For more than a year, an active member of a community that traded in illicitly obtained internal Apple documents and devices was also acting as an informant for the company. An anonymous reader shares a report: On Twitter and in Discord channels for the loosely defined Apple "internal" community that trades leaked information and stolen prototypes, he advertised leaked apps, manuals, and stolen devices for sale. But unbeknownst to other members in the community, he shared with Apple personal information of people who sold stolen iPhone prototypes from China, Apple employees who leaked information online, journalists who had relationships with leakers and sellers, and anything that he thought the company would find interesting and worth investigating. Andrey Shumeyko, also known as YRH04E and JVHResearch online, decided to share his story because he felt that Apple took advantage of him and should have compensated him for providing the company this information.

"Me coming forward is mostly me finally realizing that that relationship never took into consideration my side and me as a person," Shumeyko told Motherboard. Shumeyko shared several pieces of evidence to back up his claims, including texts and an email thread between him and an Apple email address for the company's Global Security team. Motherboard checked that the emails are legitimate by analyzing their headers, which show Shumeyko received a reply from servers owned by Apple, according to online records. Shumeyko said he established a relationship with Apple's anti-leak team -- officially called Global Security -- after he alerted them of a potential phishing campaign against some Apple Store employees in 2017. Then, in mid-2020, he tried to help Apple investigate one of its worst leaks in recent memory, and became a "mole," as he put it. Last year, months before the official release of Apple's mobile operating system iOS 14, iPhone hackers got their hands on a leaked early version.

An anonymous reader writes: Earlier this month, Apple unveiled a system that would scan iPhone and iPad photos for child sexual abuse material (CSAM). The announcement sparked a civil liberties firestorm, and Apple's own employees have been expressing alarm. The company insists reservations about the system are rooted in "misunderstandings." We disagree.

We wrote the only peer-reviewed publication on how to build a system like Apple's -- and we concluded the technology was dangerous. We're not concerned because we misunderstand how Apple's system works. The problem is, we understand exactly how it works.

Our research project began two years ago, as an experimental system to identify CSAM in end-to-end-encrypted online services. As security researchers, we know the value of end-to-end encryption, which protects data from third-party access. But we're also horrified that CSAM is proliferating on encrypted platforms. And we worry online services are reluctant to use encryption without additional tools to combat CSAM.

We sought to explore a possible middle ground, where online services could identify harmful content while otherwise preserving end-to-end encryption. The concept was straightforward: If someone shared material that matched a database of known harmful content, the service would be alerted. If a person shared innocent content, the service would learn nothing. People couldn't read the database or learn whether content matched, since that information could reveal law enforcement methods and help criminals evade detection.

But we encountered a glaring problem.

Our system could be easily repurposed for surveillance and censorship. The design wasn't restricted to a specific category of content; a service could simply swap in any content-matching database, and the person using that service would be none the wiser. About the authors of this report: Jonathan Mayer is an assistant professor of computer science and public affairs at Princeton University. He previously served as technology counsel to then-Sen. Kamala D. Harris and as chief technologist of the Federal Communications Commission Enforcement Bureau. Anunay Kulshrestha is a graduate researcher at the Princeton University Center for Information Technology Policy and a PhD candidate in the department of computer science.

More than 90 policy and rights groups around the world published an open letter on Thursday urging Apple to abandon plans for scanning children's messages for nudity and the phones of adults for images of child sex abuse. From a report: "Though these capabilities are intended to protect children and to reduce the spread of child sexual abuse material, we are concerned that they will be used to censor protected speech, threaten the privacy and security of people around the world, and have disastrous consequences for many children," the groups wrote in the letter, which was first reported by Reuters. The largest campaign to date over an encryption issue at a single company was organized by the U.S.-based nonprofit Center for Democracy & Technology (CDT). Some overseas signatories in particular are worried about the impact of the changes in nations with different legal systems, including some already hosting heated fights over encryption and privacy.

The Freedom of the Press Foundation is calling Apple's plan to scan photos on user devices to detect known child sexual abuse material (CSAM) a "dangerous precedent" that "could be misused when Apple and its partners come under outside pressure from governments or other powerful actors." They join the EFF, whistleblower Edward Snowden, and many other privacy and human rights advocates in condemning the move. Advocacy Director Parker Higgins writes: Very broadly speaking, the privacy invasions come from situations where "false positives" are generated -- that is to say, an image or a device or a user is flagged even though there are no sexual abuse images present. These kinds of false positives could happen if the matching database has been tampered with or expanded to include images that do not depict child abuse, or if an adversary could trick Apple's algorithm into erroneously matching an existing image. (Apple, for its part, has said that an accidental false positive -- where an innocent image is flagged as child abuse material for no reason -- is extremely unlikely, which is probably true.) The false positive problem most directly touches on press freedom issues when considering that first category, with adversaries that can change the contents of the database that Apple devices are checking files against. An organization that could add leaked copies of its internal records, for example, could find devices that held that data -- including, potentially, whistleblowers and journalists who worked on a given story. This could also reveal the extent of a leak if it is not yet known. Governments that could include images critical of its policies or officials could find dissidents that are exchanging those files.
[...]
Journalists, in particular, have increasingly relied on the strong privacy protections that Apple has provided even when other large tech companies have not. Apple famously refused to redesign its software to open the phone of an alleged terrorist -- not because they wanted to shield the content on a criminal's phone, but because they worried about the precedent it would set for other people who rely on Apple's technology for protection. How is this situation any different? No backdoor for law enforcement will be safe enough to keep bad actors from continuing to push it open just a little bit further. The privacy risks from this system are too extreme to tolerate. Apple may have had noble intentions with this announced system, but good intentions are not enough to save a plan that is rotten at its core.

NicknamesAreStupid writes: As a follow-up to [last week's story about a large homeless encampment growing on the site Apple earmarked for its North San Jose campus], Apple appears to be using the promise of building affordable homes as a part of moving the current homeless encampment out. [According to Patently Apple, "Apple is preparing construction activities at its huge north San Jose office campus, a move that could bring thousands of jobs to the mixed-use tech hub." The company says it "would spend millions to reach out to and relocate residents of a homeless encampment that has formed on the company's land." Specific plans and details have yet to be released.]

This raises the question: will companies revert to a new form of "company town" used by the coal and oil companies during the 20th century? Instead of villages in remote locations, will tech companies build urban islands of homes for employees, effectively subsidizing their housing in a manner similar to subsidized healthcare of the mid-twentieth century? Of course, the catch is that if you leave the company, you lose your home.

Apple censors references to Chinese politicians, dissidents and other topics in its engraving service, a report alleges. The BBC reports: Citizen Lab said it had investigated filters set up for customers who wanted something engraved on a new iPhone, iPad or other Apple device. And Apple had a broad list of censored words, not just in mainland China but also in Hong Kong and Taiwan. Apple said its systems "ensure local laws and customs are respected." "As with everything at Apple, the process for engraving is led by our values," chief privacy officer Jane Horvath wrote in a letter (PDF) provided to CitizenLab in advance of the publication of its report. And the engraving service tried not to allow trademarked phrases, alongside those that "are vulgar or culturally insensitive, could be construed as inciting violence, or would be considered illegal according to local laws, rules, and regulations."

[CitizenLab's] new report found more than 1,100 filtered keywords, across six different regions, mainly relating to offensive content, such as racist or sexual words. But it alleges the rules are applied inconsistently and are much wider for China. "Within mainland China, we found that Apple censors political content, including broad references to Chinese leadership and China's political system, names of dissidents and independent news organizations, and general terms relating to religions, democracy, and human rights," it says. The report also alleges that censorship "bleeds" into both the Hong Kong and Taiwan markets. It found: 1,045 keywords blocked in mainland China; 542 in Hong Kong; and 397 in Taiwan. In contrast, Japan, Canada and the US had between 170 and 260 filtered words.

An anonymous reader writes: Apple's NeuralHash algorithm (PDF) -- the one it's using for client-side scanning on the iPhone -- has been reverse-engineered.

Turns out it was already in iOS 14.3, and someone noticed:

Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the first collision: two images that hash to the same value. The next step is to generate innocuous images that NeuralHash classifies as prohibited content.

This was a bad idea from the start, and Apple never seemed to consider the adversarial context of the system as a whole, and not just the cryptography.

Apple has released a new version of iCloud for Windows, numbered 12.5. The update adds the ability to access and manage passwords saved in iCloud from a Windows machine, a feature that users have long requested. From a report: Apple has been gradually adding more support for iCloud passwords on non-Apple platforms with mixed results. The company released a Chrome extension that synced iCloud passwords with Chrome. But like this new iCloud Passwords app, it did the bare minimum and not much else. Still, this addition is welcome for users who primarily live in the Apple ecosystem (and thus use Apple's iCloud password locker) but who sometimes have to use Windows. For example, some folks use an iPhone or a Mac most of the time but have a Windows PC that is only used to play games that can't be played on the Mac.

An anonymous reader quotes a report from MacRumors: Apple is planning to hold multiple events this fall, which will collectively include the launch of new iPhones, Apple Watches, updated AirPods, revamped iPad mini, and the redesigned MacBook Pros, according to respected Bloomberg journalist Mark Gurman. In his latest weekly Power On newsletter, Gurman says that much like last year, Apple will hold multiple events this coming fall, with the first likely being in September for the iPhone 13. Last year, due to the global health crisis and production constraints, the iPhone 12 lineup was not announced until October. The 2020 September event, rather than focusing on new iPhones, showcased new Apple Watches, iPads, and services.

This year, Apple is expected to return to its tradition of announcing its flagship yearly iPhone update in September, according to multiple reports. In today's newsletter, Gurman reiterated his reporting from earlier last week, setting expectations for the iPhone 13 to include updates to the camera focused towards professional users, more advanced displays, and a smaller notch. Alongside the new iPhones, Gurman, as previously reported, says that Apple can be expected to launch the third-generation AirPods featuring an updated design, an updated iPad mini with a larger display, thinner borders, and improved performance, as well as the Apple Watch Series 7 with flatter and improved displays, and performance.

As for the highly anticipated MacBook Pros featuring mini-LED displays, updated designs, and the M1X Apple silicon chip, Gurman says they will be available by the time the current 16-inch MacBook Pro, powered by Intel, will celebrate its second anniversary. The 16-inch MacBook Pro was last updated in November of 2019. The first event of the fall in September will likely include the new iPhones, Apple Watches, and AirPods, while the new iPads and possible updates to some of the company's services could be reserved for a second event, with the final event of the season being focused on Apple silicon Macs.

Dan Guido's cybersecurity consulting firm Trail of Bits claims its clients range from Facebook to DARPA. CNET tells the story of what happened after someone stole Guido's electric scooter: The cybersecurity CEO, located in Brooklyn, New York, had hidden two Apple AirTags inside the black scooter, concealed with black duct tape. He set out the next day to locate the vehicle with help from the little Bluetooth trackers. Spoiler alert: He succeeded.

Guido works at the New York City-based Trail of Bits, a cybersecurity research and consulting firm that serves clients in the defense, tech, finance and blockchain industries. He chronicled his hunt for the scooter in a series of tweets Monday, sharing both the challenges and successes of his wild journey... After some convincing, two police officers eventually agreed to accompany him to the scooter's location. Then, they spotted something promising: an e-bike store.

After venturing inside, Guido received a ping, alerting him the elusive scooter was nearby...
Guido's tweets document the rest of the big confrontation. "As I further inspect the scooter, the cops start asking questions: Do you sell used e-bikes? Do you collect info from the seller? Do you ask they prove ownership? What is the contact info for the person who dropped this scooter off? No, No, No, and we don't know...

"An employee inside realizes we're investigating further. He immediately becomes agitated: I should be happy I got my scooter back and leave. It's my fault for getting it stolen. I'm screwing up his day. This isn't how we do things in Brooklyn. More joined in..."

Among Guido's final tweets of advice: "Limit your in-person interactions and always involve the police. Don't try to retrieve your stolen goods until you have backup."

Apple Insider adds that "This Apple Insider. "">isn't the first time that Apple's AirTags have been used to locate missing or stolen items. Back in July, a tech enthusiast said he used the tracking accessories to find his missing wallet hours after losing it on the New York City subway."

Apple has warned retail and online sales staff to be ready to field questions from consumers about the company's upcoming features for limiting the spread of child pornography. From a report: In a memo to employees this week, the company asked staff to review a frequently asked questions document about the new safeguards, which are meant to detect sexually explicit images of children. The tech giant also said it will address privacy concerns by having an independent auditor review the system.

Earlier this month, the company announced a trio of new features meant to fight child pornography: support in Siri for reporting child abuse and accessing resources related to fighting CSAM, or child sexual abuse material; a feature in Messages that will scan devices operated by children for incoming or outgoing explicit images; and a new feature for iCloud Photos that will analyze a user's library for explicit images of children. Further reading: Apple's child protection features spark concern within its own ranks.

House Judiciary lawmakers on Friday introduced legislation meant to boost competition in app stores by setting rules for how companies like Google and Apple control their marketplaces. From a report: The bipartisan bill is the House companion to Senate legislation introduced earlier this week, showing the appetite from both chambers of Congress to take on the app store battle. House Judiciary antitrust subcommittee ranking member Ken Buck (R-Colo.) and Rep. Hank Johnson (D-Ga.) say the Open App Markets Act will allow app developers to tell consumers about lower prices and open up more competition for third-party app stores and payment services.

A senior Apple executive defended the company's new software to fight child pornography after the plans raised concerns about an erosion of privacy on the iPhone, revealing greater detail about safeguards to protect from abuse. From a report: Craig Federighi, Apple's senior vice president of software engineering, in an interview emphasized that the new system will be auditable. He conceded that the tech giant stumbled in last week's unveiling of two new tools. One is aimed at identifying known sexually explicit images of children stored in the company's cloud storage service and the second will allow parents to better monitor what images are being shared with and by their children through text messages. "It's really clear a lot of messages got jumbled pretty badly in terms of how things were understood," Mr. Federighi said. "We wish that this would've come out a little more clearly for everyone because we feel very positive and strongly about what we're doing."

The Cupertino, Calif., iPhone maker has built a reputation for defending user privacy and the company has framed the new tools as a way to continue that effort while also protecting children. Apple and other tech companies have faced pressure from governments around the world to provide better access to user data to root out illegal child pornography. While Apple's new efforts have drawn praise from some, the company has also received criticism. An executive at Facebook's WhatsApp messaging service and others, including Edward Snowden, have called Apple's approach bad for privacy. The overarching concern is whether Apple can use software that identifies illegal material without the system being taken advantage of by others, such as governments, pushing for more private information -- a suggestion Apple strongly denies and Mr. Federighi said will be protected against by "multiple levels of auditability." "We, who consider ourselves absolutely leading on privacy, see what we are doing here as an advancement of the state of the art in privacy, as enabling a more private world," Mr. Federighi said.

According to an exclusive report from Reuters, Apple's move to scan U.S. customer phones and computers for child sex abuse images has resulted in employees speaking out internally, "a notable turn in a company famed for its secretive culture." From the report: Apple employees have flooded an Apple internal Slack channel with more than 800 messages on the plan announced a week ago, workers who asked not to be identified told Reuters. Many expressed worries that the feature could be exploited by repressive governments looking to find other material for censorship or arrests, according to workers who saw the days-long thread. Past security changes at Apple have also prompted concern among employees, but the volume and duration of the new debate is surprising, the workers said. Some posters worried that Apple is damaging its leading reputation for protecting privacy.

In the Slack thread devoted to the photo-scanning feature, some employees have pushed back against criticism, while others said Slack wasn't the proper forum for such discussions. Core security employees did not appear to be major complainants in the posts, and some of them said that they thought Apple's solution was a reasonable response to pressure to crack down on illegal material. Other employees said they hoped that the scanning is a step toward fully encrypting iCloud for customers who want it, which would reverse Apple's direction on the issue a second time. Apple has said it will refuse requests from governments to use the system to check phones for anything other than illegal child sexual abuse material.

An anonymous reader quotes a report from The Mercury News: A large homeless encampment is growing on the site Apple earmarked for its North San Jose campus, two years after Apple made waves with a $2.5 billion pledge to combat the Bay Area's affordable housing and homelessness crisis. What started as a few RVs parked on the side of Component Drive has grown over the past year into a sprawling camp of dozens of people, a maze of broken-down vehicles and a massive amount of trash scattered across the vacant, Apple-owned property. People with nowhere else to go live there in tents, RVs and wooden structures they built themselves. At least two children call the camp home.

Apple is trying to figure out what to do, but it's a tough situation. Clearing the camp likely will be difficult both logistically -- it's more challenging to remove structures and vehicles that don't run than tents -- and ethically -- there are few places for the displaced residents to go. Apple is "in talks with the city on a solution," company spokeswoman Chloe Sanchez Sweet wrote in an email, without providing additional details.

The vacant land off Component Drive figured into Apple's $2.5 billion commitment. Apple originally bought the land in a push to acquire real estate in North San Jose for a new tech campus, but so far, the company hasn't done much to develop it. In 2019, the tech company promised to make $300 million of land it owns in San Jose available for new affordable housing -- including a portion of the Component Drive property. But it's unclear when anything might be built.

An anonymous reader quotes a report from Reuters: A bipartisan trio of senators introduced a bill that would rein in app stores of companies they said exert too much market control, including Apple and Alphabet's Google. Democratic Senators Richard Blumenthal and Amy Klobuchar teamed up with Republican Senator Marsha Blackburn to sponsor the bill, which would bar big app stores from requiring app providers to use their payment system. It would also prohibit them from punishing apps that offer different prices or conditions through another app store or payment system.

"I found this predatory abuse of Apple and Google so deeply offensive on so many levels," Blumenthal said in an interview Wednesday. "Their power has reached a point where they are impacting the whole economy in stifling and strangling innovation." Blumenthal said he expected companion legislation in the House of Representatives "very soon."

Apple's next iPhone lineup will get at least three major new camera and video-recording features, which the company is betting will be key enticements to upgrade from earlier models. From a report: The new handsets will include a video version of the phone's Portrait mode feature, the ability to record video in a higher-quality format called ProRes, and a new filters-like system that improves the look and colors of photos, according to people familiar with the matter.

Beyond the camera enhancements, the new iPhones will get relatively modest upgrades. Last year, Apple revamped the iPhone design, added 5G wireless networking and updated the camera hardware. For this year, the company will retain the same 5.4-inch and 6.1-inch regular sizes and 6.1-inch and 6.7-inch Pro screen dimensions, as well as their designs. The new phones will include a faster A15 chip and a smaller notch, also known as the display cutout, in addition to new screen technology that could enable a faster refresh rate for smoother scrolling.

Apple defended its new system to scan iCloud for illegal child sexual abuse materials (CSAM) on Monday during an ongoing controversy over whether the system reduces Apple user privacy and could be used by governments to surveil citizens. From a report: Last week, Apple announced it has started testing a system that uses sophisticated cryptography to identify when users upload collections of known child pornography to its cloud storage service. It says it can do this without learning about the contents of a user's photos stored on its servers. Apple reiterated on Monday that its system is more private than those used by companies like Google and Microsoft because its system uses both its servers and software running on iPhones.

Privacy advocates and technology commentators are worried Apple's new system, which includes software that will be installed on people's iPhones through an iOS update, could be expanded in some countries through new laws to check for other types of images, like photos with political content, instead of just child pornography. Apple said in a document posted to its website on Sunday governments cannot force it to add non-CSAM images to a hash list, or the file of numbers that correspond to known child abuse images Apple will distribute to iPhones to enable the system.

"Apple Watch has been credited with saving yet another life after alerting emergency services to what could have been a fatal fall," reports Apple Insider: On July 12, 25-year-old Brandon Schneider of Long Island visited the emergency room after suffering abdominal pain and a misdiagnosed kidney stone, reports People. Schneider asked to use the bathroom, where he lost consciousness and fell to the ground...

Luckily, Schneider was wearing an Apple Watch. The device's fall detection feature recognized the event and alerted emergency services, as well as his father who was with him at the time. "My Apple Watch detected a hard fall, and I did not respond to the like haptic message that requires a response and 45 seconds," Schneider said in an interview with a local ABC affiliate. Subsequent CT scans revealed a fractured skull and multiple hematomas that were growing in size. He underwent brain surgery and woke up four days later.

Though he doesn't remember much about the incident or surrounding days, he is on the mend and credits his survival to Apple Watch and an active lifestyle.

"Developers are once again publicly highlighting instances in which Apple has failed to keep scam apps off of the app store," reports Ars Technica: The apps in question charge users unusual fees and siphon revenue from legitimate or higher-quality apps. While Apple has previously come under fire for failing to block apps like these from being published, developers complained this week that Apple was actually actively promoting some of these apps...

Apple continues to play whack-a-mole with these apps, but various developers have both publicly and privately complained that the company takes too long. One developer we exchanged emails with claimed that, when they discovered a scam app that stole assets from their own legitimate app and which was clearly designed to siphon users from the real app, Apple took 10 days to remove the app, while Google only took "1-2 days" on the Android side. The app was allowed back on Apple's App Store once the stolen assets were removed. During the long waiting period, the developer of the legitimate app lost a significant amount of users and revenue, while the developer of the illegitimate app profited.

As Apple fights legal battles to prevent third-party app stores from making their way to iOS on the basis that those alternative app stores may be less secure than Apple's own, claims from developers that scam apps are slipping through may undermine Apple's defense.