Category: Apple Insider

By Malcolm Owen
Saturday, April 18, 2020, 12:06 pm PT (03:06 pm ET)

The state of New York is now allowing marriage ceremonies to take place on video conferencing platforms like FaceTime, with an executive order enabling couples to get married via a video link while maintaining social distancing during the coronavirus pandemic.

The ongoing effects of the coronavirus on everyday life has led to business closures and major changes to everyday life, as companies, individuals, and governments attempt to curtail its spread. In one effort to work around the need for social distancing, the state of New York is enabling a major life event to officially take place via a video conferencing service, such as by FaceTime.

Announced on Saturday as part of a wider COVID-19 press conference, New York Governor Andrew Cuomo confirmed the start of the special arrangement for marriage ceremonies, reports CNET. “We are today signing an executive order allowing people to get their marriage licenses remotely and also allowing clerks to perform ceremonies over video, Cuomo aide Melissa DeRosa advised during the press conference.

Under the new executive order, couples will be able to perform all of the usual tasks with clerks that would normally be carried out in person by doing so digitally, with regard to obtaining a marriage license. As part of the same measure, clerks are also able to perform marriage ceremonies over a video link.

“Video marriage ceremonies – there’s now no excuse when the question comes up,” said Cuomo. “You can do it by Zoom.”

It is likely that a range of video services will be usable, including Zoom and FaceTime, though what ultimately gets used could be limited by a number of factors, such as if other family members or wedding guests would be allowed to watch the marriage ceremony live.

New York City is among one of the areas hardest hit by the coronavirus, with approximately 131,000 confirmed cases as of April 18, as well as approximately 8,900 deaths attributed to the virus. The state has ordered schools and nonessential businesses to remain closed until May 15, and that all people need to wear masks or face coverings in public, among other measures.

Apple and Google are working on a Bluetooth contact tracing system that could help track and possibly reduce the spread of COVID-19. But security experts that AppleInsider have spoken to express concerns about privacy and execution, which could undermine its effectiveness.

Security experts and cryptographers have lingering concerns about the privacy and security of COVID-19 contact tracing. Credit: Brian McGowan

Both Apple and Google have made it clear that they are focused on coronavirus-tracking technology with privacy and security in mind. But, there are inherent limitations to Bluetooth which Apple and Google can’t mitigate, compounded by concerns about the third parties that would be handling data collected through the systems.

For users relatively unconcerned about data privacy, or for those willing to sacrifice some of theirs to help stop a pandemic, that’s not a problem. On the other hand, trust in the privacy and security protocols of mobile contact tracing, particularly voluntary ones, is going to be absolutely critical in convincing people to use it. Even though it’s not going to be a cure-all, the system has some major hurdles to overcome and questions to answer before it can help.

Privacy and security issues

A slide deck explaining how the Apple and Google system work.

The system is actually an API that unlocks certain Bluetooth-related functionality for apps using it, including the ability to run Bluetooth tracing in the background. When it comes to privacy, Apple and Google have taken steps to anonymize users and avoid the mass collection of location and other data, such as changing the unique Bluetooth identifier every 10 to 15 minutes. But even then, the system isn’t necessarily designed to be completely anonymous.

For example, these rolling proximity identifiers are only private until someone tests positive for COVID-19. After that, a device identifier becomes linkable and the system will send a copy of its cryptographic keys to all of the devices which came into close proximity with it.

As an example of how this can be leveraged by a bad actor, former Federal Trade Commission technologist Ashkan Soltani gave an example of a so-called “linkage attack” which could reveal the identity of someone who is COVID-19 positive.

“By design, your smartphone will broadcast a rotating unique identifier (via Bluetooth) every few minutes (the rolling proximity identifier) to anyone within range,” Soltani told AppleInsider. That means there aren’t any granular controls for users to avoid this, beyond not using the system.

Someone with a Bluetooth sniffer and a video camera could collect pairs of photos and rolling identifiers in a public place, Soltani explains. If one of those people tests positive for COVID-19, the attacker could pair their diagnosis keys with the pictures and rolling identifiers.

Soltani adds that a well-resourced attacker, like a retail location tracking company, could expand this tactic to a wider scale —potentially allowing them to track a person’s wider movement patterns. The researcher previously wrote about the privacy considerations of retail tracking for the FTC.

The ability for advertising technology (adtech) and retail tracking companies to identify people with COVID-19 was echoed by cryptographer and Signal app creator Moxie Marlinspike. Because devices with a contract tracing app installed will get a log of daily identifiers, a user’s device could become linkable once they receive a positive diagnosis. Essentially, the system is only private until a positive diagnosis.

“At that point adtech (at minimum) probably knows who you are, where you’ve been, and that you are (COVID positive),” Marlinspike wrote. He says it takes Bluetooth privacy a “step back.”

Another important point is that the Apple and Google API, as it stands, is not necessarily the end implementation. Instead, it’s a framework for use by developers. In this case, those developers are going to be public health organizations.

Because of that, the privacy and security of the system really comes down to trust in the developers of mobile contact tracing apps, according to Sergio Caltagirone, vice president of threat intelligence at cybersecurity firm Dragos. Caltagirone told AppleInsider that the cryptographic specification provided by Apple and Google “simply states that the implementation must not store or correlate data but provides no additional controls — a lot of trust when it comes to public health data and the potential for misuse.”

In his security experience, he said a common exercise is to take any specification and search for the words “must” or “may” and then ask “what if it didn’t?” Caltagirone calls it “faith-based” privacy, rather than cryptographically guaranteed privacy.

There are already signs that some public health groups aren’t fond of the Apple and Google restrictions. The UK’s National Health Service, for example, is reportedly in a “standoff” with the two companies because it wants to create a centralized database of identifiers. That’s something that Apple and Google are barring organizations from doing.

Additionally, Soltani added that organizations can “design (their) app to collect any added info they think” people will consent to.

Practically, that means that although the Apple and Google API is “privacy-preserving,” the actual contact tracing apps that health organizations develop may collect data in a way that isn’t.

“Bluetooth contact tracing is a vast improvement over location tracking with GPS or cell site information, but it still needs strong privacy and security safeguards,” Electronic Frontier Foundation General Counsel Kurt Opsahl said in a statement to AppleInsider. Echoing Soltani, Opsahl said that the Apple and Google framework is just “one part of the equation” and that “we also need privacy safeguards with the public health proximity apps that interact with this API.”

Since these safeguards need to be implemented at the app and health organization level, they’re not necessarily something that Apple and Google can guarantee.

Effectiveness of Bluetooth contact tracing

An illustration of Bluetooth contact tracing. Credit: MIT

The inherent risks of Bluetooth and unanswered questions about health data collection could undermine what is ultimately the most important part of mobile contract tracing: adoption.

For this type of contact tracing to be effective, it needs to be widely adopted by a population. Some experts, like contact tracing research group Covid Watch, float a 60% statistic for its efficacy to be worthwhile.

Apple and Google have barred third parties from making the app mandatory, which means that users will need to voluntarily download it. Whether they will may really come down to how the tech giants and health organization set up their app, as well as the privacy and security promises they make.

Some lawmakers and regulators are already raising questions about whether they can get the public’s trustin the U.S. and Europe.

With disparate figures and organizations ranging from the American Civil Liberties Union to President Donald Trump casting doubt about the system, there’s a real concern whether enough users will trust it to actually download and install it on their devices.

Ben Adida, a cryptography and information security researcher, is much more optimistic about the protocol than others. In a Twitter thread, he says it solves a lot of problems with other tracing surveillance and proposals, and that some kind of “properly tuned incentives” may be enough to see the right adoption rate.

Of course, there are also some real concerns about the efficacy of mobile contract tracing in its current forms. Jason Day, the product lead for Singapore’s TraceTogether contact tracing app, said that it isn’t going to be a replacement for manual contact tracing.

“If you ask me whether any Bluetooth contact tracing system deployed or under development, anywhere in the world, is ready to replace manual contact tracing, I will say without qualification that the answer is, No,” he wrote in a Medium post.

There are unanswered questions about the effectiveness of Singapore’s contact tracing methods. It’s important to note that TraceTogether deployed without the Apple and Google API, meaning it could only work when the app was running in the foreground.

Even with that problem solved by the new Bluetooth framework, there are other issues without easy solutions. Mobile contact tracing also isn’t going to cover those who don’t have smartphones, such as children and the elderly, Soltani added in a tweet. Because it’s proximity-based, it could also create false contact positives in dense living spaces like apartments.

And in certain countries, like the U.S., the primary hurdle beyond adoption is likely to be availability of testing. The Apple and Google API seems dependent on whether a person can receive a diagnosis from a public health official. While that cuts down on the risk of trolling, it raises a big question about whether enough testing is available for it to even work.

As cryptographer and ZCash Foundation engineer Deidre Connolly points out, the U.S. is simply not currently prepared to ramp up to the kind of testing that the Apple and Google API would require to be effective.

Of course, despite these privacy and effectiveness concerns, the Apple and Google system could still be part of a broader solution to stop COVID-19, along with sufficient testing and measures like social distancing.

Whether that turns out to be the case will hinge on whether Apple, Google and public health groups are able to convince enough people to download and use it. Ultimately, that job may not be Apple’s and Google’s.

Without a concentrated, transparent, and trustworthy effort from all of those involved —including the public —mobile contract tracing will just end up being wishful thinking.

By Mike Peterson
Tuesday, April 14, 2020, 12:16 pm PT (03:16 pm ET)

Apple was the most imitated brand in web-based phishing campaigns in the first quarter of 2020, new research shows.

An example of a fradulent Apple phishing page. Credit: Malwarebytes Lab

Phishing remains one of the most popular tactics for cybercriminals and other bad actors to steal data or money across through fraudulent links sent via email, text or web browser redirects.

According to a new report from cybersecurity firm Checkpoint, web-based phishing campaigns remained the most popular in Q1 2020, accounting for 59% of attempts. Apple ranked as the most imitated brand for the category, followed by Netflix, PayPal, and eBay.

Apple’s jump from 7th place in the fourth quarter of 2019 to first place in Q1 2020 may have been the result of phishing campaigns attempting to take advantage of the buzz surrounding unreleased Apple products, Checkpoint theorizes.

Due to the ongoing coronavirus pandemic, there are a few other notable changes. Mobile-based phishing detections became the second most common attack vector, up from third place in Q4 2019, likely due to more users working from home. Previously, email ranked in second place.

Services commonly used in both at-home leisure and work, like PayPal and Netflix, also saw a boost in popularity between the Q4 2019 and the beginning of Q1 2020.

Checkpoint notes that the total number of brand-based phishing attempts remained stable between Q4 2019 and Q1 2020.

Earlier in April, the U.S. and U.K. governments warned citizens against clicking on any suspicious links to supposed relief websites.

By William Gallagher
Monday, April 13, 2020, 09:49 am PT (12:49 pm ET)

Chipmaker TSMC has lost a significant order from Huawei, only to find Apple buying up all of its production capacity, for what is believed to be the “iPhone 12.”

Apple has long been using supplier TSMC to manufacture its A-series processors, specifically 7-nanometer ones as used in iPhone XS’s A12. Apple has also been known to be developing a 5nm processor with the company, and now industry sources report that orders have increased.

According to the China Taiwan Economic Daily, Apple has asked TSMC to produce almost 10,000 further processors in the fourth quarter of this year. The use of a 5nm processor and being produced in that quarter suggests that the order is for the A14 which is to be used in the iPhone 12.

The move reportedly follows Huawei’s cancellation of approximately that same amount. While there is no indication from either TSMC or Huawei why the order was reduced, the phone maker is currently facing new criminal charges in the US, and has been substantially affected by the coronavirus.

TSMC is now said to have adjusted plans for its 5nm process because of the impact of COVID-19 on demand, though reportedly it remains on schedule.

The China Taiwan Economic Daily report citing unnamed industry sources, was first spotted by Chinese-language site IT Home.

From the very funny to the occasionally accurate, there are some excellent movies for Apple fans to catch up on during our self-isolation.

Left: Noah Wyle as Steve Jobs. Right: Michael Fassbender as Steve Jobs. Center: Steve Jobs himself.

If there is a movie or feature-length documentary about Apple that is entirely, completely accurate, then still someone depicted will say it isn’t. There’s a lot of ego involved in the history of Apple, but then that’s part of why there is so much drama in it. Maybe you could make a drama out of any company’s history, but it has to be a very special corporation before anyone would watch it.

Since movie makers are as aware of the interest in Apple as anyone else, though, there are a lot —a lot —of very poor documentary films attempting to catch your eye. We watched so you don’t have to: here are the movies about Apple that are more than worth your time.

Dramas about Apple

Walter Isaacson’s Steve Jobs biography is a very long wasted opportunity, but it did give us one excellent thing. That book was the start for Aaron Sorkin’s Steve Jobs movie and —bear with us for a second —that is easily the best drama about Apple to date.

No, really, it is. The trouble with biopics is that they either have to chart a whole life, or they pick one big incident in it. Sorkin chose instead to portray Jobs through concentrating on three of his most famous keynote speeches.

[embedded content]

To do it, he did contrive to have incidents happen around those events which in reality took much longer. And he did leave out details, he does skip over people. Plus there’s a famous scene in the film where Jobs shouts at Andy Hertzfeld that the universe was made in seven days. “Well,” replies Hertzfeld, “someday you’ll have to tell us how you did it.”

That never happened. But we know it didn’t because Sorkin has been upfront about how and why he wrote what he did. And in his Masterclass series about writing, he explains that this scene came about because he asked Hertzfeld what Steve Jobs would say in that scene. It’s genuine, personal insight —not a Hollywood invention.

Speaking in Masterclass about his partly related film, The Social Network (2010), Sorkin explains that he will never portray someone doing something they didn’t or wouldn’t. And he reveals that there are people who wouldn’t speak to Walter Isaacson who did to him.

Watch Steve Jobs, the movie, for how it captures the man few of us knew, and the whole world of Apple that has meant so much to us all.

And then, if you can track it down, watch “Pirates of Silicon Valley.” Screenwriter and director Martyn Burke had a background in documentaries, but this is a drama and if it’s very of its time, it has at least one very big merit. Noah Wyle is startling good as a young Steve Jobs in it.

So good that Steve Jobs, who shunned Burke after it, hired Wyle to portray him at Macworld in 1999.

[embedded content]

According to Wyle, Steve Jobs took him shopping before the presentation and bought him jeans, round glasses, and a turtleneck sweater.

“The first few rows [of the Macworld audience], I think, could obviously tell it wasn’t him, but most others didn’t know at all,” said Wyle. “And there was this growing ripple of laughter throughout the auditorium when people got what was happening. I honestly had had no idea what to expect: I thought the whole thing might be an ambush — that he’d get me to his event and that what he said we were going to do in fact wasn’t what we were going to do, and I would somehow be humiliated. But he stayed on script and was very kind to me.”

Pirates of Silicon Valley and Steve Jobs are the two key dramas about Apple, but for capturing how the industry was in the early days, do watch the TV series Halt and Catch Fire. It’s more about PCs, but even those of us who lived and worked through this time couldn’t have expected that a drama about it would be this good —and this accurate.

[embedded content]

Films about the Apple community

• Macheads (2009) available to rent or buy at Amazon
• Welcome to Macintosh (2008) currently available to stream through Amazon Prime US

These are two documentary films that came out close on each other’s heels and are both about us, people who use and, frankly, love Apple. It’s not as if we’re blind to its faults, but once you start using Apple gear, something does happen and you do get immersed in this community.

[embedded content]

Both of these documentaries have insight from people within Apple, and both of them have historical detail that’s interesting. Welcome to Macintosh has much more from Apple staff, but you can probably best gauge the differences between these movies by two quotes from them.

Welcome to Macintosh features quite sour ex-Apple people, including Jim Reekes. “People on the outside think that it’s like this wonderful world of Oz or Disney going on, and all of us are just all these brilliant, amazing, happy people,” says Reekes, “and it’s not, it’s like a sausage factory. You really don’t want to know how this stuff happens.”

Whereas Macheads includes an interview with an Apple user who explains just how much this ecosystem means to her. “I have never knowingly slept with a Windows user,” she says. “That would never ever happen.”

Considering that actually both films feature some quite dour people, the two are equally joyous. Even if you will recognize yourself in both of them.

Films about Apple and related products

It’s a curious thing that these two documentaries about topics that hugely overlap, came out so close together —and their subjects came out at the same time too. In reality, the Newton’s launch, and its failure, destroyed the work of rival General Magic, but these two movies are superb companion pieces.

They’re about the 1990s time in Apple’s history when it spun off a firm called General Magic which was, basically, inventing the future that we live in today. And when Apple CEO John Sculley, having had Apple spin off this new firm, simultaneously decided Apple should develop a product to destroy it.

[embedded content]

Sculley is interviewed in these films and you won’t come away fathoming why he did it. That’s one of the weaker parts of the General Magic documentary, in that it’s as hard to believe the people in that firm knew nothing of Newton, as it is that Sculley would do this. You’ll wish it delved more into what happened on this.

But otherwise, it and Love Notes to Newton are both utterly engrossing films that are ostensibly about products and companies, but are really about the people involved.

Films about the industry

• Steve Jobs: The Lost Interview (2012) available to rent on iTunes, Amazon
• Objectified (2009) available to rent on Amazon

Among the sea of Steve Jobs documentaries that were rushed out after his death in 2011, there is one that stands apart. Released in 2012, Steve Jobs: The Lost Interview, is a 70-minute interview with Steve Jobs that was filmed in 1995.

It was filmed for a documentary called Triumph of the Nerds, which is a short series by PBS and the UK’s Channel 4, about the development of the PC. That series is worth looking out for, but the Lost Interview is much more fascinating because it was filmed during the time Jobs was away from Apple.

Jobs is asked about this then-current project, NeXT, but he also reflects on the origins of Apple. It’s not his usual bluster about how great things are, it’s a more reflective piece where he displays that famous prescient awareness of what people need from technology.

[embedded content]

There’s a similar sense to how Jony Ive speaks in Gary Hustwit’s 2009 documentary about design, Objectified. Ive is filmed inside Apple and just as interesting as his thoughts about design and people, is his own body language as he cleans the screen of his own iPhone before showing it to us.

Ive is a major part of Objectified and so is one of his design heroes, Dieter Rams, who was later the sole subject of Hustwit’s 2018 documentary, Rams. At the time of writing, Rams is available to stream for free on Hustwit’s website where he’s been releasing one of his films every week during the coronavirus outbreak.

Whenever you can, do check out which of his documentary films is streaming, but also take a deep dive into all of the movies about Apple. The ones we’ve picked are tremendous examples of filmmaking, they are intensely dramatic —whether they’re dramas or documentaries —and they are all-absorbing.

Keep up with AppleInsider by downloading the AppleInsider app for iOS, and follow us on YouTube, Twitter @appleinsider and Facebook for live, late-breaking coverage. You can also check out our official Instagram account for exclusive photos.

By Amber Neely
Thursday, April 09, 2020, 11:40 am PT (02:40 pm ET)

Microsoft may be forced to delay the release of the Surface Neo and Windows 10X as a whole to focus on single-screen uses, according to sources within Microsoft.

In October of 2019, Microsoft revealed a future product that it didn’t plan on shipping until 2020 —the Surface Neo. It consisted of a dual-screen notebook with an extra keyboard and stylus support. The devices were set to ship with Microsoft’s new branch of Windows called Windows 10X.

On Thursday, rumors surfaced that Microsoft’s Chief Product Officer Panos Panay had said the Surface Neo dual-screen Windows 10X devices wouldn’t ship in 2020. Microsoft intends Windows 10X as a new, modern form of Windows 10 designed from the ground-up for dual-screen device. Furthermore, it guts many of the older Windows 10 features in favor of increased security and a more streamlined experience.

Dual-screen devices with Windows 10X were slated to ship around the holiday season of 2020. Likely due to the ongoing COVID-19 pandemic, Microsoft appears to have fallen behind in developing the Surface Neo and Windows 10X.

Microsoft has allegedly said they would not be allowing third-party dual-screen devices to ship with Windows 10X either, according to ZDNet.

In February, Microsoft had stated that they were hit hardest in their “More Personal Computing Segment,” a part of the company that deals with Windows licensing, accessories, all of Microsoft’s gaming initiatives, and Surface hardware.

Microsoft has not as of yet commented on the report.