During the Epic v. Apple trial, an email chain surfaced that reveals Apple seemingly admitted "it manually boosted the ranking of its own Files app ahead of the competition for 11 entire months," reports The Verge. This comes after two monstrous reports by The Wall Street Journal and The New York Times showed Apple's App Store clearly and consistently ranking its own apps ahead of competitors. Apple claimed it had done nothing wrong. The Verge reports: "We are removing the manual boost and the search results should be more relevant now," wrote Apple app search lead Debankur Naskar, after the company was confronted by Epic Games CEO Tim Sweeney over Apple's Files app showing up first when searching for Dropbox. "Dropbox wasn't even visible on the first page [of search results]," Sweeney wrote. As you'll see, Naskar suggested that Files had been intentionally boosted for that exact search result during the "last WWDC." That would have been WWDC 2017, nearly a year earlier, when the Files apps first debuted. The email chain actually reflects fairly well on Apple overall. Apple's Matt Fischer (VP of the App Store) clearly objects to the idea at first. "[W]ho green lit putting the Files app above Dropbox in organic search results? I didn't know we did that, and I don't think we should," he says. But he does end the conversation with "In the future, I want any similar requests to come to me for review/approval," suggesting that he's not entirely ruling out manual overrides. But Apple tells The Verge that what we think we're seeing in these emails isn't quite accurate. While Apple didn't challenge the idea that Files was unfairly ranked over Dropbox, the company says the reality was a simple mistake: the Files app had a Dropbox integration, so Apple put "Dropbox" into the app's metadata, and it was automatically ranked higher for "Dropbox" searches as a result. I'm slightly skeptical of that explanation -- partially because it doesn't line up with what Naskar suggests in the email, partially because Apple also told me it immediately fixed the error (despite it apparently continuing to exist for 11 months, hardly immediate), and partially because the company repeatedly ignored my questions about whether this has ever happened with other apps before. The most Apple would tell me is that it didn't manually boost Files over competitors, and that "we do not advantage our apps over those of any developer or competitor" as a general rule.

Read more of this story at Slashdot.

Apple's text selection magnifying glass has reappeared in the iOS 15 beta, and Apple's own site confirms its return by listing it as a feature. The Verge reports: Bringing the feature back is a reversal from when Apple made the decision to dump it in iOS 13, which is a bit of a rare occurrence... The new version of the text magnifier seems to be a bit smaller than the old one (in case you've forgotten what it used to look like, you can see a great demonstration here), but it's at least better than the nothing that appears in iOS 13 and 14. It will, at the very least, solve the biggest problem with the current selection system: that your thumb is covering the text you're trying to select, which makes it a little difficult to see what's being selected until you pick your thumb up from the screen. Then, if you're like me, you'll probably sigh seeing that the wrong thing is selected, then struggle with the text selection handles to try to highlight what you were actually going for (squinting at the small screen the whole time).

Read more of this story at Slashdot.

An early look at an ongoing analysis of Apple's App Tracking Transparency suggests that the vast majority of iPhone users are leaving app tracking disabled since the feature went live on April 26 with the release of iOS 14.5. MacRumors reports: According to the latest data from analytics firm Flurry, just 4% of iPhone users in the U.S. have actively chosen to opt into app tracking after updating their device to iOS 14.5. The data is based on a sampling of 2.5 million daily mobile active users. When looking at users worldwide who allow app tracking, the figure rises to 12% of users in a 5.3 million user sample size. With the release of iOS 14.5, apps must now ask for and receive user permission before they can access a device's random advertising identifier, which is used to track user activity across apps and websites. Users can either enable or disable the ability for apps to ask to track them. Apple disables the setting by default. Since the update almost two weeks ago, Flurry's figures show a stable rate of app-tracking opt-outs, with the worldwide figure hovering between 11-13%, and 2-5% in the U.S. The challenge for the personalized ads market will be significant if the first two weeks end up reflecting a long-term trend.

Read more of this story at Slashdot.

On iOS, Apple wants all the browsers to run WebKit. Even Google Chrome is forced to use WebKit on iOS devices. Alex Russel, Google's engineer, in a blog post outlines his case: Apple's iOS browser (Safari) and engine (WebKit) are uniquely under-powered. Consistent delays in the delivery of important features ensure the web can never be a credible alternative to its proprietary tools and App Store. Alex has cited an example of this by mentioning Stadia and other cloud gaming services. Apple did not allow those services to be available on the App Store and pushed them to use the web instead, which requires Apple to allow gamepad APIs so controllers can be used with these new web apps. That is a function that other browsers have offered for a long time except on iOS. He writes: Suppose Apple had implemented WebRTC and the Gamepad API in a timely way. Who can say if the game streaming revolution now taking place might have happened sooner? It's possible that Amazon Luna, NVIDIA GeForce NOW, Google Stadia, and Microsoft xCloud could have been built years earlier. It's also possible that APIs delivered on every other platform, but not yet available on any iOS browser (because Apple), may hold the key to unlocking whole categories of experiences on the web. Blog WCCFTech adds: Alex has also talked about how iOS browsers are underpowered in several other places compared to the competition. For starters, iOS browsers lack push notifications, standardized Progressive Web App (PWA) install buttons, background sync, and numerous other tools that make it easier for developers to make fully functional web apps. Access to hardware such as Bluetooth, USB, and NFC are also not easily available. Last but not least, the royalty-free AV1 standard is also not available.

Read more of this story at Slashdot.

Apple on Monday released iOS 14.5, which bring a range of new features to iPhone, including the ability to unlock iPhone with Apple Watch while wearing a face mask, more diverse Siri voices, new privacy controls, skin tone options to better represent couples in emoji, and much more. iOS 14.5 builds on the reimagined iPhone experience introduced in iOS 14, and is available today as a free software update. Regarding the new privacy controls, Apple has described it as: App Tracking Transparency requires apps to get the user's permission before tracking their data across apps or websites owned by other companies for advertising, or sharing their data with data brokers. Apps can prompt users for permission, and in Settings, users will be able to see which apps have requested permission to track so they can make changes to their choice at any time.

Read more of this story at Slashdot.

iOS 14 has brought several new privacy features, and there are more to come with App Tracking Transparency -- which will let users opt out of being tracked by apps. From a report: As the launch of this new option approaches, Apple has begun to reject apps using third-party SDKs that collect user data without consent. Developers can implement some SDKs that help them track users by a method called "device fingerprinting," which uses multiple attributes such as the device model, IP address, and other data to identify a person across the internet. Apps often use this data for deep analysis about their audience or to sell advertisements. While tracking the user is not exactly illegal, Apple wants to put an end to apps that do this without explicit consent. As noted by analyst Eric Seufert, the company is now rejecting any apps using the Adjust SDK, which is one of those SDKs that provides device fingerprinting. There would be no problem for these developers if the Adjust SDK complied with Apple's new privacy guidelines, but this doesn't seem to be the case. Seufert detailed to 9to5Mac that the Adjust SDK not only doesn't have an option for users to opt out of being tracked, but has also been suggesting alternatives for developers to continue tracking users once Apple enables App Tracking Transparency. Snap has explored how it can circumvent new privacy rules for iPhones, Financial Times reported Friday.

Read more of this story at Slashdot.

In 2019 Purism launched a suite of privacy-protecting, no-tracking apps and services named Librem One. And it included an encrypted, no-logging, virtual private network tunnel named Librem Tunnel. Unfortunately, "Recently we've been forced to remove Librem Tunnel from iOS due to their unfair policies," explains a post this week on Purism's blog: Apple's policy is that applications that make in-app purchases or offer subscriptions using Apple's payment platform pay Apple 30% of their revenue. The justification behind that fee is that companies are benefiting from all of the work Apple has put into its payments platform and so the fee helps them maintain that payments infrastructure while saving app developers from having to implement their own payment or subscription infrastructure... Recently our VPN endpoints have changed, which required us to update the Librem Tunnel application. Unfortunately our attempts to push an update were blocked, because Apple saw that the application was a VPN, which flagged it to check whether it was a subscription service (which VPNs frequently are). Even though Librem Tunnel is just part of the overall Librem One offering, because it's part of a subscription service, Apple is requiring us to add the ability to sign up and pay for Librem One subscriptions within the Librem Tunnel app before they will allow updated versions into the App Store. Why are they making that requirement even though we already have our own independent payment infrastructure? Because once that app allows in-app purchases, Apple can then automatically take their 30% cut. We do not accept these kinds of monopolistic practices, nor do we want to fund them through our own customers. Since Apple does not allow alternatives to the App Store on their platform, we have no choice but to remove Librem Tunnel from iOS, until such time Apple changes their policies either on their own, or through government intervention. For their existing users on iOS, "Because Librem Tunnel uses the standard, open, OpenVPN protocol, we have been working with customers to apply their OpenVPN configuration to a different iOS OpenVPN client."

Read more of this story at Slashdot.

Security researchers have uncovered a new type of macOS malware that has been used in the wild to attack iOS software developers through trojanized Xcode projects. From a report: Named XcodeSpy, the malware consists of a malicious Run Script that was added to a legitimate Xcode project named TabBarInteraction. Security firm SentinelOne, which analyzed the malware in a report published today and shared with The Record, said the malicious script ran every time the Xcode project was built, installing a LaunchAgent for reboot persistence and then downloading a second payload, a macOS backdoor named EggShell. "The backdoor has functionality for recording the victim's microphone, camera and keyboard, as well as the ability to upload and download files," said Phil Stokes, macOS malware researcher at SentinelOne. While the XcodeSpy server infrastructure that controlled the LaunchAgent was down, Stokes said they were able to discover several instances of the EggShell backdoor uploaded on the VirusTotal web-based malware scanner. Stokes said SentinelOne first learned of this malware following a tip from an anonymous researcher, who found an instance of the EggShell backdoor on the network of a US-based company. "The victim reported that they are repeatedly targeted by North Korean APT actors and the infection came to light as part of their regular threat hunting activities," Stokes said, but the researcher told The Record they were not able to definitively link the malware to a nation-state operation beyond a reasonable doubt.

Read more of this story at Slashdot.

It turns out that Apple's iOS 14.5 update won't actually let you change your default music service that you use with Siri. Engadget reports: Beta users had originally noticed that it appeared as if early versions of the update might allow you to change the default service that launches when you ask Siri to play a song. This meant that rather than specifying a third-party music app with each request, Siri would remember your preference and launch with the service you had originally specified. While all that still seems to be the case, TechCrunch reports that Apple has apparently "clarified" that it "doesn't consider this feature the equivalent to 'setting a default.'" That's because the feature relies on "Siri intelligence," which can track your music-listening habits over time and predict which app you're more likely to want at that moment. For users, that may certainly feel as if you've changed your default music player, but there's still no way to do that on iOS.

Read more of this story at Slashdot.

Apple is going to make one of the most powerful types of attacks on iPhones much harder to pull off in an upcoming update of iOS. From a report: The company quietly made a new change in the way it secures the code running in its mobile operating system. The change is in the beta version of the next iOS version, 14.5, meaning it is currently slated to be added to the final release. Several security researchers who specialize in finding vulnerabilities in and crafting exploits for iOS believe this new mitigation will make it much harder for hackers to take control of an iPhone with a technique known as a zero-click (or 0-click) exploit, which allows a hacker to take over an iPhone with no interaction from the target. Apple also told Motherboard it believes the changes will impact 0-click attacks. "It will definitely make 0-clicks harder. Sandbox escapes too. Significantly harder," a source who develops exploits for government customers told Motherboard, referring to "sandboxes" which isolate applications from each other in an attempt to stop code from one program interacting with the wider operating system. Motherboard granted multiple exploit developers anonymity to speak more candidly about sensitive industry issues. Like the name suggests, zero-click attacks allow hackers to break into a target without needing the victim to interact with anything, such as a malicious phishing link. This means that the attack is generally harder for the targeted user to detect. These are generally very sophisticated attacks. These attacks may now become much rarer, according to several security researchers who look for vulnerabilities in iOS.

Read more of this story at Slashdot.

Apple's upcoming iOS 14.5 release will ship with a feature that will re-route all Safari's Safe Browsing traffic through Apple-controlled proxy servers as a workaround to preserve user privacy and prevent Google from learning the IP addresses of iOS users. From a report: The new feature will work only when users activate the "Fraudulent Website Warning" option in the iOS Safari app settings. This enables support for Google's Safe Browsing technology in Safari. The Safe Browsing technology works by taking an URL the user is trying to access, sending the URL in an anonymized state to Google's Safe Browsing servers, where Google accesses the site and scans for threats. If malware, phishing forms, or other threats are found on the site, Google tells the user's Safari browser to block access to the site and show a fullscreen red warning. While years ago, when Google launched the Safe Browsing API, the company knew what sites a user was accessing; in recent years, Google has taken several steps to anonymize data sent from user's devices via the Safe Browsing feature. But while Google has anonymized URL strings, by sending the link in a cropped and hashed state, Google still sees the IP address from where a Safe Browsing check comes through. Apple's new feature basically takes all these Safe Browsing checks and passes them through an Apple-owned proxy server, making all requests appear as coming from the same IP address.

Read more of this story at Slashdot.

The official Reddit for iOS app recently received an update that added a new video player UI, and many users don't like it one bit. XDA Developers reports: The Reddit Mobile subreddit, the community where Reddit administrators notify users of new Android and iOS app updates, is currently filled to the brim with complaints about the new video player. Many users describe the experience as TikTok or Instagram-like. Others simply say it's too intrusive and also requires more button presses to reach the comments section of a post. The new video player UI has yet to reach the Android version, but we'd be surprised if Reddit pushes ahead with the controversial video player changes in their current form. For those looking for an alternative, XDA Developers recommends the Apollo app.

Read more of this story at Slashdot.

Apple's latest iOS 14.5 update for beta testers brings support for the new PS5 DualSense and Xbox Series X controllers. The Verge reports: Apple's upcoming iOS 14.5 update follows the company revealing back in November that it was working with Microsoft to include support for the Xbox Series X controllers. Steam also added PS5 controller support last year, followed by Nvidia's Shield TV support last month. Other features of iOS 14.5 include the ability to unlock an iPhone with an Apple Watch while wearing a mask, Siri emergency contact calling, CarPlay ETA sharing, and dual-SIM 5G support. The official release is expected in the next couple of months.

Read more of this story at Slashdot.

Apple's latest iPhones stuck with Face ID as the singular method of biometric authentication in an era when people are wearing face masks everywhere they go. This inevitably means having to enter your passcode constantly throughout the day. But Apple has come up with a stopgap solution that should make it easier to get into your phone during mask life -- as long as you've got an Apple Watch. From a report: As first reported by Pocket-lint, the new iOS 14.5 update, which went into beta today, uses the Apple Watch on your wrist to quickly authenticate and unlock your iPhone. Apple already offers this convenient trick on the Mac, but now it's coming to the iPhone as well. It works similarly here. You lift your iPhone to turn on the screen, and you'll feel a little nudge of haptic feedback on your Apple Watch to indicate that your iPhone has been unlocked. The devices must be in close proximity for this to work in the first place, which is a measure to keep your data secure. (If the Apple Watch is locked, this won't work either.) And this Apple Watch shortcut is only good for unlocking your iPhone; App Store and iTunes purchases will still require other authentication if your face is covered. And as a final security check, you'll still be asked to put in your passcode every few hours even when unlock with Apple Watch is enabled.

Read more of this story at Slashdot.

wiredmikey shares a report from SecurityWeek.com: Apple has quietly added several anti-exploit mitigations into iOS in what appears to be a specific response to zero-click iMessage attacks observed in the wild. The new mitigations were discovered by Samuel Grob, a Google Project Zero security researcher, [with the first big addition being] a new, tightly sandboxed "BlastDoor" service that is now responsible for the parsing of untrusted data in iMessages. With iOS 14, Grob discovered that Apple shipped a significant refactoring of iMessage processing, and made all four parts of an attack much harder to succeed. Apple added logic into iOS 14 to specifically detect [shared cache region] attacks and new techniques to limit an attacker's ability to retry exploits or brute force Address Space Layout Randomization (ASLR). "Overall, these changes are probably very close to the best that could've been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole," the Google researcher added.

Read more of this story at Slashdot.

Google's cloud gaming service now supports the iPhone and iPad. As expected, the company is using a web app to access the service. From a report: Google also says that you need to update to iOS 14.3, the latest iOS update that was released earlier this week. If you want to try it out with a free or paid Stadia account, you can head over to stadia.google.com from your iOS device. Log in to your Google account, add a shortcut to your home screen and open the web app. After that, you can launch a game and start playing. Most games will require a gamepad, so you might want to pair a gamepad with your iPhone or iPad as well. Apple's iOS supports Xbox One and PlayStation 4 controllers using Bluetooth as well as controllers specifically designed for iOS. You can also play with the Stadia controller, but it's optional. If you just want to check your inventory quickly, Stadia on iOS also supports touch controls.

Read more of this story at Slashdot.

One year after its first 1.0 release, Brave says it has hit the milestone of 20.5 million active monthly users. "At the same time last year, the browser had 8.7 million active monthly users, and of the 20 million monthly users, 7 million are daily users, which represents more than a doubling of last year's 3 million," reports ZDNet. "Brave added that since Apple allowed browsers other than its own to be the default option on iOS, it has seen its iOS user base increase by a third." From the report: One of the touted features of the browser is that it hates ads, and will go out of its way to block them, unless users decide to see Brave-powered advertisements. To that end, Brave has hit "2 billion ad confirmation events" and completed 2,215 campaigns from over 460 companies. The browser maker says its users have a click-through rate of 9%, way and away outstripping industry averages. The browser also has its own cryptocurrency, Basic Attention Tokens, that users use to "tip" content creators. Thus far, 26 million of the tokens have been sent to creators. At the time of writing, the blockchain-based token is trading for just under 18 cents, meaning $4.6 million has been sent from users.

Read more of this story at Slashdot.

Apple has poached a key member of Google's Project Zero, a hacking team at Google that has found dozens of critical vulnerabilities in Apple's iOS and other critical Apple software. From a report: Last year, Apple and Google fought over a series of vulnerabilities that Project Zero discovered in iOS, with Apple suggesting that Google was overselling the vulnerabilities. About a year later, Brandon Azad announced on Twitter at the beginning of October that he was leaving Google's elite team of hackers to join Apple. "My teammates at Project Zero have been among the kindest and smartest people I've met, and I've learned so much from them," Azad wrote. "I'll really miss working alongside everyone on the team. Thank you all for these wonderful experiences, and keep on hacking!" Azad has been widely considered one of the best iPhone hackers who didn't work for Apple, being named by Apple in countless security advisories, and presenting highly technical findings on Apple's products at major cybersecurity conferences around the world. Last year, Motherboard profiled Project Zero and revealed that Apple had been trying to poach a colleague of Azad, Ian Beer.

Read more of this story at Slashdot.

An anonymous reader quotes a report from MacRumors: Apple in iOS 14 added Picture in Picture to the iPhone, a feature designed to let you watch a video in a small screen on your device while you continue to do other things on the phone. The YouTube app doesn't support Picture in Picture, but up until yesterday there was a functional workaround that allowed videos from YouTube.com to be watched in Safari in Picture in Picture mode. As of today, that workaround is gone, and it's not clear if it's a bug or a deliberate removal. Attempting to use Picture in Picture on a video on the mobile YouTube website simply doesn't work. Tapping the Picture in Picture button when in full screen mode pops the video out for a second, but it immediately pops back into the website, so it can't be used as a Picture in Picture window. [...] Picture in Picture appears to work on the mobile YouTube website in Safari for those who are YouTube Premium subscribers, which suggests that the restriction is intentional and not a bug.

Read more of this story at Slashdot.

While developers have had access to beta versions of the software updates since June, many were caught off guard by Apple's much shorter notice of the final releases. By comparison, Apple started accepting apps built for iOS 13 on September 10 last year, over one week before the software update was released on September 19. From a story yesterday: "I think a lot of developers won't be sleeping tonight or will instead just give up and opt to release [their app] when they want to, instead of alongside the new OS," said iOS developer Shihab Mehboob in a message. "Apple has seemingly out of the blue decided to surprise developers with no real warning or care." [...] "Without advance warning like this, nothing is ready," a developer at High Caffeine Content, Steve Troughton-Smith, told me. "Developers aren't ready, the App Store is't ready, and everybody is rushing to react instead of having the chance to finish their apps properly." Steve ran through the normal iOS release process with me. Apple usually gives third-party app developers a heads up of about a week before the official public release of a new iOS. The company puts out a "Golden Master" copy of the new iOS and Xcode developer tool before the latest operating system is officially released to the public. This gives iPhone app developers the time they need to make sure the apps they've been building for the beta releases of the new iOS actually work on the final version. Sometimes there are critical bugs that are only revealed or could only be fixed at this point in the process. The extra time can also be used to add new features for any new devices announced at the Apple Event. Apple's approval process for apps also takes some time, so developers have that week to make sure they submit in time to guarantee their work will be in the App Store for the iOS release. "Gone are the hopes of being on the store by the time users install the new iOS 14 and are looking for new apps. Gone is the chance to get some last-minute fixes into your existing apps to make sure they don't stop working outright by the time users get to upgrade their OS," explained Steve. "There are some developers who have spent all summer working on something new, using the latest technologies, hoping to be there on day one and participate in the excitement (and press coverage) of the new iOS," he continued. "For many of them, they'll be incredibly upset to have it end like this instead of a triumphant launch, and it can dramatically decrease the amount of coverage or sales they receive."

Read more of this story at Slashdot.