Lack of communication, confusion about payments and long delays have security researchers fed up with Apple's bug bounty program. The Washington Post: Hoping to discover hidden weaknesses, Apple for five years now has invited hackers to break into its services and its iconic phones and laptops, offering up to $1 million to learn of its most serious security flaws. [...] But many who are familiar with the program say Apple is slow to fix reported bugs and does not always pay hackers what they believe they're owed. Ultimately, they say, Apple's insular culture has hurt the program and created a blind spot on security. "It's a bug bounty program where the house always wins," said Katie Moussouris, CEO and founder of Luta Security, which worked with the Defense Department to set up its first bug bounty program. She said Apple's bad reputation in the security industry will lead to "less secure products for their customers and more cost down the line."

Apple said its program, launched in 2016, is a work in progress. Until 2019, the program was not officially opened to the public, although researchers say the program was never exclusive. [...] In interviews with more than two dozen security researchers, some of whom spoke on the condition of anonymity because of nondisclosure agreements, the approaches taken by Apple's rivals were held up for comparison. Facebook, Microsoft and Google publicize their programs and highlight security researchers who receive bounties in blog posts and leader boards. They hold conferences and provide resources to encourage a broad international audience to participate. And most of them pay more money each year than Apple, which is at times the world's most valuable company.

Microsoft paid $13.6 million in the 12-month period beginning July 2020. Google paid $6.7 million in 2020. Apple spent $3.7 million last year, Krstic said in his statement. He said that number is likely to increase this year. Payment amounts aren't the only measure of success, however. The best programs support open conversations between the hackers and the companies. Apple, already known for being tight-lipped, limits communication and feedback on why it chooses to pay or not pay for a bug, according to security researchers who have submitted bugs to the bounty program and a former employee who spoke on the condition of anonymity because of a nondisclosure agreement. Apple also has a massive backlog of bugs that it hasn't fixed, according to the former employee and a current employee, who also spoke on the condition of anonymity because of an NDA.

A U.S. judge on Friday issued a ruling in "Fortnite" creator Epic Games' antitrust lawsuit against Apple's App Store, labelling Apple's conduct in enforcing anti-steering restrictions as anticompetitive. From a report: The case may determine whether Apple is allowed to retain control over what apps appear on its iPhones and whether it is allowed to charge commissions to developers. The Verge adds: Judge Yvonne Gonzalez-Rogers issued a permanent injunction in the Epic v. Apple case on Friday morning, handing a major setback to Apple's App Store model. Under the new order, Apple is: "permanently restrained and enjoined from prohibiting developers from including in their apps and their metadata buttons, external links, or other calls to action that direct customers to purchasing mechanisms, in addition to In-App Purchasing and (ii) communicating with customers through points of contact obtained voluntarily from customers through account registration within the app."

Apple appointed one of its top software executives, Kevin Lynch, to oversee its nascent self-driving car project after the previous leader left for Ford Motor. From a report: Lynch, an Adobe veteran who joined Apple in 2013 to run the software group for the company's smartwatch and health efforts, replaced Doug Field as the manager in charge of the car work, according to people with knowledge of the matter.

The executive first started working on the project earlier this year when he took over teams handling the underlying software. Now he is overseeing the whole group, which also includes hardware engineering and work on self-driving car sensors, said the people, who asked not to be identified because the move isn't public. The change marks the latest shake-up in the project's tumultuous history. Since Apple embarked on its plan to develop a self-driving car around 2014, the endeavor has seen management turnover, layoffs of engineers and strategy shifts -- all while shrouded in secrecy.

"Germany's Federal Criminal Police Office (BKA) purchased access to NSO Group's Pegasus spyware in 2019 after internal efforts to create similar iOS and Android surveillance tools failed," reports AppleInsider. The news comes less than a month after the Digital Agenda committee chairman of Germany's federal parliament, Manual Hoferlin, declared Apple to be on a "dangerous path" with plans to enact on-device child sexual assault material monitoring. He said the system undermines "secure and confidential communication" and represents the "biggest breach of the dam for the confidentiality of communication that we have seen since the invention of the Internet." From the report: The federal government revealed the agreement with NSO in a closed-door session with the German parliament's Interior Committee on Tuesday, reports Die Zeit. When the BKA began to use Pegasus is unclear. While Die Zeit says the tool was purchased in 2019 and is currently used in concert with a less effective state-developed Trojan, a separate report from Suddeutsche Zeitung, via DW.com, cites BKA Vice President Martina Link as confirming an acquisition in late 2020 followed by deployment against terrorism and organized crime suspects in March.

Officials made the decision to adopt Pegasus in spite of concerns regarding the legality of deploying software that can grant near-unfettered access to iPhone and Android handsets. As noted in the report, NSO's spyware exploits zero-day vulnerabilities to gain access to smartphones, including the latest iPhones, to record conversations, gather location data, access chat transcripts and more. Germany's laws state that authorities can only infiltrate suspects' cellphone and computers under special circumstances, while surveillance operations are governed by similarly strict rules.

BKA officials stipulated that only certain functions of Pegasus be activated in an attempt to bring the powerful tool in line with the country's privacy laws, sources told Die Zeit. It is unclear how the restrictions are implemented and whether they have been effective. Also unknown is how often and against whom Pegasus was deployed. According to Die Zeit, Germany first approached NSO about a potential licensing arrangement in 2017, but the plan was nixed due to concerns about the software's capabilities. Talks were renewed after the BKA's attempts to create its own spyware fell short.

Ford is hiring the head of Apple's car project away from the iPhone maker, a stunning development that brings the 118-year-old automaker an executive with Silicon Valley chops. Bloomberg reports: Doug Field is coming aboard as chief advanced technology and embedded systems officer, Ford said in a statement. Field also previously worked as a top engineer at Tesla between two stints at Apple -- most recently as a vice president in its special projects group -- and played a major role at Tesla launching the Model 3 sedan. The hire is a coup for Ford, which has made major strides under Chief Executive Officer Jim Farley in convincing investors it can compete with Tesla and others on electric vehicles and technology. Ford shares have almost doubled since Farley took over in October, after his two predecessors presided over a years-long slump.

"This is a watershed moment for our company -- Doug has accomplished so much," Farley said in a briefing with reporters. "This is just a monumental moment in time that we have now to really remake" the automaker. Apple said it's grateful for the contributions Field made and that it wishes him well at Ford. The departure marks another significant setback for Apple's automotive efforts. The company's car project has gone through several strategy and leadership shake-ups since it started to take shape around 2014.

Apple's next event, during which it will likely unveil its next slate of devices, including the seventh-generation Apple Watch and a new iPhone, is happening Sept. 14 at 10 a.m. PT, the company confirmed Tuesday. The event, like all previous ones over the last year and a half, will be held entirely online amid continued concerns about the coronavirus pandemic. From a report: Apple's invite includes the phrase "California streaming." It features a neon outline of the Apple logo set atop a silhouette of a mountain range. The company's flashy event is its most important of the year, setting its product lineup for the holiday shopping season. Last year, Apple held three major product releases in the second half, separating out announcements for its latest Apple Watches, iPads, iPhones and Mac computers. The releases helped propel Apple's sales and profit to their highest levels, setting new revenue records for the company's iPhones, iPads and Mac computers. It's unclear just what products Apple will announce and if it will repeat last year's tactic of holding multiple events throughout the second half. The iPhone 13 is almost assuredly going to make an appearance. The rumored Apple Watch 7 could as well.

"Tech companies have long encouraged putting listening devices in homes and pockets..." reports the Washington Post. "But some are growing concerned that these devices are recording even when they're not supposed to — and they're taking their fears to the courts." (Alternate URLs here and here.) On Thursday, a judge ruled that Apple will have to continue fighting a lawsuit brought by users in federal court in California, alleging that the company's voice assistant Siri has improperly recorded private conversations... [H]e ruled that the plaintiffs, who are trying to make the suit a class action case, could continue pursuing claims that Siri turned on unprompted and recorded conversations that it shouldn't have and passed the data along to third parties, therefore violating user privacy. The case is one of several that have been brought against Apple, Google and Amazon that involve allegations of violation of privacy by voice assistants...

The voice assistants are supposed to turn on when prompted — saying "Hey, Siri," for example — but the lawsuit alleges that plaintiffs saw their devices activate even when they didn't call out the wake word. That conversation was recorded without their consent and the information was then used to target advertisements toward them and sent on to third-party contractors to review, they allege... The lawsuits ask the companies to contend with what they do once they hear something they weren't intended to. Nicole Ozer, the technology and civil liberties director of the ACLU of California, said the suits are a sign that people are realizing how much information the voice technology is collecting.

"I think this lawsuit is part of people finally starting to realize that Siri doesn't work for us, it works for Apple," she said.
An Amazon spokesperson told the Post only a "small fraction" of audio is manually reviewed, and users can opt-out of those reviews or manage their recordings. Apple told the Post that isn't selling its Siri recordings, and that its recordings are not associated with an "identifiable individual." And Google pointed out that they don't retain audio recordings by default "and make it easy to manage your privacy preferences."

But there's still concerns. "A Washington Post investigation in 2019 found that Amazon kept a copy of everything Alexa records after it thinks it hears its name — even if users didn't realize," the Post adds. In a 2019 video, Post reporter Geoffrey A. Fowler even spliced together all of Amazon's recordings of his voice, into a spoken-word anthem titled "Your voice now belongs to Amazon. "Eavesdropping is an invasion," Fowler argues in the video, adding that Amazon "is putting its profits over our privacy. It's also a sign of a bold data grab that's going on in our increasingly connected homes."

The US National Labor Relations Board is looking into cases filed against the tech giant by two of the main voices accusing the company of permitting a hostile work environment. Engadget reports: The first complaint was filed by Ashley Gjovik, the senior engineering program manager who said she spent months talking with the company about unsafe working conditions and sexism in the workplace. In a tweet, she said that after raising her concerns, she was put on indefinite paid administrative leave while Apple looks into them. Further, she said Apple implied that the company didn't want her to use Slack, where she'd been vocal about her criticisms. Gjovik filed a "Charge against Employer" complaint, The Times says, alleging 13 instances of alleged retaliation against her. Those instances include workplace harassment, reassigning her supervisory responsibilities to colleagues and giving her undesirable tasks

The second complaint the labor board is investigation was filed by Cher Scarlett, on behalf of herself and other employees, on September 1st. Scarlett is a security engineer at the company and is the face of the #AppleToo movement made up of current and former employees aiming to shine a light on the tech giant's workplace culture. The group said it collected over 500 stories of incidents involving discrimination, harassment and retaliation, and it recently started sharing them five stories at a time. Her case accuses Apple of suppressing workers' organizing efforts, specifically when they involve pay surveys and gender pay equity. Apple said in a statement: "We are and have always been deeply committed to creating and maintaining a positive and inclusive workplace. We take all concerns seriously and we thoroughly investigate whenever a concern is raised and, out of respect for the privacy of any individuals involved, we do not discuss specific employee matters."

Apple wants to hire a programmer who knows about RISC-V, a processor technology that competes with the Arm designs that power iPhones, iPads and newer Macs. The company's interest emerged in a job posting for a "RISC-V high performance programmer" that Apple published Thursday. From a report: It's not clear exactly what Apple's plans are for the technology. Landing even a supporting role in an Apple product would be a major victory for RISC-V allies seeking to establish their technology as an alternative to older chip families like Arm or Intel's x86.

One of the RISC-V's creators is seminal processor designer David Patterson, and startups like SiFive and Esperanto Technologies are commercializing RISC-V designs. The job description offers some details about Apple's plans. The programmer will work on a team that's "implementing innovative RISC-V solutions and state of the art routines. This is to support the necessary computation for such things as machine learning, vision algorithms, signal and video processing," the job description says.

Apple has delayed plans to roll out its child sexual abuse (CSAM) detection technology that it chaotically announced last month, citing feedback from customers and policy groups. From a report: That feedback, if you recall, has been largely negative. The Electronic Frontier Foundation said this week it had amassed more than 25,000 signatures from consumers. On top of that, close to 100 policy and rights groups, including the American Civil Liberties Union, also called on Apple to abandon plans to roll out the technology. In a statement on Friday morning, Apple told TechCrunch: "Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features."

Apple will start asking for permission to enable Personalized Ads in iOS 15, the company's method of serving relevant ads in the App Store and Apple News by analyzing what you read, purchase, and search for on your device. From a report: The company used to collect that information by default, but now it plans to ask for permission. Apple required other developers to seek users' permission with the debut of App Tracking Transparency, so it seems like it's showing that it will hold itself to a similar standard. The Personalized Ads pop-up should show up when you open the App Store if you're running the most recent iOS 15 beta. In the pop-up, Apple writes that the ads will help you discover relevant apps, products, and services while protecting your privacy by using "device-generated identifiers and not linking advertising information to your Apple ID."

The first AR/VR headset that Apple has been in development will need to be wirelessly tethered to an iPhone or another Apple device to unlock full functionality, reports The Information. MacRumors: It will be similar to the WiFi-only version of the Apple Watch, which requires an iPhone connection to work. The headset is meant to wirelessly communicate with another Apple device, which will handle most of the powerful computing. According to The Information, Apple recently completed work on the 5-nanometer custom chips that are set to be used in the headset, and that's where the connectivity detail comes from. Apple has completed the key system on a chip (SoC) that will power the headset, along with two additional chips. All three chips have hit the tape-out stage, so work on the physical design has wrapped up and it's now time for trial production.

While vocal app developers accused Apple last week of spinning a lawsuit settlement into an App Store change that was barely a change at all, the company appears to be making a true, if small concession today: Apple says it will let developers of "reader" apps (think Netflix, Spotify, and Amazon's Kindle app) directly link their customers to their own sign-up website, where they could potentially skirt Apple's in-app payment system (and its 30 percent cut) entirely, in those cases where they haven't already. From a report: In a press release, Apple claims that the move will close an investigation by the Japan Fair Trade Commission (JFTC), and that it'll only apply to those sorts of "reader" apps right now -- a category that was originally designed by Apple to placate companies like Netflix and Hulu by allowing them to let users simply sign into their existing account instead of signing up for a new subscription via the App Store (and having to pay Apple's fees).

The JFTC has confirmed the agreement in a press release of its own, saying that the move by Apple "would eliminate the suspected violation of the Antimonopoly Act." The commission, which has been investigating Apple since 2016, says the company has pledged to report on the status of app review transparency once a year for the next three years. According to the JFTC, Apple proposed changing its app review guidelines in response to the investigation.

Apple's plan to digitize your wallet is slowly taking shape. What started with boarding passes and venue tickets later became credit cards, subway tickets, and student IDs. Next on Apple's list to digitize are driver's licenses and state IDs, which it plans to support in its iOS 15 update expected out later this year. From a report: But to get there it needs help from state governments, since it's the states that issue driver's licenses and other forms of state identification, and every state issues IDs differently. Apple said today it has so far secured two states, Arizona and Georgia, to bring digital driver's license and state IDs. Connecticut, Iowa, Kentucky, Maryland, Oklahoma, and Utah are expected to follow, but a timeline for rolling out wasn't given.

Apple said in June that it would begin supporting digital licenses and IDs, and that the TSA would be the first agency to begin accepting a digital license from an iPhone at several airports, since only a state ID is required for traveling by air domestically within the United States. The TSA will allow you to present your digital wallet by tapping it on an identity reader. Apple says the feature is secure and doesn't require handing over or unlocking your phone. The digital license and ID data is stored on your iPhone but a driver's license must be verified by the participating state. That has to happen at scale and speed to support millions of drivers and travelers while preventing fake IDs from making it through. The goal of digitizing licenses and IDs is convenience, rather than fixing a problem. But the move hasn't exactly drawn confidence from privacy experts, who bemoan Apple's lack of transparency about how it built this technology and what it ultimately gets out of it.

A federal judge was recently found to have owned Apple stock while presiding over a case brought against the tech giant by Nokia, though the discovery is unlikely to lead to further legal action. AppleInsider reports: Apple and Nokia were embroiled in a bitter patent dispute from 2009 to 2011, with both companies filing a series of legal complaints and regulatory challenges as competition in the smartphone market came to a head. The issue was ultimately settled in June 2011, and while terms of the agreement were kept confidential, Apple was expected to make amends with a one-time payment and ongoing royalties. According to a new court filing on Monday, a federal judge presiding over one of many scattershot legal volleys filed by Nokia owned stock in Apple when the suit was lodged in 2010. Judge William M. Conley of the U.S. District Court for the Western District of Wisconsin disclosed the potential conflict of interest in a letter to both parties dated Aug. 27.

"Judge Conley informed me that it has been brought to his attention that while he presided over the case he owned stock in Apple," writes Joel Turner, the court's chief deputy clerk. "His ownership of stock neither affected nor impacted his decisions in this case." It is unclear how many shares Judge Conley possessed during the case, but ownership of company stock in any capacity would have required his recusal under the Code of Conduct for United States Judges. An advisory from the Judicial Conference Codes of Conduct Committee explains that disqualifying factors should be reported "as soon as those facts are learned," even if the realization occurs after a judge issues a decision.

"The parties may then determine what relief they may seek and a court (without the disqualified judge) will decide the legal consequence, if any, arising from the participation of the disqualified judge in the entered decision," Advisory Opinion 71 reads, as relayed by Turner. Apple and Nokia are invited to respond to Conley's disclosure by Oct. 27 should they wish to seek redress, though the companies are unlikely to take action considering the case was not a lynchpin in Nokia's overarching strategy.

Apple has barred employees from creating a Slack channel to discuss pay equity. The Verge reports: A member of the employee relations team, Apple's version of HR, said that while the topic was "aligned with Apple's commitment to pay equity," it did not meet the company's Slack Terms of Use. "Slack channels are provided to conduct Apple business and must advance the work, deliverables, or mission of Apple departments and teams," the employee relations representative told employees. The company's rules for the in-office chat app say that "Slack channels for activities and hobbies not recognized as Apple Employee clubs or Diversity Network Associations (DNAs) aren't permitted and shouldn't be created."

But that rule has not been evenly enforced. Currently, Apple employees have popular Slack channels to discuss #fun-dogs (more than 5,000 members), #gaming (more than 3,000 members), and #dad-jokes (more than 2,000 members). On August 18th, the company approved a channel called #community-foosball. The cat and dog channels are not part of official clubs, and all of these channels were specifically created to talk about non-work activities. "Discussing pay equity is a protected activity under federal, state, and local law," says employment attorney Vincent P. White. "Everyone agrees on that. For them to try and impair employees' ability to discuss pay equity and diversity in the workplace is a clear cut act of retaliation."

Apple's push to bring satellite capabilities to the iPhone will be focused on emergency situations, allowing users to send texts to first responders and report crashes in areas without cellular coverage. From a report: The company is developing at least two related emergency features that will rely on satellite networks, aiming to release them in future iPhones, according to a person with knowledge of the situation. Apple has been working on satellite technology for years, with a team exploring the concept since at least 2017, Bloomberg has reported. Speculation that the next iPhone will have satellite capabilities ramped up this week after TF International Securities analyst Ming-Chi Kuo said the phone will probably work with spectrum owned by Globalstar. That's led to conjecture that the iPhone will become something akin to a satellite phone, freeing users from having to rely on cell networks. But Apple's plan is initially more limited in scope, according to the person, with the focus on helping customers handle crisis scenarios.

Google and Apple will have to open their app stores to alternative payment systems in South Korea [Editor's note: the link may be paywalled; alternative source], threatening their lucrative commissions on digital sales. From a report: A bill passed Tuesday by South Korea's National Assembly is the first in the world to dent the tech giants' dominance over how apps on their platforms sell their digital goods. It will become law once signed by President Moon Jae-in, whose party strongly endorsed the legislation. The law amends South Korea's Telecommunications Business Act to prevent large app-market operators from requiring the use of their in-app purchasing systems. It also bans operators from unreasonably delaying the approval of apps or deleting them from the marketplace -- provisions meant to head off retaliation against app makers.

Companies that fail to comply could be fined up to 3% of their South Korea revenue by the Korea Communications Commission, the country's media regulator. The law will be referenced by regulators in other places -- such as the European Union and the U.S. -- that also are scrutinizing global tech companies, said Yoo Byung-joon, a professor of business at Seoul National University who researches digital commerce. "Korea's decision reflects a broader trend to step up regulation of technology-platform businesses, which have been criticized for having too much power," Mr. Yoo said.

Today, Apple announced that it has acquired Primephonic, a service that specializes in streaming the classical genre, and will incorporate the app's functionality and playlists into Apple Music. The result will be "a significantly improved classical music experience," Apple said in a press release. There will also be a standalone Apple Music classical app coming sometime in 2022. The Verge reports: Effective immediately, Primephonic is no longer accepting new customers, and the service as it exists today will shut down on September 7th. Apple says Primephonic's playlists and "exclusive audio content" will be first to be integrated into Apple Music. Down the line, it'll add "the best features of Primephonic, including better browsing and search capabilities by composer and by repertoire, detailed displays of classical music metadata, plus new features and benefits." In a show of how serious Apple is about appealing to classical fans, the company says "a dedicated classical music app" will launch next year that will use Primephonic's "classical user interface that fans have grown to love."

According to a study from Finbold, consumers spent an estimated $41.5 billion on apps from the Apple App Store during the first six months of 2021, which is almost double compared to $23.4 billion spent by Android consumers. 9to5Mac reports: The Apple App Store spendings in H1 21 represents a growth of 22.05% from a similar period in 2020. Cumulatively, spending on the two platforms recorded a growth of 24.8%, year-over-year hitting a total of $64.9 billion: "Mobile app spending grew in 2021 mainly due to consumer behavior resulting from the containment measures around the coronavirus pandemic. From the H1 spending, the outstanding assumption is that consumers' demand might not be slowing down, considering that most global jurisdictions have eased the pandemic control measures with the vaccine rollout."

The report shows that although the App Store spending has remained significant, Google Play appears to be catching up by recording the highest growth rate between H1 2020 and H1 2021: 30% YoY. So even with the App Store doing way better, "Android flourished as the pandemic remained persistent in countries with an Android-dense population." The Finbold survey shows that to keep on the top, Apple's are countering with the Small Business Program, which reduces the App Store commission from 30% to 15% for developers grossing less than $1 million a year. Although the report shows that the spending on the App Store and Google Play Store were mainly dominated by the gaming sector, in which consumers globally spend $10.32 billion on mobile games in the first half of 2021, the survey highlights that the top three grossing mobile apps worldwide for H1 2021 are TikTok, YouTube, and Tinder.