An anonymous reader quotes a report from Krebs On Security: The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner's phone number if the AirTag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page -- or to any other malicious website. The AirTag's "Lost Mode" lets users alert Apple when an AirTag is missing. Setting it to Lost Mode generates a unique URL at https://found.apple.com/ and allows the user to enter a personal message and contact phone number. Anyone who finds the AirTag and scans it with an Apple or Android phone will immediately see that unique Apple URL with the owner's message.

When scanned, an AirTag in Lost Mode will present a short message asking the finder to call the owner at at their specified phone number. This information pops up without asking the finder to log in or provide any personal information. But your average Good Samaritan might not know this. That's important because Apple's Lost Mode doesn't currently stop users from injecting arbitrary computer code into its phone number field -- such as code that causes the Good Samaritan's device to visit a phony Apple iCloud login page. The vulnerability was discovered and reported to Apple by Bobby Rauch, a security consultant and penetration tester based in Boston. Rauch told KrebsOnSecurity the AirTag weakness makes the devices cheap and possibly very effective physical trojan horses.

According to new research published this week in American Heart Association Journal, Apple Watch can detect arrhythmias other than Atrial Fibrillation (AFib). The Apple watch irregular pulse detection algorithm was found to have a positive predictive value of 0.84 for the identification of atrial fibrillation (AFib). MyHealthyApple reports: The Apple Heart Study investigated a smartwatch-based irregular pulse notification algorithm to identify AFib. For this secondary analysis, the researchers analyzed participants who received an ambulatory ECG patch after index irregular pulse notification. Among 419,297 participants enrolled in the Apple Heart Study, 450 participant ECG patches were analyzed, with no AF on 297 ECG patches (66%). Non-AF arrhythmias (excluding supraventricular tachycardias [less than] 30 beats and pauses [less than] 3 seconds) were detected in 119 participants (40.1%) with ECG patches without AFib. 76 participants (30.5%) reported subsequent AF diagnoses. In participants with an irregular pulse notification on the Apple Watch and no AF observed on ECG patch, atrial and ventricular arrhythmias, mostly PACs and PVCs, were detected in 40% of participants.

An anonymous reader shares a report from Daring Fireball, written by John Gruber: Chaim Gartenberg, writing for The Verge, "The Lightning Port Isn't About Convenience; It's About Control": "Notably absent from Apple's argument, though, is the fact that cutting out a Lightning port on an iPhone wouldn't just create more e-waste (if you buy Apple's logic) or inconvenience its customers. It also means that Apple would lose out on the revenue it makes from every Lightning cable and accessory that works with the iPhone, Apple-made or not -- along with the control it has over what kinds of hardware does (or doesn't) get to exist for the iPhone and which companies get to make them. Apple's MFi program means that if you want to plug anything into an iPhone, be it charger or adapter or accessory, you have to go through Apple. And Apple takes a cut of every one of those devices, too." Gartenberg summarizes a commonly-held theory here: that Apple is sticking with its proprietary Lightning port on iPhones because they profit from MFi peripherals. That it's a money grab.

I don't think this is the case at all. Apple is happy to keep the money it earns from MFi, of course. And they're glad to have control over all iPhone peripherals. But I don't think there's serious money in that. It's loose-change-under-the-couch-cushion revenue by Apple's astonishingly high standards. How many normal people do you know who ever buy anything that plugs into a Lightning port other than a USB cable? And Apple doesn't make more money selling their own (admittedly overpriced) Lightning cables to iPhone owners than they do selling their own (also overpriced) USB-C cables to iPad Pro and MacBook owners. My theory is that Apple carefully weighs the pros and cons for each port on each device it makes, and chooses the technologies for those ports that it thinks makes for the best product for the most people. "What makes sense for the goals of this product that we will ship in three years? And then the subsequent models for the years after that?" Those are the questions Apple product designers ask.

The sub-head on Gartenberg's piece is "The iPhone doesn't have USB-C for a reason". Putting that in the singular does not do justice to the complexity of such decisions. There are numerous reasons that the iPhones 13 still use Lightning -- and there are numerous reasons why switching to USB-C would make sense. The pro-USB-C crowd, to me, often comes across as ideological. I'm not accusing Gartenberg of this -- though it is his piece with the sub-head claiming there's "a" singular reason -- but many iPhones-should-definitely-use-USB-C proponents argue as though there are no good reasons for the iPhone to continue using Lightning. That's nonsense. To be clear, I'm neither pro-Lightning nor pro-USB-C. I see the trade-offs. If the iPhones 13 had switched to USB-C, I wouldn't have complained. But I didn't complain about them not switching, either. You'll note that in none of my reviews of iPad models that have switched from Lightning to USB-C in recent years have I complained about the switch. Apple, to my eyes, has been managing this well. But, if the iPhones 13 had switched to USB-C, you know who would have complained? Hundreds of millions of existing iPhone users who have no interest in replacing the Lightning cables and docks they already own. "In 15 generations of iPhones, Apple has changed the connector once. And that one time was a clear win in every single regard," adds Gruber. "Changing from Lightning to USB-C is not so clearly an upgrade at all. It's a sidestep."

Regardless of which side you take on this debate, it's inevitable that Apple iPhones will adopt USB-C. Last week, the executive arm of the European Union, the European Commission, announced plans to force smartphone and other electronics manufacturers to fit a common USB-C charging port on their devices. The rules are intended to cut down on electronic waste by allowing people to re-use existing chargers and cables when they buy new electronics. Unless Apple plans to skip out on the European market or pay a potentially steep fine for refusing to adopt the port, they'll likely give into the pressure and release a USB-C-equipped iPhone by the time this law goes into effect in late 2023 or 2024.

Alphabet unit Google on Monday blasted EU antitrust regulators for ignoring rival Apple as it launched a bid to get Europe's second-highest court to annul a record 4.34-billion euro ($5.1 billion) fine related to its Android operating system. From a report: Far from holding back rivals and harming users, Android has been a massive success story of competition at work, representatives of Google told a panel of five judges at the General Court at the start of a five-day hearing. The European Commission fined Google in 2018, saying that it had used Android since 2011 to thwart rivals and cement its dominance in general internet search. Regardless of how the court rules, Google, Apple, Amazon and Facebook will have to change their business models in the coming years to ensure a level playing field for rivals following tough new rules proposed by European Union antitrust chief Margrethe Vestager.

"The Commission shut its eyes to the real competitive dynamic in this industry, that between Apple and Android," Google's lawyer Meredith Pickford told the court. "By defining markets too narrowly and downplaying the potent constraint imposed by the highly powerful Apple, the Commission has mistakenly found Google to be dominant in mobile operating systems and app stores, when it was in fact a vigorous market disrupter," he said. Pickford said Android "is an exceptional success story of the power of competition in action."

When America's law enforcement investigators serve tech companies with subpoenas or search warrants,"the target of the investigation has no idea their data is being seized," the Washington Post pointed out this weekend.

It's becoming surprisingly common in the U.S. "And if investigators obtain a gag order, the records must be handed over without the person's knowledge or consent — depriving the person of an opportunity to challenge the seizure in court." Every year, Facebook, Google and other technology companies receive hundreds of thousands of orders from law enforcement agencies seeking data people stash online: private messages, photos, search histories, calendar items — a potentially rich trove for criminal investigators. Often, those requests are accompanied by secrecy orders, also known as nondisclosure or gag orders, that require the tech companies to keep their customers in the dark, potentially for years...

In the last six months of 2020, Facebook received 61,262 government requests for user data in the United States, said spokesman Andy Stone. Most — 69 percent — came with secrecy orders. Meanwhile, Microsoft has received between 2,400 and 3,500 secrecy orders from federal law enforcement each year since 2016 — or seven to 10 per day — according to congressional testimony by vice president of customer security and trust Tom Burt. Google and Apple declined to disclose the number of gag orders they've received. But in the first half of 2020, Google said U.S. law enforcement made 39,536 requests for information about 84,662 accounts — with many of the requests targeting multiple accounts. Apple said it received 11,363 requests...

Under the 1986 Electronic Communications Privacy Act, federal prosecutors are required to seek digital information from tech companies, not their customers. Since then, prosecutors have routinely used gag orders to prevent the companies from spilling the beans to suspects who might destroy evidence, go into hiding or threaten someone's life. But the practice has mushroomed over the past two decades, part of a broader surveillance ramp-up following the Sept. 11, 2001, terrorist attacks, lawyers said. As the orders have proliferated, privacy advocates and the tech companies themselves have become increasingly concerned. Some tech company officials have accused prosecutors of reflexively requesting gag orders for routine investigations, regardless of whether the cases actually require such secrecy. And an array of company officials and legal experts argue that the practice robs tech company customers of their constitutional protections against unreasonable search and seizure.

"Across all the rest of society, it's understood that government doesn't get to take your stuff, doesn't get to come in and into your house, doesn't get to break into your file folders or your lock box at the bank without a warrant. And you get to know about that warrant and you get to exercise your legal rights," Microsoft's Burt said in an interview. "Someone cannot exercise their Fourth Amendment rights when their data has been taken in secret."
U.S. lawmakers are considering changes, the article points out. One idea? Require tech companies "to preserve digital files that are the subject of court orders and permit customers to challenge the orders in court before the information is turned over to prosecutors."

Senator Ron Wyden of Oregon points out that's how wiretaps currently work — and is also drafting a measure that would finally require federal courts to publish statistics on the number of surveillance and secrecy orders they've issued.

EFF.org has the story: For the last month, civil liberties and human rights organizations, researchers, and customers have demanded that Apple cancel its plan to install photo-scanning software onto devices. This software poses an enormous danger to privacy and security. Apple has heard the message, and announced that it would delay the system while consulting with various groups about its impact. But in order to trust Apple again, we need the company to commit to canceling this mass surveillance system.

The delay may well be a diversionary tactic. Every September, Apple holds one of its big product announcement events, where Apple executives detail the new devices and features coming out. Apple likely didn't want concerns about the phone-scanning features to steal the spotlight.

But we can't let Apple's disastrous phone-scanning idea fade into the background, only to be announced with minimal changes down the road. To make sure Apple is listening to our concerns, EFF turned to an old-school messaging system: aerial advertising.

During Apple's event, a plane circled the company's headquarters carrying an impossible-to-miss message: "Apple, don't scan our phones!" The evening before Apple's event, protestors also rallied nationwide in front of Apple stores. The company needs to hear us, and not just dismiss the serious problems with its scanning plan. A delay is not a cancellation, and the company has also been dismissive of some concerns, referring to them as "confusion" about the new features.

Apple's iMessage is one of the preeminent end-to-end encrypted chat clients. End-to-end encryption is what allows users to exchange messages without having them intercepted and read by repressive governments, corporations, and other bad actors. We don't support encryption for its own sake: we fight for it because encryption is one of the most powerful tools individuals have for maintaining their digital privacy and security in an increasingly insecure world.

Now that Apple's September event is over, Apple must reach out to groups that have criticized it and seek a wider range of suggestions on how to deal with difficult problems, like protecting children online...

The world, thankfully, has moved towards encrypted communications over the last two decades, not away from them, and that's a good thing. If Apple wants to maintain its reputation as a pro-privacy company, it must continue to choose real end-to-end encryption over government demands to read user's communication.

Privacy matters now more than ever. It will continue to be a selling point and a distinguishing feature of some products and companies. For now, it's an open question whether Apple will continue to be one of them.

A security researcher has published details about three iOS zero-day vulnerabilities, claiming that Apple has failed to patch the issues, which they first reported to the company earlier this year. From a report: Going by the pseudonym of Illusion of Chaos, the researcher has published their findings on Russian blogging platform Habr and has released proof-of-concept code for each vulnerability on GitHub. This includes:

1. A vulnerability in the Gamed daemon that can grant access to user data such as AppleID emails, names, auth token, and grant file system access.

2. A vulnerability in the nehelper daemon that can be used from within an app to learn what other apps are installed on a device.

3. An additional vulnerability in the nehelper daemon can also be used from within an app to gain access to a device's WiFi information.

The European Commission, the executive arm of the European Union, has announced plans to force smartphone and other electronics manufacturers to fit a common USB-C charging port on their devices. From a report: The proposal is likely to have the biggest impact on Apple, which continues to use its proprietary Lightning connector rather than the USB-C connector adopted by most of its competitors. The rules are intended to cut down on electronic waste by allowing people to re-use existing chargers and cables when they buy new electronics. In addition to phones, the rules will apply to other devices like tablets, headphones, portable speakers, videogame consoles, and cameras. Manufacturers will also be forced to make their fast-charging standards interoperable, and to provide information to customers about what charging standards their device supports. Under the proposal, customers will be able to buy new devices without an included charger. The proposals only cover devices using wired, not wireless, chargers, EU commissioner Thierry Breton said in a press conference, adding that "there is plenty of room for innovation on wireless." A spokesperson for the Commission subsequently confirmed to The Verge that a USB-C port is only mandatory for devices that charge using a cable. But, if a device charges exclusively via wireless, like Apple's rumored portless iPhone, there'd be no requirement for a USB-C charging port.

Apple CEO Tim Cook has warned employees about leaking company information. Cook's memo: Dear Team,

It was great to connect with you at the global employee meeting on Friday. There was much to celebrate, from our remarkable new product line-up to our values driven work around climate change, racial equity, and privacy. It was a good opportunity to reflect on our many accomplishments and to have a discussion about what's been on your mind.

I'm writing today because I've heard from so many of you were incredibly frustrated to see the contents of the meeting leak to reporters. This comes after a product launch in which most of the details of our announcements were also leaked to the press.

I want you to know that I share your frustration. These opportunities to connect as a team are really important. But they only work if we can trust that the content will stay within Apple. I want to reassure you that we are doing everything in our power to identify those who leaked. As you know, we do not tolerate disclosures of confidential information, whether it's product IP or the details of a confidential meeting. We know that the leakers constitute a small number of people. We also know that people who leak confidential information do not belong here.

As we look forward, I want to thank you for all you've done to make our products a reality and all you will do to get them into customers' hands. Yesterday we released iOS 15, iPadOS 15, and watchOS 8, and Friday marks the moment when we share some of our incredible new products with the world. There's nothing better than that. We'll continue to measure our contributions in the lives we change, the connections we foster, and the work we do to leave the world a better place.

Apple plans to keep Fortnite off of its App Store until appeals are exhausted in its legal battle with Epic Games, the maker of the popular battle-royale game. From a report: Apple sent a letter to Epic Tuesday saying that it "will not consider any further requests for reinstatement until the district court's judgment becomes final and nonappealable." The letter, sent to Epic's lawyers from a firm representing Apple, was published on Twitter by Epic Chief Executive Officer Tim Sweeney. That process could take five years, he said. Epic sued Apple in August 2020 after the iPhone-maker removed Fortnite from its App Store, citing a workaround that circumvented Apple's commission on purchases.

Apple is working on ways to help detect and diagnose conditions such as depression, anxiety and cognitive decline using an iPhone, WSJ is reporting. Techcrunch: Researchers hope that analysis of data such as mobility, sleep patterns and how people type could spot behaviors associated with those conditions, according to The Wall Street Journal. ther measurements could include facial expression analysis and heart and respiration rates. All of the processing would take place on the device, with no data sent to Apple servers. The company is working on research projects that could lead to the development of these features. The University of California, Los Angeles, is studying stress, anxiety and depression, with Apple Watch and iPhone data for 3,000 volunteers being tracked in a study that starts this year. A pilot phase that began in 2020 recorded data from 150 participants.

The European Commission will on Thursday present a legislative proposal for a common charger for mobile phones, tablets and headphones, a move likely to affect iPhone maker Apple more than its rivals, Reuters reported on Tuesday, citing a person familiar with the matter. From the report: The European Union executive and EU lawmakers have been pushing for a common charger for over a decade, saying it would be better for the environment and more convenient for users. The Commission wants the sale of chargers to be decoupled from devices, and also propose a harmonised charging port, the person said. Apple, whose iPhones are charged from its Lightning cable, has said rules forcing connectors to conform to one type could deter innovation, create a mountain of electronic waste and irk consumers.

On the day Apple released iOS 15, a Spanish security researcher disclosed an iPhone lock screen bypass that can be exploited to grant attackers access to a user's notes. From a report: In an interview with The Record, Jose Rodriguez said he published details about the lock screen bypass after Apple downplayed similar lock screen bypass issues he reported to the company earlier this year. "Apple values reports of issues like this with up to $25,000 but for reporting a more serious issue, I was awarded with $5,000," the researcher wrote on Twitter last week. [...] Because of the unprofessional way Apple handled his bug report, the researcher published today a variation of the same bypass, but this time one that uses the Apple Siri and VoiceOver services to access the Notes app from behind the screen lock. Further reading: Apple Pays Hackers Six Figures To Find Bugs in Its Software. Then It Sits On their Findings.

em1ly shares a report from Motherboard, which obtained leaked training videos Apple made for its authorized repair partners, showing how the company trains repair technicians to undermine third party companies and talk customers into buying more expensive first party repairs. From the report: "I cracked the glass on my phone and I'm comparing costs. How much for just that part?" One man acting the part of the customer asks in one of the videos.
"I can show you the cost for just the part before we begin," another man, playing the part of repair technician says.
"Whoa," the customer says, holding out his hands. "That's way more than the shop down the street. Why is it so expensive here?"
"This quote's for a genuine Apple part," the technician says.
"What do you mean by genuine?" the customer asks, his hands making scare quotes. "I'd like to save some money. Aren't they really the same part?"

After this, the technician launches into an explanation of why it's best for people to replace broken iPhone parts with genuine Apple products. "A genuine Apple part has to pass AppleCare engineering criteria," the technician says, explaining that a screen from Apple will be tested as if it had just come off the factory floor. "With a genuine Apple display, all the features you've come to rely on behave seamlessly...that's not the case with third party displays."

Six of the eight videos are dedicated to training repair techs on how to deal with customers worried about the huge costs of repairing an Apple device. One three-minute video is dedicated to helping customers understand why a genuine Apple screen is often better than one from a third party.

Apple today released iOS 15 and iPadOS 15, the newest operating system updates designed for the iPhone, iPad, and iPod touch. From a report: As with all of Apple's software updates, iOS and iPadOS 15 can be downloaded at no cost. iOS 15 is available on the iPhone 6s and later while iPadOS 15 is available on the iPad Air 2 and later. The new software can be downloaded on eligible devices over-the-air by going to Settings - General - Software Update. It may take a few minutes for the updates to propagate to all users due to high demand.

A new Focus mode cuts down on distractions by limiting what's accessible and who can contact you, and notifications can now be grouped up in daily summaries. There's an option for a new Safari design that moves the tab bar to the bottom of the interface, and Tab Groups keep all of your tabs organized. Maps has been overhauled with even more detail, a 3D view in major cities, a globe view, improved transit, a close-up driving view when navigating complicated routes, and AR walking directions. Across the operating system, there's a new Live Text feature that detects text in any image and lets you copy, paste, and translate it, plus there's a system-wide translation feature. In Photos, plants, pets, landmarks, and more can be identified, and there's a system-wide translation feature that goes well with Live Text. iCloud+ with iCloud Private Relay protects your IP address and obscures your location to prevent websites from tracking you, and a Hide My Email feature lets you create temporary email addresses. You can even use your personal domain with iCloud in iOS 15. Further reading: 19 Things You Can Do in iOS 15 That You Couldn't Do Before.

Apple and Google removed an app meant to coordinate protest voting in this weekend's Russian elections from the country on Friday, a blow to the opponents of President Vladimir V. Putin and a display of Silicon Valley's limits when it comes to resisting crackdowns on dissent around the world. From a report: The decisions came after Russian authorities, which claim the app is illegal, threatened to prosecute local employees of Apple and Google -- a sharp escalation in the Kremlin's campaign to rein in the country's largely uncensored internet. A person familiar with Google's decision said the authorities had named specific individuals who would face prosecution, prompting it to remove the app.

The person declined to be identified for fear of angering the Russian government. Google has more than 100 employees in the country. Apple did not respond to phone calls, emails or text messages seeking comment. The app was created and promoted by allies of the opposition leader Aleksei A. Navalny, who were hoping to use it to consolidate the opposition vote in each of Russia's 225 electoral districts. It disappeared from the two technology platforms just as voting got underway in the three-day parliamentary election, in which Mr. Putin's United Russia party -- in a carefully stage-managed system -- holds a commanding advantage.

Mr. Navalny's team reacted with outrage to the decision, suggesting the companies had made a damaging concession to the Russians. "Removing the Navalny app from stores is a shameful act of political censorship," an aide to Mr. Navalny, Ivan Zhdanov, said on Twitter. "Russia's authoritarian government and propaganda will be thrilled." The decisions also drew harsh condemnation from free-speech activists in the West. "The companies are in a really difficult position but they have put themselves there," David Kaye, a former United Nations official responsible for investigating freedom of expression issues, said in an interview. "They are de facto carrying out an element of Russian repression. Whether it's justifiable or not, it's complicity and the companies need to explain it."

Apple introduced eSIM support on iPhone with iPhone XR and iPhone XS in 2018. However, while you can use a regular SIM and an eSIM simultaneously, there was no way to use two eSIMs simultaneously -- until now. iPhone 13 and iPhone 13 Pro feature dual eSIM support for the first time. From a report: The new capability was confirmed by Apple on the iPhone 13 specs webpage. There, Apple says that iPhone 13 models support Dual SIM using both regular SIM and eSIM and "Dual eSIM," as the company calls it. If you check the webpage of the iPhone 12 or previous generations, only combined Dual SIM support is mentioned. These are the SIM support specifications for iPhone 13 mini, iPhone 13, iPhone 13 Pro, and iPhone 13 Pro Max: Dual SIM (nanoâ'SIM and eSIM), and dual eSIM support. During the event, Apple also mentioned that iPhone 13 models have support for more 5G bands, which should enable the new faster network in more countries.

Earlier today at Apple's iPhone 13 launch event, Apple introduced the Apple Watch Series 7 with a new, more seamless design with larger 41mm and 45mm cases that include larger, brighter and more durable screens. There's also a variety of new colors to choose from. Engadget reports: The update takes advantage of the bigger displays, with more information and new watch faces like Contour, Modular Duo and World Timer. As for durability? Series 7 is the first Apple Watch with a dust resistance rating (IP6X), making it better-suited to mountain climbing or the beach. The screen itself is more crack-resistant thanks to a thicker new geometry, and you'll still get swim-friendly WR50 (that is, 50-meter) water resistance. You won't confuse this with a rugged watch, but you might not panic quite so much after a fall.

The updates aren't quite so aggressive under the hood. You can anticipate 33 percent faster charging and fall detection during workouts. Most of the updates come through watchOS 8, which now includes detection of cycling workouts, better tracking for e-bikes and help if you fall off. You'll also get a full swipe-based keyboard, support for more workouts (Pilates and Tai Chi) and respiratory rate tracking while you sleep. Apple Watch Series 7 will arrive sometime this fall starting at $399. The Apple Watch SE and Watch Series 3 will hang around at respective prices of $299 and $199, and you can expect refreshed Nike and Hermes variants for the Series 7.

Apple has announced its all-new iPad Mini. It features a new enclosure with narrower bezels and rounded corners. From a report: The big news is that it's larger than the iPad Mini 5 with an 8.3-inch display (up from its predecessor's 7.9-inch panel), making the device even more viable as a driver for multitasking or schoolwork. Apple says the screen can reach 500 nits of brightness. The iPad Mini is currently Apple's smallest tablet, even with the bump in size. Apple was rumored to have been considering a Mini LED display on the new iPad, similar to that of its largest iPad Pro. Those appear to have missed the mark; the new Mini sports a regular Liquid Retina display. The new iPad Mini is up for preorder today and will be available next week starting at $499.

Apple has officially announced the high-end part of the iPhone 13 lineup: the iPhone 13 Pro and 13 Pro Max. It's got a faster A15 Bionic chip, three all-new cameras, and an improved display with up to a 120Hz ProMotion high refresh rate display that can go as bright as 1,000 nits. The iPhone 13 Pro will start at $999, while the iPhone 13 Pro Max will start at $1099. Both will be available to order on Friday, shipping on September 24th. From a report: The OLED screens on both models are the same sizes as last year at 6.1 and 6.7 inches but with slightly smaller notches that should allow for more space in the iOS status bar. Apple says the phones have an all-new three-camera system. The ultrawide should offer better low-light photography, and the telephoto now goes up to 3x zoom, enabling 6x optical zoom across the three cameras. All three cameras now have night mode, and there's a new macro mode for photographing subjects at just 2cm.