Search Results for there's an app for that

Fabian Braunlein, Positive Security (via AppleInsider):

Recently, reports about AirTags being used to track other people and their belongings were becoming much more frequent.

In one exemplary stalking case, a fashion and fitness model discovered an AirTag in her coat pocket after having received a tracking warning notification from her iPhone. Other times, AirTags were placed in expensive cars or motorbikes to track them from parking spots to their owner’s home, where they were then stolen.

Lots of press on this issue, and this response from Apple, titled An update on AirTag and unwanted tracking, wherein Apple lays out their work with safety groups and law enforcement agencies to “update AirTag safety warnings and help guard against further unwanted tracking.”

Back to Fabian’s headline linked blog post:

I might be slightly more familiar with AirTags than the average hacker (having designed and implemented a communication protocol on top of Find My for arbitrary data transmission), but even so I was quite surprised, that when reading Apple’s statement I was able to immediately devise quite obvious bypass ideas for every current and upcoming protection measure mentioned in that relatively long list.

The following section will discuss each anti-stalking feature and how it can be bypassed in theory. Thereafter I will describe how I implemented those ideas to build a stealth AirTag and successfully tracked an iPhone user (with their consent of course) for over 5 days without triggering a tracking notification.

There’s a market for stalking devices. Apple did not invent the concept. But consider:

Apple needs to incorporate non-genuine AirTags into their threat model, thus implementing security and anti-stalking features into the Find My protocol and ecosystem instead of in the AirTag itself, which can run modified firmware or not be an AirTag at all (Apple devices currently have no way to distinguish genuine AirTags from clones via Bluetooth).

Hoping the AirTag team digs into this post.

Joe Rossignol, MacRumors:

Benchmark results have started to surface for MSI’s new GE76 Raider, one of the first laptops to be powered by Intel’s new 12th-generation Core i9 processor.

And:

Geekbench 5 results show that the GE76 Raider with the Core i9-12900HK processor has an average multi-core score of 12,707, while the 16-inch MacBook Pro with the M1 Max chip has an average multi-core score of 12,244. This means the Core i9 processor is around 4% faster than the M1 Max chip in this particular comparison.

I assume the battery life is 4% worse, yeah?

The new GE76 Raider’s power draw from the wall while running a CPU-only Cinebench R23 benchmark and found the Core i9 was consistently in the 100-watts range, and even briefly spiked to 140 watts. By comparison, when running the same Cinebench R23 benchmark on the 16-inch MacBook Pro, AnandTech found the M1 Max chip’s power draw from the wall to be around 40 watts.

Wait. What? The Intel chip ranged from 100-140 watts, and the M1 Max was level at 40 watts? That sounds like it might impact battery life more than 4%.

The new GE76 Raider achieved nearly 6 hours of offline video playback. Apple advertises the latest 16-inch MacBook Pro as getting up to 21 hours of battery life for offline video playback.

And there it is. Could see that coming from a mile away.

And there’s size, too:

Design is also a factor, with the GE76 Raider being a 17-inch gaming laptop that is just over an inch thick and weighs nearly 6.5 pounds. By comparison, the new 16-inch MacBook Pro is 0.66 inches thick and weighs 4.8 pounds.

Huge tradeoff for a tiny speed gain. And I’d expect that speed gain to disappear with the next rev of Apple Silicon.

Ryan Pickren:

My hack successfully gained unauthorized camera access by exploiting a series of issues with iCloud Sharing and Safari 15. While this bug does require the victim to click “open” on a popup from my website, it results in more than just multimedia permission hijacking. This time, the bug gives the attacker full access to every website ever visited by the victim. That means in addition to turning on your camera, my bug can also hack your iCloud, PayPal, Facebook, Gmail, etc. accounts too. ​ And:

I reported this chain to Apple and was awarded $100,500 as a bounty.

“my bug can also hack your iCloud, PayPal, Facebook, Gmail, etc. accounts too” — Wow!

Obviously, glad this got patched. Amazing when one of these “total access” bugs surfaces.

No matter how carefully you construct your code, no matter how modern the techniques and underlying frameworks, there’s always gonna be holes.

Also nice to see Apple paying up for the help.

David Nield, Wired:

If you pay for iCloud storage, then you automatically have access to the extra perks that Apple bundles together under the iCloud+ name—and one of those perks is the iCloud Private Relay service.

And:

If you open the Settings app on your iPhone or iPad, tap your name at the top, and then choose iCloud, you should be able to access a Private Relay (Beta) toggle switch that you can turn on or off. It’s also under Apple ID and iCloud in System Preferences on macOS. However there’s not a huge amount of information alongside the switch telling you what it is and how it works.

Been using Private Relay for so long, I completely forgot that it was still in beta.

This is a pretty good read. Lots of interesting detail. A few snippets:

When iCloud Private Relay is enabled, you’ve got two choices when it comes to IP addresses. You can carry on reporting your general location (which city you’re closest to, more or less)—so that local data such as a weather forecast still shows up correctly—or you can go vaguer and only report your country and time zone to websites that request it.

And:

iCloud Private Relay also keeps your DNS (Domain Name System) queries secret—essentially, the websites you’re looking up on your device. As with IP addresses, this data can be used to create a profile of who you are and what you’re interested in, which in turn can be sold to advertisers. With iCloud Private Relay enabled, this is much harder for companies to do.

And:

It only functions through the Apple Safari browser on your iPhone or iPad, so it doesn’t apply to any browsing you’re doing through an alternative mobile browser. It applies to data sent through apps, but only data that is unencrypted, and works across cellular networks as well as Wi-Fi.

If you do go down this road, worth running a speed test with Private Relay on and then off, comparing the results. Here’s my test

Mere Civilian:

A few months ago, the balance on my Apple account was running low (less than $100), and therefore, I attempted to add funds to my account using my credit card. My first attempt resulted in an error, and I decided to try again in a couple of days. The very next day, all my Apple devices gave the following prompt when updating apps from the App Store: “Your Account Has Been Disabled in the App Store and iTunes.”

Follow the headline link for the details. In a nutshell, the poster’s Apple account was disabled due to alleged breach of the Apple Media Services Terms and Conditions.

This was interesting (and worth reading) on a number of fronts. Part of this is the hoops the poster had to jump through to try to find out why their account was disabled, and the fact that they never did get that info.

Another part was that having their account disabled meant they lost access to all ten years worth of “app and media purchases and the funds in my Apple account”. That’s alarming.

There’s also this:

The next day, I called again and was provided with the same response. However, this time, I was told that the Back End Team had made the decision, and there is no way to appeal that decision or even contact them. Furthermore, the senior Apple support person confirmed that they do not have access to the details as to why the account was disabled. This Back End Team appears to have God-like powers.

To be fair to Apple, this is a bit one-sided, anecdotal, so take with a grain of salt.

But read on to the end, where Tim Cook’s executive team comes to the rescue.

John Gruber:

This appears to be a cause for celebration in right-to-repair circles, but I don’t see it as a big deal at all. Almost no one wants to repair their own cracked iPhone display or broken MacBook keyboard; even fewer people are actually competent enough to do so.

Not sure how big the audience for right-to-repair is, but I do count myself in its number. And if it was easier to do, I suspect that number would be much larger. Imagine if repairing a cracked display was a simple, five minute operation. Wouldn’t you rather order the new display and make the swap yourself?

It used to be relatively easy to customize and repair your gear. As parts have given way to part assemblies (glued/soldered assemblies that become a single replaceable requirement, even if a single part fails) and the quest for smaller makes devices harder to open, harder to take apart, the ability to repair your own gear has become harder, almost impossible.

So those small numbers John points out are real. But should this be the way it is? Again, wouldn’t you love the ability to swap out a display as easily as you used to be able to swap out RAM on your old Macs?

More from Gruber:

Nothing announced today changes the fact that Apple still requires Apple genuine parts for all authorized repairs, no matter who does the repairing.

Yup.

Today’s announcement, to my eyes, is about nothing more than reducing regulatory pressure from legislators who’ve fallen for the false notion that Apple’s repair policies, to date, have been driven by profit motive — that Apple profits greatly from authorized repairs, and/or that their policies are driven by a strategy of planned obsolescence, to get people to buy new products rather than repair broken old ones.

Going into an Apple Store with a problem has never felt like a money grab scheme to me. I’ve always felt like the support staff wants me to leave satisfied. If they can find a way to get me a fix without spending money, they’ll do so. But when there’s no way but to replace a parts assembly for $900 on an out-of-AppleCare device, that’s what they do.

Don’t get me wrong: this program is nice, and perhaps a bit surprising given Apple’s public stance on the issue in recent years. We’re better off with this Self Service Repair program in place than we were without it. (Making service manuals available might actually help extend the lifetime of older devices for which Apple no longer sells parts.) But to me it clearly seems to be a small deal, not a “big deal”, as Chen claims.

I agree. It’s a big deal for folks who want to do their own repairs, but for the vast majority, it doesn’t change a thing.

Questions: Will Apple expand the parts they offer for Self Repair beyond those offered in their existing Independent Repair Provider program. For example, will we be able to repair, say, charging ports? Might we be able to buy parts for our devices and bring the part and device to an independent repair shop (perhaps bringing the shop a part they cannot get from Apple)?

Apple:

Apple today announced Apple Business Essentials, an all-new service that brings together device management, 24/7 Apple Support, and iCloud storage into flexible subscription plans for small businesses with up to 500 employees. The company also unveiled a new Apple Business Essentials app that enables employees to install apps for work and request support.

On configuring users:

Within Apple Business Essentials, Collections enable IT personnel to configure settings and apps for individual users, groups, or devices. When employees sign in to their corporate or personally owned device with their work credentials, Collections automatically push settings such as VPN configurations and Wi-Fi passwords. In addition, Collections will install the new Apple Business Essentials app on each employee’s home screen, where they can download corporate apps assigned to them, such as Cisco Webex or Microsoft Word.

You can also enforce File Vault encryption on employee Macs, and enforced Activation Lock for all devices.

There’s a dedicated iCloud account with automated backup for iOS and iPadOS devices, as well as for all data/documents stored in iCloud. Not clear to me how that backup is managed for Macs, beyond documents the user stores in iCloud.

Core to the setup is Collections, which let the admin set up app collections for, say, design, engineering, sales, and all employees.

Create a smart user group based on rules like location, role, or team. Then assign Collections to that group to set up their devices. And when you import users from Microsoft Azure Active Directory, they automatically receive their apps and settings when they’re added to the group.

On users being able to use their personal devices:

User Enrollment makes it easy for employees to enroll their personal devices — and get them set up for work. Personal data on their devices stays private, and everything stays secure.

There’s also onsite repairs (“in as little as 4 hours”):

Each plan with AppleCare+ for Business Essentials includes up to two repairs that refresh annually, but they’re not tied to any one device or user. You can apply them to any device enrolled in an AppleCare+ for Business Essentials plan.

Pricing tiers:

• Single Device: $2.99/month, 50GB storage
• Multi-device: $6.99/month per user, Up to 3 devices/user, 200GB of storage.
• Multi-device, more storage: $12.99/month per user, Up to 3 devices/user, 2TB of storage.

Free beta, sign up here, program rolling out this Spring.

Here’s the Apple Business Essentials marketing video from Apple…

Apple:

Starting today, Apple is celebrating the holidays at Apple Store locations and apple.com with the launch of the Holiday Gift Guide and personalized holiday cards from Today at Apple.

Here’s a link to the gift guide. Be sure to click on all five category buttons. The one labeled “All Gifts” is misleading, since there are things in other categories that aren’t listed in All Gifts.

There’s also this downloadable Keynote template you can use to make holiday cards, if that’s your thing.

And if you are in New York City:

Customers in New York can receive free, onsite engraving of new AirPods purchased or picked up at Apple Fifth Avenue.

Happy Holidays!

Reddit:

My car (a 2010 Subaru Forester) had been stolen.

I did all the normal stuff one should do when your car’s stolen. I called the police and filed a report. They reported the car stolen but didn’t seem optimistic much could be done.

And:

I remembered then, after the dust settled, that I had put a spare AirTag in the sunglasses holder of my car. I’d bought a 4 pack and figured there might be an off chance it could potentially help me find the car. There’s millions of iPhones in Chicagoland too, so I figured the chances of it getting pinged were decently high.

Follow along as this Reddit user marks their AirTag as lost, and follows the pings to find their car. An interesting read, raises some questions about how far to go to get your stolen stuff back, what you’d do if you caught someone stealing from you and had them arrested.

William Gallagher, AppleInisder:

Apple has told AppleInsider how it denies FlickType developer Kosta Eleftheriou’s claims in a lawsuit, over the App Store handling of his accessibility keyboard app for Apple Watch.

And:

Apple has now told AppleInsider that a letter Eleftheriou posted on Twitter after the “California Streaming” event, dates from 2019. At that point, FlickType had been removed for contravening the App Store’s then-rule about Apple Watch keyboards.

However, after Eleftheriou resubmitted the app to the App Store review team with an explanation of its accessibility functions, Apple says that the update was allowed.

This response concerned the story we posted yesterday, titled Apple blocked the FlickType Watch keyboard… then announced a clone of it.

Read the rest of the AppleInsider piece. There’s more. But, key to all this:

Now, says Apple, there are multiple Apple Watch keyboard apps available on the App Store. And FlickType itself was highlighted in a Top Apps of 2020 promotion on the store.

First things first, here’s a quote from Apple on the bill:

The Telecommunications Business Act will put users who purchase digital goods from other sources at risk of fraud, undermine their privacy protections, make it difficult to manage their purchases, and features like “Ask to Buy” and Parental Controls will become less effective. We believe user trust in App Store purchases will decrease as a result of this legislation — leading to fewer opportunities for the over 482,000 registered developers in Korea who have earned more than KRW8.55 trillion to date with Apple.

And Gruber:

I think the latter half of Apple’s statement is true — user trust in in-app purchases will decline. The gist of these legislative proposals — like this month’s “Open App Markets Act” from U.S. Senators Richard Blumenthal (D-CT), Marsha Blackburn (R-TN), and Amy Klobuchar (D-MN) — is, effectively, to require iOS and Android to be, to some degree, more like Mac and Windows. Put aside the specific details, that’s what these laws are saying: phones should work like PCs in terms of loosening the control of the platform owners (Apple and Google) over what software can be installed, and what that software can do.

And:

I am confident that the overwhelming majority of typical users are more comfortable installing apps and making in-app purchases on their iOS and Android devices than on their Mac and Windows PCs not despite Apple and Google’s console-like control over iOS and Android, but because of it.

I certainly feel this way. I am more comfortable making an in-app purchase that goes through Apple. Though I do feel somewhat protected by purchases that go through my credit card, watched over by their fraud protection services. But that said, fraud means changing credit cards, which is always a pain.

The comparison to a Mac seems appropriate. I buy Mac software through the Mac App Store. But I also buy software directly from the developer, if that developer is well known and trusted (thinking about BBEdit, Keyboard Maestro in particular). I think I’d be OK if I had the same options on iPhone. Obviously, at the root of this decision, for me, is fear of malware.

One last bit from Gruber:

But from what I’ve seen over the last few decades, the quality of the user experience of every computing platform is directly correlated to the amount of control exerted by its platform owner. The current state of the ownerless world wide web speaks for itself.

Thoughtful insight. Chewing on this.

Good post from Gruber, worth following the headline link and reading the whole thing. There’s a lot more.

Juli Clover, MacRumors:

Apple appears to be expanding on the native Apple Maps review functionality that it first introduced in iOS 14, allowing ‌Apple Maps‌ users in the United States the option to review places of interest, restaurants, and other locations.

And:

In the ‌Apple Maps‌ app in ‌iOS 14‌ and iOS 15, U.S. users can now see an option to provide a thumbs up or thumbs down for most locations. Tapping on the thumbs up/down icon brings up a secondary interface for providing thumbs up and thumbs down ratings for various categories like products, customer service, food, atmosphere, and more, based on the location being reviewed.

Follow the headline link, check out the embedded images. You’ll see that “Rate” option on your Mac Maps app as well. You can also upload your own photos.

From the Maps interface:

Ratings and photos you share are linked to your Apple ID to ensure a safe experience. Maps usage outside of ratings and photos is not linked to your Apple ID.

And:

Your approximate location will be sent to Apple and used to confirm authenticity.

And:

Ratings & Photos does not share any of your personal information with third parties.

Is Apple going to replace Yelp? As is, there’s no way to submit written reviews, which I’d expect as an intermediary step before that treasure trove of Yelp reviews could be jettisoned.