Wired reports on both Sidewalk, Amazon's new low-bandwidth long-range wireless networking protocol, and Apple's new position- and distance-measuring U1 chip (mentioned in a recent keynote). Apple's U1 chip -- which allows precise, indoor positional tracking via the latest iPhones and will power, at the very least, directional AirDrop file-sharing -- popped up on screen but was never even mentioned. The interest-piquing phrase "GPS at the scale of your living room" was saved for the online iPhone product pages rather than the bombast of the Steve Jobs Theater... Both Amazon and Apple have the hardware scale to build up the base of access points needed to create a useful network before reaching out to, most likely, iOS developers in Apple's case, and hardware makers already on board with Alexa in Amazon's case. For Amazon, in fact, that work has already begun as Sidewalk originally came out of the Ring team's ambition to extend its connected security devices out into gardens. "Ring lighting was the first time we ran into it as a company, because we wanted to extend out onto the sidewalk," says Daniel Rausch, VP of smart home at Amazon (which owns Ring).

The smart outoor Ring lights are already out. Products like the Smart Floodlight and Pathlight list a "wireless connection to the Ring Bridge" in the tech specs but eagle-eyed Ring owners had already started to figure out what band Amazon was playing with for this connection, before the Sidewalk announcement. "They've been using an internal version of the protocol on the freely available and unlicensed 900MHz part of the spectrum already," explains Rausch. "What we realised was 'woah, we can actually do something special'. We can make a version of this protocol which is secure and have this unbelievably ubiquitous coverage if we bring it all together, neighbours and neighbours and neighbours...." An innocent smart dog tracker like Ring Fetch fits perfectly into this model of Amazon-networked communities sharing video, alerts and location tracking.

An anonymous reader shares a report: A security researcher has today released a new jailbreak that impacts all iOS devices running on A5 to A11 chipsets -- chips included in all Apple products released between 2011 and 2017. This includes iPhone models from 4S to 8 and X. The jailbreak uses a new exploit named Checkm8 that exploits vulnerabilities in Apple's Bootrom (secure boot ROM) to grant phone owners full control over their device. Axi0mX, the security researcher who published Checkm8 today, told ZDNet he'd worked on the jailbreak all year.

Developer Riley Testut is launching an alternative to Apple's App Store, called AltStore, that theoretically lets you "push the boundaries" of iOS without either jailbreaking or worrying that Apple will pull access. Engadget reports: AltStore works by fooling your device into believing that you're a developer sideloading test apps. It uses an app on your Mac or Windows PC to re-sign apps every seven days, using iTunes' WiFi syncing framework to reinstall them on your device before they expire. You only need a free Apple ID (a throwaway will do) to install apps that Apple would never allow, such as Testut's Delta emulator for Nintendo consoles.

In theory, there's not much Apple can do to easily shut things down. It could take down individual accounts, but you could just create another Apple ID if needed. Also, iOS only looks for an excessive number of app provisioning profiles, not the number of apps you have installed. So long as AltStore manages those profiles, Apple doesn't know if you're running one app or twenty. Testut told The Verge that measures to block AltStore would break key functionality for developers or iTunes syncing. AltStore is available in preview form now, with a formal launch due on September 28th. "People who back Testut's Patreon will also have the option to install almost any app, not just those in the store," the report adds.

Apple's new iOS 13 update adds a new privacy measure that requires apps to get your consent in order to use your device's Bluetooth. From a report: After installing the latest version of iOS, trust me when I say you'll be surprised by the number of apps asking for Bluetooth permission the next time you open them. Some might seem very strange (like Dunkin' Donuts in my case), but others probably won't make you think twice about giving the thumbs-up. The reason Apple implemented this is because Bluetooth has enabled companies to sneakily track your location over Bluetooth by using beacons in stores, shopping malls, and even on popular city streets if they're placed within range of a place you'd walk by.

This is entirely separate from your iPhone's location privacy settings, which makes it seem all the more underhanded. A beacon is very easily able to detect your device's Bluetooth chip and log that with a retailer or some other app on your phone. So getting more strict about Bluetooth is a good move by Apple to prevent unwanted tracking of its customers. Similarly, the company is also getting even more transparent about location, showing you on a map how often and where apps have recorded your position. This prompt is much easier to understand, and will probably startle people into slimming down the list of apps that can monitor where they are. As it should!

Microsoft is enabling Google's Assistant to work with its Xbox One console. From a report: Much like the existing Alexa integration, Microsoft is allowing Google Assistant to launch games and apps, turn the console on and off, pause videos, and much more. You'll need to use the Google Assistant app for iOS or Android or a device like Google's Home with Assistant on it to control an Xbox One. Google Assistant won't run on the Xbox One itself; instead, it will receive commands from other devices running Assistant.

tearmeapart writes (edited to add more details): Cloudflare is opening up its security and speed-focused mobile VPN service called WARP and WARP Plus to the general public. WARP is a mobile app for Android and Apple to establish a VPN to CloudFlare's huge global network. Cloudflare is promising:
1. No user-identifiable log data to disk;
2. No selling browsing data;
3. No need to provide any personal information
4. Regularly get audited. This is the second time Cloudflare is launching Warp. The VPN builds on Cloudflare's existing mobile app 1.1.1.1, which encrypts domain name system connections. But Warp goes beyond this protection to encrypt the whole journey from your device to a web server and back -- even if the website itself still isn't offering HTTPS web encryption. And all of this happens quickly, without draining your battery, and without complicated setup. In an interview with Wired, Cloudflare CEO Matthew Prince said: Yeah, what we thought was going to be easy back in April turned out to be a lot harder than we expected. We had been testing this primarily in San Francisco and Austin and London, which is where the teams that were working on this are based. But as soon as users started to get anywhere that didn't have a fairly reliable internet connection, just all hell broke loose. The report adds: In describing the hurdles Cloudflare faced getting Warp off the ground, John Graham-Cumming, the company's chief technology officer, and Dane Knecht, its head of product strategy, note that many of the challenges came from dealing with interoperability issues between mobile device models, operating system versions, and different mobile network and Wi-Fi configurations around the world. For example, Warp is built on a newer secure communication protocol for VPNs known as WireGuard, which isn't ubiquitous yet and therefore isn't always natively supported by devices. The team also faced challenges dealing with web protocols and standards that are implemented inconsistently across different wireless carriers and internet service providers around the world. Cloudflare's 1.1.1.1 focuses on encrypting DNS connections specifically, but Warp aims to encompass everything in one protected tunnel. Keeping everything together as data traverses the labyrinth of servers that make up the internet, including Cloudflare's own massive network, was tough. Warp is free to use without any bandwidth caps or limitations. But Warp Plus, which is being offered through a monthly subscription fee, offers a "faster version of Warp that you can optionally pay for. The fee for Warp Plus varies by region and is designed to approximate what a McDonald's Big Mac would cost in the region. On iOS, the Warp Plus pricing as of the publication of this post is still being adjusted on a regional basis, but that should settle out in the next couple days. Warp Plus uses Cloudflare's virtual private backbone, known as Argo, to achieve higher speeds and ensure your connection is encrypted across the long haul of the Internet. We charge for it because it costs us more to provide," the company said in the blog post.

Apple is warning users of a bug in iOS 13 and iPadOS involving third-party keyboards. From a report: In a brief advisory posted Tuesday, the tech giant said the bug impacts third-party keyboards which have the ability to request "full access" permissions. iOS 13 was released last week. Both iOS 13.1 and iPadOS 13.1, the new software version for iPads, are out today. Third-party keyboards can either run as standalone, or with "full access" they can talk to other apps or get internet access for additional features, like spell check. But "full access" also allows the keyboard maker to capture to its servers keystroke data or anything you type -- like emails, messages or passwords. This bug, however, may allow third-party keyboards to gain full access permissions -- even if it was not approved.

An anonymous reader quotes Forbes: Apple's updated operating system will now show you how often your location has been recorded and by which apps. It will do this proactively via a pop up, which shows a map of where you have been tracked, including the option to allow or limit it. Previously, many apps were able to track you in the background without your knowledge. They were able to collect vast amounts of data on you, which they could use to target you with advertising.

Along the same theme, another blow to apps such as Facebook and WhatsApp is a change in Apple's iOS 13 that will not allow messaging and calling apps to run in the background when the programs are not actively in use. Before, apps such as these were able to collect information on what you were doing on your device.

People are certainly becoming more aware of the way their data is used, following incidents such as the Cambridge Analytica scandal. In this context, many of the changes could be seen as a direct blow to Apple's rivals Google and Facebook: iOS 13 highlights their data collection practices and gives iPhone users the opportunity to stop them. In this way, it's an attack on Facebook and Google's business models. It's true: There are many apps that track you and collect data on you, and iOS 13 will affect all of these. But it is also worth considering the position that Apple holds in the market. When Apple speaks, people listen.
Forbes concludes that these features in iOS 13 "could encourage even the most apathetic Apple users to care more about their privacy."

An anonymous reader quotes a report from Ars Technica: Apple released iOS 13 with a bunch of new features. But it also released the new OS with something else: a bug disclosed seven days ago that exposes contact details without requiring a passcode or biometric identification first. Independent researcher Jose Rodriguez published a video demonstration of the flaw exactly one week ago. It can be exploited by receiving a FaceTime call and then using the voiceover feature from Siri to access the contact list. From there, an unauthorized person could get names, phone numbers, email addresses, and any other information stored in the phone's contacts list. An Apple representative told Ars the bypass will be fixed in iOS 13.1, scheduled for release on Sept. 24.

Apple's latest iPhone software, iOS 13, is now available -- but on Tuesday, you'll already be able to download the first update, iOS 13.1. And you'll be able to revitalize your iPad with Apple's software created for its tablets. From a report: Apple may be best known for its hardware, but it's really the seamless integration of its devices with its software that's set it apart from rivals. The company's ability to control every aspect of its products -- something that began when Steve Jobs and Steve Wozniak founded Apple in 1976 -- has been key in making Apple the most powerful company in tech. The company's mobile software, iOS, gets revamped every year and launches when its latest phones hit the market. Starting Tuesday, you'll also be able to download the first update to the software, as well as the new iPadOS software tailored for Apple's tablets. iOS 13 brings a dedicated dark mode, a new swipe keyboard and a revamped Photos app (complete with video editing tools). iOS 13.1 will bring bug fixes and will let you share your ETA with friends and family members through Apple Maps. Siri shortcuts can be added to automations, and you can set up triggers to run any shortcut automatically.

A scam. A publicity stunt. Premature. These are just a few of the things Chinese developers are saying about the release of Huawei's supposed secret weapon: The Ark Compiler. From a report: Developers are even claiming the program feels incomplete. The reception has been so bad that one programmer told Abacus that he wondered whether it was released just for publicity. "Maybe they're doing it to help in the PR and trade war, adding leverage against the US," said Max Zhou, co-founder of app-enhancement company MetaApp and former head of engineering at Mobike. The Ark Compiler is a key component of Huawei's new operating system, HarmonyOS. The tool is meant to allow developers to quickly port their Android apps to the new OS, ideally helping to quickly bridge the gap of app availability. It is also said to be able to improve the efficiency of Android apps, making them as smooth as apps on iOS. As of right now, though, developers say promises are too good to be true.

"Despite new initiatives by the Federal Communications Commission (FCC) and carriers, robocalls aren't on the wane," reports Forbes.

"Americans are still facing a scourge of 200 million unwanted robocalls a day, according to a report from Transaction Network Services (TNS), a major telecommunications network and services company. And nearly 30% of all U.S. calls were negative (nuisance, scam or fraud calls) in the first six months of the year, TNS said..." Nuisance calls jumped 38% from the third quarter of last year, while high-risk calls -- such as scammers targeting identity theft -- were up 28%, TNS said. And the FCC actually saw an 8% increase year-over year in consumer robocall complaints when comparing February-June 2019 to February-June 2018, as cited by TNS in the report. There is a limit to what major U.S. carriers can do. They are only a small part of the problem, TNS said. While 70% of all calls (normal calls and unwanted calls) come from major U.S. carriers, only 12% of the high-risk calls are from the big carriers. That means the problem lies with lesser-known providers...

A growing threat is robocall hijacking -- when a subscriber's number is hijacked by a bad guy -- doubling over last year's figure, TNS said. TNS estimates that 1 in 1,700 numbers were hijacked by spoofers in 28 day-period. In the last report the frequency was only 1 in 4,000. In one case of hijacking, a spoofer placed over 36,000 scam calls in a 3-day period according to the TNS report.

Another spoofing threat cited in the report is that of legitimate toll-free numbers of leading tech companies. Here, the scammer will claim there is something wrong with the victim's account at the company and try to get personal information.
You can stop getting robocalls with a "simple but very effective" solution, according to the article. Both Android and iOS phones have a "Do Not Disturb" option in Settings -- so just enable that for everyone except your own contacts.

Slashdot reader dryriver writes: A security researcher discovered that if you get your hands on someone else's iThing running iOS 13, and place a phone call to it, you can choose to respond with a TXT message, and get to see the contents of the address book on the iThing without actually getting past the lock screen...

The security researcher who found the flaw was not financially rewarded or acknowledged by Apple, but rather given the cold shoulder. The security researcher says all he'd wanted was a $1 Apple Store card to keep as a trophy, according to The Register: The procedure, demonstrated below in a video, involves receiving a call and opting to respond with a text message, and then changing the "to" field of the message, which can be accomplished via voice-over. The "to" field pulls up the owner's contacts list, thus giving an unauthorized miscreant the ability to crawl through the address book without ever needing to actually unlock the phone.
They also report that while the insecure-lock-screen iOS 13 will be officially released on September 19, a fixed version, iOS 13.1, "is due to land on September 30."

H&âOEouml;vding spent four years developing their next-generation bicycle helmet, the Metro reports: Easier to use, adjustable and enabled with Bluetooth technology, the helmet, according to H&âOEouml;vding 's CEO Frederik Carling, is the world's safest. Donning advanced airbag tech and functions such as the ability to contact next-of-kin in the event of an accident, Frederik and the team spent years surveying people to make the kit as bespoke, safe and desirable as possible. Fredrik says: "Our surveys of cyclists in seven major European cities show that 70% would cycle more if they felt safer. We have focused on this and want to contribute to greater safety."

New features include the new patented airbag, along with an upgraded battery that can last for up to 15 hours. An iOS and Android compatible app allows the company to gather data relating to where urban cyclists experience the most accidents. The result? Data that can be used to argue for more cycling infrastructure and, of course, tech that saves more lives...

When the design-savvy headgear is activated, it registers movements 200 times a second and in the event of an accident, is inflated in 0.1 seconds to enclose the head and hold the cyclist's neck in place. 185,000 cyclists currently use it, with over 4,000 saying that it had made a significant difference during close calls.

In addition to all its safety features, Carling hopes that his helmet can be used to help the environment in the long run. "Cycling may be the answer to many of the challenges relating to the environment, congestion in cities and health, and we want to take cyclist protection to the next level," he says.

Google's previewing something new in the SDK for their Dart programming language: machine learning-powered automatic code completion.

ZDNet reports: ML Complete works with the editor to offer developers completions as they type their code. It's also meant to help developers quickly explore lists of completions that are likely to be what they want next, rather than having to sort through options alphabetically. "With code completions, developers can both avoid misspellings and explore APIs by typing the beginning of expected symbols and choosing from the offered completions," explains Google project manager Michael Thomsen in his article, 'Announcing Dart 2.5: Supercharged development'.

Google's take on AI-powered code completion for Dart relies on a model trained on a large body of Dart code on GitHub. The model is powered by Google's TensorFlow Lite deep-learning framework and can predict what developers will type next as they're editing code.
ML Complete is built into the Dart analyzer, meaning the preview is available in "Dart-enabled editors" including Android Studio, IntelliJ, and VS Code.

Google is starting to make its Chrome 77 browser update available to Windows, Mac, iOS, and Android this week. While there are many visual changes to Chrome this time, Google is introducing a new send webpage to devices feature. From a report: You can right-click on a link and a new context menu will appear that simply lets you send links to other devices where you use Chrome. If you're using Chrome on iOS you'll need to have the app open and a small prompt will appear to accept the sent tab. The feature has started showing up on Windows, Android, and iOS versions of Chrome, but it doesn't appear to be enabled in the macOS variant just yet. Chrome has long supported the ability to browse your open and recent tabs across multiple devices, but this send to device feature just makes things a little quicker if you're moving from browsing on a PC or laptop to a phone or vice versa.

An anonymous reader shares a report: Apple's extended warranty, AppleCare+, has always covered iOS and Apple Watch devices for a total of two years. But after its iPhone 11 event, the company quietly introduced a new option that basically turns AppleCare+ into a full-on monthly subscription, allowing consumers to continue paying beyond the regular coverage period and keep going for as long as Apple is able to service their product. The change was spotted by 9to5Mac. Apple had already offered monthly installments for AppleCare+, but that was only an alternative to paying a lump sum for the same two-year coverage total. And it seems Apple has now eliminated this payment option. With the new approach, Apple uses the pretty clear wording of "pay monthly until canceled." As 9to5Mac notes, you'd end up paying more through the monthly option for the standard 24 months of coverage than if you just opted to buy that length of time outright. The new subscription is really best for people who plan to hold on to their gadgets for several years.

An anonymous reader shares a report: When Microsoft bought 6Wunderkinder, the developer of Wunderlist, in 2015, officials said they planned to shut down that task-management app at some point and replace it with its own To Do app. That move still hasn't happened. But this week, Microsoft is rolling out a redesign of To Do that attempts to make it look more like Wunderlist. On September 9, Microsoft introduced the redesigned To Do, which has smaller headers and more colors. The app is more customizable now with a variety of backgrounds, "including the beloved Berlin TV tower that was a feature in Wunderlist." The app can sync across Mac, iOS, Android, Windows and the Web. And it integrates with Microsoft work or school email accounts; hosted email accounts like Outlook, Hotmail or Live; Microsoft Planner; and Microsoft Launcher on Android. Just so it happens, last week Wunderlist founder Christian Reber said that he'd like to buy Wunderlist back from Microsoft. Today he tweeted "GREAT timing," in regards to Microsoft's To Do makeover.

Last week, Apple published a statement in which it disputed Google's Project Zero team's findings about the worst iOS attack in history. Alex Stamos, adjunct professor at Stanford University's Center for International Security and Cooperation and former CSO at Facebook, writes on Twitter: Apple's response to the worst known iOS attack in history should be graded somewhere between "disappointing" and "disgusting". First off, disputing Google's correct use of "indiscriminate" when describing a watering hole attack smacks of "it's ok, it didn't hit white people." The use of multiple exploits against an oppressed minority in an authoritarian state makes the likely outcomes *worse* than the Huffington Post example a former Apple engineer posited. It is possible that this data contributed to real people being "reeducated" or even executed. Even if we accept Apple's framing that exploiting Uyghurs isn't as big a deal as Google makes it out to be, they have no idea whether these exploits were used by the PRC in more targeted situations. Dismissing such a possibility out of hand is extremely risky.

Second, the word "China" is conspicuously absent, once again demonstrating the value the PRC gets from their leverage over the world's most valuable public company. To be fair, Google's post also didn't mention China. Their employees likely leaked attribution on background. Third, the pivot to Apple's arrogant marketing is not only tone-deaf but really rings hollow to the security community when Google did all the heavy lifting here. I'm guessing we won't hear Tim talk about how they are going to do better on stage next week. Dear Apple employees: I have worked for companies that took too long to publicly address their responsibilities. This is not a path you want to take. Apple does some incredible security work, but this kind of legal/comms driven response can undermine that work. Demand better. Michael Tsai raises further questions about the way Apple framed its statement: "A blog," rather than "a blog post"? I love how Apple is subtly trying to discredit Project Zero by implying that it's a mere blog. And let's be sure everyone knows it's affiliated with Google, the privacy bad guys, even though it's a responsible, technically focused group. Apple says: "First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones 'en masse' as described."
Project Zero literally referred to "a small collection of hacked websites" that received "receive thousands of visitors per week." And it does seem like a particular subpopulation was targeted "en masse." The sites in question were on the public Internet; it wasn't links being sent to target particular individuals. Apple is blaming the messenger for things it didn't even say.

Apple adds: "The attack affected fewer than a dozen websites that focus on content related to the Uighur community."
Oh, I get it. Most people would consider "fewer than a dozen" to be "a small collection." But in Apple-speak, there were "a small number" of corrupt App Store binaries causing crashes, and "a small number" of MacBook Pro users experiencing butterfly keyboard problems, not to be confused with the "very small number" of iPhones that unexpectedly shut down. So, yeah, I can see why Apple wants people to know that this "small collection" doesn't mean "millions." Although there are apparently 10 million Uigurs in China. Apple adds: "Google's post, issued six months after iOS patches were released[...] It's great that Project Zero reported this in a responsible way, because now we can downplay it as old news.

An anonymous reader shares a report: Apple Music doesn't work on traditional Linux distributions like Ubuntu or Fedora. It does, however, work on Windows, macOS, iOS, and Android. Chromebook users can take advantage of the Apple Music Android app from the Play Store. Traditional Linux users, however, are sadly left out of the party. This week, this changes, as Apple Music finally comes to the web -- in beta. This is something many other streaming music services, such as Spotify and Google, already offer. Better late than never, eh? This means traditional Linux users can finally enjoy Apple Music by simply visiting a website.