Security firm SourceDNA claims to have discovered hundreds of App Store apps that violate Apple’s privacy policies by accessing private user information. Apps using the Youmi advertising SDK were found to be accessing users’ Apple IDs, gathering a list of apps installed on devices and documenting the serial numbers of peripherals, among other privacy invasions. Youmi’s SDK skirted Apple’s review process by hiding its data collection processes within binary code sent out to developers over the last two years, leaving even app developers themselves unaware of the data that was being collected and sent back directly to Youmi. After Apple started blocking apps from reading platform serial numbers in iOS 8, Youmi started collecting information on individual device components, like the battery system, and used those to identify individual devices.
Apple has released updates to its suite of iWork apps for iOS, adding new iOS 9 related features as well as 3D Touch support for the new iPhone 6s and iPhone 6s Plus. All three of the apps, Pages, Numbers, and Keynote, have been updated with support for Slide Over, Split View, and Picture in Picture features on supported iPad models, a new Shortcut Bar on the iPad for quick access to formatting tools, support for new Multi-Touch gestures on the iPad, new keyboard shortcuts for use with external keyboards, and 3D Touch support. The three apps now gain the ability to open documents from older versions, with Pages ‘06 and ‘08, Numbers ‘08, and Keynote ‘06 and ‘08 supported. Shared documents can now also be previewed in iOS and Android browsers, version history allows users to view and restore previous changes made to a document, and many accessibility improvements have also been added. New templates and themes are available in each of the apps, and compatibility with Microsoft Word, Excel, and PowerPoint formats has also been improved.
Canadian telecommunications giant Bell Canada has agreed to pay a $1.25 million “administrative monetary penalty” to the Canadian Government for encouraging its employees to post positive ratings and reviews of the company’s free MyBell Mobile and Virgin My Account apps, according to a news release from Canada’s Competition Bureau. The case concerns reviews posted last fall, when “certain Bell employees were encouraged to post positive reviews and ratings” of the company’s apps “without disclosing that they work for Bell.” The report notes that the company “acted quickly” to remove the reviews and ratings as soon as it became aware of the matter, stated that “the postings were the result of an overzealous effort on the part of our service team to highlight the app.” In its release, the Competition Bureau noted that regardless of the company’s action, these reviews and ratings “created the general impression that they were made by independent and impartial consumers and temporarily affected the overall star rating for the apps.” In addition to paying the monetary penalty, Bell also agreed to “enhance and maintain its corporate compliance program, with a specific focus on prohibiting the rating, ranking or reviewing of apps in app stores by employees and contractors” as well as to “sponsor and host a workshop to promote, discuss and enhance Canadians’ trust in the digital economy, including the integrity of online reviews.” [via iPhone in Canada]
Citing changing exchange rates, Apple has notified developers that prices in the App Store will be increasing in Australia, Indonesia and Sweden over the next few days. Prices will also be going up for in-app purchase subscriptions, with Apple planning to send an email to subscribers notifying them of the increase and how to turn the subscription off if necessary. The strategy is a new one for Apple, which automatically canceled auto-renewed subscriptions when prices went up in South Korea, South Africa and Turkey earlier this year, requiring those users to resubscribe to opt in at the higher price. The Australian App Store is getting two new low-price tiers as well, echoing Apple’s changes to app pricing in India, Mexico and a handful of other countries in July. [via 9to5Mac]
Apple has quietly added Boston and Sydney, Australia to its list of cities where transit directions are supported in Apple Maps. The expansion solves a problem for some Australian users who were left without access to transit directions after Apple shut down the popular HopStop transit directions app earlier this month. HopStop covered cities in Russia, Israel and Australia that Apple Maps has yet to expand into with transit directions. Note: Though support has officially been added, not all users are seeing the feature as of yet. We searched both cities and no transit directions appeared to be available at the time of this writing.
Apple has fixed the iOS 9 issue that held up the release of its new app thinning feature. Users running iOS 9.0.2 or later will now receive device-specific versions of downloaded apps, provided the app’s developer has made such a download available. By tailoring app downloads to individual devices, developers can provide users with a variant containing only the features and capabilities that function on each device, minimizing the amount of space an app requires. How many developers have created device-specific variants of their apps so far is still unclear.
After dropping its Photoshop Touch app in May to focus on smaller, more specific apps, Adobe has rolled out its Photoshop Fix and Capture CC apps for iOS, giving users two new free tools for photo manipulation. Photoshop Fix, pictured above left, provides a slimmed-down version of Adobe’s flagship program aimed at providing the tools users most frequently want when retouching their pictures. Basic brightening, sharpening and cropping functions are here alongside more transformative options for blending, reshaping and smoothing. All Fix edits are saved in layers within a PSD file that can be exported to Creative Cloud and opened in other Adobe programs. Capture CC, pictured above right, is a little less helpful to the causal user, designed to extract color themes, vector graphics and brush textures from images to be exported to other Adobe programs for use within other projects. Both apps require a free account with Adobe to use.
The new HomeKit-enabled Hue Bridge ($60) that Philips has been teasing for months is now available. The upgraded Bridge 2.0 allows users to control all existing and future Hue bulbs and lamps using Siri, courtesy of the updated Hue app. Siri functionality can be turned on in Settings once the app is downloaded, allowing Hue owners to issue voice commands to alter a room’s lighting, change the temperature on their thermostat, or lock their doors. Users can save various configurations like “wake mode” or “night mode” for routine use, but HomeKit integration will also provide for making fine adjustments on the fly, allowing a user to tell Siri to dim a particular light to 30 percent, for example. Upgrading to the new bridge allows existing Hue users to control up to 50 bulbs, but new users can opt for a starter kit ($200) that includes the new bridge and three A19 Hue bulbs.
Apple has pulled an app that documented U.S. military drone strikes, saying it violated the company’s app guidelines by containing “excessively crude or objectionable content,” Gawker reports. Metadata+ was developed by Intercept editor Josh Begley as a companion app to the Twitter account @Dronestream, which publicizes American drone attacks based on information from the Bureau of Investigative Journalism. Starting in 2012, Apple rejected the app five times under the name Dronestream for being “not useful or entertaining enough” before finally accepting the app once its name was changed to Metadata+ in 2014. Over the weekend, users were informed through a push notification that the app had been pulled. The move has drawn the ire of critics who point out that an app reporting the news is being banned as offensive, and this isn’t the first time the arbitrary nature of Apple’s app guidelines has come under fire as censorship. Just last week the company sparked concerns when it rejected Ferguson Firsthand, an app that documented various accounts of the 2014 shooting of Michael Brown in Ferguson, Missouri and presented them in a 3D environment. Apple hasn’t commented on the story.
Google has released an update to Google Maps adding support for getting directions using the Apple Watch. This latest update allows users to route to home or work directly from the wearable device, or view any other directions that have been plotted using the app on the iPhone. In addition to Apple Watch support, the Google Maps iOS update also allows users to compare ETAs across driving, transit, walking and biking routes, and call businesses and get directions directly from a list of places in search results.
Google has released an official Google Keep iOS app for its Google Keep note-taking service. Although Google launched Google Keep for Android more than two years ago, it was one of the few Google services that didn’t seem to be making it onto the iOS platform. Although Keep was available through a web browser, and some third-party apps appeared attempting to provide web wrappers, none of them provides the same seamless experience that Android users enjoyed.
Apple has posted a Q&A on XcodeGhost, the counterfeit software development kit that was used to create malicious apps that were able to be released on the App Store. As expected, the Q&A emphasizes that the problem was created by developers downloading iOS software development tools from third-party sites, rather than Apple’s, but also interestingly notes that OS X protections that Apple has put in place — such as Gatekeeper — had to be “deliberately disabled by the developer for something like XcodeGhost to successfully install.” The Q&A also notes that Apple has no reason to believe that the code was ever actually used to do anything malicious, or that any personally identifiable information could have been transmitted, and that it “did not have the ability to request customer credentials to gain iCloud and other service passwords” as some other reports had suggested.
If iPad Pro users want to use Microsoft’s Office suite, they’re going to have to pay for an Office 365 subscription. In a March blog post, Microsoft VP Kirk Koenigsbauer said the company uses screen size to “delineate between professional and personal use,” allowing devices with screens smaller than 10.1 inches to use a limited version of its productivity software for free. Last November Microsoft made Word, Excel and Powerpoint apps capable of basic editing available for free on iOS devices, but the iPad Pro’s 12.9-inch display makes it the first iOS device to fall outside of the bounds Microsoft sets for free use. The distinction applies to Android and Windows tablets as well, with Microsoft referring to devices with bigger displays as “a ‘pro’ category tablet that is used for design or presentations.” [via MacWorld]
In an e-mail to developers and a post on its website, Apple has laid out the proper process for downloading Xcode after hundreds of apps were found to be using a malware-laden version of the IDE. Apple states that Xcode should always be downloaded from the Mac App Store or the Apple Developer website and validated by Gatekeeper to ensure the downloaded software hasn’t been contaminated. For those wanting to test a version of Xcode they’ve already downloaded, Apple’s post provides the proper command to run on a Gatekeeper-enabled computer to verify the version came from a legitimate source.
Update: In an interview with Chinese website Sina, Apple’s chief marketing executive Phil Schiller said the company is also making Xcode available for domestic download to Chinese developers to eliminate the need for third-party downloads. Schiller added that the company has found no known instances of apps affected by the malware transmiting customer data, but Apple still plans to warn users of the tainted apps to delete or update them. [via Reuters]
In a rare move, Apple is providing automatic refunds for users who bought the Peace ad blocker for iOS 9, according to developer Marco Arment. The app was pulled from the app store by Arment shortly after its launch, prompting more than 13,000 users to request refunds through the manual process. Arment said Apple contacted him to say the company was going to issue proactive refunds to everyone who bought the app, which he said “effectively never happens. When I decided to pull the app, I asked some Apple friends if this was even possible, and we all thought the same thing: iTunes billing works the way it works, period, and no special cases can be made.” In this instance, Apple seems to have made an exception, and users who purchased the app should see a refund notification from Apple within a few days. [via iMore]
Apple is trying to rid the App Store of hundreds of apps containing a malicious program called XcodeGhost, Reuters reports. The flaw was brought to Apple’s attention by several cybersecurity firms last week, including Palo Alto Networks, which claims that popular apps like Angry Birds 2 and WeChat have been built with a counterfeit version of Xcode downloaded from Chinese servers. The malware’s primary function is to collect information stored on devices and upload that data to remote servers, but it has also been found to prompt fake alerts to phish for passwords from users, hijack opening specific URLs, and read and write data into the user’s clipboard, allowing the malware to read a user’s password if it is copied from a password management tool.
Apple hasn’t commented on what iPhone and iPad users can do to determine which devices have been infected, but spokeswoman Christine Monaghan said, “We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.” So far that list doesn’t include popular apps like Angry Birds 2 or WeChat, which are still available in the App Store as of Monday morning. Angry Birds maker Rovio has also made no mention if the XcodeGhost bug, making the app’s inclusion on the list even more baffling. Palo Alto Networks Director of Threat Intelligence Ryan Olson said the firm had uncovered no clear cases of data theft or harm as a result of the attack so far, but that the attack is significant because it proved the App Store’s security can be compromised by infecting the machines of software developers writing legitimate apps. The full list of affected apps published by Palo Alto Networks (including titles translated from Mandarin by Business Insider) is listed below:
As hinted at during last week’s event, Apple has released iMovie 2.2, an update designed primarily to bring 4K video editing support for the new iPhone 6s, iPhone 6s Plus, and iPad Pro. In addition to 4K video, the update also introduces support for 1080p video at 60fps and adds 3D Touch interactions for the new iPhone models. Several iPad enhancements have also been added, including a new user interface design for the iPad Pro, including a full-height media browser and 1080 HD viewer, support for editing shortcuts on external keyboards, improved Inspector controls, and redesigned Project Details and Video views. The new version also adds support for Slide Over and Split View along with a redesigned Audio Browser in the iMovie Extension for Photos.
Games made for the new Apple TV must support the device’s included remote, according to the App Programming Guide for tvOS, as pointed out by developer Dustin Westphal in a recent tweet. Although the device will support third-party controllers, those controllers can’t be required to play a game. This represents a change — as recently as last week, Apple allowed developers to require an extended game controller. Apple’s guide also notes “tvOS games that support controllers must support the extended control layout,” and games that support that layout must be playable solely using one standalone controller. All controllers for tvOS games must also have a pause button. [via TouchArcade]
Apple is expanding its mapping research operations at a facility in Sweden, according to Swedish site DiGITAL. Citing a report from Rapidus, the site claims that after acquiring Swedish mapping company C3 Technologies in 2011, Apple quietly kept working on C3’s 3D modeling method, based on combinations of images taken by airplanes and cars from different angles. The new story claims Apple has been further developing that technology out of a facility in Lund, Sweden since last November, recently ramping up hiring. Apple has doubled down on improving its maps in recent years, sending its own vans out to collect data and acquiring other companies — like mapping firm Broadmap in 2013 and GPS firm Coherent Navigation this May — in addition to adding its new Transit feature to the Maps app in the upcoming iOS 9 release. [via 9to5Mac]