A Microsoft spokesman says that a 2009 European Commission agreement prevents the company from restricting third-party access to Windows' core functions, shedding light on factors contributing to Friday's widespread outage that affected millions of computers globally. The disruption, which caused the infamous "blue screen of death" on Windows machines across various industries, originated from a faulty update by cybersecurity firm CrowdStrike. The incident highlighted the vulnerability of Microsoft's open ecosystem, mandated by the EU agreement, which requires the tech giant to provide external security software developers the same level of system access as its own products. This policy stands in stark contrast to more closed systems like Apple's.

A ransomware attack has taken down the computer system of America's largest trial court, reports the Associated Press: The cybersecurity attack began early Friday and is not believed to be related to the faulty CrowdStrike software update that has disrupted airlines, hospitals and governments around the world, officials said in a statement Friday. The court disabled its computer network systems upon discovery of the attack, and it will remain down through at least the weekend.
Friday's statement called it "a serious security event," adding that the court is receiving help from local, state, and federal law enforcement agencies. "At this time, the preliminary investigation shows no evidence of court users' data being compromised." Over the past few years, the Court has invested heavily in its cybersecurity operations, modernizing its cybersecurity infrastructure and making strategic staff investments in the Cybersecurity Division within Court Technology Services. As a result of this investment, the Court was able to quickly detect an intrusion and address it immediately.

Due to the ongoing nature of the investigation, remediation, and recovery, the Court will not comment further until additional information is available for public release.
Sunday the Court posted on X.com that they're "working diligently to get the Court's network systems back up and running...

"When we have a better understanding of the extent to which the Court will be operational tomorrow, July 22, we will provide information and direction to court users and jurors, likely later this evening."

The BBC reports that "while most of the world was grappling with the blue screen of death on Friday," there was one country that managed to escape largely unscathed: China. The reason is actually quite simple: CrowdStrike is hardly used there. Very few organisations will buy software from an American firm that, in the past, has been vocal about the cyber-security threat posed by Beijing. Additionally, China is not as reliant on Microsoft as the rest of the world. Domestic companies such as Alibaba, Tencent and Huawei are the dominant cloud providers.

So reports of outages in China, when they did come, were mainly at foreign firms or organisations. On Chinese social media sites, for example, some users complained they were not able to check into international chain hotels such as Sheraton, Marriott and Hyatt in Chinese cities. Over recent years, government organisations, businesses and infrastructure operators have increasingly been replacing foreign IT systems with domestic ones. Some analysts like to call this parallel network the "splinternet".

"It's a testament to China's strategic handling of foreign tech operations," says Josh Kennedy White, a cybersecurity expert based in Singapore. "Microsoft operates in China through a local partner, 21Vianet, which manages its services independently of its global infrastructure. This setup insulates China's essential services — like banking and aviation — from global disruptions."
"Beijing sees avoiding reliance on foreign systems as a way of shoring up national security."

Thanks to long-time Slashdot reader hackingbear for sharing the article.

The Verge reports that for machines that aren't automatically receiving Crowdstrike's newly-released software fix, Microsoft has released a recovery tool that creates a bootable USB drive. Some IT admins have reported rebooting PCs multiple times will get the necessary update, but for others the only route is having to manually boot into Safe Mode and deleting the problematic CrowdStrike update file. Microsoft's recovery tool now makes this recovery process less manual, by booting into its Windows PE environment via USB, accessing the disk of the affected machine, and automatically deleting the problematic CrowdStrike file to allow the machine to boot properly. This avoids having to boot into Safe Mode or a requirement of admin rights on the machine, because the tool is simply accessing the disk without booting into the local copy of Windows. If a disk is protected by BitLocker encryption, the tool will prompt for the BitLocker recovery key and then continue to fix the CrowdStrike update.

SolarWinds still faces some legal action over its infamous 2020 breach, reports NextGov.com. But a U.S. federal judge has dismissed most of the claims from America's Securities and Exchange Commission, which "alleged the company defrauded investors because it deliberately hid knowledge of cyber vulnerabilities in its systems ahead of a major security breach discovered in 2020."

Slashdot reader krakman shares this report from the Washington Post: "The SEC's rationale, under which the statute must be construed to broadly cover all systems public companies use to safeguard their valuable assets, would have sweeping ramifications," [judge] Engelmayer wrote in a 107-page decision. "It could empower the agency to regulate background checks used in hiring nighttime security guards, the selection of padlocks for storage sheds, safety measures at water parks on whose reliability the asset of customer goodwill depended, and the lengths and configurations of passwords required to access company computers," he wrote. The federal judge also dismissed SEC claims that SolarWinds' disclosures after it learned its customers had been affected improperly covered up the gravity of the breach...

In an era when deeply damaging hacking campaigns have become commonplace, the suit alarmed business leaders, some security executives and even former government officials, as expressed in friend-of-the-court briefs asking that it be thrown out. They argued that adding liability for misstatements would discourage hacking victims from sharing what they know with customers, investors and safety authorities. Austin-based SolarWinds said it was pleased that the judge "largely granted our motion to dismiss the SEC's claims," adding in a statement that it was "grateful for the support we have received thus far across the industry, from our customers, from cybersecurity professionals, and from veteran government officials who echoed our concerns."
The article notes that as far back as 2018, "an engineer warned in an internal presentation that a hacker could use the company's virtual private network from an unauthorized device and upload malicious code. Brown did not pass that information along to top executives, the judge wrote, and hackers later used that exact technique." Engelmayer did not dismiss the case entirely, allowing the SEC to try to show that SolarWinds and top security executive Timothy Brown committed securities fraud by not warning in a public "security statement" before the hack that it knew it was highly vulnerable to attacks.

The SEC "plausibly alleges that SolarWinds and Brown made sustained public misrepresentations, indeed many amounting to flat falsehoods, in the Security Statement about the adequacy of its access controls," Engelmayer wrote. "Given the centrality of cybersecurity to SolarWinds' business model as a company pitching sophisticated software products to customers for whom computer security was paramount, these misrepresentations were undeniably material."

A new report "explores the current state of secure software development," according to an announcement from the Linux Foundation, "and underscores the urgent need for formalized industry education and training programs," noting that many developers "lack the essential knowledge and skills to effectively implement secure software development."

The report analyzes a survey of nearly 400 software development professionals performed by and the Open Source Security Foundation (OpenSSF) and Linux Foundation Research: Survey findings outlined in the report show nearly one-third of all professionals directly involved in development and deployment — system operations, software developers, committers, and maintainers — self-report feeling unfamiliar with secure software development practices. This is of particular concern as they are the ones at the forefront of creating and maintaining the code that runs a company's applications and systems.

"Time and again we've seen the exploitation of software vulnerabilities lead to catastrophic consequences, highlighting the critical need for developers at all levels to be armed with adequate knowledge and skills to write secure code," said David A. Wheeler, director of open source supply chain security for the Linux Foundation. "Our research found that a key challenge is the lack of education in secure software development. Practitioners are unsure where to start and instead are learning as they go. It is clear that an industry-wide effort to bring secure development education to the forefront must be a priority." OpenSSF offers a free course on developing secure software (LFD121) and encourages developers to start with this course.

Survey results indicate that the lack of security awareness is likely due to most current educational programs prioritizing functionality and efficiency while often neglecting essential security training. Additionally, most professionals (69%) rely on on-the-job experience as a main learning resource, yet it takes at least five years of such experience to achieve a minimum level of security familiarity.
"The top reason (44%) for not taking a course on secure software development is lack of knowledge about a good course on the topic," according to the announcement — which includes this follow-up quote from Intel's Christopher Robinson (co-chair of the OpenSSF Education SIG).

"Based on these findings, OpenSSF will create a new course on security architecture which will be available later this year which will help promote a 'security by design' approach to software developer education."

"Many people over the past few days have been lashing out at Mozilla," writes the blog Its FOSS, "for enabling Privacy-Preserving Attribution by default on Firefox 128, and the lack of publicity surrounding its introduction."

Mozilla responded that the feature will only run "on a few sites in the U.S. under strict supervision" — adding that users can disable it at any time ("because this is a test"), and that it's only even enabled if telemetry is also enabled.

And they also emphasize that it's "not tracking." The way it works is there's an "aggregation service" that can periodically send advertisers a summary of ad-related actions — again, aggregated data, from a mass of many other users. (And Mozilla says that aggregated summary even includes "noise that provides differential privacy.") This Privacy-Preserving Attribution concept "does not involve sending information about your browsing activities to anyone... Advertisers only receive aggregate information that answers basic questions about the effectiveness of their advertising."

More from It's FOSS: Even though Mozilla mentioned that PPA would be enabled by default on Firefox 128 in a few of its past blog posts, they failed to communicate this decision clearly, to a wider audience... In response to the public outcry, Firefox CTO, Bobby Holley, had to step in to clarify what was going on.

He started with how the internet has become a massive cesspool of surveillance, and doing something about it was the primary reason many people are part of Mozilla. He then expanded on their approach with Firefox, which, historically speaking, has been to ship a browser with anti-tracking features baked in to tackle the most common surveillance techniques. But, there were two limitations with this approach. One was that advertisers would try to bypass these countermeasures. The second, most users just accept the default options that they are shown...

Bas Schouten, Principal Software Engineer at Mozilla, made it clear at the end of a heated Mastodon thread that "[opt-in features are] making privacy a privilege for the people that work to inform and educate themselves on the topic. People shouldn't need to do that, everyone deserves a more private browser. Privacy features, in Firefox, are not meant to be opt-in. They need to be the default.

"If you are 'completely anti-ads' (i.e. even if their implementation is private), you probably use an ad blocker. So are unaffected by this."
This has already provoked a discussion among Slashdot readers. "It doesn't seem that evil to me," argues Slashdot reader geekprime. "Seems like the elimination of cross site cookies is a privacy enhancing idea." (They cite Mozilla's statement that their goal is "to inform an emerging Web standard designed to help sites understand how their ads perform without collecting data about individual people. By offering sites a non-invasive alternative to cross-site tracking, we hope to achieve a significant reduction in this harmful practice across the web.")

But Slashdot reader TheNameOfNick disagrees. "How realistic is the part where advertisers stop tracking you because they get less information from the browser maker...?"

Mozilla has provided simple instructions for disabling the feature:

• Click the menu button and select Settings.
• In the Privacy & Security panel, find the Website Advertising Preferences section.
• Uncheck the box labeled Allow websites to perform privacy-preserving ad measurement.

Shares of cybersecurity company CrowdStrike Holdings dropped 15% on Friday after the company's software update resulted in what may turn out to be the largest IT outage ever. CrowdStrike stock "is on pace for its steepest daily loss since November 2022 and its $290 low share price is the lowest intraday mark since April 25," reports Forbes. "CrowdStrike is on track for the third-worst day in its five-year history as a publicly traded company." From the report: Microsoft, which was swept up in the outage as the downed systems are those running CrowdStrike's cybersecurity applications and Microsoft's Windows software, also slumped, with its shares down about 1% to the $3.2 trillion behemoth's lowest share price since June 11. CrowdStrike competitor Palo Alto Networks enjoyed a 4% rally Friday, while the tech-heavy Nasdaq Composite stock index gained about 0.2%, held up by the likes of Microsoft rival Apple's 1% stock gain and a 1% rise for shares of Alphabet, which is reportedly in talks to buy cybersecurity firm Wiz for $23 billion.

The CrowdStrike selloff is "an overreaction to a temporary setback," Rosenblatt analyst Catharine Trebnick wrote in a note to clients Friday. It's a "compelling buying opportunity" as it "creates a window for investors to buy into a high-quality, growth-oriented cybersecurity company at a discounted valuation," Trebnick continued. To her point, CrowdStrike stock's relative valuation, according to its price-to-earnings ratio (P/E), which compares its market value to its projected profits over the next four quarters, fell Friday to its lowest number since April. Still, CrowdStrike's P/E of about 70 is very high for a company of its size, meaning investors will need to express significant confidence in the business' ability to grow earnings, a challenge if Friday's incident were to impact CrowdStrike's client base.

OpenAI escaped a copyright lawsuit from a group of open-source programmers after they voluntarily dismissed their case against the company in federal court. From a report: The programmers, who allege the generative AI programming tool Copilot was trained on their code without proper attribution, filed their notice of voluntary dismissal Thursday, but will still have their case against GitHub and parent company Microsoft, which collaborated with OpenAI in developing the tool. The proposed class action filed in 2022 in the US District Court for the Northern District of California was the first major copyright case against OpenAI, which has since been hit with numerous lawsuits from authors and news organizations including the New York Times.

Oracle agreed to pay $115 million to settle a lawsuit accusing the database software and cloud computing company of invading people's privacy by collecting their personal information and selling it to third parties. Reuters: The plaintiffs, who otherwise have no connection to Oracle, said the company violated federal and state privacy laws and California's constitution by creating unauthorized "digital dossiers" for hundreds of millions of people. They said the dossiers contained data including where people browsed online, and where they did their banking, bought gas, dined out, shopped and used their credit cards. Oracle then allegedly sold the information directly to marketers or through products such as ID Graph, which according to the company helps marketers "orchestrate a relevant, personalized experience for each individual."

Russian officials boasted on Friday that Moscow was spared the impact of the global IT systems outage because of its increased self-sufficiency after years of Western sanctions, though some experts said Russian systems could still be vulnerable. From a report: Microsoft and other IT firms have suspended sales of new products in Russia and have been scaling down their operations in line with sanctions imposed over Russia's war in Ukraine, which Moscow describes as a special military operation. The Kremlin, along with companies from state nuclear giant Rosatom, which operates all of Russia's nuclear plants, to major lenders and airlines, reported no glitches amid the outage that affected international companies across the globe. "The situation once again highlights the significance of foreign software substitution," Russia's digital development ministry said. Russian financial and currency markets also ran smoothly.

The demand for software developers has declined sharply from the peak seen in 2021 and 2022, according to independent analysis by job portal Indeed and research firm ADP, reflecting a broader slowdown in high-paying white-collar job opportunities across tech, marketing, and finance sectors. Nick Bunker, an economist at Indeed, identified these positions as the labor market's current weak point. The shift follows a period of intense recruitment during the pandemic, when tech workers could command premium salaries.

ADP Research adds: Employment of software developers in fact has been slowing since 2020, the year pandemic lockdowns first hit the United States. In January 2024, the U.S. employed fewer software developers than it did six years ago. [...]

The ADP Research Institute tracked employees at 6,500 companies, including more than 75,000 software developers and engineers in 10 industries, between January 2018 and January 2024. Using this data, we built an index to track the employment of software developers beginning in January 2018.

Developer employment grew from January 2018 to November 2019, then began to fall. The index dropped sharply in January 2022 (down 4.6 percentage points), May 2022 (down 3.5 percentage points), and January 2023 (down 3.4 percentage points). Despite intermediate increases in August 2021 and October 2022, the developer employment index has been falling since 2020.

A widespread IT outage, caused by a defective software update from cybersecurity firm CrowdStrike, is affecting businesses worldwide, causing significant disruptions across various sectors. The issue has primarily impacted computers running Windows, resulting in system crashes and "blue screen of death" errors. The travel industry appears to be among the hardest hit, with airlines and airports in multiple countries reporting problems with check-in and ticketing systems, leading to flight delays. Other affected sectors include banking, retail, and healthcare.

CrowdStrike CEO George Kurtz confirmed the outage was due to a "defect" in a content update for Windows hosts, ruling out a cyberattack. The company is working on a fix. CrowdStrike said the crash reports were "related to the Falcon Sensor" -- its cloud-based security service that it describes as "real-time threat detection, simplified management, and proactive threat hunting."

A Microsoft spokesperson told TechCrunch that the previous Microsoft 365 service disruption overnight July 18-19 was unrelated to the widespread outage triggered by the CrowdStrike update.

Editor's note: The story has been updated throughout the day and moved higher on the front page.

An anonymous reader quotes a report from The Record: When Florida real estate professional Susan Hicks discovered the app Forewarn over a year ago, she was shocked to learn that for a service costing about $20 a month she could instantly retrieve detailed data on prospective clients with only their phone number. "For anybody who's had exposure to this, usually the first time they see it, it blows their mind," Hicks told Recorded Future News, adding that she enthusiastically recommends the tool to the brokers she manages. "It's incredible that there's that amount of information out there that you can just access with one click." "It can be real creepy and you have to swear that you're not going to use it in a wrong manner," Hicks added, referring to Forewarn rules which say real estate agents can't share data from the app publicly or with third parties, or use the app to pull information on non-professional contacts.

Forewarn is primarily marketed to and used by the real estate industry, and it has been penetrating that market at a rapid clip. Although some real estate agents say the financial information it returns saves time when finding clients most likely to have the budget for the houses they're looking at, most agents and associations tout it primarily as a safety tool because it also supplies criminal records. In addition to those records, the product -- owned by the data broker red violet -- also supplies a given individual's address history; phone, vehicle and property records; bankruptcies; and liens and judgements, including foreclosure histories. Although such data could generally be gleaned from public records, Forewarn delivers it at the press of a button -- a function real estate agents say allows them to gather publicly available information without having to visit courthouses and municipal offices, a process which would normally take days.

The power of Forewarn's technology has led to rapid adoption, but the company is still largely unknown outside the real estate industry. Several fair housing and civil rights advocates interviewed by Recorded Future News weren't aware of its existence. The individuals whose data it sells also have no idea their information is being shared with real estate agents, who potentially might choose not to work with them because of what they discover on the app. Forewarn did not respond to multiple requests for comment, however, statements made by one of its executives suggest that the company intentionally keeps a low profile. "Do not tell the prospect that they are not permitted or unqualified to purchase or sell property because of information you obtained from Forewarn," a company executive said at a recent training webinar with Illinois real estate agents. She emphasized that potential buyers "do not get notified" when they are screened with the app, a question she said many real estate agents ask. Real estate agents who, for example, discover a client has a lien filed against them, should consider telling the prospect they "obtained this information from a confidential service that bases their information on available public record information," the executive added.

The FBI was given access to unreleased technology to access the phone of the man identified as the shooter of former President Donald Trump, Bloomberg reported late Thursday, citing people familiar with the investigation. From the report: As the FBI struggled to gain access on Sunday morning to the phone, they appealed directly to Cellebrite, a digital intelligence company founded in Israel that supplies technology to several US federal agencies, according to the people, who requested anonymity to speak freely about the case.

FBI agents wanted to pull data from the device to help decipher his motives for the shooting at a rally in Bethel Park, Pennsylvania, where Trump suffered an injured ear and a spectator was killed. Authorities have identified the deceased shooter as Thomas Matthew Crooks. The local FBI bureau in Pittsburgh held a license for Cellebrite software, which lets law enforcement identify or bypass a phone's passcode. But it didn't work with Crooks' device, according to the people, who said the deceased shooter owned a newer Samsung model that runs Android's operating system. The agents called Cellebrite's federal team, which liaises with law enforcement and government agencies, according to the people. Within hours, Cellebrite transferred to the FBI in Quantico, Virginia, additional technical support and new software that was still being developed. The details about the unsuccessful initial attempt to access the phone, and the unreleased software, haven't been previously reported.

RealPage says it isn't doing anything wrong by suggesting to landlords how much rent they could charge. From a report: In a move to reclaim its own narrative, the property management software company published a microsite and a digital booklet it's calling "The Real Story," as it faces multiple lawsuits and a reported federal criminal probe related to allegations of rental price fixing. RealPage's six-page digital booklet, published on the site in mid-June, addresses what it calls "false and misleading claims about its software" -- the myriad of allegations it faces involving price-fixing and rising rents -- and contends that the software benefits renters and landlords and increases competition. It also said landlords accept RealPage's price recommendations for new leases less than 50 percent of the time and that the software recommends competitive prices to help fill units.

[...] But landlords are left without concrete answers, as questions around the legality of this software are ongoing as they continue renting properties. "I don't think we're seeing this as a RealPage issue but rather as a revenue management software issue," says Alexandra Alvarado, the director of marketing and education at the American Apartment Owners Association, the largest association of landlords in the US. Alvarado says some landlords are taking pause and asking questions before using the tech.

The U.S. Commerce Department plans to issue proposed rules on connected vehicles next month and expects to impose limits on some software made in China and other countries deemed adversaries, a senior official said Tuesday. From a report: "We're looking at a few components and some software - not the whole car - but it would be some of the key driver components of the vehicle that manage the software and manage the data around that car that would have to be made in an allied country," said export controls chief Alan Estevez at a forum in Colorado.

In May, Commerce Secretary Gina Raimondo said her department planned to issue proposed rules on Chinese-connected vehicles this autumn and had said the Biden administration could take "extreme action" and ban Chinese-connected vehicles or impose restrictions on them after the Biden administration in February launched a probe into whether Chinese vehicle imports posed national security risks.

GitLab, a U.S. provider of cloud-based software development tools whose investors include Google parent Alphabet, is exploring a sale after attracting acquisition interest, Reuters is reporting. From the report: GitLab, which has a market value of about $8 billion, is working with investment bankers on a sale process that has attracted interest from peers, including cloud monitoring firm Datadog, the sources said. Any deal is still weeks away and no agreement is certain, the sources said, requesting anonymity because the matter is confidential.

Ashley Belanger reports via Ars Technica: Google tried to derail a Microsoft antitrust settlement over anticompetitive software licensing in the European Union by offering a $500 million alternative deal to the group of cloud providers behind the EU complaint, Bloomberg reported. According to Bloomberg, Google's offer to the Cloud Infrastructure Services Providers in Europe (CISPE) required that the group maintain its EU antitrust complaint. It came "just days" before CISPE settled with Microsoft, and it was apparently not compelling enough to stop CISPE from inking a deal with the software giant that TechCrunch noted forced CISPE to accept several compromises.

Bloomberg uncovered Google's attempted counteroffer after reviewing confidential documents and speaking to "people familiar with the matter." Apparently, Google sought to sway CISPE with a package worth nearly $500 million for more than five years of software licenses and about $15 million in cash. But CISPE did not take the bait, announcing last week that an agreement was reached with Microsoft, seemingly frustrating Google. CISPE initially raised its complaint in 2022, alleging that Microsoft was "irreparably damaging the European cloud ecosystem and depriving European customers of choice in their cloud deployments" by spiking costs to run Microsoft's software on rival cloud services. In February, CISPE said that "any remedies and resolution must apply across the sector and to be accessible to all cloud customers in Europe." They also promised that "any agreements will be made public."

But the settlement reached last week excluded major rivals, including Amazon, which is a CISPE member, and Google, which is not. And despite CISPE's promise, the terms of the deal were not published, apart from a CISPE blog roughly outlining central features that it claimed resolved the group's concerns over Microsoft's allegedly anticompetitive behaviors. What is clear is that CISPE agreed to drop their complaint by taking the deal, but no one knows exactly how much Microsoft paid in a "lump sum" to cover CISPE legal fees for three years, TechCrunch noted. However, "two people with direct knowledge of the matter" told Reuters that Microsoft offered about $22 million.

An anonymous reader quotes a report from TechCrunch: Apple's practice of leveraging ideas from its third-party developer community to become new iOS and Mac features and apps has a hefty price tag, a new report indicates. Ahead of its fall release, you can download the public beta for iOS 18 right now to get a firsthand look at Apple's changes, which may affect apps that today have an estimated $393 million in revenue and have been downloaded roughly 58 million times over the past year, according to an analysis by app intelligence firm Appfigures. Every June at Apple's Worldwide Developers Conference, the iPhone maker teases the upcoming releases of its software and operating systems, which often include features previously only available through third-party apps. The practice is so common now it's even been given a name: "sherlocking" -- a reference to a 1990s search app for Mac that borrowed features from a third-party app known as Watson. Now when Apple launches a new feature that was before the domain of a third-party app, it's said to have "sherlocked" the app. [...]

In an analysis of third-party apps that generated more than 1,000 downloads per year, Appfigures discovered several genres that had found themselves in Apple's crosshairs in 2024. In terms of worldwide gross revenue, these categories have generated significant income over the past 12 months, with the trail app category making the most at $307 million per year, led by market leader and 2023 Apple "App of the Year" AllTrails. Grammar helper apps, like Grammarly and others, also generated $35.7 million, while math helpers and password managers earned $23.4 million and $20.3 million, respectively. Apps for making custom emoji generated $7 million, too. Of these, trail apps accounted for the vast majority of "potentially sherlocked" revenue, or 78%, noted Appfigures, as well as 40% of downloads of sherlocked apps. In May 2024, they accounted for an estimated $28.8 million in gross consumer spending and 2.5 million downloads, to give you an idea of scale.

Many of these app categories were growing quickly, with math solvers having seen revenue growth of 43% year-over-year followed by grammar helpers (+40%), password managers (+38%) and trail apps (+28%). Emoji-making apps, however, were seeing declines at -17% year-over-year. By downloads, grammar helpers had seen 9.4 million installs over the past 12 months, followed by emoji makers (10.6 million), math-solving apps (9.5 million) and password managers (457,000 installs). "Although these apps certainly have dedicated user bases that may not immediately choose to switch to a first-party offering, Apple's ability to offer similar functionality built-in could be detrimental to their potential growth," concludes TechCrunch's Sarah Perez. "Casual users may be satisfied by Apple's 'good enough' solutions and won't seek out alternatives."