An iPhone hacking team has released a new jailbreak tool for almost every iPhone, including the most recent models, by using the same vulnerability that Apple last month said was under active attack by hackers. TechCrunch reports: The Unc0ver team released its latest jailbreak this weekend, and says it works on iOS 11 (iPhone 5s and later) to iOS 14.3, which Apple released in December. In a tweet, the jailbreak group said it used its âoeown exploitâ for CVE-2021-1782, a kernel vulnerability that Apple said was one of three flaws that "may have been actively exploited" by hackers. By targeting the kernel, the hackers are able to get deep hooks into the underlying operating system.

Apple fixed the vulnerability in iOS 14.4, released last month, which also prevents the jailbreak from working on later versions. It was a rare admission that the iPhone was under active attack by hackers, but the company declined to say who the hackers were and who they were targeting. Apple also granted anonymity to the researcher who submitted the bug.

Dustin Curtis, writing on his blog: About ten days ago, when I went to update a few apps in the App Store on my Mac, I was met with a curious error: "Your account has been disabled in the App Store and iTunes." The internet is filled with stories from people whose Google accounts were locked for unexplained reasons, causing them to lose all of their data, including years of email, so I was somewhat concerned. But I'd never heard of similar cases involving Apple's services, and I wouldn't expect such behavior from a customer-focused company like Apple, so I figured it was a glitch and made a mental note to try again later. The next day, Music.app stopped working: "You cannot login because your account has been locked."

Now I was genuinely worried. I checked my phone and neither the App Store nor Apple Music would work there, either. A few minutes later, Calendar popped up an error â" it had stopped syncing. I immediately tried to call Apple Support from my Mac, but Apple's Handoff feature had been disabled as well. The first person I spoke to at Apple spent a while researching the issue and then told me there was nothing she could do but escalate the issue, and that I should expect a call "hopefully" within the next day. I asked what the problem might be, and she seemed as confused as I was. Although some Apple services were still working, like iMessage (thank God) and Photos, I was terrified that more services would suddenly become inaccessible or that I would lose the considerable amount of data I have stored in iCloud.

A couple of days later, I became impatient and contacted Apple Support again. This time, the representative mumbled something about Apple Card before saying that he also had no power to help me. Apple ID was a different department, he said, and they could only be contacted by email. He emailed them. I continued to wait. The next time I tried to use my Apple Card, it was declined. Strange. I checked the Wallet app, and the balance was below the limit. I remembered the Apple support representative mumbling about Apple Card, so I did some digging through my email to see if I could find a connection. As it turns out, my bank account number changed in January, causing Apple Card autopay to fail. Then the Apple Store made a charge on the card. Less than fifteen days after that, my App Store, iCloud, Apple Music, and Apple ID accounts had all been disabled by Apple Card. Tim Sweeney, CEO of Epic Games, which is fighting a legal battle with Apple, offered some commentary on this: "It's terrifying how much leverage Apple has over consumers and developers by integrating everything, locking us all in, and exerting total control. Normal companies respect the natural boundaries that exist between platforms and services. Apple does not! For Apple, every choke point they create is both a profit center and a lever to exert control. After blocking Fortnite updates from over a billion iOS users, Apple threatened to block Sign in With Apple -- which they forced us to adopt -- affecting Fortnite players on 7 platforms."

John Gruber, writing at DaringFireball: In my piece yesterday about email tracking images ("spy pixels" or "spy trackers"), I complained about the fact that Apple -- a company that rightfully prides itself for its numerous features protecting user privacy -- offers no built-in defenses for email tracking. A slew of readers wrote to argue that Apple Mail does offer such a feature: the option not to load any remote resources at all. It's a setting for Mail on both Mac and iOS, and I know about it -- I've had it enabled for years. But this is a throwing-the-baby-out-with-bath-water approach. What Hey offers -- by default -- is the ability to load regular images automatically, so your messages look "right", but block all known images from tracking sources (which are generally 1 x 1 px invisible GIFs).

Typical users are never going to enable Mail's option not to load remote content. It renders nearly all marketing messages and newsletters as weird-looking at best, unreadable at worst. And when you get a message whose images you do want to see, when you tell Mail to load them, it loads all of them -- including trackers. Apple Mail has no knowledge of spy trackers at all, just an all-or-nothing ability to turn off all remote images and load them manually. Mail's "Load remote content in messages" option is a great solution to bandwidth problems -- remember to turn it on the next time you're using Wi-Fi on an airplane, for example. It's a terrible solution to tracking. No one would call it a good solution to tracking if Safari's only defense were an option not to load any images at all until you manually click a button in each tab to load them all. But that's exactly what Apple offers with Mail. "Don't get me started on how predictable this entire privacy disaster was, once we lost the war over whether email messages should be plain text only or could contain embedded HTML. Effectively all email clients are web browsers now, yet don't have any of the privacy protection features actual browsers do," he adds.

A US magistrate judge has ordered Valve to provide sales data to Apple in response to a subpoena issued amid Apple's continuing legal fight with Epic Games. From a report: In addition to some aggregate sales data for the entirety of Steam, Valve will only have to provide specific, per-title pricing and sales data for "436 specific apps that are available on both Steam and the Epic Games Store," according to the order. That's a significant decrease from the 30,000+ titles Apple for which Apple originally requested data. In resisting the subpoena, Valve argued that its Steam sales data was irrelevant to questions about the purely mobile app marketplaces at issue in the case. Refocusing the request only on games available on both Steam and the Epic Games Store makes it more directly relevant to the questions of mobile competition in the case, Judge Thomas Hixson writes in his order.

"Recall that in these related cases, [Epic] allege that Apple's 30% commission on sales through its App Store is anti-competitive and that allowing iOS apps to be sold through other stores would force Apple to reduce its commission to a more competitive level," Hixson writes in the order. "By focusing... on 436 specific games that are sold in both Steam and Epic's store, Apple seeks to take discovery into whether the availability of other stores does in fact affect commissions in the way [Epic] allege." The California judge overseeing Apple's attempts to drag Valve into an ongoing beef with Epic Games admitted that Apple "salted the Earth with subpoenas, so don't worry, it's not just you."

Google today quietly added App Privacy labels to its Gmail app, marking the first of its major apps to receive the privacy details aside from YouTube. From a report: Though App Privacy information has been added to Gmail, Google has done so server side and has yet to issue an update to the Gmail app. It has been two months since the Gmail app last saw an update. Earlier in February, the Gmail app was displaying warnings about the app being out of date as it has been so long since new security features were added, but Google eliminated that messaging without pushing an update to the app. Apple has been enforcing App Privacy labels since December, and Google has been slow to support the feature. Google said in early January that it would add privacy data to its app catalog "this week or next week," but by January 20, most apps still had not been updated with the App Privacy. Google has since been adding App Privacy labels to apps like YouTube and some of its smaller apps, but of major apps like Google Search, Google Photos, and Google Maps, Gmail is the first to get the new labeling.

A week after popular audio chatroom app Clubhouse said it was taking steps to ensure user data couldn't be stolen by malicious hackers or spies, at least one attacker has proven the platform's live audio can be siphoned. From a report: An unidentified user was able to stream Clubhouse audio feeds this weekend from "multiple rooms" into their own third-party website, said Reema Bahnasy, a spokeswoman for Clubhouse. While the company says it's "permanently banned" that particular user and installed new "safeguards" to prevent a repeat, researchers contend the platform may not be in a position to make such promises. Users of the invitation-only iOS app should assume all conversations are being recorded, the Stanford Internet Observatory, which was first to publicly raise security concerns on Feb. 13, said late Sunday. "Clubhouse cannot provide any privacy promises for conversations held anywhere around the world," said Alex Stamos, director of the SIO and Facebook's former security chief. Stamos and his team were also able to confirm that Clubhouse relies on a Shanghai-based startup called Agora to handle much of its back-end operations. While Clubhouse is responsible for its user experience, like adding new friends and finding rooms, the platform relies on the Chinese company to process its data traffic and audio production, he said.

Apple is going to make one of the most powerful types of attacks on iPhones much harder to pull off in an upcoming update of iOS. From a report: The company quietly made a new change in the way it secures the code running in its mobile operating system. The change is in the beta version of the next iOS version, 14.5, meaning it is currently slated to be added to the final release. Several security researchers who specialize in finding vulnerabilities in and crafting exploits for iOS believe this new mitigation will make it much harder for hackers to take control of an iPhone with a technique known as a zero-click (or 0-click) exploit, which allows a hacker to take over an iPhone with no interaction from the target. Apple also told Motherboard it believes the changes will impact 0-click attacks.

"It will definitely make 0-clicks harder. Sandbox escapes too. Significantly harder," a source who develops exploits for government customers told Motherboard, referring to "sandboxes" which isolate applications from each other in an attempt to stop code from one program interacting with the wider operating system. Motherboard granted multiple exploit developers anonymity to speak more candidly about sensitive industry issues. Like the name suggests, zero-click attacks allow hackers to break into a target without needing the victim to interact with anything, such as a malicious phishing link. This means that the attack is generally harder for the targeted user to detect. These are generally very sophisticated attacks. These attacks may now become much rarer, according to several security researchers who look for vulnerabilities in iOS.

A new court filing has revealed that, as part of the ongoing legal battle between Apple and Epic Games, Apple subpoenaed Valve Software in November 2020, demanding it provide huge amounts of commercial data about Steam sales and operations going over multiple years. From a report: Apple subpoenaed Valve under the basic argument that certain Steam information would be crucial to building its case against Epic, which is all about competitive practices. Yesterday a joint discovery letter was filed to the District court in Northern California relating to the subpoena, which contains a summary of the behind-the-scenes tussles thus far, and both sides' arguments about where to go from here.

[...] Apple wants Valve to provide the names, prices, configurations and dates of every product on Steam, as well as detailed accounts of exactly how much money Steam makes and how it is all divvied-up. Apple argues that this information is necessary for its case against Epic, is not available elsewhere, and "does not raise risk of any competitive harm." Needless to say, Valve does not agree. Its counter-argument to the above says that Valve has co-operated to what it believes to be a reasonable extent -- "Valve already produced documents regarding its revenue share, competition with Epic, Steam distribution contracts, and other documents" -- before going on to outline the nature of Apple's requests: "that Valve (i) recreate six years' worth of PC game and item sales for hundreds of third party video games, then (ii) produce a massive amount of confidential information about these games and Valve's revenues." In a masterpiece of understatement, Valve's legal counsel writes: "Apple wrongly claims those requests are narrow. They are not." Apple apparently demanded data on 30,000+ games initially, before narrowing its focus to around 600. Request 32 gets incredibly granular, Valve explains: Apple is demanding information about every version of a given product, all digital content and items, sale dates and every price change from 2015 to the present day, the gross revenues for each version, broken down individually, and all of Valve's revenues from it.

Valve says it does not "in the ordinary course of business keep the information Apple seeks for a simple reason: Valve doesn't need it." Valve's argument goes on to explain to the court that it is not a competitor in the mobile space (this is, after all, a dispute that began with Fortnite on iOS), and makes the point that "Valve is not Epic, and Fortnite is not available on Steam." It further says that Apple is using Valve as a shortcut to a huge amount of third party data that rightfully belongs to those third parties. The conclusion of Valve's argument calls for the court to throw Apple's subpoena out. "Somehow, in a dispute over mobile apps, a maker of PC games that does not compete in the mobile market or sell 'apps' is being portrayed as a key figure. It's not. The extensive and highly confidential information Apple demands about a subset of the PC games available on Steam does not show the size or parameters of the relevant market and would be massively burdensome to pull together. Apple's demands for further production should be rejected."

Epic Games is taking its legal battle against Apple global, filing an antitrust complaint in Europe against the iPhone maker. From a report: The move adds another layer to the protracted dispute and brings it to a jurisdiction that has historically been tougher on U.S. tech companies. Last September, Epic added its own in-app purchase mechanism to Fortnite, knowingly setting up a confrontation with Apple, which doesn't allow payment systems other than its own. Apple removed Fortnite from the App Store and Epic immediately filed suit. A similar chain of events took place with Google on the Android side, though in that case, Epic can continue to distribute Fortnite on its own outside the Google Play store, while no similar option exists for iOS. Apple also countersued Epic in October, claiming breach of contract.

LastPass is adding new restrictions to its free subscription tier starting March 16th that'll only allow users to view and manage passwords on one category of devices: mobile or computer. From a report: Mobile users will be limited to iOS and Android phones, iPads, Android tablets, and smartwatches. Computer subscribers will be able to use their passwords from Windows, macOS, and Linux desktops and laptops, the LastPass browser extension, and Windows tablets. Users on LastPass' free tier will be asked to pick between the two options the first time they log in after March 16th, and the company says they'll be able to switch between categories up to three times after they've picked. Although customers are restricted to a single category of devices on the free tier, they'll still be able view and manage passwords from an unlimited number of devices within either the mobile or computer category. LastPass says no users will be locked out of their accounts or lose access to their passwords as a result of the changes. As well as restricting its device types, LastPass is also changing the kinds of customer support free tier users will be able to access. From May 17th, free users will lose access to email support, the company announced.

Apple's upcoming iOS 14.5 release will ship with a feature that will re-route all Safari's Safe Browsing traffic through Apple-controlled proxy servers as a workaround to preserve user privacy and prevent Google from learning the IP addresses of iOS users. From a report: The new feature will work only when users activate the "Fraudulent Website Warning" option in the iOS Safari app settings. This enables support for Google's Safe Browsing technology in Safari. The Safe Browsing technology works by taking an URL the user is trying to access, sending the URL in an anonymized state to Google's Safe Browsing servers, where Google accesses the site and scans for threats. If malware, phishing forms, or other threats are found on the site, Google tells the user's Safari browser to block access to the site and show a fullscreen red warning. While years ago, when Google launched the Safe Browsing API, the company knew what sites a user was accessing; in recent years, Google has taken several steps to anonymize data sent from user's devices via the Safe Browsing feature. But while Google has anonymized URL strings, by sending the link in a cropped and hashed state, Google still sees the IP address from where a Safe Browsing check comes through. Apple's new feature basically takes all these Safe Browsing checks and passes them through an Apple-owned proxy server, making all requests appear as coming from the same IP address.

The North Dakota Senate recently introduced a new bill that would prevent Apple and Google from requiring developers to use their respective app stores and payment methods, paving the way for alternative app store options.

In response, Apple Chief Privacy Engineer Erik Neuenschwander said that it "threatens to destroy the iPhone as you know it" by requiring changes that would "undermine the privacy, security, safety, and performance" of the iPhone. Neuenschwander said that Apple "works hard" to keep bad apps from the App Store, and North Dakota's bill would "require us to let them in." MacRumors reports: According to Senator Kyle Davison, who introduced Senate Bill 2333 yesterday, the legislation is designed to "level the playing field" for app developers in North Dakota and shield customers from "devastating, monopolistic fees imposed by big tech companies," which refers to the cut that Apple and Google take from developers. Specifically, the bill would prevent Apple from requiring a developer to use a digital application distribution platform as the exclusive mode of distributing a digital product, and it would keep the company from requiring developers to use in-app purchases as the exclusive mode of accepting payment from a user. There's also wording preventing Apple from retaliating against developers who choose alternate distribution and payment methods.

Apple does not allow apps to be installed on iOS devices outside of the "App Store" and there are no alternate app store options that are available. Apple reviews every app that is made available for its customers to download, something that would not happen with a third-party app store option. Apple also does not let app developers accept payments through methods other than in-app purchase except in select situations, a policy that has led to Apple's legal fight with Epic Games.

No federal legislation has been introduced as of yet, and the North Dakota Senate committee did not take action on the bill. Senator Jerry Klein said that there's "still some mulling to be done" in reference to the bill.

Europe's antitrust chief, Margrethe Vestager, has warned Apple to give equal treatment to all apps on its platform amid the iPhone maker's privacy changes that have drawn charges of anti-competitive practices from rival Facebook. From a report: Apple will in the spring ask iPhone users for consent to track their data for personalized ads in what it says is a move to protect users' privacy but which will limit apps' ability to gather data from people's phones that can be used for targeted advertising. Facebook has been among the most vocal of the critics which stand to lose a substantial part of their revenue from Apple's move. Facebook in a December blog post called it anti-competitive behaviour, saying that Apple's own personalized ad platform would be exempt from the new requirement giving users a choice of whether to opt in to tracking by third parties. Vestager said while the issue is privacy-related, it can morph into an antitrust issue if Apple tilts the level playing field. "It can be competition if it is shown that Apple is not treating its own apps in the same way," she told Reuters in an interview on Monday.

Google is exploring an alternative to Apple's new anti-tracking feature, the latest sign that the internet industry is slowly embracing user privacy, Bloomberg is reporting, citing people with knowledge of the matter. From the report: Internally, the search giant is discussing how it can limit data collection and cross-app tracking on the Android operating system in a way that is less stringent than Apple's solution, said the people, who asked not to be identified discussing private plans. Google is trying to balance the rising demands of privacy-conscious consumers with the financial needs of developers and advertisers. The Alphabet unit is seeking input from these stakeholders, similar to how it's slowly developing a new privacy standard for web browsing called the Privacy Sandbox. With more than $100 billion in annual digital ad sales, Google has a vested interest in helping partners to continue generating revenue by targeting ads to Android device users and measuring the performance of those marketing spots. "We're always looking for ways to work with developers to raise the bar on privacy while enabling a healthy, ad-supported app ecosystem," a Google spokesman said in a statement.

[...] A Google solution is likely to be less strict and won't require a prompt to opt in to data tracking like Apple's, the people said. The exploration into an Android alternative to Apple's feature is still in the early stages, and Google hasn't decided when, or if, it will go ahead with the changes. On the iPhone, Google offers developers a framework so they can monetize their apps using Google ads. In a recent blog post, Google said Apple's ad-tracking update means developers "may see a significant impact" on their ad revenue. To keep advertisers happy while improving privacy, the discussions around Google's Android solution indicate that it could be similar to its planned Chrome web browser changes, the people said. Further reading: Google's iOS Apps Haven't Been Updated in Weeks. Could Apple's Privacy Labels Be the Reason?
Facebook Warns Advertisers on Apple Privacy Changes
Apple's Tim Cook Criticizes Social Media Practices, Intensifying Facebook Conflict
Facebook Looks To Take its Fight With Apple To Court.

Google has launched a limited version of its News Showcase in Australia despite threatening to pull Search from the nation a fortnight ago. ZDNet reports: News Showcase, Google claims, provides an "enhanced view" of articles, and aims to give participating news publishers more ways to share important news to readers while having "more direct control of presentation and branding." The product will appear across Google News on Android, iOS and the mobile web, and in Discover on iOS.

As part of the initial version of News Showcase in Australia, seven local news publishers have partnered with the search giant, Google APAC news, web and publishing head Kate Beddoe said in a blog post. "The initial publishers featured in today's launch were among the first globally to sign up, providing early feedback and input on how the product could help bring their journalism to the fore for readers," she said. The Australian publications included in the initial version of Google News Showcase are The Canberra Times, The Illawarra Mercury, The Saturday Paper, Crikey, The New Daily, InDaily, and The Conversation.

Jeff Carlson, writes in a post: After consulting numerous webcam buying guides and reviews, purchasing a handful of the most popular models, and testing them in varying lighting situations, I can't escape the grim truth: there are no good webcams. Even webcams recommended by reputable outlets produce poor quality imagery -- a significant failing, given it's the one job they're supposed to provide. Uneven color. Blown highlights. Smudgy detail, especially in low light. Any affordable webcam (even at the high end of affordability, $100+), uses inadequate and typically years-old hardware backed by mediocre software that literally makes you look bad. You might not notice this if you're using video software that makes your own image small, but it will be obvious to other people on the call. [...] Why are webcams like this?

[...] Two main factors currently hinder serious webcam innovations, one a technical limitation and one a business shortcoming. As with all photography, the way to create better images is to capture more light, and the method of capturing more light is to use larger image sensors and larger lenses. That's why a consumer DSLR or mirrorless camera produces much better images than a webcam. Primarily this is about size: webcams are designed as small devices that need to fit onto existing monitors or laptop lids, so they use small camera modules with tiny image sensors. These modules have been good enough for years, generating accolades, so there's little incentive to change. The StreamCam appears to have a better camera and sensor, with an aperture of f/2.0; aperture isn't listed for the other cameras.

Contrast this technology with the iPhone, which also includes small camera modules by necessity to fit them into a phone form factor. Apple includes better components, but just as important, incorporates dedicated hardware and software solely to the task of creating images. When you're taking a photo or video with an iOS device, it's processing the raw data and outputting an edited version of the scene. Originally, Logitech's higher-end webcams, such as the C920, also included dedicated MPEG processing hardware to decode the video signal, but removed it at some point. The company justified the change because of the power of modern computers, stating, "there is no longer a need for in-camera encoding in today's computers," but that just shifts the processing burden to the computer's CPU, which must decode raw video instead of an optimized stream. It's equally likely Logitech made the change to reduce component costs and no longer pay to license the H.264 codec from MPEG LA, the group that owns MPEG patents. That brings us to the other factor keeping webcam innovation restrained: manufacturers aren't as invested in what has been a low margin business catering to a relatively small niche of customers.

The official Reddit for iOS app recently received an update that added a new video player UI, and many users don't like it one bit. XDA Developers reports: The Reddit Mobile subreddit, the community where Reddit administrators notify users of new Android and iOS app updates, is currently filled to the brim with complaints about the new video player. Many users describe the experience as TikTok or Instagram-like. Others simply say it's too intrusive and also requires more button presses to reach the comments section of a post. The new video player UI has yet to reach the Android version, but we'd be surprised if Reddit pushes ahead with the controversial video player changes in their current form. For those looking for an alternative, XDA Developers recommends the Apollo app.

Apple's latest iOS 14.5 update for beta testers brings support for the new PS5 DualSense and Xbox Series X controllers. The Verge reports: Apple's upcoming iOS 14.5 update follows the company revealing back in November that it was working with Microsoft to include support for the Xbox Series X controllers. Steam also added PS5 controller support last year, followed by Nvidia's Shield TV support last month. Other features of iOS 14.5 include the ability to unlock an iPhone with an Apple Watch while wearing a mask, Siri emergency contact calling, CarPlay ETA sharing, and dual-SIM 5G support. The official release is expected in the next couple of months.

Facebook is testing a notification that notifies Apple iOS users about ways the tech giant uses their data to target personalized ads to them. Axios reports: The test is happening in light of upcoming changes to Apple's privacy settings that will make it harder for Facebook and others to collect data on Apple users for ad targeting. Facebook warned investors last week that changes to Apple's "Identifier for Advertisers" (IDFA) user tracking feature will likely impact its business. The feature asks Apple iOS users to opt-in to having their data collected, instead of asking them to opt-out. Developers forecast that only around 10-30% of users will actually opt-in to having their data collected, making it much harder for advertisers to target potential Apple customers without as much access to their data.

Details: In an updated blog post, Facebook says it will be showing their prompt "to ensure stability for the businesses and people who use our services." The prompt, which provides information about how Facebook uses personalized ads, will be shown to users globally on Facebook and Instagram. In the post, Facebook says that if users accept the prompts for Facebook and Instagram, the ads you see on those apps won't change. "If you decline, you will still see ads, but they will be less relevant to you." The tech giant notes that Apple has said that providing education about its new privacy changes is allowed.

Apple's latest iPhones stuck with Face ID as the singular method of biometric authentication in an era when people are wearing face masks everywhere they go. This inevitably means having to enter your passcode constantly throughout the day. But Apple has come up with a stopgap solution that should make it easier to get into your phone during mask life -- as long as you've got an Apple Watch. From a report: As first reported by Pocket-lint, the new iOS 14.5 update, which went into beta today, uses the Apple Watch on your wrist to quickly authenticate and unlock your iPhone. Apple already offers this convenient trick on the Mac, but now it's coming to the iPhone as well. It works similarly here. You lift your iPhone to turn on the screen, and you'll feel a little nudge of haptic feedback on your Apple Watch to indicate that your iPhone has been unlocked. The devices must be in close proximity for this to work in the first place, which is a measure to keep your data secure. (If the Apple Watch is locked, this won't work either.) And this Apple Watch shortcut is only good for unlocking your iPhone; App Store and iTunes purchases will still require other authentication if your face is covered. And as a final security check, you'll still be asked to put in your passcode every few hours even when unlock with Apple Watch is enabled.