Apple's latest iOS update has removed the "C" button from its Calculator app, replacing it with a backspace function. The change, part of iOS 18, has sparked debate among users accustomed to the traditional clear function. The removal of the "C" button represents a significant departure from decades-old calculator design conventions, The Atlantic writes. From the story: The "C" button's function is vestigial. Back when calculators were commercialized, starting in the mid-1960s, their electronics were designed to operate as efficiently as possible. If you opened up a desktop calculator in 1967, you might have found a dozen individual circuit boards to run and display its four basic mathematical functions. Among these would have been an input buffer or temporary register that could store an input value for calculation and display. The "C" button, which was sometimes labeled "CE" (Clear Entry) or "CI" (Clear Input), provided a direct interface to zero out -- or "clear" -- such a register. A second button, "AC" (All Clear), did the same thing, but for other parts of the circuit, including previously stored operations and pending calculations. (A traditional calculator's memory buttons -- "M+," "M-," "MC" -- would perform simple operations on a register.)

By 1971, Mostech and Texas Instruments had developed a "calculator on a chip," which condensed all of that into a single integrated circuit. Those chips retained the functions of their predecessors, including the ones that were engaged by "C" and "AC" buttons. And this design continued on into the era of pocket calculators, financial calculators, and even scientific calculators such as the ones you may have used in school. Some of the latter were, in essence, programmable pocket computers themselves, and they could have been configured with a backspace key. They were not.

The FIDO Alliance is developing new specifications to enable secure transfer of passkeys between different password managers and platforms. Announced this week, the initiative is the result of collaboration among members of the FIDO Alliance's Credential Provider Special Interest Group, including Apple, Google, Microsoft, 1Password, Bitwarden, Dashlane, and others. From a report: Passkeys are an industry standard developed by the FIDO Alliance and the World Wide Web Consortium, and were integrated into Apple's ecosystem with iOS 16, iPadOS 16.1, and macOS Ventura. They offer a more secure and convenient alternative to traditional passwords, allowing users to sign in to apps and websites in the same way they unlock their devices: With a fingerprint, a face scan, or a passcode.

Passkeys are also resistant to online attacks like phishing, making them more secure than things like SMS one-time codes. The draft specifications, called Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF), will standardize the secure transfer of credentials across different providers. This addresses a current limitation where passkeys are often tied to specific ecosystems or password managers. Further reading: Passwords Have Problems, But Passkeys have more.

An anonymous reader quotes a report from Ars Technica: On Wednesday, NYC-based software developer Nick Spreen received a surprising alert on his iPhone 15 Pro, delivered through an early test version of Apple's upcoming Apple Intelligence text message summary feature. "No longer in a relationship; wants belongings from the apartment," the AI-penned message reads, summing up the content of several separate breakup texts from his girlfriend -- that arrived on his birthday, no less. Spreen shared a screenshot of the AI-generated message in a now-viral tweet on the X social network, writing, "for anyone who's wondered what an apple intelligence summary of a breakup text looks like." Spreen told Ars Technica that the screenshot does not show his ex-girlfriend's full real name, just a nickname.

This summary feature of Apple Intelligence, announced by the iPhone maker in June, isn't expected to fully ship until an iOS 18.1 update in the fall. However, it has been available in a public beta test of iOS 18 since July, which is what Spreen is running on his iPhone. It works akin to something like a stripped-down ChatGPT, reading your incoming text messages and delivering its own simplified version of their content. On X, Spreen replied to skepticism over whether the message was real in a follow-up post. "Yes this was real / yes it happened yesterday / yes it was my birthday," Spreen wrote. In response to a question about it being a fair summary of his girlfriend's messages, he wrote, "it is."

We reached out to Spreen directly via email and he delivered his own summary of his girlfriend's messages. "It was something along the lines of i can't believe you just did that, we're done, i want my stuff. we had an argument in a bar and I got up and left, then she sent the text," he wrote. How did he feel about getting the news via AI summary? "I do feel like it added a level of distance to it that wasn't a bad thing," he told Ars Technica. "Maybe a bit like a personal assistant who stays professional and has your back even in the most awful situations, but yeah, more than anything it felt unreal and dystopian."

"Pig Butchering Alert: Fraudulent Trading App targeted iOS and Android users."

That's the title of a new report released this week by cybersecurity company Group-IB revealing the official Apple App Store and Google Play store offered apps that were actually one part of a larger fraud campaign. "To complete the scam, the victim is asked to fund their account... After a few seemingly successful trades, the victim is persuaded to invest more and more money. The account balance appears to grow rapidly. However, when the victim attempts to withdraw funds, they are unable to do so."

Forbes reports: Group-IB determined that the frauds would begin with a period of social engineering reconnaissance and entrapment, during which the trust of the potential victim was gained through either a dating app, social media app or even a cold call. The attackers spent weeks on each target. Only when this "fattening up" process had reached a certain point would the fraudsters make their next move: recommending they download the trading app from the official App Store concerned.

When it comes to the iOS app, which is the one that the report focussed on, Group-IB researchers said that the app remained on the App Store for several weeks before being removed, at which point the fraudsters switched to phishing websites to distribute both iOS and Android apps. The use of official app stores, albeit only fleetingly as Apple and Google removed the fake apps in due course, bestowed a sense of authenticity to the operation as people put trust in both the Apple and Google ecosystems to protect them from potentially dangerous apps.
"The use of web-based applications further conceals the malicious activity," according to the researchers, "and makes detection more difficult." [A]fter the download is complete, the application cannot be launched immediately. The victim is then instructed by the cybercriminals to manually trust the Enterprise developer profile. Once this step is completed, the fraudulent application becomes operational... Once a user registers with the fraudulent application, they are tricked into completing several steps. First, they are asked to upload identification documents, such as an ID card or passport. Next, the user is asked to provide personal information, followed by job-related details...

The first discovered application, distributed through the Apple App Store, functions as a downloader, merely retrieving and displaying a web-app URL. In contrast, the second application, downloaded from phishing websites, already contains the web-app within its assets. We believe this approach was deliberate, since the first app was available in the official store, and the cybercriminals likely sought to minimise the risk of detection. As previously noted, the app posed as a tool for mathematical formulas, and including personal trading accounts within an iOS app would have raised immediate suspicion.
The app (which only runs on mobile phones) first launches a fake activity with formulas and graphics, according to the researchers. "We assume that this condition must bypass Apple's checks before being published to the store. As we can see, this simple trick allows cybercriminals to upload their fraudulent application to the Apple Store." They argue their research "reinforces the need for continued review of app store submissions to prevent such scams from reaching unsuspecting victims". But it also highlights "the importance of vigilance and end-user education, even when dealing with seemingly trustworthy apps..."

"Our investigation began with an analysis of Android applications at the request of our client. The client reported that a user had been tricked into installing the application as part of a stock investment scam. During our research, we uncovered a list of similar fraudulent applications, one of which was available on the Google Play Store. These apps were designed to display stock-related news and articles, giving them a false sense of legitimacy."

Apple just fixed a duo of security bugs in iOS 18.0.1 and iPadOS 18.0.1, one of which might cause users' saved passwords to be read aloud. It's hardly an ideal situation for the visually impaired. From a report: For those who rely on the accessibility features baked into their iGadgets, namely Apple's VoiceOver screen reader, now is a good time to apply the latest update. In typical Apple fashion, the company hasn't released much in the way of details about the first security issue, tracked as CVE-2024-44204, which makes it tougher to understand the conditions under which this vulnerability could be triggered, or how to avoid it until the update is applied. What we do know is that it was characterized as a logic issue, which Apple rectified by improving validation. The disclosure of the bug comes less than a month after iOS 18 and iPadOS 18 debuted. Ironically, this release included Apple's first native password manager, the Passwords app.

Apple's iOS 18 update has introduced changes to contact sharing that could significantly impact social app developers. The new feature allows users to selectively share contacts with apps, rather than granting access to their entire address book. While Apple touts this as a privacy enhancement, developers warn it may hinder the growth of new social platforms. Nikita Bier, a start-up founder, called it "the end of the world" for friend-based social apps. Critics argue the change doesn't apply to Apple's own services, potentially giving the tech giant an unfair advantage.

Nintendo has convinced Ryujinx's lead developer to shut down the project. According to The Verge, the Switch emulator's download page is empty and its GitHub is gone. The Verge reports: "Yesterday, gdkchan was contacted by Nintendo and offered an agreement to stop working on the project, remove the organization and all related assets he's in control of," writes developer and moderator ripinperiperi on Discord. "While awaiting confirmation on whether he would take this agreement, the organization has been removed, so I think it's safe to say what the outcome is." The rest of ripinperiperi's message is a eulogy for the project, including a pair of videos showing the Ryujinx team's progress on iOS and Android ports of the Nintendo Switch emulator, among other core changes -- ones that will now presumably never ship.

Nintendo would not confirm or deny to The Verge that it made a deal with the developer. Instead, Nintendo spokesperson Eddie Garcia mysteriously pointed me to the Entertainment Software Association's head of public affairs Aubrey Quinn -- who said she couldn't speak on behalf of Nintendo.

Epic Games filed a new antitrust lawsuit against Google and Samsung, alleging they conspired to undermine third-party app stores. The suit focuses on Samsung's "Auto Blocker" feature, now enabled by default on new phones, which restricts app installations to "authorized sources" - primarily Google and Samsung's stores.

Epic claims Auto Blocker creates significant barriers for rival stores, requiring users to navigate a complex process to install third-party apps. The company argues this feature does not actually assess app safety, but is designed to stifle competition. Epic CEO Tim Sweeney stated the lawsuit aims to benefit all developers, not secure special privileges for Epic. The company seeks either default deactivation of Auto Blocker or creation of a fair whitelisting process for legitimate apps. This legal action follows Epic's December victory against Google in a separate antitrust case. Epic recently launched its own mobile app store, which it claims faces unfair obstacles due to Auto Blocker.

Apple has pulled 60 VPNs from its App Store in Russia, according to research from anti-censorship org GreatFire. From a report: The iThing-maker's action comes amid a Kremlin crackdown on VPNs that has already seen a ban on privacy-related extensions to the open source Firefox browser. The software's developer, Mozilla, defied that ban and allowed the extensions back into its web store. In July, Apple removed at least one VPN from its Russian App Store. Cupertino removed at least 60 more between early July and September 18, according to research by GreatFire posted to its site that tracks Apple censorship. The org's research asserts that 98 VPNs are now unavailable in Russia -- but doesn't specify if the removals were made in the iOS or macOS app stores.

Microsoft has launched a new Windows app that serves as a hub for streaming Windows environments from services like Windows 365 and Azure Virtual Desktop. However, it's limited to Microsoft work and school accounts with "no signs that Microsoft plans to support consumer accounts," notes The Verge's Tom Warren. From the report: This new unified app has been in testing for nearly a year, and includes a customizable home screen, multi-monitor support, and USB redirection so you can use local devices like webcams, storage devices, and printers as if they were plugged directly into a cloud PC. This Windows app is limited to Microsoft work and school accounts, as it's primarily designed for existing users of Remote Desktop clients for Windows and other operating systems to move to. Microsoft has had similar apps for connecting to PCs remotely in Windows for decades, including the Remote Desktop Connection app that still ships as part of Windows 11. These apps, including the new Windows one, are useful for connecting to work PCs from a personal laptop or PC. The Windows app is available from the Microsoft Store and Apple App Store. An Android version enters public preview mode today.

Apple's latest macOS 15 "Sequoia" update, released earlier this week, has disrupted security tools from major providers including CrowdStrike, SentinelOne, and Microsoft, according to reports. The extent and cause of the disruption remain unclear.

Google is updating its Password Manager to allow users to sync passkeys across multiple devices, including Windows, macOS, Linux, and Android, with iOS and ChromeOS support coming soon. Engadget reports: Once saved, the passkey automatically syncs across other devices using Google Password Manager. The company says this data is end-to-end encrypted, so it'll be pretty tough for someone to go in and steal credentials. [...] Today's update also brings another layer of security to passkeys on Google Password Manager. The company has introduced a six-digit PIN that will be required when using passkeys on a new device. This would likely stop nefarious actors from logging into an account even if they've somehow gotten ahold of the digital credentials. Just don't leave the PIN number laying on a sheet of paper directly next to the computer.

Apple's VP of camera software engineering Jon McCormack has affirmed the company's commitment to traditional photography in an interview, contrasting with Google's "memories" approach for Pixel cameras. (A Google executive said last month of the AI usage in the pictures Pixel smartphone owners take: "What some of these edits do is help you create the moment that is the way you remember it, that's authentic to your memory and to the greater context, but maybe isn't authentic to a particular millisecond.") The Verge: I asked Apple's VP of camera software engineering Jon McCormack about Google's view that the Pixel camera now captures "memories" instead of photos, and he told me that Apple has a strong point of view about what a photograph is -- that it's something that actually happened. It was a long and thoughtful answer, so I'm just going to print the whole thing:

"Here's our view of what a photograph is. The way we like to think of it is that it's a personal celebration of something that really, actually happened.

"Whether that's a simple thing like a fancy cup of coffee that's got some cool design on it, all the way through to my kid's first steps, or my parents' last breath, It's something that really happened. It's something that is a marker in my life, and it's something that deserves to be celebrated.

"And that is why when we think about evolving in the camera, we also rooted it very heavily in tradition. Photography is not a new thing. It's been around for 198 years. People seem to like it. There's a lot to learn from that. There's a lot to rely on from that.

"Think about stylization, the first example of stylization that we can find is Roger Fenton in 1854 -- that's 170 years ago. It's a durable, long-term, lasting thing. We stand proudly on the shoulders of photographic history." Further reading: 'There is No Such Thing as a Real Picture,' Says Samsung Exec.

Apple's iPadOS 18 update is no longer available after some iPad Pro owners found that it bricked their devices. MacRumors reports: There are reports on Reddit from iPad Pro users who had an interruption in the installation process, leading to an iPad that refused to turn on. A total replacement was required for affected users. Not all M4 iPad Pro owners have had an issue installing the update, and it could be linked to installing the new iOS 17.7 update before installing iOS 18. Apple will make the software available again when the underlying problem has been addressed.

Apple today is rolling out iOS 18, introducing support for Rich Communications Services (RCS) to enhance messaging between iPhone and Android devices with features like typing indicators, read receipts, and higher resolution media. "However, there continues to be no end-to-end encryption (E2EE), with work towards that between Android and iOS continuing," notes 9to5Google. The feature will be enabled by default on iPhones with major U.S. carriers supported, but smaller MVNOs are not yet included.

Mobile video game phenomenon Flappy Bird is set to return 10 years after its creator pulled it offline. From a report: In 2014, Vietnam-based developer Dong Nguyen shocked the gaming world when he pulled viral hit Flappy Bird from the App Store and the Google Play Store at a time when it was making tens of thousands of dollars a day. He went on to say: "I can call Flappy Bird a success of mine. But it also ruins my simple life. So now I hate it."

Now, Flappy Bird is set to return, with an expanded version aiming for launch by the end of October across multiple platforms including web browsers, and an iOS and Android version planned for release in 2025. But this new Flappy Bird isn't from Nguyen, it's from 'The Flappy Bird Foundation,' which is described as "a new team of passionate fans committed to sharing the game with the world."
UPDATE (9/15/2024): The original creator of Flappy Bird returned to social media after a seven-year silence just to disavow the resurrected game -- and its possible ties to cryptocurrency. PC Gamer also digs into exactly how the Flappy Bird trademark was acquired.

Google is adding some new features to Chrome that aim to help users organize and keep track of their browser tabs across both desktop and mobile devices. From a report: The search giant announced in a new blog post that tab groups -- which enable Android and desktop Chrome users to keep related pages together in custom-labeled groups -- will start rolling out to Chrome for iOS starting today. Once Chrome is updated, iPhone and iPad users can access the feature by opening the tab grid, long-pressing on a tab, and selecting "Add Tab to New Group." Custom names and colors can then be assigned to the created tab groups to help keep them organized and easily identifiable. Another feature that's rolling out across Android and desktop Chrome apps is the ability to sync those saved tab groups across multiple devices.

Apple plans to release the next versions of iOS, iPadOS, macOS, and watchOS to the general public on September 16, the company announced via its website following its iPhone-centric product event earlier today. From a report: We should also see updates for tvOS and the HomePod operating system on the same date. The new releases bring a number of new features and refinements to Apple's platforms: better texting with Android devices thanks to support for the RCS standard, iPhone Mirroring that allows you to interact with your iPhone via your Mac, more UI customization options for iPhones and iPads, and other improvements besides. What won't be included in these initial releases is any hint of Apple Intelligence, the batch of generative AI and machine learning features that Apple announced at its Worldwide Developers Conference in June. Apple is testing some of the Apple Intelligence features in betas of iOS 18.1, iPadOS 18.1, and macOS 15.1, updates that will be released later this fall.

Long-time FOSS-watcher Bruce Byfield writes that while people "still dream of a completely free alternative, increasingly the emphasis in FOSS seems to be on accepting coexistence with proprietary software." Many, too, have always preferred the permissive BSD licenses, which permits combining FOSS and proprietary software. From some perspectives, Debian's newest [non-free firmware] repository or Nobara's popularity [a Fedora-based distro but with proprietary drivers and gaming applications] is simply an admission of the true state of affairs...

On the other hand, the FOSS philosophy may be weakened because it no longer has a strong advocate. Sixteen years ago, the FSF reached a peak of authority in the discussions of 2006-2007 about the structure of GPLv3 — then immediately lost that authority by not reaching a consensus. That was followed by the cancellation of Richard Stallman in 2017, which, deserved or not, had the side effect of silencing free software's most influential representative. Today the FSF that Stallman led continues to function, with Stallman returned to the board of directors, but its actions go unreported, and it seems to speak to a much smaller group of loyalists. The Linux Foundation, with its corporate emphasis, is not an adequate substitution. In these circumstances, there is reason to wonder whether FOSS has lost its way.

While the issue has yet to reach the mainstream, Bruce Perens, one of the coiners of the term "open source" in 1998, is already trying to describe what he calls the Post-Open Source era. Not only does Perens believe that FOSS licenses no longer fulfill their original purpose, but they no longer inform or benefit the average user. According to Perens,

"Open Source has completely failed to serve the common person. For the most part, if they use us at all they do so through a proprietary software company's systems, like Apple iOS or Google Android, both of which use Open Source for infrastructure but the apps are mostly proprietary. The common person doesn't know about Open Source, they don't know about the freedoms we promote which are increasingly in their interest. Indeed, Open Source is used today to surveil and even oppress them."

As a remedy, Perens proposes that licenses should be replaced by contracts. He envisions that companies pay for the benefits they receive from using FOSS. Compliance for each contract would be checked, renewed, and paid for yearly, and the payments would go towards funding FOSS development. Individuals and nonprofits would continue to use FOSS for free. In March 2024, Perens posted a draft Post-Open license. The draft includes a description of the contract-related files to be shipped with FOSS software, a description of the status of derivative works, how revenue is collected, and conditions of termination. The draft has yet to be reviewed by a lawyer, but what is immediately noticeable is how it draws on both contract language and FOSS licenses to produce something different.
Byfield concludes that "free licenses are straining to respond to loopholes, and a discussion needs to be had about whether they are adequate to modern pressures."

SpyAgent is a new Android malware that uses optical character recognition (OCR) to steal cryptocurrency wallet recovery phrases from screenshots stored on mobile devices, allowing attackers to hijack wallets and steal funds. The malware primarily targets South Korea but poses a growing threat as it expands to other regions and possibly iOS. BleepingComputer reports: A malware operation discovered by McAfee was traced back to at least 280 APKs distributed outside of Google Play using SMS or malicious social media posts. This malware can use OCR to recover cryptocurrency recovery phrases from images stored on an Android device, making it a significant threat. [...] Once it infects a new device, SpyAgent begins sending the following sensitive information to its command and control (C2) server:

- Victim's contact list, likely for distributing the malware via SMS originating from trusted contacts.
- Incoming SMS messages, including those containing one-time passwords (OTPs).
- Images stored on the device to use for OCR scanning.
- Generic device information, likely for optimizing the attacks.

SpyAgent can also receive commands from the C2 to change the sound settings or send SMS messages, likely used to send phishing texts to distribute the malware. McAfee found that the operators of the SpyAgent campaign did not follow proper security practices in configuring their servers, allowing the researchers to gain access to them. Admin panel pages, as well as files and data stolen from victims, were easily accessible, allowing McAfee to confirm that the malware had claimed multiple victims. The stolen images are processed and OCR-scanned on the server side and then organized on the admin panel accordingly to allow easy management and immediate utilization in wallet hijack attacks.