An anonymous reader quotes a report from TechCrunch: Apple is telling app developers to remove or properly disclose their use of analytics code that allows them to record how a user interacts with their iPhone apps -- or face removal from the app store, TechCrunch can confirm. In an email, an Apple spokesperson said: "Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity." "We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary," the spokesperson added.

It follows an investigation by TechCrunch that revealed major companies, like Expedia, Hollister and Hotels.com, were using a third-party analytics tool to record every tap and swipe inside the app. We found that none of the apps we tested asked the user for permission, and none of the companies said in their privacy policies that they were recording a user's app activity. Even though sensitive data is supposed to be masked, some data -- like passport numbers and credit card numbers -- was leaking.

Apple on Thursday released iOS 12.1.4, an iPhone update that fixes a Group FaceTime bug that allowed users to eavesdrop on each other. The update is a available for the iPhone 5S and later, iPad Air and later, and iPod touch 6th generation. From a report: Last week, Apple turned off Group FaceTime after a bug was identified that allowed iPhone users to call another device via the FaceTime video chat service and hear audio on the other end before the recipient had answered the call. It essentially turned any iPhone into a hot mic without the user's knowledge. Apple on Friday said it'd fixed the vulnerability on its servers and that it'd issue a software update to re-enable Group FaceTime. Apple also apologized to users who were affected and said it takes the security of its products "extremely seriously."

In the release notes for Safari 12.1, the new version of Apple's browser installed in iOS 12.2, Apple says that it is removing support for the "Do Not Track" feature, which is now outdated. From a news writeup: "Removed support for the expired Do Not Track standard to prevent potential use as a fingerprinting variable," the release note reads. The same feature was also removed from Safari Technology Preview today, Apple's experimental macOS browser, and it is not present in the macOS 10.14.4 betas. According to Apple, Do Not Track is "expired" and support is being eliminated to prevent its use as, ironically, a fingerprinting variable for tracking purposes. It is entirely up to the advertising companies to comply with the "Do Not Track" messaging, and it has no actual function beyond broadcasting a user preference.

Linuz Henze, a credible researcher, has revealed an exploit that in a single button press can reveal the passwords in a Mac's keychain. From a report: Keychain is where macOS stores most of the passwords used on the machine, ranging from iMessage private encryption keys to certificates, secured notes, Wi-Fi, and other Apple hardware passwords, app passwords, and web passwords. A pre-installed app called Keychain Access enables users to view the entire list of stored items, unlocking each one individually by repeatedly entering the system password, but Henze's KeySteal exploit grabs everything with a single press of a "Show me your secrets" button.

While the demo is run on a 2014 MacBook Pro without Apple's latest security chips, Henze says that it works "without root or administrator privileges and without password prompts, of course." It appears to work on the Mac's login and system keychains, but not iCloud's keychain. Generally, white hat security researchers publicly reveal flaws like this only after informing the company and giving it ample time to fix the issues. But Henze is refusing to assist Apple because it doesn't offer paid bug bounties for macOS.

Apple has reached a deal with French authorities to pay an undeclared amount of back-dated tax. While the amount isn't disclosed, French media suggest the sum is around $571 million (500 million euros). MacRumors reports: France has been working diligently to stop tech companies like Apple from exploiting tax loopholes in the country. The loopholes are said to have allowed Apple to "minimize taxes and grab market share" at the expense of Europe-based companies. French President Emmanuel Macron is one of the leaders behind the tax crackdown on international tech companies, with a goal of bringing a more unified corporate tax system across the nineteen euro area states.

As noted by iPhon.fr, Apple and French tax authorities reached the agreement for the payment of several years of unpaid taxes in December, according to French newspaper L'Expansion. The agreement followed a meeting in October between Apple CEO Tim Cook and President Macron, in which both reportedly agreed that a solution would ultimately be enacted by the European Union rather than France.

There are no 5G iPhones, and there probably won't be 5G iPhones for a while. But that isn't stopping Apple and AT&T: they are reportedly rolling out AT&T's fake "5G E" branding with its upcoming iOS 12.2 update. From a report: Much like when the two companies pulled this scam with 4G and LTE back in 2012, if you can't beat them, you roll out a software update to make it look like you did even though the phones and network are still exactly the same. Multiple users on Twitter are now reporting that they're seeing the new 5G E icon on devices running the latest iOS 12.2 beta 2, which was released earlier today. The new icon isn't there for everyone, presumably because it will only appear in cities where AT&T's 5G Evolution network -- the company's intentionally misleading name for its LTE network that it seems to hope customers will confuse for actual, next-generation 5G networks -- is active.

Grant Thompson, the teenager that reported the FaceTime bug last week, will be eligible for the Apple bug bounty program. "Apple's bug bounty system is typically invite-only and limited to specific categories of security flaws, like accessing iCloud account data or demonstrating ways for iPhone apps to escape the security sandbox of iOS," reports 9to5Mac. "It appears the company is making an exception here given the embarrassingly public nature of the case, although further details about the reward have yet to be discussed." From the report: The FaceTime bug that made waves as result of 9to5Mac's coverage last week was actually first reported to Apple by Grant Thompson and his mother in Arizona a week earlier. However, deficiencies in the Apple bug reporting process meant that the report was not acted upon by the company. Instead, the teenager made headlines when his mother shared their Apple communications on Twitter. Their claims were later proved to be legitimate.

Around January 22, Apple Support directed them to file a Radar bug report, which meant the mother had to first register a developer account as an ordinary customer. Even after following the indicated steps, it does not appear that Apple's product or engineering teams were aware of the problem until its viral explosion a week later. CNBC reports that an unnamed "high-level Apple executive" met with the Thompsons at their home in Tucson, Arizona on Friday. They apparently discussed how Apple could improve its bug reporting process and indicated that Grant would be eligible for the Apple bug bounty program.

2018 was the worst year ever for smartphone shipments, according to the latest figures from research firm IDC. It means Apple isn't the only company fighting to keep people interested in buying new phones every year. From a report: IDC said 1.4 billion smartphones were sold in 2018, marking a 4.1 percent decline for the year in an industry that's accustomed to rapid growth. In 2014, as well, 1.4 billion phones were shipped, which means the industry seems to have regressed about 5 years. Shipments shrank 4.9 percent for the fourth quarter of 2018, IDC said. Apple said earlier this week that iPhone revenues were 15 percent lower than last year. CEO Tim Cook said the strengthened dollar, an economic slowdown in China, lower subsidies on phones and its battery replacement program contributed to the drop in sales. Samsung phone shipments declined 5.5 percent and Apple's slipped 11.5 percent during the quarter, IDC said. But Huawei, which was able to capitalize on China, saw a 33.6 percent bump in shipments. Chinese vendors Oppo and Xiaomi also increased shipments, IDC said.

An anonymous reader shares a report: Contrary to popular Anglocentric belief, English isn't the world's most-spoken language by total number of native speakers -- nor is it the second. In fact, the West Germanic tongues rank third on the list, followed by Hindi, Arabic, Portuguese, Bengali, and Russian. (Mandarin and Spanish are first and second, respectively.) Surprisingly, Google Assistant, Apple's Siri, Amazon's Alexa, and Microsoft's Cortana recognize only a relatively narrow slice of these.

Google Assistant: With the addition of more than 20 new languages in January, the Google Assistant took the crown among voice assistants in terms of the number of tongues it understands. It's now conversant in 30 languages in 80 countries, up from 8 languages and 14 countries in 2017.
Apple's Siri: Apple's Siri, which until January had Google Assistant beat in terms of sheer breadth of supported languages, comes in a close second. Currently, it supports 21 languages in 36 countries and dozens of dialects for Chinese, Dutch, English, French, German, Italian, and Spanish.
Microsoft's Cortana: Cortana, which made its debut at Microsoft's Build developer conference in April 2013 and later came to Windows 10, headphones, smart speakers, Android, iOS, Xbox One, and even Alexa via a collaboration with Amazon, might not support as many languages as Google Assistant and Siri. Still, it has come a long way in six years.
Amazon's Alexa: Alexa might be available on over 150 products in 41 countries, but it understands the fewest languages of any voice assistant: English (Australia, Canada, India, UK, and US), French (Canada, France), German, Japanese (Japan), and Spanish (Mexico, Spain).
Samsung's Bixby: Samsung's Bixby -- the assistant built into the Seoul, South Korea company's flagship and midrange Galaxy smartphone series and forthcoming Galaxy Home smart speaker -- is available in 200 markets globally but only supports a handful of languages in those countries: English, Chinese, German, French, Italian, Korean, and Spanish.

A 13-year-old boy visiting family in Indiana has been charged with "intimidation", according to the Northwest Indiana Times: The boy allegedly said to Siri, iPhone's voice assistant, "I am going to shoot up a school," according to a news release from the Valparaiso Police Department. Siri then replied with a list of multiple Valparaiso schools near his location. The boy, identified as a Chesterton Middle School student, posted a screenshot of the inquiry and response on social media, which was reported to Chesterton police by the boy's social media contacts.

Chesterton police then contacted the Valparaiso Police Department, which launched an investigation into the possible threat. Valparaiso officers determined the boy made no direct threat to a specific person, school or school system and that he had no access to weapons -- ultimately stating the picture was posted on social media as a joke. "The threat is not believed to be credible at this time; however, these types of communications are taken very seriously by the Valparaiso Police Department and our community," police stated in a news release.
A 14-year-old was also taken into custody, and is also being held in a juvenille detention center, facing charges of intimidation and "criminal recklessness with a handgun" over related photographs with weapons.

"Come on kids. It isn't funny..." reads one comment on the police department's Facebook page. "How many of you are going to be detained before you realize it?"

"Thank you for taking it seriously, and prosecuting it accordingly," added another commenter. "'I was joking' is not a defense. Hopefully juvie knocks some sense into this kid."

"I hope he's prosecuted for this! Totally not funny and as a parent I'm taking any threats against schools serious!" reads another comment -- though at least one person directed their scorn somewhere else.

"Sounds like Siri needs to be re-programmed."

The Apple executive who led the Siri team since 2012 has been removed as head of the project in a sweeping strategy shift favoring long-term research. Apple Insider reports: The Information reports Apple executive Bill Stasior is no longer in charge of Apple's virtual assistant team, though the executive is still employed at the company. Apple SVP of machine learning and AI strategy John Giannendrea reportedly made the decision in an attempt to shift the Siri program toward research rather than incremental updates. Giannandrea is anticipated to start a search for a new head of Siri, the report said.

Hired by former Apple executive Scott Forstall to run point on Siri, Stasior was previously attached to Amazon's A9 search arm. Stasior's removal as head of Siri comes at a critical point in the voice-enabled assistant's timeline. The first AI assistant to see wide adoption thanks to its inclusion in 2011's iPhone 4S, Siri's capabilities have fallen behind competing systems marketed by Amazon and Google. Apple is looking to Giannandrea to rectify the situation. Hired early last year, Giannandrea previously worked on artificial intelligence projects at Google. In December, he was promoted to SVP and put in charge of Apple's AI and Machine Learning programs, including Core ML and Siri.

After resisting local government's mandates for years, Apple appears to have agreed to store Russian citizens' data within the country, a report says. From a report: According to a Foreign Policy report, Russia's telecommunications and media agency Roskomnadzor has confirmed that Apple will comply with the local data storage law, which appears to have major implications for the company's privacy initiatives. Apple's obligations in Russia would at least parallel ones in China, which required it turn over Chinese citizens' iCloud data to a partially government-operated data center last year. In addition to processing and storing Russian citizens' data on servers physically within Russia, Apple will apparently need to decrypt and produce user data for the country's security services as requested.

A new website exposes the extent to which Apple cooperates with Chinese government internet censorship, blocking access to Western news sources, information about human rights and religious freedoms, and privacy-enhancing apps that would circumvent the country's pervasive online surveillance regime. The Intercept: The new site, AppleCensorship.com , allows users to check which apps are not accessible to people in China through Apple's app store, indicating those that have been banned. It was created by researchers at GreatFire.org, an organization that monitors Chinese government internet censorship. In late 2017, Apple admitted to U.S. senators that it had removed from its app store in China more than 600 "virtual private network" apps that allow users to evade censorship and online spying. But the company never disclosed which specific apps it removed -- nor did it reveal other services it had pulled from its app store at the behest of China's authoritarian government.

Apple said Friday morning that it had a fix for a bug discovered in Apple's video and audio chat service FaceTime this week, which had allowed callers to access the microphone and front-facing video camera of the person they were calling, even if that person hadn't picked up. The security issue is fixed on its servers, the company said, but the iPhone software update to re-enable the feature for users won't be rolled out until next week. From a report: "We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week," Apple said in an emailed statement to BuzzFeed News. "We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone's patience as we complete this process."

schwit1 shares a report from Bloomberg: An Apple hardware engineer was charged by the U.S. with stealing the iPhone maker's driverless car secrets for a China-based company, the second such case since July amid an unprecedented crackdown by the Trump administration on Chinese corporate espionage. Jizhong Chen was seen by a fellow Apple employee taking photographs Jan. 11 with a wide-angle lens inside a secure work space that houses the company's autonomous car project, about six months after he signed a strict confidentiality oath when he was hired, according to a criminal complaint in federal court in San Jose, California. Prosecutors said Chen admitted to taking the photos and backing up some 2,000 files to his personal hard drive, including manuals and schematics for the project, but didn't tell Apple he had applied for a job with a China-based autonomous vehicle company.

Apple has now shut down Google's ability to distribute its internal iOS apps, following a similar shutdown that was issued to Facebook earlier this week. From a report: A person familiar with the situation tells The Verge that early versions of Google Maps, Hangouts, Gmail, and other pre-release beta apps have stopped working today, alongside employee-only apps like a Gbus app for transportation and Google's internal cafe app. UPDATE: Apple has restored Google's Enterprise Certificate so its internal apps will now function.

A lawyer in Houston has filed a lawsuit against Apple over a security vulnerability that let people eavesdrop on iPhones using FaceTime. "His lawsuit, filed Monday in Harris County, Texas, alleges that Apple 'failed to exercise reasonable care' and that Apple 'knew, or should have known, that its Product would cause unsolicited privacy breaches and eavesdropping,'" reports CNBC. "It alleged Apple did not adequately test its software and that Apple was 'aware there was a high probability at least some consumers would suffer harm.'" From the report: The suit says that Williams was "undergoing a private deposition with a client when this defective product breached allowed for the recording" of the conversation. Williams claimed this caused "sustained permanent and continuous injuries, pain and suffering and emotional trauma that will continue into the future" and that Williams "lost ability to earn a living and will continued to be so in the future." The lawsuit also says that iOS 12.1, the latest major release of the iPhone operating system, was defective and "unreasonable dangerous" and that Apple "failed to provide adequate warnings to avoid the substantial danger" posed by the security flaw. Williams is seeking compensatory and punitive damages as a result of the exploit.

Apple plans to launch iPhones with a more-powerful 3-D camera as soon as next year, stepping up the company's push into augmented reality, Bloomberg reported Wednesday. From the report: The rear-facing, longer-range 3-D camera is designed to scan the environment to create three-dimensional reconstructions of the real world. It will work up to about 15 feet from the device, the people said. Apple's new system uses a laser scanner, rather than the existing dot-projection technology which doesn't work as well over longer distances, according to the people, who asked not to be identified discussing unreleased features. That's just one of many new features -- including a third, more advanced camera, enhanced photo-capture tools and a more powerful chip -- that Apple plans to include in coming generations of iPhones, the people said.

[...] For 2019, Apple plans successors to the iPhone XS and iPhone XS Max -- code-named D42 and D43 -- and an update to the iPhone XR, said the people. The larger of the new high-end iPhones will have three cameras on the back, and other handsets could eventually come with the upgraded system, too, the people said. [...] Apple's next operating system update, iOS 13, will include a dark mode option for easier nighttime viewing and improvements to CarPlay, the company's in-vehicle software.

Facebook is not the only one abusing Apple's system for distributing employee-only apps to sidestep the App Store and collect extensive data on users. Google has been running an app called Screenwise Meter, which bears a strong resemblance to the app distributed by Facebook Research that has now been barred by Apple, TechCrunch reported Wednesday. From the report: In its app, Google invites users aged 18 and up (or 13 if part of a family group) to download the app by way of a special code and registration process using an Enterprise Certificate. That's the same type of policy violation that led Apple to shut down Facebook's similar Research VPN iOS app, which had the knock-on effect of also disabling usage of Facebook's legitimate employee-only apps -- which run on the same Facebook Enterprise Certificate -- and making Facebook look very iffy in the process. It needs to be pointed out that Google's app is relatively transparent about what it does and who runs it.

Reuters reports: A team of former U.S. government intelligence operatives working for the United Arab Emirates hacked into the iPhones of activists, diplomats and rival foreign leaders with the help of a sophisticated spying tool called Karma, in a campaign that shows how potent cyber-weapons are proliferating beyond the world's superpowers and into the hands of smaller nations. The cyber tool allowed the small Gulf country to monitor hundreds of targets beginning in 2016, from the Emir of Qatar and a senior Turkish official to a Nobel Peace laureate human-rights activist in Yemen, according to five former operatives and program documents reviewed by Reuters. The sources interviewed by Reuters were not Emirati citizens.

Karma was used by an offensive cyber operations unit in Abu Dhabi comprised of Emirati security officials and former American intelligence operatives working as contractors for the UAE's intelligence services. The existence of Karma and of the hacking unit, code named Project Raven, haven't been previously reported. Raven's activities are detailed in a separate story published by Reuters today. The ex-Raven operatives described Karma as a tool that could remotely grant access to iPhones simply by uploading phone numbers or email accounts into an automated targeting system. The tool has limits -- it doesn't work on Android devices and doesn't intercept phone calls. But it was unusually potent because, unlike many exploits, Karma did not require a target to click on a link sent to an iPhone, they said.