Apple has posted a Q&A on XcodeGhost, the counterfeit software development kit that was used to create malicious apps that were able to be released on the App Store. As expected, the Q&A emphasizes that the problem was created by developers downloading iOS software development tools from third-party sites, rather than Apple’s, but also interestingly notes that OS X protections that Apple has put in place — such as Gatekeeper — had to be “deliberately disabled by the developer for something like XcodeGhost to successfully install.” The Q&A also notes that Apple has no reason to believe that the code was ever actually used to do anything malicious, or that any personally identifiable information could have been transmitted, and that it “did not have the ability to request customer credentials to gain iCloud and other service passwords” as some other reports had suggested.
If iPad Pro users want to use Microsoft’s Office suite, they’re going to have to pay for an Office 365 subscription. In a March blog post, Microsoft VP Kirk Koenigsbauer said the company uses screen size to “delineate between professional and personal use,” allowing devices with screens smaller than 10.1 inches to use a limited version of its productivity software for free. Last November Microsoft made Word, Excel and Powerpoint apps capable of basic editing available for free on iOS devices, but the iPad Pro’s 12.9-inch display makes it the first iOS device to fall outside of the bounds Microsoft sets for free use. The distinction applies to Android and Windows tablets as well, with Microsoft referring to devices with bigger displays as “a ‘pro’ category tablet that is used for design or presentations.” [via MacWorld]
In an e-mail to developers and a post on its website, Apple has laid out the proper process for downloading Xcode after hundreds of apps were found to be using a malware-laden version of the IDE. Apple states that Xcode should always be downloaded from the Mac App Store or the Apple Developer website and validated by Gatekeeper to ensure the downloaded software hasn’t been contaminated. For those wanting to test a version of Xcode they’ve already downloaded, Apple’s post provides the proper command to run on a Gatekeeper-enabled computer to verify the version came from a legitimate source.
Update: In an interview with Chinese website Sina, Apple’s chief marketing executive Phil Schiller said the company is also making Xcode available for domestic download to Chinese developers to eliminate the need for third-party downloads. Schiller added that the company has found no known instances of apps affected by the malware transmiting customer data, but Apple still plans to warn users of the tainted apps to delete or update them. [via Reuters]
In a rare move, Apple is providing automatic refunds for users who bought the Peace ad blocker for iOS 9, according to developer Marco Arment. The app was pulled from the app store by Arment shortly after its launch, prompting more than 13,000 users to request refunds through the manual process. Arment said Apple contacted him to say the company was going to issue proactive refunds to everyone who bought the app, which he said “effectively never happens. When I decided to pull the app, I asked some Apple friends if this was even possible, and we all thought the same thing: iTunes billing works the way it works, period, and no special cases can be made.” In this instance, Apple seems to have made an exception, and users who purchased the app should see a refund notification from Apple within a few days. [via iMore]
Apple is trying to rid the App Store of hundreds of apps containing a malicious program called XcodeGhost, Reuters reports. The flaw was brought to Apple’s attention by several cybersecurity firms last week, including Palo Alto Networks, which claims that popular apps like Angry Birds 2 and WeChat have been built with a counterfeit version of Xcode downloaded from Chinese servers. The malware’s primary function is to collect information stored on devices and upload that data to remote servers, but it has also been found to prompt fake alerts to phish for passwords from users, hijack opening specific URLs, and read and write data into the user’s clipboard, allowing the malware to read a user’s password if it is copied from a password management tool.
Apple hasn’t commented on what iPhone and iPad users can do to determine which devices have been infected, but spokeswoman Christine Monaghan said, “We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.” So far that list doesn’t include popular apps like Angry Birds 2 or WeChat, which are still available in the App Store as of Monday morning. Angry Birds maker Rovio has also made no mention if the XcodeGhost bug, making the app’s inclusion on the list even more baffling. Palo Alto Networks Director of Threat Intelligence Ryan Olson said the firm had uncovered no clear cases of data theft or harm as a result of the attack so far, but that the attack is significant because it proved the App Store’s security can be compromised by infecting the machines of software developers writing legitimate apps. The full list of affected apps published by Palo Alto Networks (including titles translated from Mandarin by Business Insider) is listed below:
As hinted at during last week’s event, Apple has released iMovie 2.2, an update designed primarily to bring 4K video editing support for the new iPhone 6s, iPhone 6s Plus, and iPad Pro. In addition to 4K video, the update also introduces support for 1080p video at 60fps and adds 3D Touch interactions for the new iPhone models. Several iPad enhancements have also been added, including a new user interface design for the iPad Pro, including a full-height media browser and 1080 HD viewer, support for editing shortcuts on external keyboards, improved Inspector controls, and redesigned Project Details and Video views. The new version also adds support for Slide Over and Split View along with a redesigned Audio Browser in the iMovie Extension for Photos.
Games made for the new Apple TV must support the device’s included remote, according to the App Programming Guide for tvOS, as pointed out by developer Dustin Westphal in a recent tweet. Although the device will support third-party controllers, those controllers can’t be required to play a game. This represents a change — as recently as last week, Apple allowed developers to require an extended game controller. Apple’s guide also notes “tvOS games that support controllers must support the extended control layout,” and games that support that layout must be playable solely using one standalone controller. All controllers for tvOS games must also have a pause button. [via TouchArcade]
Apple is expanding its mapping research operations at a facility in Sweden, according to Swedish site DiGITAL. Citing a report from Rapidus, the site claims that after acquiring Swedish mapping company C3 Technologies in 2011, Apple quietly kept working on C3’s 3D modeling method, based on combinations of images taken by airplanes and cars from different angles. The new story claims Apple has been further developing that technology out of a facility in Lund, Sweden since last November, recently ramping up hiring. Apple has doubled down on improving its maps in recent years, sending its own vans out to collect data and acquiring other companies — like mapping firm Broadmap in 2013 and GPS firm Coherent Navigation this May — in addition to adding its new Transit feature to the Maps app in the upcoming iOS 9 release. [via 9to5Mac]
In a banner message to users on its website, HopStop announced it will no longer be available in October, as Apple said it will be shutting down the popular transit directions app, according to 9to5Mac. Apple acquired HopStop in 2013 in an effort to improve its own transit directions in Apple Maps, and with those improvements coming online when iOS 9 launches on Sept. 16, Apple is shutting down HopStop’s app. The plan will leave some users in the lurch, as the transit feature in Apple Maps currently supports far fewer cities than the HopStop app. Apple is reportedly working quickly to close that gap — aiming to expand to cities like Boston and Tokyo, Japan by next year — and already provides transit directions for many areas outside those listed on it website, but in the meantime HopStop’s exit could leave users in countries like Russia, Israel and Australia without a working solution.
Irate media company executives are complaining that the Apple News app to be released with iOS 9 next week is too restrictive on advertising content, the New York Post reports. The company has placed unconventional restrictions on ad formats and requires strict approval hurdles for ad campaigns, leading one unnamed senior news executive to say, “[Apple News is] giving us some great ways to distribute our product, but they’re not giving us a lot of ways to monetize it.” Popular tools like real-time bidding for ad placements aren’t supported yet, and Apple has refused to accommodate Google’s Doubleclick, one of the most popular tools for placing and tracking online ads. Apple’s requirement that the company be allowed to approve every ad campaign within 48 hours’ notice and refusal to run pre-roll video ads without direct vetting has also made the process “very difficult,” according to another news executive. While publishers like CNN, Vox Media and Time Inc. have agreed to make most of their content available on the new app, others with strong paid subscription models like The New York Times and Wall Street Journal are reportedly restricting Apple News to a few dozen stories a day. Apple didn’t respond to a request for comment.
Popular media streaming app Plex is coming to Apple TV, according to a report from IT World. Plex co-founder Scott Olechowski confirmed that the company is awaiting tvOS developer beta information to work on adapting the app to the new platform. The app — which organizes video, music and photos on a computer and allows them to be streamed to media players, smart TVs and mobile devices — is available on iOS, but has only been accessible on Apple TV through a software hack. While Olechowski declined to give a timeline for Plex’s debut on Apple TV, he said there is no question that it will be possible to run a fully loaded version of the app on the new platform. “Our goal is to enable people to enjoy Plex on the hardware platforms of their choice, and there is no doubt this will be a top platform for us,” he said.
The Pokémon Company, Ingress developer Niantic, and Nintendo have announced that they are collaborating on the release of Pokémon GO, a new location-based iOS game set in the Pokémon universe. Trainers will use their iPhone GPS to explore real-world locations to catch, trade, and battle with each other in their search for Pokémon. The game director of the original Pokémon video game series, Junichi Masuda, will also be contributing to the project, ensuring that the new Pokémon GO app remains true to the original Pokémon experience while at the same time branching out into new types of gameplay and tying into the main Pokémon series. Nintendo will also be developing and selling a separate Bluetooth device called Pokémon GO Plus that will alert users to nearby events with flashes and vibrations, such as Pokémon in their vicinity, and allow them to catch Pokémon with the press of a button without having to reach for their iPhone. Pokémon GO is expected to debut as a free download on the App Store in 2016.
Google has announced that its Mobile Application Management (MAM) solution for Google for Work environments is now available to iOS devices. A new Google Device Policy app for iOS allows users of Google Apps for Business, Education, and Government to enroll their iOS devices in their organizational policies in order to streamline access to device approval requests and internal Wi-Fi networks, use single sign-ons across all Google Apps such as Gmail, Drive, and Docs, and install iOS apps that have been whitelisted by the organization in a managed device profile.
Google Apps Administrators will be able to use the Google Admin console to whitelist any free app found on the iOS app store, allowing a list of approved apps to be easily discovered and downloaded by their organization’s users without having to scour the App Store or recall specific app names from an orientation session or employee handbook. Apps installed through the Google Device Policy app are also managed by the organizational policies and can be removed from a user’s device when no longer whitelisted, or when a device is remotely wiped by an admin, ensuring that corporate information is not retained on personal devices when a user leaves the organization.
FiftyThree has released a major update to its popular Paper idea capture app, adding support for iPhone users along with a number of interesting user interface improvements. Version 3.0 allows iPhone users to capture images, notes, and sketches at the tap of a button and provides a new home view to make it easier to see everything at a glance. Text in notes can now be quickly styled by swiping to create headers, checklists, and bullet points, or rearrange items in a list, and photos can be “spotlighted” using freehand drawing to outline an area for highlighting. Annotation features for writing notes on photos are also provided. Users can collaborate with other Paper users, or export notes as PDFs, Keynote and Powerpoint files, or export to Adobe Creative Cloud apps such as Illustrator.
Mozilla has announced a limited release of its Firefox browser for iOS. Originally hinted at last December, Mozilla changed direction on earlier statements that its browser would only be made available on iOS if Apple were to loosen its restrictions and permit the company’s own web engine to be used. The first preview version of Firefox is being released exclusively in New Zealand so that the company can collect feedback from a limited user base in a single country. Highlighted features of this first release include Intelligent Search, which provides suggested search results and a choice of search providers, as well as Firefox Accounts, which allows users to sync browser history, passwords, and tabs between Firefox on the desktop and the iOS version. A Visual Tabs feature is also included to help users keep track of open tabs. Mozilla plans to release future previews in “a few more countries” prior to a full public launch of the browser scheduled for later this year.
Google has announced a new Google Street View app that allows iOS users to explore a collection of immersive 360-degree “photo sphere” panoramic images associated with locations around the world. The new app is actually a major redesign based on the company’s earlier Photo Sphere Camera app, which was originally designed to allow users to collect their own 360-degree spherical photography shots and upload them to Google Maps. The new Google Street View app takes this one step further, adding the ability to now explore Street View collections and content from Google Maps and photo spheres contributed by other users. In addition to creating and contributing photo spheres from the iPhone camera, the new app also adds support for connecting to external spherical cameras.
CBS announced it will stream Super Bowl 50, four NFL playoff games and and two regular season games through its CBS Sports app, available on Apple TV and several other platforms. The live streams are available for free and won’t require authentication to be viewed. The October 4 game between the Jets and Dolphins in London will be the first to stream live, followed by the November 26 Thanksgiving Day game between the Panthers and Cowboys. All of CBS’ AFC playoff coverage will be streamed as well, including Wild Card, Divisional, and Championship games.
Although Google released an iOS app able to link certain Android Wear watches to iPhones, the new interface doesn’t yet include support for Apple’s HealthKit, BuzzFeed reports. While Android watches can track steps, heart rate and other fitness metrics, the data won’t show up in Apple’s Health dashboard like data collected from the Apple Watch does. Instead, the information will be routed through Google’s competing health dashboard, Google Fit. An Apple spokeswoman was quick to point out that the choice not to integrate Android Wear watches with HealthKit was entirely Google’s, leading to speculation that Google is happy to tap into Apple’s iPhone user base, but reluctant to allow its watches to share data with competing platforms. It’s possible that Google could change its mind in the future and allow Android Wear to interact with HealthKit.
An update to the Amazon Video iOS app now allows Amazon Prime members in the U.S., U.K., Germany, and Austria to download movies and TV shows for offline viewing at no added cost. A new download icon has appeared alongside the play button next to individual pieces of content within the app. To locate and view videos after downloading, iPhone or iPad users can open their Library, tap Refine and then select the On Device option. Users can also watch content by tapping Watch Now from the Prime movie or TV show page, which is also where they’ll go to delete downloads once they’re done watching. Amazon is touting the move as setting its service apart from competitors like Netflix by making content available for viewing even when an Internet connection isn’t available.
Google announced on its official blog that an iOS app rolling out today will finally let users pair some Android Wear watches with newer iPhones. Android Wear for iOS will let users running iOS 8.2+ on an iPhone 5, 5c, 5s, 6 or 6 Plus connect their phone to the LG Watch Urbane. Google said all future Android Wear watches — including those from Asus, Huawei and Motorola — will support the iOS app as well, but for now, only the Urbane offers support. Once connected, the watch will mirror the notifications on a user’s iPhone, display messages, and show info about incoming phone calls. In the announcement, Google makes a point of noting that Android Wear’s always-on display means users won’t have to move their wrist to “wake up” their watch — a clear dig at how the Apple Watch only turns its screen on to display notifications after a user rotates their wrist or taps the smartwatch. Android Wear is going after Apple Watch on the health front as well, allowing iPhone users to track heart rate, distance traveled, and progress toward fitness goals. The app also attempts to provide an alternative to Siri in offering the “OK Google” capability, which allows users to get responses to questions, check traffic or flight information, and create to-do list reminders on the fly.