An anonymous reader quotes a report from ZDNet: Mozilla has announced today that its highly anticipated VPN (virtual private network) service will launch later this summer, "in the next few weeks." The product has also been renamed from its original name of Firefox Private Network to its new brand of the "Mozilla VPN." The name change came after Mozilla expanded the VPN product from the initial Firefox extension to a full-device VPN, capable of routing traffic for the entire OS, including other browsers. Currently, the Mozilla VPN offers clients for Windows 10, Chromebooks, Android, and iOS devices. Mozilla said beta testers also requested a Mac client, which they plan to provide, along with a Linux app.

Earlier this week, Apple told Basecamp, the company that makes the brand new email app called Hey, that it cannot distribute its app on the iPhone unless it makes it possible for users to sign up via Apple's own prescribed methods -- which gives Apple a 30 percent cut. Apple told Basecamp that by avoiding giving an option in its iOS app to sign up and support in-app purchases, it was violating Apple's App Store policy, 3.1.1, which says: If you want to unlock features or functionality within your app, (by way of example: subscriptions, in-game currencies, game levels, access to premium content, or unlocking a full version), you must use in-app purchase. Apps may not use their own mechanisms to unlock content or functionality, such as license keys, augmented reality markers, QR codes, etc. Apps and their metadata may not include buttons, external links, or other calls to action that direct customers to purchasing mechanisms other than in-app purchase. Dieter Bohn, writing for The Verge: The key thing to know is that the text of this policy is not actually the policy. Or rather, as with any law, the text is only one of the things you need to understand. You also need to know how it is enforced and how the enforcers interpret that text. It should not surprise you to know that Apple's interpretation of its text often seems capricious at best and at worst seems like it's motivated by self-dealing. And the enforcement consequently often seems unfair.

The rule states that if you want to sell digital goods, you have to use Apple's payment system. Except that's not how 3.1.1 has been interpreted to date. It has been interpreted as allowing people to access services they paid for elsewhere on their iOS devices, but not allowing those apps to try to get around the Apple payment rules when people sign up on those devices. That's convoluted, but that interpretation is what keeps Netflix from having an account sign-up in its app. It's the policy that has enraged Spotify and keeps you from buying Kindle books on your iPhone without jumping through a million weird Safari hoops. That was already a very bad rule, if you ask me. Now, with this email app, Apple is apparently changing its interpretation to be more strict. David Pierce, in an update to his news report about Hey-Apple debacle: Apple told me that its actual mistake was approving the app in the first place, when it didn't conform to its guidelines. Apple allows these kinds of client apps -- where you can't sign up, only sign in -- for business services but not consumer products. That's why Basecamp, which companies typically pay for, is allowed on the App Store when Hey, which users pay for, isn't. One other distinction: Apple allows "Reader" apps -- things like Netflix and Kindle and Dropbox, where you're using the app to access existing subscriptions -- as long as they don't offer a way to sign up. But email, messaging, etc. don't count as Reader apps. John Gruber, writing at DaringFireball: The lone instance of "consumer" refers to the "Consumer Health Records API". The price that Basecamp pays for not supporting in-app purchase in their iOS app is that they lose whatever number of users would have signed up in-app but won't sign up out-of-app. That's competition. Again, putting aside arguments that Apple should allow apps to use their own payment systems in apps, or be able to link to a website for sign up, or at the very least just tell users how to sign up -- the makers of an app should be able to say "OK, we won't even tell users how to sign up within our app; our app is only for existing customers and we'll obtain all of them outside the app." [...]

Second, how could such a distinction be made in writing? There are some apps that are definitely "business services" and some that are definitely "consumer products" (games for example), but to say that the area in between encompasses many shades of gray is an understatement. The entire mobile era of computing -- an era which Apple itself has inarguably largely defined -- is about the obliteration of distinct lines between business and consumer products. [...] At some level there's a clear distinction here -- Netflix and Kindle are clearly consumption services. But Dropbox? Dropbox is a lot closer to an email or messaging service like Hey than it is to Netflix or Kindle. The stuff in my Dropbox account is every bit as personal as the stuff in my email account. When you put Dropbox in the same bucket with Netflix and Amazon Kindle, it seems to me like the distinction is not so much between what is and isn't a "reader" app or what is or isn't a "business" app, but between companies which are too big for Apple to push around and those they can.

An iPhone user created a shortcut that prompts an iPhone to begin recording police interactions by the user simply uttering the phrase: "Hey Siri, I'm getting pulled over." The task utilizes Apple's relatively new "Shortcuts" feature, which allows users to conduct tasks on their phones with a single voice command using Siri. From a report: Twitter user Robert Petersen posted a link to the shortcut and an explanation of what it does. Users can download the police shortcut, but must make sure to have the Shortcuts app installed.

Upon saying "Hey Siri, I'm getting pulled over," any music that may be playing is paused and the screen's brightness is dimmed while the phone's "do not disturb" capability is turned on. The phone then automatically sends a message to a contact the user sets up, letting that person know that the user is being stopped by police, along with providing the user's location. The front camera is then turned on and the phone begins to record video of what is happening. "Once you stop the recording it sends a copy of the video to a contact you specify, puts volume and brightness back to where they were, turns off Do Not Disturb, and gives you the option to send to iCloud Drive or Dropbox," according to a Reddit post by Petersen. There are apps with similar functions available for Android, including one called "Stop and Frisk Watch," which is designed to record incidents by "simply pushing a trigger on the phone's frame."

Basecamp launched its email product Hey earlier this week. David Heinemeier Hansson, the co-founder of Basecamp, tweeted on Tuesday that Apple is already creating challenges for the firm. In a series of tweets, he said: Apple just doubled down on their rejection of HEY's ability to provide bug fixes and new features, unless we submit to their outrageous demand of 15-30% of our revenue. Even worse: We're told that unless we comply, they'll remove the app. On the day the EU announced their investigation into Apple's abusive App Store practices, HEY is subject to those very same capricious, exploitive, and inconsistent policies of shakedown. It's clear they feel embolden to tighten the screws with no fear of regulatory consequences. He adds: Apple has been capriciously, inconsistently, and in a few cases, cruelly, enforcing their App Store policies for years. But most of the abuses were suffered by smaller developers without a platform and without recurse. Apple saw that it worked, and that it paid. Now moving up. This is exactly the issue I gave testimony in front of congress earlier this year! We hadn't yet launched HEY, but I said it worried me, what Apple might do, if you're in direct competition with them. And now we know what they'd do. Attempt to crush us. But while I'm sure Apple's attempt to cut off the air supply to the likes of Spotify is board-room stuff, I think what we're facing is simply the banality of bureaucracy. Apple has publicly pivoted to services for growth, so KPIs and quarterly targets trickle down. And frankly, it's hard to see what they have to fear. Who cares if Apple shakes down individual software developers for 30% of their revenue, by threatening to destroy their business? There has been zero consequences so far! Most such companies quietly cave or fail. We won't. There is no chance in bloody hell that we're going to pay Apple's ransom. I will burn this house down myself, before I let gangsters like that spin it for spoils. This is profoundly, perversely abusive and unfair.

We did everything we were supposed to with the iOS app. Try downloading it (while you can?). You can't sign up, because Apple says no. We don't mention subscriptions. You can't upgrade. You can't access billing. We did all of it! Wasn't enough. We've been in the App Store with Basecamp for years. We know the game. It was always rigged. It was always customer-hostile, deeply confusing, but the unstated lines were reasonably clear. Now Apple has altered the deal, and all we can do is pray they don't alter it further.

After seven years, Lego has finally unveiled a new Mindstorms kit, reports PC Magazine -- the Lego Mindstorms Robot Inventor, available this fall for $359: The Robot Inventor kit lets kids (or adults) build five different robot models out of 949 pieces, ranging from a four-legged walker to a bipedal wheeled robot that can give high-fives. All of these robots can be programmed to perform different tricks, like grabbing items, firing plastic projectiles, avoiding obstacles, and playing various sports with a ball.

The kit includes four low-profile, medium-angular motors; a color and light sensor; and a distance sensor, which work together with the Intelligent Hub block to power these robots and execute commands. Of course, like all Mindstorms kits, you can build your own robotic creations with the tools at hand, and add Lego Technic and System pieces for more complex projects.

The Intelligent Hub serves as the brain of Lego Mindstorms, and the block that houses the Mindstorms Robot Inventor Kit is the most advanced one yet. It features six input/output ports for sensors and motors, a six-axis gyro/accelerometer, a speaker, and a five-by-five LED matrix. The Intelligent Hub and all robots built with it can be controlled wirelessly over Bluetooth with the Lego Mindstorms Robot Inventor app for Android, iOS, Windows 10, and macOS. The app supports programming in both the tile-based Scratch language and in Python, for more complex projects that require the precision of written code.

Apple has removed two podcast apps from its Chinese app store, following government pressure to censor content. The Guardian reports: Pocket Casts and Castro were both pulled from distribution in China after the Cyberspace Administration of China (CAC) demanded that the apps stop allowing content that breached the country's restrictive speech laws. "We believe podcasting is and should remain an open medium, free of government censorship," Pocket Casts said. "As such we won't be censoring podcast content at their request. "We understand this means that it's unlikely that our iOS app will be available in China, but feel it's a necessary step to take for any company that values the open distribution model that makes podcasting special." Pocket Casts said it was contacted by the CAC through Apple "around two days before the app was removed from the store." Castro Podcasts said it was not given a specific reason for its removal, but that it thought it may have been to do with the promotion of Hong Kong's protests in its "discover" section.

Google is rolling out AI-powered noise cancellation in Google Meet. It's coming to the web first, with iOS and Android following later. The Verge reports: A video produced by VentureBeat shows the software in action, with G Suite's director of product management Serge Lachapelle demonstrating how it can pretty seamlessly remove the sound of crackling crisp packets, clicking pens, or glass clinking. Google's announcement said the tech will also work on dogs barking or the clicking of a keyboard. VentureBeat reports that Google has been working on the feature for around a year and a half, using thousands of its own meetings to train its AI model. YouTube clips of lots of people talking were also used by the team. However, Lachapelle was keen to emphasize that although the feature will improve over time, the company will not directly use external meetings to train it. Instead, it will use customer support channels to try to identify where the software might be going wrong. Google says the processing happens via the cloud and that the data is encrypted during transport. It's also enabled by default, but can be turned off from the audio menu in the settings.

Apple is preparing to announce a shift to its own main processors in Mac computers, replacing chips from Intel, as early as this month at its annual developer conference, Bloomberg reported Tuesday, citing people familiar with the plans. From the report: The company is holding WWDC the week of June 22. Unveiling the initiative, codenamed Kalamata, at the event would give outside developers time to adjust before new Macs roll out in 2021, the people said. Since the hardware transition is still months away, the timing of the announcement could change, they added, while asking not to be identified discussing private plans. The new processors will be based on the same technology used in Apple-designed iPhone and iPad chips. However, future Macs will still run the macOS operating system rather than the iOS software on mobile devices from the company. Bloomberg News reported on Apple's effort to move away from Intel earlier this year, and in 2018.

According to Bernstein analyst Toni Sacconaghi, Apple should acquire privacy-focused search engine DuckDuckGo to put pressure on Google Search and tap into lucrative advertising revenue. 9to5Mac reports: According to Sacconaghi, Apple should acquire DuckDuckGo for around $1 billion as a way to put more pressure on Google and capture the advertising revenue that comes from the search industry. As reported by Street Insider, acquiring DuckDuckGo could serve as a 'stalking horse' to pressure Google: "Google is clearly the dominant force in search today. However, we suspect the company's fear of 'rocking the boat' -- which could compromise $15B in profits it captures today from iOS -- may ultimately limit its freedom of action with Apple. Conversely, Apple may be in a stronger position than at first glance, given it controls the keys to the kingdom on who can monetize iOS search. However, it remains uncomfortably dependent on Bing to act as a counter weight to Google -- hence our suggestion that Apple acquire its own search engine. Finally, Microsoft Bing may (counterintuitively) have the most 'option value' vis-a-vis the status quo -- although it remains to be seen how aggressively it will pursue this opportunity." What do you think of Sacconaghi's suggestion? Do you think Apple should cut ties with Google and acquire DuckDuckGo?

New submitter IBMResearch shares a report from ZDNet: IBM's new toolkit aims to give developers easier access to fully homomorphic encryption (FHE), a nascent technology with significant promise for a number of security use cases. "Today, files are often encrypted in transit and at rest but decrypted while in use, creating a security vulnerability," reports ZDNet. "This often compels organizations to make trade-offs and go through long vetting processes in order to ensure they can keep their valuable data protected while still gaining some value out of it. FHE aims to resolve that issue."

"While the technology holds great potential, it does require a significant shift in the security paradigm," the report adds. "Typically, inside the business logic of an application, data remains decrypted, [Flavio Bergamaschi, FHE pioneer and IBM Researcher] explained. But with the implementation of FHE, that's no longer the case -- meaning some functions and operations will change."

The toolkit is available today in GitHub for MacOS and iOS, and it will soon be available for Linux and Android.

Apple has released iOS 13.5.1 today, which the company says "provides important security updates and is recommended for all users," albeit without much detail in the change log. But as noted by Twitter account Apple Software Updates, the update is meant to patch out the kernel vulnerability used by the recent Unc0ver jailbreak. The Verge reports: Apple's support page lays things out more clearly -- the update was designed to prevent an application from being able to "execute arbitrary code with kernel privileges." In other words, iOS 13.5.1 is designed to block jailbreaking. The Unc0ver jailbreak was particularly notable in the iOS jailbreaking community because it was available on the then-current iOS 13.5, allowing users of the latest Apple devices to install new software features outside of Apple's gated App Store.

An anonymous reader quotes Forbes: When Apple announced Sign in with Apple at the June 2019 worldwide developers conference, it called it a "more private way to simply and quickly sign into apps and websites." The idea was, and still is, a good one: replace social logins that can be used to collect personal data with a secure authentication system backed by Apple's promise not to profile users or their app activity... Unsurprisingly, it has been pushed as being a more privacy-oriented option than using your Facebook or Google account.

Fast forward to April 2020, and a security researcher from Delhi uncovered a critical Sign in with Apple vulnerability that could allow an attacker to potentially take over an account with just an email ID. A critical vulnerability that was deemed important enough that Apple paid him $100,000 through its bug bounty program by way of a reward. With the vulnerability already now patched by Apple on the server-side, Bhavuk Jain published his disclosure of the security shocker on May 30.
It applied "only to third-party apps which used Sign in with Apple without taking any further security measures," the article points out , adding that the researcher who found it "said Apple carried out an internal investigation and determined that no account compromises or misuse had occurred before the vulnerability was fixed."

But they also quote an SME application security lead at ImmersiveLabs who said he "would have expected better testing around this from a company such as Apple, especially when it is trying to set itself a reputation as privacy-focused."

Bluetooth accessory maker Tile has written to the European Union accusing Apple of abuse of power and of illegally favoring its own products. From a report: According to a report by Financial Times, in a letter sent on Tuesday to the European Commissioner for Competition, the accessory maker said that Apple is making it harder for users to use Tile products on iPhone because it has its own rival Find My app. Tile asked the EU to investigate Apple's business practices, echoing previous calls made by the accessory maker in the United States. Specifically, Tile complains about changes Apple made to location services in iOS 13, which encourage customers not to use always-on location tracking. In addition, Tile said changing these options involve navigating between "complex settings not easy to find."

Adam Engst, writing for TidBITS: Because force-quitting apps and restarting or shutting down devices are necessary only to fix unanticipated problems, there are two notable downsides to engaging in such behavior as a matter of habit: reduced battery life and wasted time. Why would these behaviors reduce battery life? Remember, iOS is a modern operating system that's built on top of Apple's proprietary hardware. Apple has put a great deal of effort into ensuring that iOS knows the best ways to manage the limited hardware resources within your iPhone or iPad. No one, possibly short of an iOS systems engineer armed with Apple's internal diagnostic and debugging tools, would be able to outguess iOS itself on issues like memory usage, power draw, and CPU throttling.

When you invoke the App Switcher in iOS, you can swipe right to see all the apps you've used, possibly since you got your device. (The very first app in my iPhone 11 Pro's App Switcher is Apple's Tips, which I think came up automatically when I turned the iPhone on last year and hasn't been touched since. It's difficult to count apps in the App Switcher, but I probably have at least a hundred in there.) As the number of apps in the App Switcher should indicate, those apps are not necessarily running -- they merely have run at some point in the past. They're much more like the contents of the Mac's Apple > Recent Items menu. In normal usage, iOS devotes the lion's share of CPU and memory resources to the app that you're using. That's sensible -- the performance of that app is paramount. However, the next few apps in the App Switcher may also be consuming some CPU and memory resources. That's because iOS correctly assumes that you're most likely to return to them, and it wants to give you the best experience when you do. The screen shouldn't have to redraw multiple times, Internet-loaded content shouldn't have to update, and so on. [...]

India has released the source code of its contact-tracing app, Aarogya Setu, to the relief of privacy and security experts who have been advocating for this ever since the app launched in early April. From a report: Ministry of Electronics and Information Technology Secretary Ajay Prakash Sawhney made the announcement on Tuesday, dubbing the move "opening the heart" of the Aarogya Setu app to allow engineers to inspect and tinker with the code. The app has amassed over 114 million users in less than two months -- an unprecedented scale globally. The source code of Aarogya Setu's Android app is live on GitHub with code of iOS and KaiOS apps slated to release in a "few weeks." Nearly 98% of the app's users are on the Android platform. Sawhney said the government will also offer cash prizes of up to $1,325 to security experts for identifying and reporting bugs and vulnerabilities. "Open-sourcing Aarogya Setu is a unique feat for India. No other government product anywhere in the world has been open-sourced at this scale," said Amitabh Kant, chief executive of government-run think-tank NITI Aayog, in a press conference today.

An anonymous reader quotes TechCrunch: A renowned iPhone hacking team has released a new "jailbreak" tool that unlocks every iPhone, even the most recent models running the latest iOS 13.5. [9to5Mac points out it also works on iPads.]

For as long as Apple has kept up its "walled garden" approach to iPhones by only allowing apps and customizations that it approves, hackers have tried to break free from what they call the "jail," hence the name "jailbreak...." The jailbreak, released by the unc0ver team, supports all iPhones that run iOS 11 and above, including up to iOS 13.5, which Apple released this week. Details of the vulnerability that the hackers used to build the jailbreak aren't known, but it's not expected to last forever...

Security experts typically advise iPhone users against jailbreaking, because breaking out of the "walled garden" vastly increases the surface area for new vulnerabilities to exist and to be found.

Security researchers and hackers have had access to a leaked early version of iOS 14, the iPhone's next operating system, since at least February, Motherboard reported Friday. From the report: That's almost eight months before the expected official release of iOS 14, given that Apple usually publishes the new iOS in September along with the announcement of new phones. Sometimes, screenshots and descriptions of new features leak before the official reveal. This time, however, an entire version of the operating system has leaked and is being widely circulated among hackers and security researchers. Motherboard has not been able to independently verify exactly how it leaked, but five sources in the jailbreaking community familiar with the leak told us they think that someone obtained a development iPhone 11 running a version of iOS 14 dated December 2019, which was made to be used only by Apple developers. According to those sources, someone purchased it from vendors in China for thousands of dollars, and then extracted the iOS 14 internal build and distributed it in the iPhone jailbreaking and hacking community.

Many high school students around the country completed Advanced Placement tests online last week but were unable to submit them at the end because the testing portal doesn't support HEIC images -- the default format on iOS devices and some newer Android phones. The Verge reports: For the uninitiated: AP exams require longform answers. Students can either type their response or upload a photo of handwritten work. Students who choose the latter option can do so as a JPG, JPEG, or PNG format according to the College Board's coronavirus FAQ. But the testing portal doesn't support the default format on iOS devices and some newer Android phones, HEIC files. HEIC files are smaller than JPEGs and other formats, thus allowing you to store a lot more photos on an iPhone. Basically, only Apple (and, more recently, Samsung) use the HEIC format -- most other websites and platforms don't support it. Even popular Silicon Valley-based services, such as Slack, don't treat HEICs the same way as standard JPEGs.

[Nick Bryner, a high school senior in Los Angeles] says many of his classmates also tried to submit iPhone photos and experienced the same problem. The issue was so common that his school's AP program forwarded an email from the College Board to students on Sunday including tidbits of advice to prevent submission errors. "What's devastating is that thousands of students now have an additional three weeks of stressful studying for retakes," Bryner said. The email Bryner received doesn't mention the HEIC format, though it does link to the College Board's website, which instructs students with iPhones to change their camera settings so that photos save as JPEGs rather than HEICs. The company also linked to that information in a tweet early last week. In a statement emailed to The Verge, the College Board said that "the vast majority of students successfully completed their exams" in the first few days of online testing, "with less than 1 percent unable to submit their responses." The company also noted that "We share the deep disappointment of students who were unable to submit responses."

Apple and Google announced today that they have rolled out a COVID-19 exposure notification system, "essentially a unified programming interface that will allow public health departments to create their own contact tracing applications," reports ABC News. "Apple and Google are not building contact tracing apps." From the report: "Starting today, our Exposure Notifications technology is available to public health agencies on both iOS and Android," Apple and Google said in a statement. "Today, this technology is in the hands of public health agencies across the world who will take the lead and we will continue to support their efforts."

After an individual downloads and enables a contact tracing application on his phone, he would subsequently receive an alert if he is exposed to anyone who is diagnosed with or likely to have COVID-19. Of course, that assumes that the COVID-19-positive individual also has the application enabled on his phone. The companies said that digital contact tracing is meant to argument traditional human-to-human tracing, not replace it. Digital contact tracing is faster than traditional tracing, requires fewer resources and since it doesn't rely on human memory, can make it easier to track exposure in crowded spaces, or contact with strangers. On the other hand, for such applications to be effective, they require users to download and enable the applications on their phones, and it's not yet clear that Americans will be willing to do so en masse. "Once they download the app, users will have to consent to make their information available to the health authorities and can turn it on and off when they choose to," the report adds. "Data collection will be kept private and only used by health authorities for COVID-19 exposure, not stored in a central database."

The companies said that they will not monetize the data that comes out of the system.

After months of trying, the FBI successfully broke into iPhones belonging to the gunman responsible for a deadly shooting at Pensacola Naval Air Station in December 2019, and it now claims he had associations with terrorist organization al-Qaeda. Investigators managed to do so without Apple's help, but Attorney General William Barr and FBI director Christopher Wray both voiced strong frustration with the iPhone maker at a press conference on Monday morning. From a report: Both officials say that encryption on the gunman's devices severely hampered the investigation. "Thanks to the great work of the FBI -- and no thanks to Apple -- we were able to unlock Alshamrani's phones," said Barr, who lamented the months and "large sums of tax-payer dollars" it took to get into devices of Mohammed Saeed Alshamrani, who killed three US sailors and injured eight other people on December 6th.

Apple has said it provided investigators with iCloud data it had available for Alshamrani's account but did not provide any assistance bypassing iOS's device encryption. Without that help, authorities spent many weeks trying to break in on their own. Wray chastised Apple for wasting the agency's time and resources to unlock the devices. "Public servants, already swamped with important things to do to protect the American people -- and toiling through a pandemic, with all the risk and hardship that entails -- had to spend all that time just to access evidence we got court-authorized search warrants for months ago," he said.