New York Officials Investigating Apple's FaceTime Eavesdropping Bug

http://bit.ly/nvEILJ

New York Attorney General Letitia James and Governor Andrew Cuomo are investigating the FaceTime eavesdropping bug on iOS devices that allowed a person to FaceTime another person and hear conversations and see videos even when the call was not answered.

According to Bloomberg, the New York officials will be focusing on Apple's failure to warn consumers about the bug and its slow response.

How the FaceTime eavesdropping bug worked
The FaceTime eavesdropping bug was widely publicized on Monday, and several hours after information on how to execute the exploit spread, Apple disabled the Group FaceTime servers.

"This FaceTime breach is a serious threat to the security and privacy of the millions of New Yorkers who have put their trust in Apple and its products over the years," James said in the statement on Wednesday.

"We need a full accounting of the facts to confirm businesses are abiding by New York consumer protection laws and to help make sure this type of privacy breach does not happen again," Cuomo said in the statement.

Apple is planning to release a software fix that will solve the bug and will allow the company to bring Group FaceTime back online. That update is expected sometime this week.

While the glitch was not widely known until Monday afternoon, Apple was informed about the bug more than a week prior. The person who contacted Apple said that Apple did not respond to multiple attempts to notify the company about the issue.

It's not entirely clear if Apple knew about the bug and was working on a fix internally at the time that it became widespread, but if so, Apple certainly left it functional and did not move to disable Group FaceTime until forced to do so. For that reason, it's not known how long the bug has been present in iOS and how long people may have been quietly exploiting it.

In addition to the inquiry from New York officials, Apple is also facing a lawsuit over the issue. Yesterday, an attorney said the FaceTime bug allowed an unknown person to listen in on sworn testimony during a client deposition.

Tags: FaceTime, FaceTime Listening Bug

This article, "New York Officials Investigating Apple's FaceTime Eavesdropping Bug" first appeared on MacRumors.com

Discuss this article in our forums

from MacRumors: Mac News and Rumors - All Stories http://bit.ly/2WvHVwn

New 10-Inch iPad and Cheaper iPad Mini Coming 'As Early As This Spring'

http://bit.ly/1jqFQpt

Apple is working on an updated version of the $329 6th-generation iPad and a new, cheaper iPad mini, Bloomberg today confirmed in an extensive report on Apple's future product plans.

The new version of the iPad will feature a "roughly 10-inch screen," which would be slightly larger than the 9.7-inch model that is currently available. The device is also expected to have a faster processor and a Lightning port instead of a USB-C port.


Apple is also working on an iPad mini 5, a followup to the 2015 iPad mini 4. The iPad mini 5 will be cheaper than the existing model, but no other details were provided.

Prior rumors have suggested both the new iPad and the iPad mini 5 will feature Touch ID Home buttons rather than Face ID, which would be appropriate as both are seemingly positioned as lower-cost devices.

Code found in iOS 12.2 indicates the two new tablets could potentially offer support for the Apple Pencil and Smart Keyboard as well.

According to Bloomberg, Apple could be planning to introduce the new iPads "as early as this spring," which is in line with other recent information.

New iPad models were registered with the Eurasian Economic Commission earlier this month, something that is generally done shortly ahead of a product launch, and references to new iPad models have been found in iOS 12.2.

For the last several years, Apple has held an event in March, and the company could be planning to do the same thing this year. If that's the case, we could see the new iPad and the iPad mini 5 at some point in March.

As for the iPad Pro, Apple is said to be planning a major upgrade for 2020 with a laser-powered 3D camera for augmented reality purposes. No major changes are planned for 2019, and it is unclear if the iPad Pro will get a 2019 update at all.

Related Roundups: iPad Pro, iPad mini 5, iPad

Buyer's Guide: 11" iPad Pro (Buy Now), iPad Mini (Don't Buy), 12.9" iPad Pro (Buy Now), iPad (Caution)

This article, "New 10-Inch iPad and Cheaper iPad Mini Coming 'As Early As This Spring'" first appeared on MacRumors.com

Discuss this article in our forums

from MacRumors: Mac News and Rumors - All Stories http://bit.ly/2S06i6u

iOS 13 to Include Dark Mode, iPad Upgrades, CarPlay Improvements and More

http://bit.ly/2BbNTcq

Apple's iOS 13 operating system, which will likely be previewed this summer at Apple's annual Worldwide Developers Conference, will include a number of major updates that iOS users have been desiring for years.

According to Bloomberg, iOS 13 will include a dark mode to match the dark mode that was first introduced on macOS with macOS Mojave. It will allow for "easier nighttime viewing."


Improvements to the CarPlay interface are expected, and many iPad-specific upgrades are in the works. Apple will introduce a new Home screen, an option to tab through multiple pages of a single app as you can do in a web browser, and improvements to file management.

Previous rumors have suggested Apple will also introduce a multitasking feature for displaying two windows of the same app side by side, and Apple is expected to expand the availability of its cross-platform apps initiative to developers, making it easier to port apps created for iOS to macOS.

Rumored services that are in the works, including a magazine subscription service in Apple News and a television streaming service, will also come to iOS 13 through updates that will be made available during 2019.

Related Roundup: iOS 13

This article, "iOS 13 to Include Dark Mode, iPad Upgrades, CarPlay Improvements and More" first appeared on MacRumors.com

Discuss this article in our forums

from MacRumors: Mac News and Rumors - All Stories http://bit.ly/2G9IgyU

Triple-Lens Cameras Coming to 2019 iPhone, 2020 iPhones and iPads to Feature Laser-Powered 3D Cameras

http://bit.ly/2MhQlm7

Apple is planning on introducing triple-lens cameras in its 2019 iPhone lineup, reports Bloomberg, confirming many triple-lens camera rumors that we've previously heard.

Like The Wall Street Journal, Bloomberg says the followup to the iPhone XS Max will feature a triple-lens camera arrangement, with the iPhone XS and iPhone XR successors to use dual-lens camera arrangements. The third camera will allow for a larger field of view, a wider zoom range, and it will capture more pixels.

A rendering of a triple-lens iPhone prototype Apple is said to be working on
Apple is apparently working on a feature that would use that extra pixel data to provide tools for automatically repairing a photo or a video to fit in a subject that "may have accidentally been cut off from the initial shot." An enhanced version of Live Photos is also in the works, increasing the length of the attached video to six seconds.

Some versions of the 2019 iPhones Apple is testing use a USB-C connector instead of a Lightning port, which could mean Apple plans to switch from Lightning to USB-C at some point. An upgraded A-series processor and a new Face ID sensor are planned, but the devices are expected to look similar to this year's model.

iPhone camera technology will become even more advanced starting in 2020 as part of a push to further Apple's augmented reality ambitions. According to Bloomberg, the company will debut laser-powered time-of-flight 3D cameras that will result in significant improvements to AR experiences on the iPhone.

A time-of-flight (ToF) camera system uses a laser to calculate the time that it takes for the laser to bounce off of objects in a room, using the data to create an accurate 3D image of the surrounding area. This allows for more accurate depth perception and better placement of virtual objects, and it will also result in photos better able to capture depth.

Bloomberg says that the camera will be able to scan areas up to 15 feet from the device. Apple's front-facing TrueDepth camera uses 3D technology but because it's infrared and not laser-powered, it only works at distances of 25 to 50 centimeters. Sony could be Apple's supplier for the new system, with Apple in talks with Sony over sensor tests.

Prior to when the new iPhones are released, we could see the first appearance of the 3D camera system in an iPad Pro upgrade planned for spring 2020. Apple is not planning a major iPad Pro update for 2019.

There were originally some rumors suggesting Apple would introduce a 3D camera system in its 2019 iPhones, but reliable Apple analyst Ming-Chi Kuo said that wouldn't happen as Apple needs 5G connectivity, augmented reality glasses, and a more powerful Apple Maps database to truly take advantage of the AR capabilities afforded by a ToF camera.

Bloomberg confirms that Apple was indeed aiming to put the 3D camera system in this year's iPhones, but ultimately delayed its plans.

Apple's 2020 iPhones will also feature triple-lens arrangements, improved photo capturing tools, and more powerful processors. Bloomberg suggests it could be a prelude to an AR headset, and past rumors have indicated Apple could launch that device as early as 2020.


This article, "Triple-Lens Cameras Coming to 2019 iPhone, 2020 iPhones and iPads to Feature Laser-Powered 3D Cameras" first appeared on MacRumors.com

Discuss this article in our forums

from MacRumors: Mac News and Rumors - All Stories http://bit.ly/2CPHkfG

Google Also Exploiting Enterprise Certificates to Bypass iOS App Store for Data Collection

http://bit.ly/2CU6l9J

Facebook is facing the wrath of Apple today for misusing an enterprise certificate meant for internal use to get Facebook users to sideload a data harvesting "Facebook Research" app that violates App Store policies, and as it turns out, Google has been doing the exact same thing.

According to TechCrunch, Google has been distributing an app called "Screenwise Meter" using the enterprise certificate installation method since 2012.


Google has been privately inviting users aged 18 and up (or 13 for those part of a family group) to download Screenwise Meter, an app that is designed to collect information on internet usage, including details on how long a site is visited to apps that are downloaded.

By asking Screenwise Meter users to download the app using an enterprise certificate, Google is able to bypass App Store rules that prevent apps from gathering this kind of data from iPhone users.

Apple just this morning revoked Facebook's enterprise certificate for this exact same activity, which has rendered all of Facebook's internal apps nonoperational and has created chaos at Facebook's headquarters. Facebook employees are not able to use any of the internal apps that they rely on to get work done.

The Screenwise Meter app that Google uses lets users earn gift cards for sharing their traffic and app data. It is part of Google's Cross Media Panel and Google Opinion Rewards programs that provide rewards to people for installing tracking software on their smartphones, web browsers, routers, and TVs.


According to TechCrunch, Google is more forthcoming about the kind of data that it's collecting than Facebook, but that doesn't change the fact that Google is using an app installation method that appears to violate Apple's enterprise certificate rules in the same way the Facebook Research app did.

Additionally, people who install these kinds of apps for rewards may not fully understand the extent of the data that's collected.

Putting the not-insignificant issues of privacy aside -- in short, many people lured by financial rewards may not fully take in what it means to have a company fully monitoring all your screen-based activity -- and the implications of what extent tech businesses are willing to go to to amass more data about users to get an edge on competitors, Google Screenwise Meter for iOS appears to violate Apple's policy.

Apple and Google have not yet commented on the Screenwise Meter app, but if Apple does decide that Google is also violating its enterprise rules, which clearly state that the enterprise program is for distributing internal employee apps only, Google too could see the enterprise certificate used for the Screenwise app revoked.

Apple could also punish Google in the same way that it punished Facebook by revoking all of the company's internal apps that use the same certificate.

Tag: Google

This article, "Google Also Exploiting Enterprise Certificates to Bypass iOS App Store for Data Collection" first appeared on MacRumors.com

Discuss this article in our forums

from MacRumors: Mac News and Rumors - All Stories http://bit.ly/2GdvvTZ

Second Apple Employee Accused of Stealing Apple Car Details

http://bit.ly/2ve9mRb

The United States FBI this week accused a Chinese citizen working for Apple of attempting to steal trade secrets that are related to the company's autonomous vehicle program, reports NBC Bay Area.

Apple launched an investigation into the employee, Jizhong Chen, when another employee spotted him taking photographs "in a sensitive work space." Apple Global Security employees searched his personal computer and found "thousands" of Apple files, including manuals, schematics, photographs, and diagrams.


Chen had recently applied for a position with a China-based autonomous vehicle company that is a direct Apple competitor. Chen was arrested a day before he was set to fly to China. Apple in a statement said that it is working with the authorities.

"Apple takes confidentiality and the protection of our IP very seriously," the company said in a statement Tuesday. "We are working with authorities on this matter and are referring all questions to the FBI."

Interestingly, at least one of the photographs Chen took depicted an assembly drawing of an Apple-designed wiring harness for an autonomous vehicle, suggesting Apple's work does indeed go beyond simple autonomous software.

Apple's autonomous car plans have been up in the air for the last few years because the project has been restructured several times, has been put under new leadership, and many employees have been laid off or moved to other areas of the company.

There has been some question as to whether the Cupertino company is still planning a full autonomous car or if its focus has shifted to autonomous software, but the most recent rumors indicate a car is in the works with a launch planned for 2023 to 2025.

This is not the first time an employee has been caught trying to steal secrets from Apple's car team. Back in July, the FBI charged former Apple employee Xiaolang Zhang with theft of trade secrets for stealing hardware and software that included prototypes and detailed prototype requirements.

Related Roundup: Apple Car

This article, "Second Apple Employee Accused of Stealing Apple Car Details" first appeared on MacRumors.com

Discuss this article in our forums

from MacRumors: Mac News and Rumors - All Stories http://bit.ly/2DKibou

Apple Shut Down All of Facebook's Internal Apps When Revoking Enterprise Certificate

http://bit.ly/2CRtyt1

Facebook is no longer able to use or distribute important internal iOS apps after Apple disabled the Enterprise Certificate Facebook was abusing to surreptitiously gather data from iOS users right under Apple's nose.

Since 2016, Facebook has been paying teens and adults $20 per month to install a data gathering "Facebook Research" app that harvested all kinds of sensitive details from participants.

Facebook abused its enterprise certificate to get customers to install a "Facebook Research app
Apple had already banned Facebook's attempts to gather data through the Onavo VPN app, so Facebook used its enterprise certificate - provided to companies to install and manage internal apps for employees - to get participants to sideload the Facebook Research app, bypassing the App Store and Apple's oversight.

Facebook yesterday said that it was not violating Apple's enterprise rules, but as it turns out, Facebook was wrong. Apple this morning revoked Facebook's enterprise and said the social network had clearly violated the Enterprise Developer Program.

We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.

Facebook's revoked certificate wasn't just used for the Facebook Research app. According to The Verge, Facebook needed that certificate to run all of its internal apps, and with access revoked, none of those apps are working.

That means Facebook isn't able to distribute internal iOS apps like Facebook, Instagram, and Messenger for testing purposes, and internal employee apps for purposes like food and transportation are nonfunctional.

All of the apps that used the certificate "simply don't launch on employees' phones anymore," and Facebook is said to be treating the issue as a critical problem internally.

After the certificate was revoked, Facebook this morning said that it would shut down its Facebook Research app, though the company defended it and claimed that those who participated went through a "clear on-boarding process." The Facebook Research app for Android continues to be available.

Facebook is not going to be able to properly operate and distribute iOS apps on a wide scale basis without access to its certificate, so it's not clear how this situation will play out. Apple's tools are essential for internal apps, though Facebook will likely still be able to use alternatives like TestFlight if the certificate isn't reinstated.

Apple CEO Tim Cook has been highly critical of Facebook's lack of respect for user privacy in the past, and the two companies have had a dispute over the Onavo app, but this is the first time that Apple has directly punished Facebook and shut down one of its illicit activities.

Tag: Facebook

This article, "Apple Shut Down All of Facebook's Internal Apps When Revoking Enterprise Certificate" first appeared on MacRumors.com

Discuss this article in our forums

from MacRumors: Mac News and Rumors - All Stories http://bit.ly/2BbyUiZ