app purchases. Matray said that about 85% of apps it hosts don't pay Apple a commission because they're free or earn revenue through other means. Further reading: How Apple Stacked the App Store With Its Own Products.

As expected, developers with early access to Apple silicon-based transition kits have leaked some early benchmarks scores. And it's bad news for Surface Pro X and Windows 10 on ARM fans. Thurrott reports: According to multiple Geekbench scores, the Apple Developer Transition Kit -- a Mac Mini-like device with an Apple A12Z system-on-a-chip (SoC), 16 GB of RAM, and 512 GB of SSD storage -- delivers an average single-core score of 811 and an average multi-core score of 2871. Those scores represent the performance of the device running emulated x86/64 code under macOS Big Sur's Rosetta 2 emulator.

Compared to modern PCs with native Intel-type chipsets, that's not all that impressive, but that's to be expected since it's emulated. But compared to Microsoft's Surface Pro X, which has the fastest available Qualcomm-based ARM chipset and can run Geekbench natively -- not emulated -- it's amazing: Surface Pro X only averages 764 on the single-core test and 2983 in multi-core. Right. The emulated performance of the Apple silicon is as good or better than the native performance of the SQ-1-based Surface Pro X. This suggests that the performance of native code on Apple silicon will be quite impressive, and will leave Surface Pro X and WOA in the dust.

According to analyst Ming-Chi Kuo, iPhone 12 models will not include EarPods or a power adapter in the box. MacRumors reports: Kuo said that Apple will instead release a new 20W power adapter as an optional accessory for iPhones and end production of its existing 5W and 18W power adapters later this year. The form factor of the new 20W power adapter is said to be similar to the 18W version, with USB-C Power Delivery for fast charging, as seen in the leaked photo below. Kuo believes that iPhone 12 production costs will significantly increase due to 5G support, but he expects Apple to sell the new models at a comparable price to its iPhone 11 lineup, and removing the EarPods and power adapter from the box is one way to reduce costs. Apple would likely also tout the environmental benefits of such a move. Barclays still expects Apple to include a Lightning to USB-C cable in the box as the only accessory included with iPhone 12 models.

Today, the New York Times announced that it is ending its partnership with Apple News and removing its articles from the platform. Engadget reports: The issue seems to be that while other services, like Google News, send readers to publishers' websites, Apple News generally keeps readers in the app. Or, as NYT puts it, Apple's approach does not align with The Times' goal of building direct relationships with paying readers.

"Core to a healthy model between The Times and the platforms is a direct path for sending those readers back into our environments, where we control the presentation of our report, the relationships with our readers, and the nature of our business rules," Meredith Kopit Levien, The Times' chief operating officer, wrote in a memo to employees. "Our relationship with Apple News does not fit within these parameters."

A decision that Apple unilaterally took in February 2020 has reverberated across the browser landscape and has effectively strong-armed the Certificate Authority industry into bitterly accepting a new default lifespan of 398 days for TLS certificates. From a report: Following Apple's initial announcement, Mozilla and Google have stated similar intentions to implement the same rule in their browsers. Starting with September 1, 2020, browsers and devices from Apple, Google, and Mozilla will show errors for new TLS certificates that have a lifespan greater than 398 days. The move is an important one because it not only changes how a core part of the internet works -- TLS certificates -- but also because it breaks away from normal industry practices and the cooperation between browsers and CAs. Known as the CA/B Forum, this is an informal group made up of Certificate Authorities (CAs), the companies that issue TLS certificates used to support HTTPS traffic, and browser makers. Since 2005, this group has been making the rules on how TLS certificates should be issued and how browsers are supposed to manage and validate them.

Apple said last week that it declined to implement 16 new web technologies (Web APIs) in Safari because they posed a threat to user privacy by opening new avenues for user fingerprinting. Technologies that Apple declined to include in Safari because of user fingerprinting concerns include: Web Bluetooth - Allows websites to connect to nearby Bluetooth LE devices.
Web MIDI API - Allows websites to enumerate, manipulate and access MIDI devices.
Magnetometer API - Allows websites to access data about the local magnetic field around a user, as detected by the device's primary magnetometer sensor.
Web NFC API - Allows websites to communicate with NFC tags through a device's NFC reader.
Device Memory API - Allows websites to receive the approximate amount of device memory in gigabytes.
Network Information API - Provides information about the connection a device is using to communicate with the network and provides a means for scripts to be notified if the connection type changes.

Battery Status API - Allows websites to receive information about the battery status of the hosting device. Web Bluetooth Scanning - Allows websites to scan for nearby Bluetooth LE devices.
Ambient Light Sensor - Lets websites get the current light level or illuminance of the ambient light around the hosting device via the device's native sensors.
[...]
The vast majority of these APIs are only implemented in Chromium-based browsers, and very few on Mozilla's platform. Apple claims that the 16 Web APIs above would allow online advertisers and data analytics firms to create scripts that fingerprint users and their devices.

"Apple Inc. will force iPhone apps to get permission from users before tracking them," reports Bloomberg, "dealing a potentially major blow to app developers who rely on advertisements to make money." Apple facilitates tracking on its phones by providing app developers with unique numbers for each user, something security advocates have long said contradicts the company's frequent statements in support of privacy. The update to the iPhone's operating system doesn't do away with the tracking system, but makes it much more apparent to users and gives them more opportunities to turn it off. Previously, controls were buried in the phone's settings menu.

"Considering the iPhone's user base, this is a very big change. It certainly improves user privacy," said Lukasz Olejnik, an independent privacy researcher and consultant. "Users at large encountering such pop-ups in just about any application may potentially start asking questions about the use of their data. It will force the industry to reconsider some of the core assumptions."

At WWDC 2020 earlier this week, Apple announced that it's moving Macs away from Intel processors to its own silicon, based on ARM architecture. To help ease the transition, the company announced Rosetta 2, a translation process that allows users to run apps that contain x86_64 instructions on Apple silicon. The Verge reports: Rosetta 2 essentially "translates" instructions that were written for Intel processors into commands that Apple's chips can understand. Developers won't need to make any changes to their old apps; they'll just work. (The original Rosetta was released in 2006 to facilitate Apple's transition from PowerPC to Intel. Apple has also stated that it will support x86 Macs "for years to come," as far as OS updates are concerned. The company shifted from PowerPC to Intel chips in 2006, but ditched support for the former in 2009; OS X Snow Leopard was Intel-only.) You don't, as a user, interact with Rosetta; it does its work behind-the-scenes. "Rosetta 2 is mostly there to minimize the impact on end-users and their experience when they buy a new Mac with Apple Silicon," says Angela Yu, founder of the software-development school App Brewery. "If Rosetta 2 does its job, your average user should not notice its existence."

There's one difference you might perceive, though: speed. Programs that ran under the original Rosetta typically ran slower than those running natively on Intel, since the translator needed time to interpret the code. Early benchmarks found that popular PowerPC applications, such as Photoshop and Office, were running at less than half their native speed on the Intel systems. We'll have to wait and see if apps under Rosetta 2 take similar performance hits. But there are a couple reasons to be optimistic. First, the original Rosetta converted every instruction in real-time, as it executed them. Rosetta 2 can convert an application right at installation time, effectively creating an ARM-optimized version of the app before you've opened it. (It can also translate on the fly for apps that can't be translated ahead of time, such as browser, Java, and Javascript processes, or if it encounters other new code that wasn't translated at install time.) With Rosetta 2 frontloading a bulk of the work, we may see better performance from translated apps. The report notes that the engine won't support everything. "It's not compatible with some programs, including virtual machine apps, which you might use to run Windows or another operating system on your Mac, or to test out new software without impacting the rest of your system," reports The Verge. "(You also won't be able to run Windows in Boot Camp mode on ARM Macs. Microsoft only licenses the ARM version of Windows 10 to PC manufacturers.) Rosetta 2 also can't translate kernel extensions, which some programs leverage to perform tasks that macOS doesn't have a native feature for (similar to drivers in Windows)."

In response to the Lawful Access to Encrypted Data (LAED) Act proposed by three Republican senators, Big Tech companies have registered their opposition through their Reform Government Surveillance coalition. From a report: They said that building encryption backdoors would jeopardize the sensitive data of billions of users and "leave all Americans, businesses, and government agencies dangerously exposed to cyber threats from criminals and foreign adversaries." They also pointed out that as the pandemic has forced everyone to rely on the internet "in critical ways," digital security is paramount and strong encryption is the way forward. The coalition's members are Apple, Microsoft, Facebook, Google, Twitter, Snap, Verizon Media, Dropbox, and Microsoft-owned LinkedIn. The coalition was established in December 2013, a few months after documents about the United States' PRISM data collection program were leaked.

In a presentation at its developer conference this week, Apple announced that the upcoming versions of its iOS and macOS operating systems will support the ability to handle encrypted DNS communications. From a report: Apple said that iOS 14 and macOS 11, set to be released this fall, will support both the DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) protocols. Normal DNS (Domain Name System) traffic takes place in clear text and has been used by internet service providers and others to track users in the past, usually to create profiles to sell to online advertisers. But DoH and DoT allow a desktop, phone, or individual app to make DNS queries and receive DNS responses in an encrypted format, a feature that prevents third-parties and malicious threat actors from tracking a user's DNS queries and inferring the target's web traffic destinations and patterns.

An anonymous reader quotes a report from Ars Technica: Apple has acquired device-management startup Fleetsmith. The technology and personnel that will join Apple as part of the acquisition could help Apple expand upon device enrollment and introduce better ways to set up new devices like iPads and Macs within organizations. Fleetsmith's proposition to customers (and Apple) seems perfectly tailored to our times: the company offers a way for organizations to equip remote workers' (or workers otherwise not located in the central office) devices and have those devices automatically registered and set up for enterprise use as soon as they're first turned on. After that, Fleetsmith automatically ensures devices get needed software updates. It also provides IT managers with a dashboard for managing the fleet.

If you've used Jamf, a more widespread competitor, you get the general idea. But Fleetsmith already had a special focus on Apple devices, it has an Apple-like design sensibility, and it was likely a much cheaper option for Apple than Jamf, to boot. Jamf appears to be on a different path, with a $3 billion IPO planned. Speaking of money, though, neither Apple nor Fleetsmith has revealed the purchase price. Fleetsmith did publish a blog post about the acquisition, though. While the blog post notes that Fleetsmith will continue business as usual and serve both new and existing customers, Seth Goldin from Freethink Media claims that's not the full story. "Apple has completely eliminated core functionality from the app with absolutely no notice," says Goldin in a series of tweets, noting there are "hundreds of users" on the MacAdmins Slack workspace that are "totally outraged because Apple has pulled the rug out from under them."

Basecamp's Hey email app is now open to everyone after Apple "definitively approved" it for the App Store. No invite code is required for users to sign up. Engadget reports: Basecamp CTO and co-founder David Heinemeier Hansson tweeted the news today. Hey will not include any in-app purchases (IAP), so Apple will not get its standard 30 percent commission. At first, Apple objected to the fact that users would download the app from the App Store but have to sign up via the web. Apple's policies require that developers use IAP to unlock paid features or functionality in an app. Hey managed to skirt around those rules by offering a free trial option.

Hey is now open to everyone, and it does not require an invite code. The app promises a more organized approach to email, for $99 per year. But perhaps more importantly, Hey is an example of how developers can avoid paying Apple 30 percent of IAP and subscription fees. "Hopefully this paves an illuminated path for approval for other multi-platform SAAS applications as well. There are still a litany of antitrust questions to answer, but things legitimately got a little better. New policies, new precedence. Apple took a great step forward," Hansson tweeted.

Apple has confirmed that switching to its own, ARM-based Apple silicon will signal the end of Boot Camp support. From a report: Apple will start switching its Macs to its own ARM-based processors later this year, but you won't be able to run Windows in Boot Camp mode on them. Microsoft only licenses Windows 10 on ARM to PC makers to preinstall on new hardware, and the company hasn't made copies of the operating system available for anyone to license or freely install. On John Gruber's WWDC Talk Show, Craig Federighi confirmed that Apple would not support Boot Camp on ARM Macs: "We're not direct booting an alternate operating system. Purely virtualization is the route. These hypervisors can be very efficient, so the need to direct boot shouldn't really be the concern."