You probably trust applications in the Official Mac App Store. And why wouldn’t you?
Yup.
However, it’s questionable whether these statements actually hold true, as one of the top grossing applications in the Mac App Store surreptitiously exfiltrates highly sensitive user information to a (Chinese?) developer. Though Apple was contacted a month ago, and promised to investigate, the application remains available in Mac App Store even today.
What a bizarre story this is. Adware Doctor was a $4.99 app in the Mac App Store from a developer supposedly named Yongming Zhang. The app purported to protect your browser from adware by removing browser extensions, cookies, and caches. It was a surprisingly popular app, ranking first in the Utilities category and fourth overall among paid apps, alongside stalwarts like Logic Pro X and Final Cut Pro X.
Turns out, among other things, Adware Doctor was collecting your web browser history from Chrome, Firefox, and Safari, and uploading them to a server in China. Whatever the intention of this was, it’s a privacy debacle, obviously. This behavior was first discovered by someone who goes by the Twitter handle Privacy 1st, and reported to Apple on August 12. Early today, security researcher Patrick Wardle published a detailed technical analysis of the app. Wired, TechCrunch, and other publications jumped on the story, and by 9 am PT, Apple had pulled the app from the App Store.
So the issue was reported on August 12th but not taken down until 26 days later, on September 7th.
When you give an app access to your home directory on macOS, even if it’s an app from the Mac App Store, you should think twice about doing it. It looks like we’re seeing a trend of Mac App Store apps that convince users to give them access to their home directory with some promise such as virus scanning or cleaning up caches, when the true reason behind it is to gather user data – especially browsing history – and upload it to their analytics servers.
Today, we’re talking specifically about the apps distributed by a developer who claims to be “Trend Micro, Inc.”, which include Dr. Unarchiver, Dr. Cleaner and others.
These apps have been removed from the Mac App Store.
This raises some serious issues. Is this the tip of the iceberg? Are there other apps in the Mac App Store that do the same thing, but are not yet discovered? Is this just one technique of many? And what about the iOS App Store?
I am very reluctant to run any app on my Mac unless I either know and trust the developer or the app comes from the Mac App Store. The Mac App Store is a trusted source. If that trust is broken, either on the Mac or iOS, that’s a real problem for Apple.
I’m hoping we see some formal response from Apple, with some sense that they are aware of the issues involved and have new steps in place to root out existing apps that use this “give us access to your Home directory” (or similar) approach, steps that will prevent this issue from recurring.
Not every record yields gold when played backwards or spun more slowly than recommended, but a 45 of Parton’s 1973 hit “Jolene” played at 33RPM not only sounds wonderful, it also manages to reframe the narrative.
In the original version, the irresistible chorus wherein the soon-to-be-spurned party invokes Jolene’s name again and again is plaintive and fierce.
In the slow ass version, it’s plaintive and sad. The pain is the same, but the situation is much less straightforward, thanks to blurrier gender lines.
This is wild. This wonderful song sounds completely different and opens up a whole new level.
With most tech products, if they don’t work well you can throw them in a drawer and chalk the loss up up to the costs of being an early adopter. The same is not true of health tech products, argues former Apple employee Robin Goldstein, who most recently served as a senior manager of special health projects. That’s because health tech products connect users to their own mortality, and a bad outcome can be disastrous.
This short piece definitely brings up some good points I hadn’t thought about before.
Dave and I had a great time this week, talking about everything from growing a beard to the rash of Apple Store robberies in the San Francisco Bay Area.
It came about when I was having a discussion on /r/penmanshipporn about how remarkably like a fountain pen the Apple Pencil feels, in the way it glides over glass. It was clearly designed by someone who loved and appreciated fountain pens, so out of curiosity I wrote the same things side by side. I have tiny handwriting, so it was interesting to see how closely they match. The only reason it does is because the feel of these two writing instruments is SO similar that muscle memory does it justice.
Check out this image, showing the results side-by-side. Apple Pencil is a remarkable achievement.
This is just a great read, especially if you are interested in the history of the iPhone and of Apple in general. One tiny highlight:
I was in the audience on that January day [that the iPhone was launched] in early 2007 and when I walked in that morning I didn’t know what the product would be called. We called it “Purple,” which was the code name for the phone, and it was a surprise.
The fact that the team was able to keep the iPhone name a secret until the reveal is amazing to me. Certainly, that name would have been a reasonable guess, given that the iPod existed and this was a phone extension of the iPod. But it would have been speculation, not a leak, and it was known at the time that the iPhone name was owned by another company.
We believe security shouldn’t come at the expense of individual privacy.
And:
Apple receives various forms of legal process requesting information from or actions by Apple. Apple requires government and private entities to follow applicable laws and statutes when requesting customer information and data. We contractually require our service providers to follow the same standard we apply to government information requests for Apple data. Our legal team reviews requests to ensure that the requests have a valid legal basis. If they do, we comply by providing the narrowest possible set of data responsive to the request. If a request does not have a valid legal basis, or if we consider it to be unclear, inappropriate, or overly broad, we challenge or reject the request. We report on the requests every six months.
We’ll continue working for greater transparency and data security protections on behalf of our customers.
And, most importantly:
Apple has never created a backdoor or master key to any of our products or services. We have also never allowed any government direct access to Apple servers. And we never will.
The site has links to Apple’s Transparency Reports, as well as links to Legal Process Guidelines, both for US and non-US requestors.
That “And we never will” is a powerful statement. The portal is said to be rolled out by the end of the year.
A tech trade-in site says that today’s trade-in value is still 68% of the original sales price even a week before this year’s models are revealed, in strong contrast to one of Samsung’s flagship phones.
With the latest report suggesting that this year’s iPhone X successor, expected to be called the XS or Xs, could start from $800, that could represent an opportunity for a very cheap upgrade to the new model if you have a spare phone you could use to span the gap.
A new iPhone X starts at $999. 68% of that is $679.32. Which, if true that the base price of an iPhone XS is $799, would give you an upgrade price of $119.68.
Interesting. Especially when you consider that Apple offers a max (according to their web site) trade-in value of $290 for your existing phone.
Once the target is visits our malicious website, we trigger the download of an archive (.zip) file that contains our malicious application. If the Mac user is using Safari, the achieve will be automatically unzipped, as Apple thinks it’s wise to automatically open “safe” files.
This is a pretty long read, but it all comes down to the way macOS Safari treats downloaded files, and one specific setting in Safari Preferences:
Preferences > General > Open “safe” files after downloading
Here’s a picture of that setting, a checkbox down at the bottom of the General tab. I’ve unchecked mine. You might want to take a look at yours.
Key to all this is the word archives at the end. That includes .zip files, which can contain, well, bad stuff.
Read the linked article. As I said, I’ve unchecked my setting, have not yet encountered a problem set that way. This as bad as it seems?
UPDATE: This issue has, apparently, been around since the dawn of time, but that the default is supposed to be unchecked. I just unboxed a new Mac, factory settings, no migration, and the setting was on/checked. Public version of High Sierra.
Click through to the article, watch the video. Security guards politely open the doors for the alleged thieves, then one of those same alleged thieves holds the door for the fleeing gang. It’s all so bizarre.
And technically, I suppose this is burglary, not robbery. Just saying.
Canon has officially unveiled the new EOS R, the company’s first full-frame mirrorless competitor.
At the core of the EOS R is a 30.3-megapixel full-frame CMOS sensor with an ISO range of 100-40000 (expandable to 50-102400), backed by a DIGIC 8 image processor. There is a low pass filter in front of the sensor that helps combat moiré patterns at the cost of slightly reduced sharpness. The camera has an 8fps continuous shooting speed (for bursts of up to 100 max-quality JPEGs, 47 RAW, or 78 C-RAW), a shutter lag is as short as 50 milliseconds, and a startup time of 0.9 seconds.
After last week’s announcement of the Nikon Z7, we knew this was coming. I can’t wait for the head to head reviews of them both.
Every Saturday morning, my family would go to the grocery store, and I only had one thing on my mind. I’d hop up onto the front of the cart like I was the captain of a pirate ship or something, and I’d point my mom in the direction of Aisle 9.
But she wasn’t having it. First we had to get the boring stuff. Veggies. Bread. You know, all that stuff.
Then we’d finally get to Aisle 9, and it was on.
The greatest aisle in the world.
The cereal aisle.
This story doesn’t go the way you think it does. I took my “new” 12-year-old son to his first day of high school yesterday. It’s the first time I’ve had the honour of doing that. Walking home, I shed a couple of tears – of happiness, of pride and just a little bit of fear. In that moment, I realized, “Holy crap – I’m a father now. I’ve got responsibilities towards this kid. I’ve got to help him grow up to be the man he wants to be.” Russell Wilson is lucky he had a dad to help show him the way. Not all kids do.
When we added video to Skype calls over ten years ago, the ability to share important moments with loved ones took a big step forward. Today, we’re introducing call recording to help capture special moments in a Skype call with your loved ones or record important meetings with your colleagues.
As soon as you start recording, everyone in the call is notified that the call is being recorded—so there are no surprises. If you are on a video call, Skype will record everyone’s video as well as any screens shared during the call. After the call, you can save and share the recorded call for the next 30 days.
I don’t use Skype for my podcasts but I know a lot of podcasters do so this may come as welcome news to them and other users of the application.
Hey Mac users, we’ve got an app premiere for you. Our new baby, CleanMyMac X has just been born. Why calling it X? Firstly, because this year it’s our 10th anniversary and the X is our tribute to that and the first CleanMyMac created by Oleksandr Kosovan back in 2008. Next up, we believe this version is much more than another numerical in the line — it is X times better.
In general, I hate these kinds of apps. I simply don’t trust them to do it properly or to not screw up my system. But, I’ll tell you a story.
I’ve been having an issue with one of my external drives for a month. It’s not a crucial thing. Just annoying. Ran Disk Utility First Aid on the drive and “nothing was found”. This AM, I did a full backup of my system (told you I don’t trust these apps) then I ran CleanMyMac X. It solved the problem immediately as well as doing all the other cool things CleanMyMac does. This is not a review of the product (I haven’t put it through its paces yet) but I like the look and UI of the app as well as the ease of use through MacPaw’s Setapp,
When I started working with a small team of engineers and designers at Apple in late 2005 to create a touchscreen operating system for Purple—the codename of the super-secret skunk works project that became the iPhone—we didn’t know if typing on a small, touch-sensitive sheet of glass was technologically feasible or a fool’s errand. In those early days of work on Purple, the keyboard was a daunting prospect, and we referred to it, often quite nervously, as a science project. It wasn’t easy to figure out how software might come to our rescue and how much our algorithms should be allowed to make suggestions or intervene to fix typing mistakes. I wrote the code for iPhone autocorrection based on an analysis of the words we type most commonly, the frequency of words relative to others, and the errors we’re most likely to make on a touchscreen keyboard.
More than 10 years after the initial release of the iPhone, the state of the art now is much as it was then. Even with recent advances in AI and machine learning, the core problem remains the same: Software doesn’t understand the nuance of human communication.
Interesting piece. This is part of the publicity effort to promote Ken’s new book, Creative Selection, which went on sale yesterday. Looking forward to reading this.
Came across this Apple Park construction time-lapse video yesterday (embedded below). The video is from last year, is relatively high resolution, but jumpy. Obviously, this is as many frame grabs as the source data allowed. It did make me wish for both an even higher resolution, and enough images to create a single smooth animation.
Pulled me down a bit of a rabbit hole. First, I went to Google Maps and searched for Apple Park, checked out that satellite imagery. I then searched for Googleplex, to check out the satellite imagery of Google’s headquarters.
Of course, I then had to do the same thing on Apple Maps. As you’d expect, the satellite captures were from different dates, but the image resolution was relatively high. As I explored, I also realized how much of the satellite and Google street view imagery continues to be updated.
To get a better sense of this, I took a look at a giant construction project that is still underway, which may also present equipment such as used surface drills, a building in Philadelphia that will be the tallest building in the US outside of New York and Chicago. To find it, search for:
1800 Arch Street, Philadelphia, PA
In Google Maps, you can see the building underway, already pretty tall. In Apple Maps, the site is still a parking map, the building not yet begun.
Not a slam at Apple Maps. I’m sure if I kept looking, I’d find major construction projects where they involved the best local contractors such as https://fdinsulation.com. I just found this interesting.
Apple is likely to establish a technical lead over most smartphone brands as the company moves to a 7nm process for the A12 chip that will power this year’s flagship iPhones. That lead could last well into next year.
And:
This leaves only Apple chipmaker TSMC with 7nm process capabilities, though Samsung has announced plans to develop its own 7nm process in an attempt to win back some of Apple’s A-series chip business. Apple used to split its chip orders between Samsung and TSMC, but the Taiwanese chipmaker beat Samsung to a 10nm process, and has been Apple’s sole supplier since the iPhone 7.
Fascinating. A smaller gap between chip elements means more elements per chip, faster data flow, less heat, and more energy efficiency.
Being first in this particular space to 7nm seems a big deal. That said, Huawei has a 7nm-chip-based phone said to ship in October, and Samsung is hard at work on their own 7nm chip, said to ship in early 2019.
As we move close to the official release of iOS 12, Apple has updated their official iOS adoption tracker. 85% of active devices, as measured by the iOS App Store, are using iOS 11, as shown in the pie chart below.
As we always do when Apple updates their numbers, let’s take a look at Android’s official adoption rate numbers. Here ya go:
The two most recent versions of Android are Android 9 Pie (officially released on August 6th) and Android Oreo (August 21, 2017). As you can see, Pie has not yet made a dent in the universe and Oreo is approaching 15% (when you combine Oreo 8.0 and 8.1).
What a difference between the two platforms. The largest issue caused by this fragmentation is the inability to get critical updates out to the masses. Apple is about to release a brand new OS, and it will work on the vast majority of iPhones in the wild. And there are no carriers or third party manufacturers that stand in between users and their updates.
Amazon’s total market value passed $1 trillion on Tuesday, following Apple’s ascent into 13-digit territory at the beginning of August. Amazon and Apple now make up more than 8% of the entire value of the S&P 500, according to Howard Silverblatt, senior index analyst for S&P.
Amazon is, for the most part, a trusted brand by consumers. With its expansion into selling almost anything you can imagine, and the availability of quick shipping, many people will just default to shopping on Amazon these days. I don’t see that changing anytime soon.
Mercedes showed on Tuesday how it is “aggressively” gunning for top spot in upscale battery cars market currently dominated by Tesla, as it unveiled the EQC, its first fully electric car, at an event in Stockholm.
I love Mercedes. To me that brand is all about excellence in everything it does and every car it produces. More than loving the vehicles, I trust Mercedes—they are safe, long-lasting, and technologically advanced. If I were looking for an electric vehicle, that’s the company I would look to first.
If you have even the slightest interest in cooking and/or knives, watch the video below. This is just one example from the outstanding JunsKitchen YouTube channel, a rabbit hole of excellence.
There’s a lot to watch for here. Start with the reclamation project, but stay for the incredible knife technique. I am a big fan.
The almost complete lack of attention paid to this story exemplifies the niche status of Google’s Pixel phones — which is sad, considering that they’re indisputably among the best Android phones.
Short of posts like this, chances are you were not aware that this happened.
Chances are excellent that if one of the new iPhones was left in a Lyft, the internet would have exploded, and someone at Forbes would have written a headline connecting the event to a confirmation of Apple’s demise.
When the opportunity came up here for a writer to switch to an iPhone for a week to see what it’s like, I jumped on it. I figured this would be a way to put my convictions to the test. Is Android really better for me than iOS, or have I just become complacent and comfortable with Android?
I like the premise. But the execution was flawed.
Take a few minutes to make your way through the article. Scott clearly likes a lot about the iPhone, highlighting lack of clutter, the rewrite of the iOS App Store, iPhone’s superior Bluetooth implementation, and the ease of use of the Camera app.
But one dealbreaker for Scott:
The horrible layout of the keyboard makes you need to do not one, not two, but three taps to insert a comma in a sentence. First, you tap the keyboard-swap button, then you type a comma, then you hit the button to go back to the main keyboard.
Three strokes to use probably the second-most-used punctuation mark in the English language.
But as I pointed out in this tweet this morning, there’s a quicker way to type a comma. Press and slide the number (123) key, release on the comma, and you remain in the alphabetic keyboard. Fast and, once you know about it, easy.
The issue here is low discoverability. And, to me, the flaw in Scott’s experiment was tweeting out his concerns, to see if there are shortcuts (like the comma shortcut) or other solutions with the issues he raised, before he published.
All that said, this was an interesting read for me. There are clearly things iOS does better and things Android does better. Another example Scott raised was the way Android groups Notifications. If only he’d asked. This is a feature Apple has in place in the iOS 12 beta, coming soon to iOS devices everywhere. And iOS’s lack of fragmentation means anyone with an iOS device can get it, either by trying the public beta or waiting a few weeks for the release. No need to wait for a carrier update that might never come.
And those keyboard shortcuts? They’ve been around a long, long time. But if that comma thing was new to you, check out this terrific post (from 2016!) chock full of gems like this.
Thieves have raided the fifth Bay Area Apple Store in less than two weeks, grabbing around $50,000’s worth of display products in less than 30 seconds.
It’s also the fourth time than this particular store has been robbed
And:
Display devices are automatically rendered useless once they leave the store Wi-Fi, but it may well be that thieves are able to sell the devices to people who fail to check them, or that they are broken for parts.
First, I loved the use of the word fortnight in the headline. Made me smile.
Trying to wrap my head around the money trail here. Is there an iPhone parts black market? If so, there’s got to be a lab somewhere where they pull these phones apart. Are the parts that lucrative?
Is it possible the thieves have some way to defeat the Apple security measures and are reselling the devices?
And, finally, this is the fourth time this store has been robbed. Need someone watching the front door for people in cinched hoodies. Maybe some machine learning to watch the front door, ring an alarm if it can’t detect a face.
Apple has determined that a very small percentage of iPhone 8 devices contain logic boards with a manufacturing defect. Affected devices may experience unexpected restarts, a frozen screen, or won’t turn on. Apple will repair eligible devices, free of charge.
Affected units were sold between September 2017 and March 2018 in Australia, China, Hong Kong, India, Japan, Macau, New Zealand, and the U.S.
If you’ve got an iPhone 8 and you are experiencing these sorts of issues, follow the link and enter your iPhone serial number to see if your device qualifies for the program.
