The U.S. Government’s Computer Emergency Readiness Team (US-CERT) has posted an official alert regarding the iOS Masque Attack disclosed earlier this week. The notice summarizes the vulnerability, specifically noting that the vulnerability works “under a limited set of circumstances” and that “in order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link.” The bulletin goes on to reiterate the solutions provided by the original report: specifically that users should not install apps from sources other than Apple’s App Store or their own enterprise organization, should never click install from an app pop-up that appears on a web page, and if iOS shows an “Untrusted App Developer” alert, click on “Don’t Trust” and remove the app.
ProCam 2, a $2 still and video camera app by developer Samer Azzam, has added “4K Ultra HD video recording” via a $5 in-app purchase. Following a technique debuted in September by i4software in the $1,000 app Vizzywig 4K, ProCam 2 uses a hack to splice high-resolution still images together with an audio recording to simulate 4K video recording. ProCam 2’s videos save at 3840x2160 resolution, resulting in large file sizes—over 400MB per minute—with a promised 30 frame per second recording rate for the iPhone 6 and iPhone 6 Plus. A lower frame rate of “up to 25 fps” is promised for the iPhone 5s.
Unfortunately, ProCam 2’s actual performance on an iPhone 6 Plus typically reached only 15 to 25FPS during our testing, with a noticeably laggy shutter during recording. Videos are saved within the app in a 4K Videos folder, in a standard .MOV format that can play with obvious jitters directly on the device. The app is currently at version 4.0.1, addressing an iOS 7-related crash bug, but continues to suffer from many memory-related crashes when using the 4K recording mode. Vizzywig 4K has been reduced in price to $50, and now supports iOS 8.1, though notably with user complaints as to video quality.
Apple has released a new web-based tool to allow users to deregister phone numbers from iMessage. Designed to address a long-standing problem that users have experienced when switching away from the iPhone to other devices, the site provides instructions on how to deregister a phone number from Apple’s iMessage servers so that text messages sent from other iPhone users will be sent as SMS messages instead of via Apple’s iMessage network. The problem exists because the iPhone automatically registers a user’s cellular phone number with Apple’s iMessage servers when the user first sets up their device or inserts a new SIM card in their iPhone. Messages from other iOS devices sent to that phone number will travel via the iMessage servers instead of the cellular carrier’s SMS network — if users later switch their SIM card to a non-iPhone device, their number does not get deregistered automatically, so messages to that phone number will continue to travel over the iMessage network.
Apple acknowledged the issue back in May, shortly before a lawsuit was filed by a former iPhone user who was losing text messages as a result of the problem. Apple promised a fix was coming shortly thereafter, but other than advising users to disable iMessage before removing their SIM card—a suggestion that is often unreasonable as many users will have already switched to another device before discovering the problem even exists—the company has not provided a solution until now. The new web portal provides the same advice to deactivate iMessage manually for users who still have their iPhones, but failing that, users can now enter their phone number directly on the web page, and after confirming their number via an SMS confirmation code, their number will be deregistered from Apple’s iMessage servers.
Microsoft announced the expansion of its Office suite for iOS, adding iPhone and iPod touch support to its Word, Excel, and PowerPoint apps. Users can now view, create, and edit documents for free within all three universal apps — a free Microsoft account is all that’s needed. Documents can also be opened, edited, and saved from Dropbox in the updated apps.
Verizon Wireless and AT&T have announced that they are working on enabling Voice over LTE (VoLTE) connections between the Verizon Wireless and AT&T networks. VoLTE provides enhanced calling features and call quality for users of compatible handsets such as the iPhone 6 and iPhone 6 Plus, but traditionally such enhanced features have been limited to users on each carrier’s own network, effectively dropping down to the more basic standard cellular call connectivity when calling users on another carrier. The proposed interoperability, due sometime in 2015, will allow AT&T and Verizon customers to make VoLTE HD Voice calls between networks, while also laying the foundation for Rich Communications Services (RCS) such as video calls and expanded text messaging features. Both Verizon and AT&T introduced an initial rollout of VoLTE services earlier this year, and customers in select markets with compatible hardware should already be able to take advantage of some of the VoLTE features within each carriers’ own network. T-Mobile has also reportedly already been testing interoperability across carriers, although that company has not announced a specific timeline as to when interoperability would be available. [via Engadget]
New reports reveal that both AT&T and Verizon have been using unique identifying information to track web activity for their respective mobile customers. According to Wired, Verizon has been “subtly altering” web traffic from its wireless customers for the past two years in order to insert a unique identifier header, or UIDH, that allows the company to identify users on the web and target its Internet advertising. This “perma-cookie” — as termed by Jacob Hoffman-Andrews of the Electronic Frontier Foundation — allows any web server to build a profile of a user’s Internet habits. Since Verizon is able to take advantage of its unique position as the Internet Service Provider to actually modify traffic midstream, this method also has the potential to circumvent existing privacy tools such as private browsing sessions and “do not track” restrictions. At this time, there is no way to turn off this UIDH feature, according to a Verizon spokesperson. The company notes that it does not use the feature to create customer profiles, but only targeted ads for those users who have not opted out of the company’s Relevant Mobile Advertising program. Verizon customers can choose to opt out by visiting https://www.vzw.com/myprivacy, however Hoffman-Andrews points out that because the UIDH is broadcast to every web site that a Verizon user visits, other ad networks could begin leveraging the identifier themselves to profile Verizon users’ web activity even without the company’s involvement.
AT&T also appears to have begun testing its own unique mobile tracking solution, according to another report from Forbes. While AT&T claims to only be “testing” the system for now, the company claims to be building in its own privacy measures by rotating the unique identifier every 24 hours. However, the security researcher who discovered the tracking, Kenneth White, states that this is “categorically untrue,” noting that he has found three identifying codes sent by AT&T that were persistent. An AT&T spokesperson declined to reveal how long the test had been running, saying only that it has been a “little while” and claims that customers will be able to opt out of any future AT&T programs that might use this code, noting that unlike Verizon, AT&T will not include the code at all for customers who have chosen to opt out. Users can see if they’re affected by visiting http://126.96.36.199/mobileoptout/ using a cellular data connection from their AT&T mobile device.
In either case, users can check to see if their devices are broadcasting a mobile identifier by visiting http://lessonslearned.org/sniff, a site setup by Kenneth White, the security researcher who discovered the tracking. [via MacRumors]
Apple CEO Tim Cook was interviewed at the Wall Street Journal’s inaugural WSJD Live conference in California last night where he talked about Apple’s latest initiatives and directions, including Apple Pay and Apple Watch. Cook described last week’s Apple Pay launch as very successful; more than one million credit cards were activated in the first 72 hours, and Visa noted that more credit cards have been activated in Apple Pay than in all other contactless payments combined. Cook also noted that he’d be talking with Chinese e-commerce company Alibaba about a possible Apple Pay partnership “later this week.”
Regarding Apple Watch, Cook was a bit evasive on the battery life question, reiterating a previous claim that Apple “think[s] people are going to use it so much you will end up charging it daily,” and that the key to Apple Watch was that it needs “to look really cool” as opposed to being “geeky.” Cook also touched on Apple’s involvement in the TV marketplace, stating that “We are living in the 1970s” when it comes to the television paradigm, and suggesting that Apple is working on something in this area, although he once again declined to go into specifics beyond saying “that there can be something great done in the space.” Asked about the discontinuation of the iPod classic, Cook noted that Apple could no longer get the parts for the existing 2009 model, and huge engineering would have been required to update it, which wasn’t worth it in light of small consumer demand. Cook also said that Apple would continue to go as low as it could on iPhone prices while “maintaining the customer experience.”
A new report from The Information (subscription required) notes that Apple is presently in talks regarding expanding NFC use in the iPhone 6 and iPhone 6 Plus to go beyond mobile payments. While the NFC chip in the new iPhone models is currently restricted to use by Apple Pay, this new report suggests that the company is seeking partnerships to implement the technology into areas such as building security and public transit, conceivably to let people use iPhones as replacements for business ID cards and metro passes. The report specifically notes that Apple has already been in talks with HID Global and Cubic, two companies that develop electronic solutions in these areas. [via 9to5Mac]
iLounge has posted an unboxing gallery for Apple’s new iPad Air 2. In a full photo gallery, we take a closer look at the newest full-sized iPad, along with photos comparing the newest Air to other Apple devices.
More pictures will be added as the day progresses, and be sure to check back for our full review of iPad Air 2, coming soon.
Following yesterday’s release of OS X Yosemite, Apple has released updates to its three iOS iWork apps—Pages, Numbers, and Keynote—adding support for iCloud Drive and the new iOS 8 and Yosemite Handoff feature. The updates also include support for third-party storage providers in iOS 8 and note “updated file formats” that make it easier to send documents via services such as Drobox and Gmail. Additional new features have also been added such as more color options with a custom color mixer in the iPad versions, the ability to take photos and videos directly from within the apps, and accessibility, usability, and language improvements. Keynote also introduces a feature that allows users to pair with nearby iOS devices using Multipeer Connectivity.
Following earlier beta releases of iOS 8.1, Apple today formally announced the release of the first point update to September’s iOS 8.0. iOS 8.1 adds support for Apple Pay, the NFC-dependent wireless transaction technology introduced in the iPhone 6 and iPhone 6 Plus, as well as bringing back user-requested features, including the Camera Roll. Apple is also using iOS 8.1 to debut the iCloud Photo Library tied in with the public beta of Photos, the new OS X Yosemite photo management and editing app designed to replace iPhoto and Aperture.
During his introduction of iOS 8.1, Apple’s Craig Federighi also noted that 48% of the installed base are on iOS 8.0 after roughly a month, which sounds low, but is nearly twice as high as the last release of Android after nearly a year. iOS 8.1 will be available on October 20.
Apple Pay, the NFC-dependent wireless transaction technology introduced in the iPhone 6 and iPhone 6 Plus, has been confirmed for an October 20, 2014 launch in the United States. A collection of previously-announced retailers will be the first to have Apple Pay in their stores.
Five hundred additional banks have signed up to support Apple Pay since it was announced, including all of the major networks and a number of major retailers signing on to support by year’s end. Apple CEO Tim Cook noted today that Apple Pay payments can also be made online, not just at retail stores.
Later in the event, Apple also introduced Apple Pay for the iPad Air 2, however, it explicitly omitted any reference to NFC capabilities for in-store purchasing using iPads. The suggestion was that Apple Pay can only be used for iPad online purchases.
Apple announced that it will release the iPhone 6 and iPhone 6 Plus in 36 more countries and territories by the end of the month. The new iPhones will be available in a total of 69 countries by October’s end, and Apple claims more than 115 countries will have the new iPhones by the end of 2014 — the fastest iPhone rollout ever. Starting on Friday, October 17, the phones will launch in India, Monaco, and China, while rolling out to more countries over the next few weeks. Chinese site Tencent claims more than 20 million preorders for the new iPhones have already been processed in China.
Many users are having issues with Bluetooth connectivity following the update to iOS 8 earlier this month, as noted in a recent report from MacRumors. Reports from numerous users on the Apple Support forums and MacRumors forums indicate problems with connecting not only to car audio systems but also headphones, speakers, headsets, and more. Some have reported that Apple support is aware of the incompatibility issue with “some car/navigation Bluetooth” systems, pertaining at least to the iPhone 6 and 6 Plus, and has said it is working on a fix. The problem with car audio systems appears to affect a wide variety of models, including Hyundai, BMW, Mercedes, Lexus, Toyota, Ford, and more. iLounge’s editors have experienced problems with the iPhone 6 Plus but not older iPhone models, although there are reports that other users of older devices are in fact experiencing similar problems. There have also been developer reports that Apple may have already addressed this issue in the iOS 8.1 beta released earlier this week.
Pioneer has announced that a new firmware update enables Apple CarPlay in five of its NEX in-dash multimedia receivers, as it becomes the first company to make an aftermarket CarPlay system available. While the company initially said CarPlay compatibility would be available in “early summer” this year, Pioneer has still beaten nearly everyone else to CarPlay inclusion, including Apple’s automotive partners — Apple quietly changed its CarPlay page recently to withdraw promises to 2014 availability. Pioneer’s NEX receivers range in price from $700 to $1400, and CarPlay will also be compatible with the company’s new $600 AppRadio 4. The firmware update is available for free on Pioneer’s firmware downloads page.
A serious bug has been reported with the “Reset All Settings” option in iOS 8 that may result in at least some iCloud Drive based documents being deleted. According to several MacRumors readers, using the option found under Settings, General, Reset has caused documents to be permanently removed from iCloud Drive across all other iOS devices. The “Reset All Settings” option has been around since the early versions of iOS, and as the name implies is designed to reset all user-configurable settings on an iPhone, iPad, or iPod touch back to their factory defaults, without actually deleting any data from the device or the cloud. While it is unclear what iCloud Drive data is being impacted by this bug, it appears that at least Apple’s own Pages, Keynote, and Numbers apps are impacted.
Apple has released the first beta of iOS 8.1 to registered developers. The latest version features a build number of 12B401 and appears to contain mostly minor tweaks and fixes, including the ability to disable Dictation independently from Siri, and a renaming of “Recently Added” photos back to “Camera Roll.” A report from MacRumors also notes that the beta includes hidden settings for Apple Pay as well as underlying code for iPad Touch ID support.
Apple has announced that its iPhone 6 and iPhone 6 Plus will be available in China starting on Friday, Oct. 17. Pre-orders start a week earlier, on Oct. 10. The two new iPhones have been released in a number of countries since the initial launch on Sept. 19, but the Chinese release was delayed for regulatory reasons, making it unclear when the phones would be available. According to Reuters, Apple received approval for selling the devices after addressing a number of security concerns raised by the Chinese government.
“We are thrilled to bring iPhone 6 and iPhone 6 Plus to our customers in China on all three carriers at launch,” Apple CEO Tim Cook said in a release. “With support for TD-LTE and FDD-LTE, iPhone 6 and iPhone 6 Plus customers will have access to high-speed mobile networks from China Mobile, China Telecom and China Unicom for an incredible experience.”
Apple is currently working on iOS 8.1, 8.2, and 8.3 at the same time, according to 9to5Mac. The report claims that such a move away from Apple’s normal development cycle might show that the company won’t tie annual major iOS releases to typical fall hardware releases. Otherwise, Apple may be accelerating its iOS point release development while keeping iOS 9 for release next fall. It’s possible that the upcoming releases of 8.1, 8.2, and 8.3 will introduce major new features, such as Apple Pay, split-screen iPad apps, or an update to make iPhones compatible with the Apple Watch.
A new report in the Washington Post reveals that new features in iOS 8 intended to limit tracking of iPhones may be more limited than users might expect. According to Apple’s Privacy Page, iOS 8 will protect user’s privacy by “randomizing your device’s MAC address when the device is passively scanning for Wi-Fi networks,” thereby preventing persistent tracking of a device based on the normally-fixed hardware addresses that are common to all Wi-Fi devices.
However, a new post from a principal systems engineer of the WiFi analytics firm AirTight Networks, Bhupinder Misra, reveals that the feature may not be as useful as Apple’s description implies. Misra specifically notes that the privacy feature is limited to the iPhone 5c/5s and likely newer models, and in fact is only operational when the iPhone is in sleep mode and location services are disabled. For example, Misra explains, the device’s actual Wi-Fi hardware address is broadcast whenever a user wakes up their iPhone for just about any reason, such as sending a text message—even if they’re not connecting to a Wi-Fi network but simply relying on their carrier’s cellular data connection.
Although a publicly available iOS Security White Paper from Apple explains some of these limitations, it makes no mention of the requirement that location services be disabled, making it unclear whether this is intentional behaviour or a bug in the feature’s implementation. It is also worth noting, however, that the Wi-Fi hardware address only reveals the identity of a specific device; no personal information about the user of the device is accessible in this manner. In other words, a store could track how often a specific customer had visited their store based on their device’s Wi-Fi address, but would be unable to identify the specific customer with this method unless they connected to the store’s Wi-Fi network and specifically provided personal information in some way, such as signing onto a Wi-Fi hotspot.