"Kids are outsmarting an army of engineers from Cupertino, California," reports the Washington Post: And Apple, which introduced "Screen Time" a year ago in response to pressure to address phone overuse by kids, has been slow to make fixes to its software that would close these loopholes. It's causing some parents to raise questions about Apple's commitment to safeguarding children from harmful content and smartphone addiction.

When Screen Time blocks an app from working, it becomes grayed out, and clicking on it does nothing unless parents approve a request for more time. Or, at least, it's supposed to work that way. On Reddit and YouTube, kids are sharing tips and tricks that allow them to circumvent Screen Time. They download special software that can exploit Apple security flaws, disabling Screen Time or cracking their parents' passwords. They search for bugs that make it easy to keep using their phones, unbeknown to parents, such as changing the time to trick the system or using iMessage to watch YouTube videos.

"These are not rocket science, backdoor, dark Web sort of hacks," said Chris McKenna, founder of the Internet safety group Protect Young Eyes. "It blows me away that Apple hasn't thought through the fact that a persistent middle school boy or girl can bang around and find them."

Twitter user Kevin Bradley discovered a Lightning port hidden in the Apple TV 4K's ethernet port. There's a number of theories for why the port exists, but one of the more logical explanations is that it's simply there for Apple to use for debugging. 9to5Mac reports: While earlier Apple TV models had Micro USB and USB-C, the Apple TV 4K dropped all outwardly-facing ports other than Ethernet and HDMI. Under the hood, however, there's a hidden Lightning port, as Bradley discovered. The Lightning port is hidden in the ethernet connector on the Apple TV 4K. Bradley teased on Twitter: "None of us looked THAT closely to the hardware of the AppleTV 4K and the magic locked in the ethernet port until fairly recently."

As for getting the Lightning port itself to work, Steven Barker said in a tweet that this is proving to be "difficult." The Lightning port is stuck at the very back of the ethernet port. Ultimately, it's not really clear what the Lightning port discovery could mean. One thing it could lead towards is the expansion of jailbreak capabilities for the Apple TV 4K, though Bradley cautions: "Just because we know it's lightning doesn't mean anything past that. Just because we find a way in doesn't mean anything will DEFINITELY be released due to what we discover. The barrier for entry might be way too high."

Goldman Sachs CEO David Solomon called his bank's rollout of the Apple Card "the most successful credit card launch ever." From a report: Solomon provided investors with an update on the bank's new initiatives at the start of a conference call Tuesday. "We believe Apple Card is the most successful credit card launch ever," he said. Continuing on the Apple Card, which the bank built in partnership with the iPhone maker, Solomon said that "since August, we've been pleased to see a high level of consumer demand for the product. From an operational and risk perspective, we've handled the inflows smoothly and without compromising our credit underwriting standards."

Over the weekend, reports emerged that claimed that Apple was sending users' browsing details to Tencent to run it against Chinese company's safe browsing feature. In a statement on Monday, an Apple spokesperson has offered a clarification: Apple protects user privacy and safeguards your data with Safari Fraudulent Website Warning, a security feature that flags websites known to be malicious in nature. When the feature is enabled, Safari checks the website URL against lists of known websites and displays a warning if the URL the user is visiting is suspected of fraudulent conduct like phishing. To accomplish this task, Safari receives a list of websites known to be malicious from Google, and for devices with their region code set to mainland China, it receives a list from Tencent. The actual URL of website you visit is never shared with a safe browsing provider and the feature can be turned off.

"Apple, which often positions itself as a champion of privacy and human rights, is sending some IP addresses from users of its Safari browser on iOS to Chinese conglomerate Tencent -- a company with close ties to the Chinese Communist Party," reports the Reclaim the Net blog: Apple admits that it sends some user IP addresses to Tencent in the "About Safari & Privacy" section of its Safari settings.... The "Fraudulent Website Warning" setting is toggled on by default which means that unless iPhone or iPad users dive two levels deep into their settings and toggle it off, their IP addresses may be logged by Tencent or Google when they use the Safari browser. However, doing this makes browsing sessions less secure and leaves users vulnerable to accessing fraudulent websites...

Even if people install a third-party browser on their iOS device, viewing web pages inside apps still opens them in an integrated form of Safari called Safari View Controller instead of the third-party browser. Tapping links inside apps also opens them in Safari rather than a third-party browser. These behaviors that force people back into Safari make it difficult for people to avoid the Safari browser completely when using an iPhone or iPad.
Engadget adds that it's "not clear" whether or not Tencent is actually collecting IP addresses from users outside of China. ("You'll see mention of the collection in the U.S. disclaimer, but that doesn't mean it's scooping up info from American web surfers.")

But Reclaim the Net points out that the possibility is troubling, in part because Safari is the #1 most popular mobile internet browser in America, with a market share of over 50%.

An anonymous reader quotes BuzzFeed News: In early 2018 as development on Apple's slate of exclusive Apple TV+ programming was underway, the company's leadership gave guidance to the creators of some of those shows to avoid portraying China in a poor light, BuzzFeed News has learned.

Sources in position to know said the instruction was communicated by Eddy Cue, Apple's SVP of internet software and services, and Morgan Wandell, its head of international content development. It was part of Apple's ongoing efforts to remain in China's good graces after a 2016 incident in which Beijing shut down Apple's iBooks Store and iTunes Movies six months after they debuted in the country.

A spokesperson for Apple declined comment.

Apple's tip toeing around the Chinese government isn't unusual in Hollywood. It's an accepted practice. "They all do it," one showrunner who was not affiliated with Apple told BuzzFeed News. "They have to if they want to play in that market. And they all want to play in that market. Who wouldn't?"

Chris Matyszczyk from ZDNet retells the draconian story of a Financial Times writer who wasn't able to prove she purchased a ticket for the London buses because her phone died (she used Apple Pay), which led to her being charged a criminal. An anonymous reader shares an excerpt from the report: Today's witness is Jemima Kelly. She's a writer for The Financial Times. Please don't let any personal thoughts about that get in the way of her story. You see, she just experienced a little technological nightmare. A cheery digital convert, she admits she often leaves the house without her wallet. But surely not without her iPhone. Apple Pay is, after all, a contemporary joy. It's right up there with Tinder in its ability to make your life easier.

Kelly, indeed, hops on London buses and uses Apple Pay to tap her payment instead of buying a ticket the old-fashioned way. Which, as she cheerily described, is easy unless a ticket inspector wanders by. Just after your iPhone's battery has died. She couldn't prove that she'd paid, but gave her personal details and assumed there'd be a record of her probity on the transportation company's computers. But then she was charged with, well, not providing proof of payment. Charged as in would be forced to go to court and to plead guilty or not guilty within 21 days. Here's where things got (more) awkward. Kelly produced a bank statement that proved she'd paid. The transportation company -- Transport For London -- insisted this wasn't enough.

It seems she'd failed another digital task -- registering her Apple Pay with Transport For London. She was edging ever closer to criminal status. But did her Apple Pay details need to be registered? Kelly revealed: "They told me, 'there is no requirement for cards to be registered, the same as paying for any goods and services in a shop'. But it's not the same, actually; in a shop, you are given a breakdown in the form of a receipt." So, here she was, contactless and receiptless. Next, she heard that her court case had happened and she'd been found guilty. Oh, and she also owed a fine of around $592. In the end, Kelly managed to get back to court and persuade the judge to void her conviction, but the process took months.

"Her story, however, aptly describes how the digital world demands our complete and unyielding participation," writes Matyszczyk. "Digital systems are designed by those who strive for complete perfection and consistency. Which doesn't describe the human condition at all." Do you think digitizing everything is a good thing?

An anonymous reader quotes a report from Ars Technica: Google's October 15 hardware event is fast approaching, and in addition to the launch of the Pixel 4, Google Home Mini 2, Google WI-Fi 2, and a new pair of Pixel Buds, the show should usher in a new Pixelbook. We've known the new Pixelbook would be called the "Pixelbook Go," but other than a few details from Chrome OS commits, the device has mostly been a mystery. Google takes its title as "least secretive device manufacturer" very seriously, though, and recently 9to5Google managed to just get a Pixelbook Go ahead of the event. They took a bunch of pictures and video. Unlike the fairly unique design of the original Pixelbook and the Pixel Slate, the Pixelbook Go mostly just looks like a MacBook. 9to5Google got that vibe from the device in person, too, writing: "We can't fathom that this laptop won't immediately be labeled 'Google's MacBook.'" The one unique design aspect is the bottom, which is a brightly colored, ribbed pad that covers the entire bottom of the device. This device is a near-final prototype, with placeholder logos and product names.

9to5Google reports that the keyboard is "just as good or better than the first Pixelbook" and it "feels great to type on." The trackpad is "a traditional "diving board" trackpad and seemed sufficiently responsive and "clicky." There are single USB-C ports on the left and right side of the laptop, along with LEDs indicating the device's charging status. Like with past Pixelbooks, it seems like you can charge the device from either port. On the right side is also a headphone jack. Other specifications include: Intel Core m3, i5, and i7 configurations; Either 8GB or 16GB RAM; 64GB, 128GB, or 256GB storage; 2 front-firing speakers; 2MP front-facing camera -- 1080p at 60fps; Titan C chip; 13.3-inch touchscreen; and 16:9 aspect ratio, both Full HD or 4K "Molecular Display" options.

You can watch 9to5Google's hands-on video here.

On Thursday, Apple CEO Tim Cook defended the company's decision to remove a mapping app in Hong Kong, saying that the company received "credible information" from authorities indicating the software was being used "maliciously" to attack police. Bloomberg reports: Apple pulled HKmap.live from its App Store on Wednesday after flip-flopping between rejecting it and approving it earlier this month. Apple made the decision after consulting with local authorities, because it could endanger law enforcement and city residents. Cook echoed that sentiment in an email to Apple employees. "Over the past several days we received credible information, from the Hong Kong Cybersecurity and Technology Crime Bureau, as well as from users in Hong Kong, that the app was being used maliciously to target individual officers for violence and to victimize individuals and property where no police are present," Cook wrote in the memo, a copy of which was obtained by Bloomberg News. He also said the app violates local laws.

The company has been criticized for the move, and Cook addressed that. "These decisions are never easy, and it is harder still to discuss these topics during moments of furious public debate," the CEO wrote. "National and international debates will outlive us all, and, while important, they do not govern the facts. In this case, we thoroughly reviewed them, and we believe this decision best protects our users." Apple's reversal came after the Chinese Communist Party's flagship newspaper criticized Apple for letting the app into its store.

Apple, a company that loves to talk about its values, has this week demonstrated that when it comes to China -- one of its biggest markets and where most of its iPhones and other products are assembled taking full benefit of low-cost labors -- even the Steve Jobs-founded company lacks a backbone. The company has bowed down to Chinese pressure and pulled an app from the Chinese App Store that helped pro-democracy protesters track cops to ensure their safety. Apple, a company with nearing $1 trillion in market cap, said the app "violates our guidelines and local laws."

The company has also pulled news app Quartz, which has been extensively covering the protests in Hong Kong, from the app store. The explanation from Apple, the company which has spent hundreds of millions of dollars to plaster every mall on the face of this planet in recent weeks to tell us that its new iPhone models have an ultra-wide lens? Crickets. On the Chinese App Store, Apple also does not offer The New York Times app because it "violates its policies." That's right. The New York Times, the biggest publication on the planet that wins tons of awards for its reportage each year and is celebrated across the globe and is a partner of Apple for Apple News subscription service, violates Apple's policies in China.

A few other times when x-ray report showed Apple did not have a backbone.

itwbennett shares a report from CSO: iTerm2 users: It's time to upgrade. A security audit sponsored by the Mozilla Open Source Support Program uncovered a critical remote code execution (RCE) vulnerability in the popular open-source terminal app for macOS. ITerm2 is an open-source alternative to the built-in macOS Terminal app, which allows users to interact with the command-line shell. Terminal apps are commonly used by system administrators, developers and IT staff in general, including security teams, for a variety of tasks and day-to-day operations.

The iTerm2 app is a popular choice on macOS because it has features and allows customizations that the built-in Terminal doesn't, which is why the Mozilla Open Source Support Program (MOSS) decided to sponsor a code audit for it. The MOSS was created in the wake of the critical and wide-impact Heartbleed vulnerability in OpenSSL with the goal of sponsoring security audits for widely used open-source technologies. The flaw, which is now tracked as CVE-2019-9535, has existed in iTerm2 for the past seven years and is located in the tmux integration. Tmux is a terminal multiplexer that allows running multiple sessions in the same terminal window by splitting the terminal screen. The flaw was fixed in iTerm2 version 3.3.6, which was released today.

An anonymous reader quotes a report from TechCrunch: Apple's decision to greenlight an app called HKmaps, which is being used by pro-democracy protestors in Hong Kong to crowdsource information about street closures and police presence, is attracting the ire of the Chinese government. An article in Chinese state mouthpiece, China Daily, attacks the iPhone maker for reversing an earlier decision not to allow the app to be listed on the iOS App Store -- claiming the app is "allowing the rioters in Hong Kong to go on violent acts." HKmaps uses emoji to denote live police and protest activity around Hong Kong, as reported by users.

The app's developer denies the map enables illegal activity, saying its function is "for info" purposes only -- to allow residents to move freely around the city by being able to avoid protest flash-points. But the Chinese government is branding it "toxic." "Business is business, and politics is politics. Nobody wants to drag Apple into the lingering unrest in Hong Kong. But people have reason to assume that Apple is mixing business with politics, and even illegal acts. Apple has to think about the consequences of its unwise and reckless decision," the China Daily writer warns in a not-so-veiled threat about continued access to the Chinese market. "Providing a gateway for 'toxic apps' is hurting the feelings of the Chinese people, twisting the facts of Hong Kong affairs, and against the views and principles of the Chinese people," it goes on. "Apple and other corporations should be able to discern right from wrong. They also need to know that only the prosperity of China and China's Hong Kong will bring them a broader and more sustainable market."

The article also claims Apple reinstated a song which advocates for independence for Hong Kong and had previously been removed from its music store.

iTunes is officially dead with the release of macOS Catalina today. Apple decided to break apart the app into separate Apple Music, Podcasts and TV apps. "Each is better at its individuals task than it was as a section within iTunes, which was teetering on collapse like the Jenga tower of various functions it supports," writes Dieter Bohn via The Verge.

"In the early days, iTunes was simply a way to get music onto Apple's marquee product, the iPod music player," reports Snopes. "Users connected the iPod to a computer, and songs automatically synced -- simplicity unheard of at the time." It was the first service to make songs available for 99 cents apiece, and $9.99 for most albums -- convincing many people to buy music legally than seek out sketchy sites for pirated downloads. "But over time, iTunes software expanded to include podcasts, e-books, audiobooks, movies and TV shows," recalls Snopes. "In the iPhone era, iTunes also made backups and synced voice memos. As the software got bloated to support additional functions, iTunes lost the ease and simplicity that gave it its charm. And with online cloud storage and wireless syncing, it no longer became necessary to connect iPhones to a computer -- and iTunes -- with a cable."

What did you like or dislike about iTunes? When you look back at the media player, what are you reminded of?

iPhone users in Hong Kong have noticed a change in the latest version of iOS: the Flag for Taiwan emoji is missing. From a report: Previously restricted on Chinese iOS devices, all other regions of the world have continued to enjoy access to all flags in the iOS emoji font, until now. The change, first discovered by iOS Developer Hiraku Wang, means that users with an iOS device region set to Hong Kong will see one less flag on the emoji keyboard than if the region is set to anywhere else in the world (other than China mainland, which also hides this flag). Notably, the emoji Flag: Taiwan is still supported by iOS in Hong Kong. As of iOS 13.1.2, released last week, this is now hidden from the emoji keyboard but remains available by other means. Apple's Hong Kong approach differs from the complete ban on the emoji in China. Any iPhone purchased in China, or purchased elsewhere with the region set to China mainland, replaces the flag of Taiwan with a missing character tofu so it cannot be used or displayed in any app, even via copy and paste.

It's happening a little later in the season than usual, but Apple's latest version of macOS is available to download today. From a report: Catalina arrives on the heels of iOS 13, which saw several back-to-back updates after an initially rough launch. For what it's worth, I've been using successive versions of the Catalina beta as my daily driver for months now and can assure you that the latest build is stable enough to safely install. [...] Speaking of games, today also marks the first time that Catalina beta users will have been able to play Apple Arcade games. If you're wondering how the heck you'll play those titles from your Mac, it's worth a reminder that many Arcade games support Xbox and PlayStation controllers.

Also new in this release: As you browse episodes in the podcast app, you'll see avatars for guests and hosts. Apple also says it's made some small usability tweaks to Sidecar, the feature that allows you to use an iPad as a secondary Mac display. You'll also notice more promotional Apple TV+ material in the new TV app, which makes sense -- the streaming service launches November 1st. It'll cost $4.99 a month, but Apple is offering a free year with the purchase of a new Mac, iPhone, iPad or Apple TV. Further reading: Apple's MacOS Catalina Opens Up To iPad Apps; Apple Will Permanently Remove Dashboard In macOS Catalina; Apple Replaces Bash With Zsh as the Default Shell in macOS Catalina; and Apple Finally Kills iTunes.

The U.S. Supreme Court on Monday refused to hear a bid by the University of Wisconsin's patent licensing arm to reinstate its legal victory against Apple in a fight over computer processor technology that the school claimed the company used without permission in certain iPhones and iPads. From a report: The justices, on the first day of their new term, declined to review a lower court's 2018 decision to throw out the $506 million in damages that Apple was ordered to pay after a jury in 2015 decided the company infringed the university's patent. The licensing body, the Wisconsin Alumni Research Foundation (WARF), filed suit in 2014, alleging infringement of a 1998 patent on a "predictor circuit" to help speed the way processors carry out computer program instructions. The patent was developed by computer science professor Gurindar Sohi and three of his students at the university, located in Madison, Wisconsin. WARF, which helps patent and commercialize the university's inventions, claimed that Apple incorporated the technology in its A7, A8 and A8X processors, found in the iPhone 5s, 6 and 6 Plus, as well as several versions of the iPad tablet. Apple disputed the claims, saying its processor worked differently based on the specific language spelled out in WARF's patent.

ugen (Slashdot reader #93,902) writes: Something I discovered today, while trying to change a MAC address on a new MacBook Air (as I did for years on other MacBooks): ifconfig en0 ether "new mac" no longer works. It appears that this is a change made sometime last year, applicable to all Apple newer MacBooks.

Implications of permanently fixed MAC addresses on privacy and security are hard to underestimate. Given that Windows now supports complete Wifi MAC address randomization — I am sad to admit that Microsoft looks like a champion of privacy here. What are your thoughts? Solutions anyone knows of (I'll take a reasonable technical hack).

Here are a few mentions of this elsewhere:
Mac Rumors forums
The GitHub repo for SpoofMAC
A discussion on Stack Overflow
I've seen other theories about what's going on, though the bigger question is still what's the solution? Leave your own thoughts and suggestions in the comments.

And did MacOS stop allowing changes to wifi MAC addresses?

UPDATE (10/4/2019): "Apple has reportedly reversed its decision to ban the app HKmap.live," reports BoingBoing.

Apple had banned the app, which allows Hong Kong protesters to track protests and police movements in the city state, despite increasing international condemnation against the violence used by the authorities, MacRumors had reported: According to The Register, Apple has told the makers of the HKmap Live app that it can't be allowed in the App Store because it helps protestors to evade the police. "Your app contains content - or facilitates, enables, and encourages an activity - that is not legal ... specifically, the app allowed users to evade law enforcement," the American tech giant told makers of the HKmap Live on Tuesday before pulling it. Opposition to the Chinese state and the Hong Kong authorities has grown louder, driven by an escalation in violence against protesters over the past week. On Wednesday, thousands of people took to the streets of Hong Kong to denounce the shooting of an unarmed teenage student by police. Tsang Chi-kin was shot in the chest at point-blank range on Tuesday. He remains in hospital in stable but critical condition after surgery to remove the bullet, which narrowly missed his heart.

An anonymous reader writes: "DDoS-for-hire services, also known as DDoS booters, or DDoS stressors, are abusing macOS systems to launch DDoS attacks," reports ZDNet. "These attacks are leveraging macOS systems where the Apple Remote Desktop feature has been enabled, and the computer is accessible from the internet, without being located inside a local network, or protected by a firewall. More specifically, the attackers are leveraging the Apple Remote Management Service (ARMS) that is a part of the Apple Remote Desktop (ARD) feature. When users enable the Remote Desktop capability on their macOS systems, the ARMS service starts on port 3283 and listens for incoming commands meant for the remote Mac." Hackers have figured out a way to bounce traffic off these ports and carry out DDoS attacks with the help of internet connected Macs. Nearly 40,000 macOS systems are currently connected online and can be used to send out DDoS attacks.

According to Apple analyst Ming-Chi Kuo, Apple is expected to launch the next version of the iPhone SE 2 in the first quarter of 2020. "The new phone will be more affordable than the rest of the Apple iPhone lineup and feature newer internals, like an A13 processor with 3GB RAM, in a familiar iPhone 8 chassis," reports 9to5Mac. From the report: Kuo says that most of the new iPhone SE's hardware specification will mirror the iPhone 8. The analyst predicts Apple will sell 30-40 million units across 2020. The Q1 timeframe lines up with a previous report from Nikkei, which said to expect a cheaper iPhone with iPhone 8-esque design in the spring. This would mean it would feature a 4.7-inch LCD display and Touch ID home button. Kuo does not predict an exact price for the new phone. Before the 4-inch iPhone SE was discontinued, Apple sold it for $349 in a 32 GB storage configuration.

The current iPhone product range at Apple stores spans the iPhone 11 series, iPhone XR and the iPhone 8 and iPhone 8 Plus. The 4.7-inch iPhone 8 is currently on sale for $449 for 64 GB. Presumably, when the new SE launches, Apple will stop selling the iPhone 8 altogether. Given the current pricing of the 8, you could easily see how Apple could sell an iPhone SE 2 32 GB for around the same price as the old SE, in the $349-$399 range.