Developer Dan Leveille received "a sketchy voicemail from a random number about a class action lawsuit settlement..." he posted on Twitter. "I thought it was a scam and almost ignored it." But he didn't — and ended up with $8,064.88 in his Venmo account. Back in 2019 a lawsuit by U.S. developers accused Apple of "profit-killing" App Store commissions, reports TechForge Media. Apple settled that suit by agreeing to create a $100 million Small Developer Assistance Fund (for developers who sold in Apple's app store between June of 2015 and April of 2021). And this month Apple has finally started sending out those payments, Apple Insider reports: Developers had until May 20 to submit a request to an independent administrator to become a "Settlement Class Member." If they met the criteria, the developers stood to receive a payment from $250 to $30,000 in value.... Along with the fund, the settlement also introduced a number of changes to App Store policies, including modifications relating to customer and developer communication, new pricing tiers, and a promise by Apple to continue offering its 15% reduced App Store commission for at least three years.

Read more of this story at Slashdot.

AmiMoJo shares a report from MacRumors: iOS 16 continues to leak data outside an active VPN tunnel, even when Lockdown mode is enabled, security researchers have discovered. Speaking to MacRumors, security researchers Tommy Mysk and Talal Haj Bakry explained that iOS 16's approach to VPN traffic is the same whether Lockdown mode is enabled or not. The news is significant since iOS has a persistent, unresolved issue with leaking data outside an active VPN tunnel. According to a report from privacy company Proton, an iOS VPN bypass vulnerability had been identified in iOS 13.3.1, which persisted through three subsequent updates. Apple indicated it would add Kill Switch functionality in a future software update that would allow developers to block all existing connections if a VPN tunnel is lost, but this functionality does not appear to prevent data leaks as of iOS 15 and iOS 16. Mysk and Bakry have now discovered that iOS 16 communicates with select Apple services outside an active VPN tunnel and leaks DNS requests without the user's knowledge. Mysk and Bakry also investigated whether iOS 16's Lockdown mode takes the necessary steps to fix this issue and funnel all traffic through a VPN when one is enabled, and it appears that the exact same issue persists whether Lockdown mode is enabled or not, particularly with push notifications. This means that the minority of users who are vulnerable to a cyberattack and need to enable Lockdown mode are equally at risk of data leaks outside their active VPN tunnel. [...] Due to the fact that iOS 16 leaks data outside the VPN tunnel even where Lockdown mode is enabled, internet service providers, governments, and other organizations may be able to identify users who have a large amount of traffic, potentially highlighting influential individuals. It is possible that Apple does not want a potentially malicious VPN app to collect some kinds of traffic, but seeing as ISPs and governments are then able to do this, even if that is what the user is specifically trying to avoid, it seems likely that this is part of the same VPN problem that affects iOS 16 as a whole.

Read more of this story at Slashdot.

Apple has responded to user complaints regarding an annoying pop-up in iOS 16 that asks for user permission if an app wants to access the clipboard to paste text, images, and more. From a report: The new prompt was added to iOS 16 as a privacy measure for users, requiring that apps ask for permission to access the clipboard, which may have sensitive data. The prompt, however, has become an annoyance for users as they install iOS 16, as it constantly asks for permission whenever they wish to paste something into an app. As user annoyance with the behavior boils high, Apple has finally responded, saying the constant pop-up is not how the feature is intended to work. MacRumors reader Kieran sent an email to Craig Federighi and Tim Cook, complaining about the constant prompt and advocating for Apple to treat access to the clipboard the same way iOS treats third-party access to location, camera, microphone, and more. Ron Huang, a senior manager at Apple, joined the email thread saying the pop-up is not supposed to appear every time a user attempts to paste. "This is absolutely not expected behavior, and we will get to the bottom of it," Huang said. Huang added that this behavior is not something Apple has seen internally but that Kieran is "not the only one" experiencing it. Responding to the suggestion that clipboard access should be added within the Settings app on a per-app basis, Huang said it would make a "good improvement" and added that Apple "certainly need to fix and make apps like Mail just work even without this setting, but it's nonetheless helpful for apps which users want to share data with even if they didn't initiate it." "Stay tuned," he added.

Read more of this story at Slashdot.

In an update coming to iOS 16 later this year, Apple plans to add a new "Clean Energy Charging" option in the United States. MacRumors reports: The information was shared in Apple's iOS 16 press release, and it says that clean energy charging will optimize charging times for when the grid is using cleaner energy sources. With Clean Energy Charging, Apple is aiming to decrease the carbon footprint of the iPhone. This is the first we've heard of clean energy charging, and it's not a feature that Apple has previously highlighted.

Read more of this story at Slashdot.

Apple has released an iOS 12 update users of older iPhone and iPad devices should download as soon as possible. Engadget reports: The new version of the company's 2018 operating system addresses a major vulnerability that Apple recently patched within iOS 15. According to a support document, the WebKit flaw could have allowed a website to run malicious code on your device. In its usual terse manner, Apple notes it is "aware of a report that this issue may have been actively exploited." For that reason, you should download the update as soon as possible if you're still using an iOS 12 device. That's a list that includes the iPhone 5s, iPhone 6, as well as iPad Air, iPad mini 2 and iPad mini 3. You can download iOS 12.5.6 by opening the Settings app, tapping on "General" and then selecting "Software Update."

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Verge: Apple is adding native support for the Nintendo Switch Pro and Joy-Con controllers in iOS 16. Riley Testut, one of the iOS developers behind AltStore, discovered the new controller support in a developer beta of iOS 16 that was released yesterday. The Nintendo Switch Pro Controller works "perfectly" according to Testut, and both Joy-Con controllers show up as a single device for apps and games to take advantage of. Nat Brown, an engineering manager at Apple, has confirmed the new controller support and even revealed there's a neat method to switch how the Joy-Cons work in iOS 16. You can dynamically switch between using both Joy-Cons as a single controller or two separate ones by holding the screenshot and home buttons for a few seconds.

Read more of this story at Slashdot.

At its WWDC event today, Apple previewed several new features coming with iOS 16, which will debut this fall after spending the summer in beta testing. An anonymous reader quotes a report from The Verge: The lock screen is at the center of Apple's iOS 16 updates, starting with the ability to customize fonts and colors used. It will be possible to add widgets and configure multiple lock screens that you can switch between by swiping across the screen. Different focus modes can also be assigned to different lock screens. Apple-supplied wallpapers get a refresh too, with animated and Pride-themed choices. Notifications appear on the lock screen differently, too. Instead of piling up across the screen, they "roll in" at the bottom of the screen. There's also a "live activities" feature to display notifications associated with an event like an Uber ride or sporting event in a single tile. There's a major update coming to messages, too: iOS 16 adds the ability to edit typos out of sent messages, recall messages that you didn't mean to send, and the ability to mark a message thread as unread so you can come back to it later. SharePlay is also coming to messages. Apple's powerful Live Text feature will be coming to video. Additionally, there will be more actions available when you use Live Text in photos or videos. Wallet gets some expanded features too, with a way to share saved IDs securely by supplying only necessary information. It'll be easier to share saved keys, too. Apple Pay gets a new "Pay Later" feature, adding the option to split a bill into four equal payments without interest or fees. Apple Maps will get multi-stop routing in iOS 16, and six more cities will be added to the "detailed city experience" introduced in iOS 15. Apple is also adding shared iCloud photo libraries, in an effort to make it easier to share certain photos across family and friends' accounts. Up to six users can access a shared library. Photos will include sharing suggestions, and image edits and keywords will be synced for all users. There's also a new feature called Safety Check, which is aimed to protect people in abusive situations. It allows you to easily revoke access to certain information, like location, that you may have shared with someone else previously. In order to download iOS 16, you'll need an iPhone 8 or later, meaning Apple is "more or less ending support for the iPhone 6S, iPhone 7, and original iPhone SE," reports The Verge.

Read more of this story at Slashdot.

It's been 518 days since Apple kicked Fortnite off of the App Store after Epic Games tried to bypass its payment system. Now the popular free-to-play battle royale is once again playable on iPhones, sort of. From a report: Starting next week, Fortnite will be available on iOS by way of streaming, as part of an upcoming closed beta for Nvidia's GeForce Now game streaming program. "Fortnite on GeForce NOW will launch in a limited-time closed beta for mobile, all streamed through the Safari web browser on iOS and the GeForce NOW Android app," Nvidia announced on its blog today. "The beta is open for registration for all GeForce NOW members, and will help test our server capacity, graphics delivery and new touch controls performance." GeForce Now, subscriptions for which range from free to $200 a year for the premium tier, lets users stream games they already own to PCs, tablets, and smartphones. It's one way to make blockbuster PC games portable, or to play them on rigs with beefier specs than the ones people already have at home. In Fortnite's case, GeForce Now subscribers will soon be able to stream the shooter to iOS devices and play it using touch controls via Apple's Safari. The browser workaround is one way companies like Microsoft have been able to get their game streaming platforms on iPhones despite Apple's ban on allowing them inside its App Store. Now its bringing back the game that kicked off a massive, messy, year-long legal battle that's still raging to this day.

Read more of this story at Slashdot.

An update to Tumblr's iOS app censors a long list of tags to comply with Apple's strict safety guidelines. From a report: The platform explains that it's changing iOS users' ability to access sensitive content, affecting their experience when it comes to searching for content, scrolling through the "Stuff for You" and "Following" sections of the dashboard, and could even prevent access to blogs that are flagged. Tumblr says it has to "extend the definition of what sensitive content is" to "remain available within Apple's App Store," and it seems that Tumblr stretched it pretty far. Tags are what make posts searchable on Tumblr; posts with censored tags won't appear on a users' dashboard, nor will they show up on the platform's search page. A Twitter thread brought attention to some of the absurd tags that ended up getting filtered out on iOS, including the tag "submission." The interesting part, though, is that Tumblr applies that tag automatically when a post is submitted and then published to a blog on the platform. Users on iOS who receive a submission to their blog won't even be able to view it since the "submission" tag is already added, as shown in a post by one Tumblr user.

Read more of this story at Slashdot.

iOS 15.2 has been released today, bringing a new feature called Communication Safety in Messages that is able to detect and automatically blur nude images that are sent or received by children. It's one of several Child Safety features Apple announced over the summer. As MacRumors notes, it's "not the same as the controversial anti-CSAM feature that Apple plans to implement in the future after revisions." From the report: Communication Safety is a Family Sharing feature that can be enabled by parents, and it is opt-in rather than activated by default. When turned on, the Messages app is able to detect nudity in images that are sent or received by children. If a child receives or attempts to send a photo with nudity, the image will be blurred and the child will be warned about the content, told it's okay not to view the photo, and offered resources to contact someone they trust for help. When Communication Safety was first announced, Apple said that parents of children under the age of 13 had the option to receive a notification if the child viewed a nude image in Messages, but after receiving feedback, Apple has removed this feature. Apple now says that no notifications are sent to parents. Apple removed the notification option because it was suggested that parental notification could pose a risk for a child in a situation where there is parental violence or abuse. For all children, including those under the age of 13, Apple will instead offer guidance on getting help from a trusted adult in a situation where nude photos are involved. Checking for nudity in photos is done on-device, with Messages analyzing image attachments. The feature does not impact the end-to-end encryption of messages, and no indication of the detection of nudity leaves the device. Apple has no access to the Messages.

Read more of this story at Slashdot.

With the recent release of iOS 15, Apple appears to have made some changes to Siri functionality that have removed features relied on by low vision and blind iPhone users. MacRumors reports: Several Siri commands that provide details on phone calls, voicemails, and sending emails no longer appear to be working. The following commands used to be functional, but have recently been removed: Do I have any voicemails?, Play my voicemail messages, Check my call history, Check my recent calls, Who called me?, Send an email, and Send an email to [person]. Over the last two weeks, we've received several emails from iPhone users who are missing this key Siri functionality, or their relatives who are attempting to help them navigate the changes. The Siri feature removals have also been documented on the AppleVis forums for blind and low vision users of Apple products. Asking Siri to provide details on recent phone calls or voicemails results in the following response: "I can't help with that, but you can ask me to open the Phone app." Asking about email garners a similar response about Siri being unable to help. It's worth noting that it's still possible to ask Siri to play the most recent voicemail message that's available, or a voicemail from a specific person, but Siri will not read out a list of all the available voicemails. The Siri commands seem to have disappeared when iOS 15 was released, but iOS 14 users are also not able to use them anymore so it's not an issue tied to iOS 15.

Read more of this story at Slashdot.

A serious bug in the iOS 15 Messages app can cause some saved photos to be deleted, according to multiple complaints reported by MacRumors readers and Twitter users. From the report: If you save a photo from a Messages thread and then go on to delete that thread, the next time an iCloud Backup is performed, the photo will disappear. Even though the image is saved to your personal iCloud Photo Library, it appears to still be linked to the Messages app in "iOS 15," and saving it does not persist through the deletion of the thread and an "iCloud" backup. This is a concern because most users keep the "iCloud" Backup feature enabled and it's something that happens automatically. If you're someone who regularly deletes message threads, if there's a photo that you want to keep, you won't be able to keep it with "iCloud" Backup turned on. To replicate this bug, the following steps must be taken: 1. Save a photo from a Messages conversation to your Camera Roll. 2. Check to see that the photo has been saved. 3. Delete the Messages conversation the photo came from. The photo will still be in your "iCloud Photo Library" at this point. 4. Perform an "iCloud" Backup, and the photo disappears.

Read more of this story at Slashdot.

A security researcher has published details about three iOS zero-day vulnerabilities, claiming that Apple has failed to patch the issues, which they first reported to the company earlier this year. From a report: Going by the pseudonym of Illusion of Chaos, the researcher has published their findings on Russian blogging platform Habr and has released proof-of-concept code for each vulnerability on GitHub. This includes: 1. A vulnerability in the Gamed daemon that can grant access to user data such as AppleID emails, names, auth token, and grant file system access. 2. A vulnerability in the nehelper daemon that can be used from within an app to learn what other apps are installed on a device. 3. An additional vulnerability in the nehelper daemon can also be used from within an app to gain access to a device's WiFi information.

Read more of this story at Slashdot.

The iOS 15.1 beta that was introduced today allows iPhone users to upload their COVID-19 vaccination status to the Health app and then generate a vaccination card in Apple Wallet. MacRumors reports: The Apple Wallet vaccination card can be shown to businesses, venues, restaurants, and more that are requiring vaccines for entry. As outlined in an announcement to developers, verifiable health records are based on the SMART Health Cards specification. California is using SMART Health Cards, so users in California can add their vaccination records to the Wallet app after installing iOS 15.1. Other states and health organizations that use the SMART Health Cards will be able to use a button to let users know that they can download and store their vaccination information in the Health app and in the Wallet app. California, Louisiana, New York, Virginia, Hawaii, and some Maryland counties support Smart Health Cards, as do Walmart, Sam's Club, and CVS Health. So those in the specific supported states should be able to look up their information in state databases, but those who were vaccinated through companies like Walmart and CVS will also be able to add their information to the Health and Wallet apps because it's the same system.

Read more of this story at Slashdot.

Apple today released iOS 15 and iPadOS 15, the newest operating system updates designed for the iPhone, iPad, and iPod touch. From a report: As with all of Apple's software updates, iOS and iPadOS 15 can be downloaded at no cost. iOS 15 is available on the iPhone 6s and later while iPadOS 15 is available on the iPad Air 2 and later. The new software can be downloaded on eligible devices over-the-air by going to Settings - General - Software Update. It may take a few minutes for the updates to propagate to all users due to high demand. A new Focus mode cuts down on distractions by limiting what's accessible and who can contact you, and notifications can now be grouped up in daily summaries. There's an option for a new Safari design that moves the tab bar to the bottom of the interface, and Tab Groups keep all of your tabs organized. Maps has been overhauled with even more detail, a 3D view in major cities, a globe view, improved transit, a close-up driving view when navigating complicated routes, and AR walking directions. Across the operating system, there's a new Live Text feature that detects text in any image and lets you copy, paste, and translate it, plus there's a system-wide translation feature. In Photos, plants, pets, landmarks, and more can be identified, and there's a system-wide translation feature that goes well with Live Text. iCloud+ with iCloud Private Relay protects your IP address and obscures your location to prevent websites from tracking you, and a Hide My Email feature lets you create temporary email addresses. You can even use your personal domain with iCloud in iOS 15. Further reading: 19 Things You Can Do in iOS 15 That You Couldn't Do Before.

Read more of this story at Slashdot.

Apple has delayed plans to roll out its child sexual abuse (CSAM) detection technology that it chaotically announced last month, citing feedback from customers and policy groups. From a report: That feedback, if you recall, has been largely negative. The Electronic Frontier Foundation said this week it had amassed more than 25,000 signatures from consumers. On top of that, close to 100 policy and rights groups, including the American Civil Liberties Union, also called on Apple to abandon plans to roll out the technology. In a statement on Friday morning, Apple told TechCrunch: "Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features."

Read more of this story at Slashdot.

Sebastien Marineau-Mes, a software VP at Apple, talks about the company's upcoming controversial photo scanning features in an internal memo to employees: Today marks the official public unveiling of Expanded Protections for Children, and I wanted to take a moment to thank each and every one of you for all of your hard work over the last few years. We would not have reached this milestone without your tireless dedication and resiliency. Keeping children safe is such an important mission. In true Apple fashion, pursuing this goal has required deep cross-functional commitment, spanning Engineering, GA, HI, Legal, Product Marketing and PR. What we announced today is the product of this incredible collaboration, one that delivers tools to protect children, but also maintain Apple's deep commitment to user privacy. We've seen many positive responses today. We know some people have misunderstandings, and more than a few are worried about the implications, but we will continue to explain and detail the features so people understand what we've built. And while a lot of hard work lays ahead to deliver the features in the next few months. [...]

Read more of this story at Slashdot.

The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft. Ars Technica reports: In a post Google published on Wednesday, researchers Maddie Stone and Clement Lecigne said a "likely Russian government-backed actor" exploited the then-unknown vulnerability by sending messages to government officials over LinkedIn. Attacks targeting CVE-2021-1879, as the zero-day is tracked, redirected users to domains that installed malicious payloads on fully updated iPhones. The attacks coincided with a campaign by the same hackers who delivered malware to Windows users, the researchers said. The campaign closely tracks to one Microsoft disclosed in May. In that instance, Microsoft said that Nobelium -- the name the company uses to identify the hackers behind the SolarWinds supply chain attack -- first managed to compromise an account belonging to USAID, a US government agency that administers civilian foreign aid and development assistance. With control of the agency's account for online marketing company Constant Contact, the hackers could send emails that appeared to use addresses known to belong to the US agency. In an email, Shane Huntley, the head of Google's Threat Analysis Group, confirmed the connection between the attacks involving USAID and the iOS zero-day, which resided in the WebKit browser engine.

Read more of this story at Slashdot.

An anonymous reader shares a report: If you're an iPhone user, the weather is always a particularly nice 70 degrees. Or 68 degrees. Any temperature but 69 degrees, actually, because it turns out that the built-in weather app on some versions of iOS -- including the current version, iOS 14.6 -- will refuse to display the internet's favorite number, even if the actual temperature in a given location is, in fact, 69 degrees. It's not clear if this is a bug or an intentional attempt from Apple to cut down on 69-related humor. The rounding is only visible in the weather app itself: clicking through to Apple's source data from Weather.com will show the proper temperature, as does Apple's home screen widgets.

Read more of this story at Slashdot.

During the Epic v. Apple trial, an email chain surfaced that reveals Apple seemingly admitted "it manually boosted the ranking of its own Files app ahead of the competition for 11 entire months," reports The Verge. This comes after two monstrous reports by The Wall Street Journal and The New York Times showed Apple's App Store clearly and consistently ranking its own apps ahead of competitors. Apple claimed it had done nothing wrong. The Verge reports: "We are removing the manual boost and the search results should be more relevant now," wrote Apple app search lead Debankur Naskar, after the company was confronted by Epic Games CEO Tim Sweeney over Apple's Files app showing up first when searching for Dropbox. "Dropbox wasn't even visible on the first page [of search results]," Sweeney wrote. As you'll see, Naskar suggested that Files had been intentionally boosted for that exact search result during the "last WWDC." That would have been WWDC 2017, nearly a year earlier, when the Files apps first debuted. The email chain actually reflects fairly well on Apple overall. Apple's Matt Fischer (VP of the App Store) clearly objects to the idea at first. "[W]ho green lit putting the Files app above Dropbox in organic search results? I didn't know we did that, and I don't think we should," he says. But he does end the conversation with "In the future, I want any similar requests to come to me for review/approval," suggesting that he's not entirely ruling out manual overrides. But Apple tells The Verge that what we think we're seeing in these emails isn't quite accurate. While Apple didn't challenge the idea that Files was unfairly ranked over Dropbox, the company says the reality was a simple mistake: the Files app had a Dropbox integration, so Apple put "Dropbox" into the app's metadata, and it was automatically ranked higher for "Dropbox" searches as a result. I'm slightly skeptical of that explanation -- partially because it doesn't line up with what Naskar suggests in the email, partially because Apple also told me it immediately fixed the error (despite it apparently continuing to exist for 11 months, hardly immediate), and partially because the company repeatedly ignored my questions about whether this has ever happened with other apps before. The most Apple would tell me is that it didn't manually boost Files over competitors, and that "we do not advantage our apps over those of any developer or competitor" as a general rule.

Read more of this story at Slashdot.