The coronavirus pandemic has disrupted key parts of Apple's business, but it hasn't derailed the company's plans to build what could be its next important technology platform -- augmented reality devices. From a report: The Information has learned that Apple is working with Taiwan's Foxconn Technology, Apple's largest contract manufacturer and the one responsible for building most iPhones, to develop semitransparent lenses for its AR devices. As of two months ago, the lenses -- considered one of the most essential elements of the head-worn devices -- had passed the prototype stage and entered trial production [the link may be paywalled; alternative source], a person familiar with the matter said. A spokesperson for Apple declined to comment. The lenses are at least one to two years away from mass production, and the same is likely true of the AR product they ultimately end up in, the person said. The product must still go through a lengthy process of ramping up production to the point where Apple can reliably manufacture millions of them. AR glasses and headsets allow people who wear them to view digital imagery overlaid on and intermingled with their physical surroundings. The technology could give people a new way to view everything from map directions to videoconference calls, and allow them to play games with characters and objects that hide around the corners of real buildings.

tlhIngan writes: For those worried that the transition Apple is doing to ARM-based Macs will drop Thunderbolt, Apple has stated that they will continue to support Thunderbolt. This was a worry since Thunderbolt is primarily an Intel design (formerly known as Light Peak) with Apple collaboration, and that none of Apple's ARM based devices support it (not even the ARM Developer Transition Kit).

Apple today seeded the first public betas of upcoming iOS 14 and iPadOS 14, and tvOS 14 updates to its public beta testing group, two weeks after first providing the updates to developers after the WWDC keynote.

The UK retail arm of Apple paid just $7.7m in taxes last year despite raking in almost $1.7bn in sales, according to the company's latest accounts. From a report: Revenue at Apple Retail UK, which operates 38 of the company's stores in the UK, rose by more than 15% in the 12 months to 28 September. But after costs and expenses of around $1.7bn, the firm reported before-tax profits of just $47m, slashing its tax bill significantly. In a statement describing itself as "the largest taxpayer in the world," Apple said that it always paid the taxes that it owed.

The Fraunhofer Heinrich Hertz Institute on Tuesday announced the H.266 Versatile Video Coding codec, which will power more data-efficient video capture and transmission on future iPhones. AppleInsider reports: Apple adopted the predecessor to the new codec, H.265/HEVC, in iOS 11. The updated video codec, which was developed after years of research and standardization, will bring a number of tangible benefits to future iPhone users. In its announcement, the Fraunhofer HHI said that H.266 will reduce data requirements by around 50% thanks to improved compression. With the previous HEVC codec, it took about 10GB of data to transmit a 90-minute ultra-high definition (UHD) video. H.266 can do that with 5GB. The codec, as detailed in a 500-page specification, was designed from the ground up for use with 4K and 8K streaming. It'll allow users to store more high-definition video and reduce the amount of data on cellular networks.

Apple "has faced mounting pressure from the Chinese government in recent weeks to comply with local regulations, including that all games show proof of a government granted license," writes Engadget.

And now it's finally come to a head, CNBC reports: Apple has blocked updates on tens of thousands of revenue-generating iPhone games on its App Store in China amid rising tensions between Washington and Beijing, according to a report from The Financial Times...

There are currently around 60,000 mobile games hosted on the China App Store that are paid for or have in-app purchases, according to AppinChina figures cited by the FT. However, China's regulators have only issued slightly more than 43,000 licenses since 2010, while just 1,570 were given out in 2019... Developers were told in February that they'd finally have to comply with China's mobile video game laws by June 30...
"Android app stores have largely observed the license rule since 2016," notes Engadget. "Apple, however, took a looser approach, allowing developers to publish their games while they waited for authorization, which could take months." (CNBC points out that "Grand Theft Auto" maker Rockstar Games "relied on the loophole for years.")

They also report that Apple's App Store earns more money in China than any other country -- including about 20% of all of Apple's in-app advertising revenue. A columnist at The Street estimates that Apple earned about $2.2 billion last year from App Store revenue in China. "If I am right in my calculations, gaming app revenues from China add up to roughly one-sixth of the total company's number" for App Store revenues

Long-time Slashdot reader dhammabum writes: As reported in the recent slashdot story, starting in September we system admins will be forced into annually updating TLS certificates because of a decision by Apple, abetted by Google and Mozilla. Supposedly this measure somewhat rectifies the current ineffective certificate revocation list system by limiting the use of compromised certificates to one year... But in an attempt to prevent this pathetic measure, could we instead use DNS to replace the current certificate revocation list system?

Why not create a new type of TXT record, call it CRR (Certificate Revocation Record), that would consist of the Serial Number (or Subject Key ID or thumbprint) of the certificate. On TLS connection to a website, the browser does a DNS query for a CRR for the Common Name of the certificate. If the number/key/thumbprint matches, reject the connection. This way the onus is on the domain owner to directly control their fate. The only problem I can see with this is if there are numerous certificate Alternate Names — there would need to be a CRR for each name. A pain, but one only borne by the hapless domain owner.

Alternatively, if Apple is so determined to save us from ourselves, why don't they fund and host a functional CRL system? They have enough money. End users could create a CRL request via their certificate authority who would then create the signed record and forward it to this grand scheme.

Otherwise, are there any other ideas?

A group of European digital advertising associations on Friday criticized Apple's plans to require apps to seek additional permission from users before tracking them across other apps and websites. From a report: Apple last week disclosed features in its forthcoming operating system for iPhones and iPads that will require apps to show a pop-up screen before they enable a form of tracking commonly needed to show personalized ads. Sixteen marketing associations, some of which are backed by Facebook and Google, faulted Apple for not adhering to an ad-industry system for seeking user consent under European privacy rules. Apps will now need to ask for permission twice, increasing the risk users will refuse, the associations argued. Facebook and Google are the largest among thousands of companies that track online consumers to pick up on their habits and interests and serve them relevant ads. Apple said the new feature was aimed at giving users greater transparency over how their information is being used. In training sessions at a developer conference last week, Apple showed that developers can present any number of additional screens beforehand to explain why permission is needed before triggering its pop-up.

Two days after India blocked 59 apps developed by Chinese firms, Google and Apple have started to comply with New Delhi's order and are preventing users in the world's second largest internet market from accessing those apps. From a report: UC Browser, Shareit, and Club Factory and other apps that India has blocked are no longer listed on Apple's App Store and Google Play Store. In a statement, a Google spokesperson said that the company had "temporarily blocked access to the apps" on Google Play Store as it reviews New Delhi's interim order. Apple, which has taken a similar approach as Google in complying with New Delhi's order, did not respond to a request for comment. Some developers including ByteDance have voluntarily made their apps inaccessible in India, a person familiar with the matter told TechCrunch. India's Department of Telecommunications ordered telecom networks and other internet service providers earlier this week to block access to those 59 apps "effective immediately." Websites of many of these apps have also become inaccessible in India.

An anonymous reader quotes a report from Wired: The threat of ransomware may seem ubiquitous, but there haven't been too many strains tailored specifically to infect Apple's Mac computers since the first full-fledged Mac ransomware surfaced only four years ago. So when Dinesh Devadoss, a malware researcher at the firm K7 Lab, published findings on Tuesday about a new example of Mac ransomware, that fact alone was significant. It turns out, though, that the malware, which researchers are now calling ThiefQuest, gets more interesting from there. In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in. The spyware component also lurks persistently as a backdoor on infected devices, meaning it sticks around even after a computer reboots, and could be used as a launchpad for additional, or "second stage," attacks. Given that ransomware is so rare on Macs to begin with, this one-two punch is especially noteworthy.

Though ThiefQuest is packed with menacing features, it's unlikely to infect your Mac anytime soon unless you download pirated, unvetted software. Thomas Reed, director of Mac and mobile platforms at the security firm Malwarebytes, found that ThiefQuest is being distributed on torrent sites bundled with name-brand software, like the security application Little Snitch, DJ software Mixed In Key, and music production platform Ableton. K7's Devadoss notes that the malware itself is designed to look like a "Google Software Update program." So far, though, the researchers say that it doesn't seem to have a significant number of downloads, and no one has paid a ransom to the Bitcoin address the attackers provide. [...] Given that the malware is being distributed through torrents, seems to focus on stealing money, and still has some kinks, the researchers say it was likely created by criminal hackers rather than nation state spies looking to conduct espionage.

Apple will close 30 additional stores in the United States by Thursday, the company said, bringing the total number of reclosures in the United States to 77 as Covid-19 cases rapidly rise in several regions around the country. CNBC reports: Stores in Alabama, California, Georgia, Idaho, Louisiana, Nevada and Oklahoma will close Thursday. Other stores in Florida, Mississippi, Texas and Utah are closed as of Wednesday. Apple has 271 stores in the United States. An Apple spokesman said in a statement: "Due to current COVID-19 conditions in some of the communities we serve, we are temporarily closing stores in these areas. We take this step with an abundance of caution as we closely monitor the situation and we look forward to having our teams and customers back as soon as possible." The closings announced on Wednesday include the last two remaining stores open in Florida, as well as a number of stores around the Los Angeles area.

Apple is pushing its suppliers to try to reduce production delays for its first 5G iPhones as the U.S. tech company aims to limit the fallout from the coronavirus pandemic. From a report: Apple is facing delays of between four weeks and two months for mass production of the four models in its 5G lineup after postponements caused by factory lockdowns and workplace absences during the pandemic, sources told the Nikkei Asian Review. Apple has been betting heavily on the 5G range to help it against rivals including Samsung and Huawei Technologies, which introduced 5G-capable smartphones last year. But sources said Apple has aggressively tried to cut delays and was now less likely to face a worst-case scenario of postponing the launch until 2021, the situation it was in three months ago. The estimated delays are based on the stage that development would normally be at for a release in September.

The tech giant and its suppliers are working overtime to make up for lost time, people with knowledge of the matter said. "What the progress looks like now is months of delay in terms of mass production, but Apple is doing everything it can to shorten the postponement. There's a chance that the schedule could still be moved ahead," one of the sources told Nikkei. California, where Apple is based, came under "shelter at home" restrictions in March, though the order was revised in June to allow more businesses to reopen. Part of Apple's hardware development team returned to the head office last month as the company attempted to expedite the final configuration of the new iPhones and keep as close as possible to the intended September release date, according to another source familiar with the situation.

The Apple executive in charge of the App Store in Europe said that the company's policies ensure a level playing field for developers and ease-of-use for customers as regulatory scrutiny over the platform mounts. From a report: "Our efforts to help developers succeed are broad, deep and ongoing, and they extend to apps -- in music, email, or a variety of other categories -- that compete with some aspect of our business," Daniel Matray, the iPhone maker's head of App Store and media services in Europe, said in a speech Tuesday at a four-day virtual conference hosted by Forum Europe. The speech comes as Apple faces antitrust probes in the European Union and U.S. over rules it imposes on developers. In particular, regulators are taking aim at the requirement that apps use the company's in-house payment service, which takes a cut of 15% to 30% of most subscriptions and in-app purchases. Matray said that about 85% of apps it hosts don't pay Apple a commission because they're free or earn revenue through other means. Further reading: How Apple Stacked the App Store With Its Own Products.

As expected, developers with early access to Apple silicon-based transition kits have leaked some early benchmarks scores. And it's bad news for Surface Pro X and Windows 10 on ARM fans. Thurrott reports: According to multiple Geekbench scores, the Apple Developer Transition Kit -- a Mac Mini-like device with an Apple A12Z system-on-a-chip (SoC), 16 GB of RAM, and 512 GB of SSD storage -- delivers an average single-core score of 811 and an average multi-core score of 2871. Those scores represent the performance of the device running emulated x86/64 code under macOS Big Sur's Rosetta 2 emulator.

Compared to modern PCs with native Intel-type chipsets, that's not all that impressive, but that's to be expected since it's emulated. But compared to Microsoft's Surface Pro X, which has the fastest available Qualcomm-based ARM chipset and can run Geekbench natively -- not emulated -- it's amazing: Surface Pro X only averages 764 on the single-core test and 2983 in multi-core. Right. The emulated performance of the Apple silicon is as good or better than the native performance of the SQ-1-based Surface Pro X. This suggests that the performance of native code on Apple silicon will be quite impressive, and will leave Surface Pro X and WOA in the dust.

According to analyst Ming-Chi Kuo, iPhone 12 models will not include EarPods or a power adapter in the box. MacRumors reports: Kuo said that Apple will instead release a new 20W power adapter as an optional accessory for iPhones and end production of its existing 5W and 18W power adapters later this year. The form factor of the new 20W power adapter is said to be similar to the 18W version, with USB-C Power Delivery for fast charging, as seen in the leaked photo below. Kuo believes that iPhone 12 production costs will significantly increase due to 5G support, but he expects Apple to sell the new models at a comparable price to its iPhone 11 lineup, and removing the EarPods and power adapter from the box is one way to reduce costs. Apple would likely also tout the environmental benefits of such a move. Barclays still expects Apple to include a Lightning to USB-C cable in the box as the only accessory included with iPhone 12 models.

Today, the New York Times announced that it is ending its partnership with Apple News and removing its articles from the platform. Engadget reports: The issue seems to be that while other services, like Google News, send readers to publishers' websites, Apple News generally keeps readers in the app. Or, as NYT puts it, Apple's approach does not align with The Times' goal of building direct relationships with paying readers.

"Core to a healthy model between The Times and the platforms is a direct path for sending those readers back into our environments, where we control the presentation of our report, the relationships with our readers, and the nature of our business rules," Meredith Kopit Levien, The Times' chief operating officer, wrote in a memo to employees. "Our relationship with Apple News does not fit within these parameters."

A decision that Apple unilaterally took in February 2020 has reverberated across the browser landscape and has effectively strong-armed the Certificate Authority industry into bitterly accepting a new default lifespan of 398 days for TLS certificates. From a report: Following Apple's initial announcement, Mozilla and Google have stated similar intentions to implement the same rule in their browsers. Starting with September 1, 2020, browsers and devices from Apple, Google, and Mozilla will show errors for new TLS certificates that have a lifespan greater than 398 days. The move is an important one because it not only changes how a core part of the internet works -- TLS certificates -- but also because it breaks away from normal industry practices and the cooperation between browsers and CAs. Known as the CA/B Forum, this is an informal group made up of Certificate Authorities (CAs), the companies that issue TLS certificates used to support HTTPS traffic, and browser makers. Since 2005, this group has been making the rules on how TLS certificates should be issued and how browsers are supposed to manage and validate them.

Apple said last week that it declined to implement 16 new web technologies (Web APIs) in Safari because they posed a threat to user privacy by opening new avenues for user fingerprinting. Technologies that Apple declined to include in Safari because of user fingerprinting concerns include: Web Bluetooth - Allows websites to connect to nearby Bluetooth LE devices.
Web MIDI API - Allows websites to enumerate, manipulate and access MIDI devices.
Magnetometer API - Allows websites to access data about the local magnetic field around a user, as detected by the device's primary magnetometer sensor.
Web NFC API - Allows websites to communicate with NFC tags through a device's NFC reader.
Device Memory API - Allows websites to receive the approximate amount of device memory in gigabytes.
Network Information API - Provides information about the connection a device is using to communicate with the network and provides a means for scripts to be notified if the connection type changes.

Battery Status API - Allows websites to receive information about the battery status of the hosting device. Web Bluetooth Scanning - Allows websites to scan for nearby Bluetooth LE devices.
Ambient Light Sensor - Lets websites get the current light level or illuminance of the ambient light around the hosting device via the device's native sensors.
[...]
The vast majority of these APIs are only implemented in Chromium-based browsers, and very few on Mozilla's platform. Apple claims that the 16 Web APIs above would allow online advertisers and data analytics firms to create scripts that fingerprint users and their devices.

"Apple Inc. will force iPhone apps to get permission from users before tracking them," reports Bloomberg, "dealing a potentially major blow to app developers who rely on advertisements to make money." Apple facilitates tracking on its phones by providing app developers with unique numbers for each user, something security advocates have long said contradicts the company's frequent statements in support of privacy. The update to the iPhone's operating system doesn't do away with the tracking system, but makes it much more apparent to users and gives them more opportunities to turn it off. Previously, controls were buried in the phone's settings menu.

"Considering the iPhone's user base, this is a very big change. It certainly improves user privacy," said Lukasz Olejnik, an independent privacy researcher and consultant. "Users at large encountering such pop-ups in just about any application may potentially start asking questions about the use of their data. It will force the industry to reconsider some of the core assumptions."

At WWDC 2020 earlier this week, Apple announced that it's moving Macs away from Intel processors to its own silicon, based on ARM architecture. To help ease the transition, the company announced Rosetta 2, a translation process that allows users to run apps that contain x86_64 instructions on Apple silicon. The Verge reports: Rosetta 2 essentially "translates" instructions that were written for Intel processors into commands that Apple's chips can understand. Developers won't need to make any changes to their old apps; they'll just work. (The original Rosetta was released in 2006 to facilitate Apple's transition from PowerPC to Intel. Apple has also stated that it will support x86 Macs "for years to come," as far as OS updates are concerned. The company shifted from PowerPC to Intel chips in 2006, but ditched support for the former in 2009; OS X Snow Leopard was Intel-only.) You don't, as a user, interact with Rosetta; it does its work behind-the-scenes. "Rosetta 2 is mostly there to minimize the impact on end-users and their experience when they buy a new Mac with Apple Silicon," says Angela Yu, founder of the software-development school App Brewery. "If Rosetta 2 does its job, your average user should not notice its existence."

There's one difference you might perceive, though: speed. Programs that ran under the original Rosetta typically ran slower than those running natively on Intel, since the translator needed time to interpret the code. Early benchmarks found that popular PowerPC applications, such as Photoshop and Office, were running at less than half their native speed on the Intel systems. We'll have to wait and see if apps under Rosetta 2 take similar performance hits. But there are a couple reasons to be optimistic. First, the original Rosetta converted every instruction in real-time, as it executed them. Rosetta 2 can convert an application right at installation time, effectively creating an ARM-optimized version of the app before you've opened it. (It can also translate on the fly for apps that can't be translated ahead of time, such as browser, Java, and Javascript processes, or if it encounters other new code that wasn't translated at install time.) With Rosetta 2 frontloading a bulk of the work, we may see better performance from translated apps. The report notes that the engine won't support everything. "It's not compatible with some programs, including virtual machine apps, which you might use to run Windows or another operating system on your Mac, or to test out new software without impacting the rest of your system," reports The Verge. "(You also won't be able to run Windows in Boot Camp mode on ARM Macs. Microsoft only licenses the ARM version of Windows 10 to PC manufacturers.) Rosetta 2 also can't translate kernel extensions, which some programs leverage to perform tasks that macOS doesn't have a native feature for (similar to drivers in Windows)."