Linux programmers fixed bugs faster than anyone — in an average of just 25 days (improving from 32 days in 2019 to just 15 in 2021). That's the conclusion of Google's "Project Zero" security research team, which studied the speed of bug-fixing from January 2019 to December 2021.

ZDNet reports that Linux's competition "didn't do nearly as well." For instance, Apple, 69 days; Google, 44 days; and Mozilla, 46 days. Coming in at the bottom was Microsoft, 83 days, and Oracle, albeit with only a handful of security problems, with 109 days.

By Project Zero's count, others, which included primarily open-source organizations and companies such as Apache, Canonical, Github, and Kubernetes, came in with a respectable 44 days.

Generally, everyone's getting faster at fixing security bugs. In 2021, vendors took an average of 52 days to fix reported security vulnerabilities. Only three years ago the average was 80 days. In particular, the Project Zero crew noted that Microsoft, Apple, and Linux all significantly reduced their time to fix over the last two years.

As for mobile operating systems, Apple iOS with an average of 70 days is a nose better than Android with its 72 days. On the other hand, iOS had far more bugs, 72, than Android with its 10 problems.

Browsers problems are also being fixed at a faster pace. Chrome fixed its 40 problems with an average of just under 30 days. Mozilla Firefox, with a mere 8 security holes, patched them in an average of 37.8 days. Webkit, Apple's web browser engine, which is primarily used by Safari, has a much poorer track record. Webkit's programmers take an average of over 72 days to fix bugs.

The Food and Drug Administration cleared a smartphone app from Tandem Diabetes Care to program insulin delivery for its t:slim X2 insulin pump, the company announced Wednesday. The Verge reports: It's the first phone app for both iOS and Android to able to deliver insulin, the company said in a statement. Previously, delivery had to be handled through the pump itself. With this update, pump users will be able to program or cancel bolus doses of insulin, which are taken at mealtimes and are crucial in keeping blood glucose levels under control. "Giving a meal bolus is now the most common reason a person interacts with their pump, and the ability to do so using a smartphone app offers a convenient and discrete solution," John Sheridan, president and CEO of Tandem Diabetes Care, said in a statement. [...] Tandem said in the statement that it will launch the new bolus delivery update for select users this spring ahead of a wider launch this summer.

Google said on Wednesday that it was working on privacy measures meant to limit the sharing of data on smartphones running its Android software. But the company promised those changes would not be as disruptive as a similar move by Apple last year. From a report: Apple's changes to its iOS software on iPhones asked users for permission before allowing advertisers to track them. Apple's permission controls -- and, ultimately, the decision by users to block tracking -- have had a profound impact on internet companies that built businesses on so-called targeted advertising. Google did not provide an exact timeline for its changes, but said it would support existing technologies for at least two more years.

This month, Meta, the company founded as Facebook, said Apple's privacy changes would cost it $10 billion this year in lost advertising revenue. The revelation weighed on Meta's stock price and led to concerns about other companies reliant on digital advertising. Anthony Chavez, a vice president at Google's Android division, said in an interview before the announcement that it was too early to gauge the potential impact from Google's changes, which are meant to limit the sharing of data across apps and with third parties. But he emphasized that the company's goal was to find a more private option for users while also allowing developers to continue to make advertising revenue.

"Apple said Thursday it plans to add more safeguards to AirTags to cut down on unwanted tracking," reports CNN, "following reports that the devices have been used to stalk people and steal cars." In a blog post, Apple said it has worked with safety groups and law enforcement agencies to identify more ways to update its AirTag safety warnings, including alerting people sooner if the small Bluetooth tracker is suspected to be tracking someone. (Right now, it can take hours for an AirTag to chirp if it has been separated from its owner.)

Other updates coming later this year include tweaking the tracker's tone sequence so the device is louder and easier to find, and allowing someone to see its distance and direction of an AirTag through the iOS precision finding tool. In addition, Apple will warn AirTag users during the setup process that tracking people without their consent is a crime.
That warning also reminds users "that law enforcement can request identifying information about the owner of the AirTag," Apple writes in their blog post: We have been actively working with law enforcement on all AirTag-related requests we've received. Based on our knowledge and on discussions with law enforcement, incidents of AirTag misuse are rare; however, each instance is one too many. Every AirTag has a unique serial number, and paired AirTags are associated with an Apple ID. Apple can provide the paired account details in response to a subpoena or valid request from law enforcement. We have successfully partnered with them on cases where information we provided has been used to trace an AirTag back to the perpetrator, who was then apprehended and charged.
"We condemn in the strongest possible terms any malicious use of our products," Apple's blog post adds.

Daring Fireball supplies some analysis: The same features that help prevent AirTags from being used to stalk people without their knowing could also alert a thief that whatever it is they've stolen has an AirTag attached. There's no way for AirTags to serve both purposes, so Apple is increasing the protections against unwanted tracking, and emphasizing that AirTags are solely intended for finding your own lost items.

According to a recent study published by mobile marketing company URL Genius, YouTube and TikTok track users' personal data more than any other social media apps. However, while YouTube mostly collects your personal data for its own purposes to serve you more relevant ads, TikTok mostly allows third-party trackers to collect your data -- "and from there, it's hard to say what happens with it," reports CNBC. From the report: With third-party trackers, it's essentially impossible to know who's tracking your data or what information they're collecting, from which posts you interact with -- and how long you spend on each one -- to your physical location and any other personal information you share with the app. As the study noted, third-party trackers can track your activity on other sites even after you leave the app.

To conduct the study, URL Genius used the Record App Activity feature from Apple's iOS to count how many different domains track a user's activity across 10 different social media apps -- YouTube, TikTok, Twitter, Telegram, LinkedIn, Instagram, Facebook, Snapchat, Messenger and Whatsapp -- over the course of one visit, before you even log into your account. YouTube and TikTok topped the other apps with 14 network contacts apiece, significantly higher than the study's average number of six network contacts per app. Those numbers are all probably higher for users who are logged into accounts on those apps, the study noted.

Ten of YouTube's trackers were first-party network contacts, meaning the platform was tracking user activity for its own purposes. Four of the contacts were from third-party domains, meaning the social platform was allowing a handful of mystery outside parties to collect information and track user activity. For TikTok, the results were even more mysterious: 13 of the 14 network contacts on the popular social media app were from third parties. The third-party tracking still happened even when users didn't opt into allowing tracking in each app's settings, according to the study. "Consumers are currently unable to see what data is shared with third-party networks, or how their data will be used," the report's authors wrote.

Apple has acknowledged an iOS 15 bug that may have recorded interactions with Siri on some devices, regardless of whether the user opted out, according to a report from ZDNet. From a report: The bug automatically enabled the Improve Siri & Dictation setting that gives Apple permission to record, store, and review your conversations with Siri. Apple tells The Verge that it identified the bug shortly after the release of iOS 15, stopped reviewing any recordings inadvertently received, and is deleting info received from affected devices. After discovering the bug, the company turned off the feature for "many" users and corrected the opt-in setting when it released iOS 15.2. As ZDNet points out, this is the reason why you might get a prompt asking for your permission to enable the Improve Siri & Dictation feature once you install the new 15.4 beta or, eventually, its official release.

Apple has announced plans to introduce a new Tap to Pay feature for iPhone that turns the device into a contactless payment terminal. From a report: The company says that later this year, U.S. merchants will be able to accept Apple Pay and other contactless payments, such as credit cards and debit cards, by using an iPhone and a partner-enabled iOS app. Tap to Pay on iPhone will be available for payment platforms and app developers to integrate into their iOS apps and offer as a payment option to their customers. Stripe will be the first payment platform to offer Tap to Pay on iPhone to customers. Apple says additional payment platforms and apps will follow later this year. Once Tap to Pay on iPhone launches, merchants will be able to unlock contactless payment acceptance through a supporting iOS app. At checkout, the merchant will ask the customer to hold their iPhone or Apple Watch near the merchant's iPhone and the payment will then be securely completed using NFC technology. No additional hardware is required to accept contactless payments. Apple also says that with Tap to Pay on iPhone, customers' payment data is protected and that all transactions that are made through the feature are encrypted.

Ars Technica recently pointed out that the concept of downvoting posts and comments "has been a staple of the Internet for decades, appearing on sites such as Slashdot, Reddit, and Ars Technica."

And Twitter is now experimenting with its own version, according to the International Business Times: After initially announcing the launch of a "downvoting" feature in July, Twitter revealed on Wednesday that it would be taking the feature to the global testing stage, even as questions remain about whether a more positive or negative environment is fostered on the platform as a result. The company announced that the "downvotes" will expand to more people on iOS and Android devices, and reiterated that the votes are not public, but can help the company determine what type of content different people actually wish to see.

"We learned a lot about the types of replies you don't find relevant and we're expanding this test — more of you on web and soon iOS and Android will have the option to use reply downvoting.

"Downvotes aren't public, but they'll help inform us of the content people want to see...".

Twitter has not yet announced when the "downvote" feature will be rolled out to all users, or if it ever will be. While the test should help the company figure out if the downvote option promotes a more hateful environment or fosters a better experience, their final decision is yet to be revealed.
The Washington Post includes a screenshot of the downvoting button, describing it as a small arrow to the right of the like button.

An anonymous reader quotes a report from The Economist: Pop-up notifications are often annoying. For Meta, one in Apple's iOS operating system, which powers iPhones, is a particular headache. On February 2nd Meta, which owns Facebook and Instagram, told investors that privacy-focused changes to iOS, including the "ask app not to track" notification, would cost the company around $10 billion in 2022. That revelation, along with growing competition and sluggish growth in user numbers, helped to prompt a 23% plunge in Meta's share price and showed Apple's might. But what did Apple actually do, and why was it so costly?

The promise of digital advertising has always been its ability to precisely target people. Before the digital age, companies placed ads in places where they expected potential customers would see them, such as a newspaper, and hoped for the best. Online, companies could instead target ads based on people's browsing history and interests. This fueled the profits of companies like Meta, which held vast amounts of data on their users. For years, Apple helped by offering an "identifier for advertisers" (IDFA), giving advertisers a way to track people's behavior on its devices. Users have long been able to disable IDFA in their phones' settings. But last year, citing privacy concerns, Apple turned off IDFA by default and forced apps to ask people if they want to be tracked. It seems most do not: a study in December by AppsFlyer, an ad-tech company, suggested that 54% of Apple users who saw the prompt opted out.

This change has made digital advertising much trickier. Sheryl Sandberg, Meta's chief operating officer, told investors that the change decreased the accuracy of ad targeting and slowed the collection of data showing whether ads work. Both of these changes make "direct-response ads," which encourage consumers to take an action like clicking or purchasing, less appealing to advertisers. The financial impact on ad-sellers like Meta has been painful. The $10 billion hit estimated by Meta amounts to over 8% of its revenue in 2021. Snap, another social-media company, and Unity, a games engine which operates an ad network, also expect Apple's changes to hurt their businesses. Apple, meanwhile, is doing well: estimates suggest its own ad business has grown significantly since it introduced the app tracking pop-up. (A different pop-up, with a more persuasive sales pitch for opting-in to tracking, appears on Apple's own apps.)

To make it harder for stalkers to abuse them, Apple included (and has since upgraded) several safety features that will alert someone to the presence of a nearby AirTag that's not their own, including an audible beep. But according to PCMag, one Etsy seller was, up until very recently, selling AirTags with the speaker physically disabled, raising privacy concerns once again. From a report: The AirTag, a small, easy-to-carry device about the size of a quarter, relies on Apple's Find My network which leverages millions of Apple devices to discreetly keep tabs on the location of the trackers and report that information back to each tag's registered user. The general idea behind the AirTag was that users could attach one to their keys, their backpack, or to other valuable items, and be able to quickly locate them if lost. To prevent their misuse, such as using an AirTag to track someone without their knowledge, iOS users would be eventually notified if a tracker registered to someone else was nearby, while Android users would have to rely on an audible beep that would start chirping three days after an AirTag was separated from its owner.

The product was ripe for abuse -- a concern we emphasized in our initial review of the AirTags -- and a couple of months after their debut Apple addressed those concerns with promised updates that would see Android users getting similar notifications as iOS users when an AirTag was nearby through a new Tracker Detect app that allowed Android users to more easily spot the devices. And the timeframe for when the trackers would start beeping after being away from its registered owner was shortened to a "random time inside a window that lasts between 8 and 24 hours," according to a CNET report.

joshuark writes: Microsoft has filed an amicus brief supporting Epic Games in its appeal against Apple, and argues that, "the potential antitrust issues stretch far beyond gaming." As Epic Games continues to file its appeal against the 2021 ruling that chiefly favored Apple, interested parties have been contributing supporting filings to the court. Notably, those have included US attorneys general, but now Microsoft has also joined in on the side of Epic Games. Microsoft's amicus filing included below, sets out what it describes as its own "unique -- and balanced -- perspective to the legal, economic, and technological issues this case implicates." As a firm which, like Apple, sells both hardware and software, Microsoft says it "has an interest" in supporting antitrust law. Describing what it calls Apple's "extraordinary gatekeeper power," Microsoft joins Epic Games in criticizing alleged errors in the original trial judge's conclusions. "Online commerce and interpersonal connection funnels significantly, and sometimes predominantly, through iOS devices," says Microsoft. "Few companies, perhaps none since AT&T... at the height of its telephone monopoly, have controlled the pipe through which such an enormous range of economic activity flows." To support its claim that the Epic Games vs Apple ruling has "potential antitrust issues [that] stretch far beyond gaming," Microsoft describes what else it sees as this "enormous range of economic activity." "Beyond app distribution and in-app payment solutions - the adjacent markets directly at issue in this case," says Microsoft's filing, "Apple offers mobile payments, music, movies and television, advertising, games, health tracking, web browsing, messaging, video chat, news, cloud storage, e-books, smart-home devices, wearables, and more besides."

Mozilla is rolling out new updates to its mobile and desktop VPN offerings, the company announced on Tuesday. From a report: With the launch of Mozilla VPN 2.7, the company is bringing one of Firefox's popular add-ons, Multi-Account Containers, to the desktop platform and also introducing a multi-hop feature to the Android and iOS version of the VPN service. Firefox's Multi-Account Containers allow users to separate different parts of their online activities, such as work, shopping and banking. Instead of having to open a new window or different browser to check your work email, you can isolate that activity in a container tab, which prevents other sites from tracking your activity across the web. The company says combining the add-on with Mozilla's VPN adds an extra layer of protection to users' compartmentalized browsing activity and also adds extra protection to their locational information.

Google is widely rolling out a new Google Messages feature to beta users that allows the Android messaging app to correctly interpret emoji reactions sent from the iOS Messages app, 9to5Google reports. From a report: The feature appears to be live in version 20220121_02_RC00 of the app, according to Droid-Life, but not for every user. Although it didn't work on every phone we tried, we were able to get it working on an Oppo Find X3 Pro, which is more than can be said for when the feature initially started appearing last November. The feature fixes a long-standing issue that can affect SMS chats between iPhone and Android users. When an iPhone user reacts to an Android message with emoji, the Android user typically sees this reaction sent as an entirely separate text message, resulting in confusion and lots of unnecessary clutter.

Apple appears to be testing a feature that will let you use Face ID to unlock the phone even when wearing a mask. From a report: The first developer beta for iOS 15.4 has a screen that asks if you want to be able to use Face ID while wearing a mask, at the cost of reduced security, according to photos from Brandon Butch on Twitter and MacRumors. According to pictures of the screen, Apple says that "iPhone can recognize the unique features around the eye area to authenticate" but warns that Face ID is going to be more accurate if you have it set to not work with a mask.

An anonymous reader quotes a report from Motherboard, written by Aaron Gordon: Not quite three years ago, I bought a Pixel 3, Google's flagship phone at the time. It has been a good phone. I like that it's not too big. I dropped it a bunch, but it didn't break. And the battery life has not noticeably changed since the day I got it. I think of phones in much the same way I think of refrigerators or stoves. It's an appliance, something I need but feel no attachment to, and as long as it keeps fulfilling that need, I don't want to spend money replacing it for no real reason. The Pixel 3 fulfills my needs, so I don't want to spend $600 on the Pixel 6, which seems to be just another phone that does all the phone things.

But I have to get rid of it because Google has stopped supporting all Pixel 3s. Despite being just three years old, no Pixel 3 will ever receive another official security update. Installing security updates is the one basic thing everyone needs to do for their own digital security. If you don't even get them, then you're vulnerable to every security flaw discovered since your last patch. In response to an email asking Google why it stopped supporting the Pixel 3, a Googles spokesperson said, "We find that three years of security and OS updates still provides users with a great experience for their device."

This has been a problem with Android for as long as Android has existed. In 2015, my colleague Lorenzo Franceschi-Bicchierai wrote a farewell to Android because of its terrible software support and spotty upgrade rollouts. Android has long blamed this obvious issue on the fact that updates need to run through the cellphone company and phone manufacturer before being pushed to the user. At the time, Google didn't make any Android phones; the Nexus line was the closest thing, a partnership with other manufacturers like Motorola and HTC (I had one of those, too). But for the past six years, Google has made the Pixel line of phones. They are Google-made phones, meaning Google can't blame discontinuing security updates on other manufacturers, and yet, it announced that's exactly what it would do. Gordon goes on to say that he's "switching to an iPhone for the first time," noting how the most recent version of iOS can be installed on phones going as far back as the iPhone 6s, which was released more than six years ago.

"Unless you routinely destroy your phone within two or three years, there's no justification from a sustainability perspective to keep using Android phones," he adds. "Of course, Apple is only good by comparison, as it also manufactures devices that are difficult to repair with an artificially short shelf life. It just happens to have a longer shelf life than Google."

Washington DC, Texas, Washington state and Indiana announced the latest lawsuit against Big Tech Monday, alleging that Google deceived users by collecting their location data even when they believed that kind of tracking was disabled. TechCrunch reports: "Google falsely led consumers to believe that changing their account and device settings would allow customers to protect their privacy and control what personal data the company could access," DC Attorney General Karl Racine said. "The truth is that contrary to Google's representations it continues to systematically surveil customers and profit from customer data." Racine described Google's privacy practices as "bold misrepresentations" that undermine consumer privacy. His office began investigating how Google handles user location data after reporting from the Associated Press in 2018 found that many Google apps across iOS and Android recorded location data even when users have chosen privacy options that explicitly say they won't. The AP coordinated with computer science researchers at Princeton to verify its findings.

The lawsuit argues that Google created a location tracking system that's impossible for users to opt out of and that it misled users about how privacy settings could protect their data within apps and at the device level on Android. It also accuses Google of relying on deceptive dark pattern design to force users into making choices counter to their own interests. Racine's office is pursuing an injunction against Google as well as seeking to force the company to pay out profits that it made from user data collected by misleading consumers about their privacy.

"Qt, the framework that powers the KDE desktop, is announcing support for ads in client-side applications," reports Neowin: This means that application developers will now be able to serve ads in traditional desktop applications.... Windows users have been dealing with this in Metro UI apps since Windows 8 and it's something that's never gone over well on the desktop.

While it's doubtful you'll see ads in KDE's core applications, it would be possible for distributions that wish to further monetize their work to fork these applications, placing ads in them.... According to the documentation, the advertising plugin supports a variety of platforms. They are as follows:

- Windows 10
- Ubuntu 20.04
- Raspbian Buster
- macOS
- Android 7.0
— iOS

"Our offering aims to disrupt the IoT industry," explains Qt's press release, "enabling new business models and business cases that before were not possible."

Reactions have been mixed. Comments on Phoronix ranged from calling it "a great way for boost development on KDE" to "Not sure if I like this."

Thanks to Slashdot reader segaboy81 for sharing the story

An anonymous reader quotes a report from The Verge: Epic Games has filed its opening brief to the Ninth Circuit Court of Appeals, seeking to overturn the previous ruling that Apple's control over the iOS App Store does not qualify as a monopoly. The company first gave notice of it appeal in September, but Thursday's filing is the first time it has laid out its argument at length. "Epic proved at trial that Apple retrains trade...by contractually requiring developers to exclusively use Apple's App Store to distribute apps and Apple's IAP for payments for digital content within apps," the filing reads. "If not overturned, [the district court] decision would upend established principles of antitrust law and...undermine sound antitrust policy."

Epic's first legal challenge to Apple's App Store restrictions came to a finish in September, when a district court ordered Apple to roll back some restrictions on in-app payments, but otherwise cleared the company of antitrust charges. A separate appeal from Apple has been filed to reverse the new in-app payment rules.

In her ruling, Judge Gonzales Rogers was particularly ambiguous on the question of whether Apple held monopoly power over the mobile gaming market. "The evidence does suggest that Apple is near the precipice of substantial market power, or monopoly power, with its considerable market share," she wrote in the decision. "Apple is only saved by the fact that its share is not higher, that competitors from related submarkets are making inroads into the mobile gaming submarket, and, perhaps, because [Epic] did not focus on this topic." In the appeals brief, Epic seems determined to revisit that question, and draw a clearer link between the iPhone's success as a mobile gaming platform and a potential monopoly case against Apple. "The district court's factual findings make clear," the filing alleges, "that Apple's conduct is precisely what the antitrust laws prohibit." In response to the filing, Apple issued the following statement: "In its ruling last year, the district court confirmed that Apple is not a monopolist in any relevant market and that its agreements with app developers are legal under antitrust laws. We are confident that the rulings challenged by Epic will be affirmed on appeal."

Apple's "Noise Cancellation" accessibility feature may have been permanently removed from the iPhone 13 series," according to Engadget, citing a report last week from 9to5Mac. The feature was designed to improve call quality by "[reducing] ambient noise on phone calls when you are holding the receiver to your ear." From the report: "Phone Noise Cancellation is not available on iPhone 13 models, which is why you do not see this option in [the Accessibility] settings," Apple support told one of 9to5Mac's readers. When the reader asked for clarification, the support team confirmed that the feature is "not supported." Questions about noise cancellation came up on Reddit and Apple support pages shortly after the phone went on sale, with readers noticing that it was no longer available on the Accessibility page. The feature is still available with iOS 15 on past iPhone models, but is nowhere to be found on the iPhone 13.

A serious Safari bug disclosed in this blog post from FingerprintJS can disclose information about your recent browsing history and even some info of the logged-in Google account. From a report: A bug in Safari's IndexedDB implementation on Mac and iOS means that a website can see the names of databases for any domain, not just its own. The database names can then be used to extract identifying information from a lookup table. For instance, Google services store an IndexedDB instance for each of your logged in accounts, with the name of the database corresponding to your Google User ID. Using the exploit described in the blog post, a nefarious site could scrape your Google User ID and then use that ID to find out other personal information about you, as the ID is used to make API requests to Google services. In the proof-of-concept demo, the user's profile picture is revealed. FingerprintJS says they reported the bug to Apple on November 28, but it has not yet been resolved.