The WebAssembly portable binary format will now have wider support from Wasmer, the server-side runtime which "allows universal binaries compiled from C++, Rust, Go, Python, and other languages to run on different operating systems and in web browsers without modification," reports InfoWorld: Wasmer can run lightweight containers based on WebAssembly on a variety of platforms — Linux, MacOS, Windows, Android, iOS — from the desktop to the cloud to IoT and mobile devices, while also allowing these containers to be embedded in any programming language. The Wasmer runtime also is able to run the Nginx web server and other WebAssembly modules...

Wasmer was introduced in December 2018, with the stated goal of doing for WebAssembly what JavaScript did for Node.js: establish it server-side. By leveraging Wasmer for containerization, developers can create universal binaries that work anywhere without modification, including on Linux, MacOS, and Windows as well as web browsers. WebAssembly automatically sandboxes applications by default for secure execution, shielding the host environment from malicious code, bugs, and vulnerabilities in the software being run.
Wasmer 1.0 reached "general availability status" with its release on January 5, and its developers are now claiming "out of this world" runtime and compiler performance.

"We believe that WebAssembly will be a crucial component for the future of software execution and containerization (not only inside the browser but also outside)."

Telegram has no plans to fix a vulnerability that makes it easy for hackers to find your precise location. The problem stems from a feature called People Nearby, which is disabled by default, but allows users who are geographically close to you to connect. Ars Technica reports: Independent researcher Ahmed Hassan, however, has shown how the feature can be abused to divulge exactly where you are. Using readily available software and a rooted Android device, he's able to spoof the location his device reports to Telegram servers. By using just three different locations and measuring the corresponding distance reported by People Nearby, he is able to pinpoint a user's precise location. Telegram lets users create local groups within a geographical area. Hassan said that scammers often spoof their location to crash such groups and then peddle fake bitcoin investments, hacking tools, stolen social security numbers, and other scams.

Telegram lets users create local groups within a geographical area. Hassan said that scammers often spoof their location to crash such groups and then peddle fake bitcoin investments, hacking tools, stolen social security numbers, and other scams. A proof-of-concept video the researcher sent to Telegram showed how he could discern the address of a People Nearby user when he used a free GPS spoofing app to make his phone report just three different locations. He then drew a circle around each of the three locations with a radius of the distance reported by Telegram. The user's precise location was where all three intersected.

In a blog post, Hassan included an email from Telegram in response to the report he had sent them. It noted that People Nearby isn't enabled by default and that "it's expected that determining the exact location is possible under certain conditions." People Nearby poses the biggest threat to people using Android devices, since they report a user's location with enough granularity to make Hassan's attack work. The recently released iOS 14, by contrast, allows users to divulge only a rough approximation of their location. People who use this feature aren't as exposed. Fixing the problem -- or at least making it much harder to exploit it -- wouldn't be hard from a technical perspective. Rounding locations to the nearest mile and adding some random bits generally suffices. When the Tinder app had a similar disclosure vulnerability, developers used this kind of technique to fix it.

Not a single one of Google's iOS apps have been updated in almost a month -- an unusually long period for a tech behemoth not to release, at the very least, even a minor bug fix or stability update for one of its dozens of insanely popular iPhone and iPad apps. From a report: And after reviewing the latest release dates for all of Google's iOS apps, one reason for this lack of updates seems more likely than others: It could be related to Apple's new App Store privacy labels. The last time any Google iOS app was updated was on December 7. This includes updates to major Google apps like Google Drive, YouTube, Google Docs, Google Sheets, YouTube Music, Google Duo, Google Authenticator, and Gboard. Why is December 7 a significant date? Because starting on December 8, Apple mandated that any new apps or app updates submitted to the App Store would require the developer to fill out the privacy label information for the app it was submitting. This privacy label reveals exactly what data the app is collecting about the user and how that user data is being used. The label can then be viewed on an app's App Store listing page. The feature is part of Apple's push to make developers be more transparent in the ways they collect and use user data, so users can make more informed choices about the apps they choose to download.

krakman writes: Corellium, a security research firm sued by Apple, has won a major legal victory against the iPhone maker. In a ruling that has wide-reaching implications for iPhone security research and copyright law, a federal judge in Florida threw out Apple's claims that Corellium had violated copyright law with its software, which helps security researchers find bugs and security holes on Apple's products. Corellium, co-founded in 2017 by husband and wife Amanda Gorton and Chris Wade, was a breakthrough in security research because it gave its customers the ability to run "virtual" iPhones on desktop computers. Corellium's software makes it unnecessary to use physical iPhones that contain specialized software to poke and prod iOS, Apple's mobile operating system. The judge in the case ruled that Corellium's creation of virtual iPhones was not a copyright violation, in part because it was designed to help improve the security for all iPhone users. Corellium wasn't creating a competing product for consumers. Rather, it was a research tool for a comparatively small number of customers.

Google is testing a new feature that will surface Instagram and TikTok videos in their own dedicated carousel in the Google app for mobile devices -- a move that could help the company retain users in search of social video entertainment from fully leaving Google's platform. From a report: The feature itself expands on a test launched earlier this year, where Google had first introduced a carousel of "Short Videos" within Google Discover -- the personalized feed found in the Google mobile app and to the left of the home screen on some Android devices. To be clear, this "Short Videos" carousel is different from Google's Stories, which rolled out in October 2020 to the Google Search app for iOS and Android. Those "Stories" -- previously known as "AMP Stories" -- consist of short-form video content created by Google's online publishing partners like Forbes, USA Today, Vice, Now This, Bustle, Thrillist and others. Meanwhile, the "Short Videos" carousel had been focused on aggregating social video from other platforms, including Google's own short-form video project Tangi, Indian TikTok competitor Trell, as well as Google's own video platform, YouTube -- which has also been experimenting with short-form content as of late.

On Tuesday, the American Civil Liberties Union filed a new lawsuit demanding information about the FBI's Electronic Device Analysis Unit (EDAU) -- a forensic unit that the ACLU believes has been quietly breaking the iPhone's local encryption systems. The Verge reports: "The FBI is secretly breaking the encryption that secures our cell phones and laptops from identity thieves, hackers, and abusive governments," the ACLU said in a statement announcing the lawsuit, "and it refuses to even acknowledge that it has information about these efforts." The FBI has made few public statements about the EDAU, but the lawsuit cites a handful of cases in which prosecutors have submitted a "Mobile Device Unlock Request" and received data from a previously locked phone. The EDAU also put in public requests for the GrayKey devices that found success unlocking a previous version of iOS.

In June 2018, the ACLU filed a FOIA request for records relating to the EDAU, but the FBI has refused to confirm any records even exist. After a string of appeals within the FOIA process, the group is taking the issue to federal court, calling on the attorney general and FBI inspector general to directly intervene and make the records available. "We're demanding the government release records concerning any policies applicable to the EDAU, its technological capabilities to unlock or access electronic devices, and its requests for, purchases of, or uses of software that could enable it to bypass encryption," the ACLU said in a statement.

An anonymous reader quotes a report from The Intercept: Facebook is currently waging a PR campaign purporting to show that Apple is seriously injuring American small businesses through its iOS privacy features. But at the same time, according to allegations in recently unsealed court documents, Facebook has been selling them ad targeting that is unreliable to the point of being fraudulent. The documents feature internal Facebook communications in which managers appear to admit to major flaws in ad targeting capabilities, including that ads reached the intended audience less than half of the time they were shown and that data behind a targeting criterion was "all crap." Facebook says the material is presented out of context.

They emerged from a suit currently seeking class-action certification in federal court. The suit was filed by the owner of Investor Village, a small business that operates a message board on financial topics. Investor Village said in court filings that it decided to buy narrowly targeted Facebook ads because it hoped to reach "highly compensated and educated investors" but "had limited resources to spend on advertising." But nearly 40 percent of the people who saw Investor Village's ad either lacked a college degree, did not make $250,000 per year, or both, the company claims. In fact, not a single Facebook user it surveyed met all the targeting criteria it had set for Facebook ads, it says. The complaint features Facebook documents indicating that the company knew its advertising capabilities were overhyped and underperformed. A "February 2016 internal memorandum" sent from an unnamed Facebook manager to Andrew Bosworth, a Zuckerberg confidant and powerful company executive who oversaw ad efforts at the time, reads, "[I]nterest precision in the US is only 41% -- that means that more than half the time we're showing ads to someone other than the advertisers' intended audience. And it is even worse internationally. We don't feel we're meeting advertisers' interest accuracy expectations today." The lawsuit goes on to quote unnamed "employees on Facebook's ad team" discussing their targeting capabilities circa June 2016.

"Interest" and "behavior" are two key facets of the data dossiers Facebook compiles on us for advertisers; according to the company, the former includes things you like, "from organic food to action movies," while the latter consists of "behaviors such as prior purchases and device usage." The complaint also cites unspecified internal communications in which "[p]rivately, Facebook managers described important targeting data as 'crap' and admitted accuracy was 'abysmal.'" Facebook has said in its court filings that these quotes are presented out of context.

Last Tuesday, Facebook launched what it portrayed as a full-throated defense of small businesses. But while the $750 billion company's public relations effort has presented a united front with small businesses, some Facebook employees complained about what they called a self-serving campaign that bordered on hypocrisy, according to internal comments and audio of a presentation to workers that were obtained by BuzzFeed News. From a report: A change in Apple's iOS 14 mobile operating system -- which requires iPhone owners to opt in to allow companies to track them across other apps and websites -- hurts Facebook, some employees argued on the company's private message boards, and their employer was just using small businesses as a shield. "It feels like we are trying to justify doing a bad thing by hiding behind people with a sympathetic message," one engineer wrote in response to an internal post about the campaign from Dan Levy, Facebook's vice president for ads.

"Aren't we worried that our stance protecting [small- and medium-sized businesses] will backfire as people see it as 'FB protecting their own business' instead?" read one top-voted question. "People want 'privacy,'" read another. "FB objecting here will be viewed with cynicism. Did we know this would be bad PR, and decide to publish anyway?" "How do we pick a message that looks less self serving?" one employee asked.

Facebook added banner ads criticizing Apple into some of its iOS apps, 9to5Mac reports, in its ongoing war against Apple's new privacy changes: By tapping the Learn More button, the app opens an article written by Facebook in which the company says Apple's policies announced at WWDC 2020 with iOS 14 will "harm the growth of business and the free internet." Facebook refers both to the new App Store privacy labels and also an option in iOS 14 that prevents apps from tracking users.

The fact that Facebook is now showing these messages in its iOS apps criticizing Apple demonstrates that the company is trying to get popular appeal to change Apple's mind about its new App Store privacy rules. That's because Facebook is one of the companies that will be most impacted by Apple's new privacy policies as its social networks rely heavily on ads and personal data from users.

In a statement to 9to5Mac, Apple said it doesn't want to force Facebook to change its business model, but the company expects Facebook to be more transparent about how it collects data from users and let them choose whether or not to offer such data.

Facebook is stepping up its campaign against Apple's privacy changes with a second full-page newspaper ad today. This new ad claims Apple's iOS 14 privacy changes "will change the internet as we know it," and force websites and blogs "to start charging you subscription fees" or add in-app purchases due to a lack of personalized ads. From a report: It follows a similar full-page newspaper ad in the The Wall Street Journal, New York Times, and the Washington Post yesterday. Apple is planning to make changes to iOS 14 early next year that will require developers to ask for permission to gather data and track users across mobile apps and websites on an iPhone or iPad. Apple revealed how iOS 14 users will be prompted to opt into tracking in apps this week, noting that developers like Facebook can explain to users why they should allow tracking within the prompt. These changes will impact Facebook's lucrative ad business, but the social networking giant is framing them as something far larger that could impact small businesses. Unsurprisingly, Apple doesn't agree. "We believe that this is a simple matter of standing up for our users," said an Apple spokesperson in response to Facebook's first full-page newspaper ad yesterday. "Users should know when their data is being collected and shared across other apps and websites -- and they should have the choice to allow that or not."

Google's cloud gaming service now supports the iPhone and iPad. As expected, the company is using a web app to access the service. From a report: Google also says that you need to update to iOS 14.3, the latest iOS update that was released earlier this week. If you want to try it out with a free or paid Stadia account, you can head over to stadia.google.com from your iOS device. Log in to your Google account, add a shortcut to your home screen and open the web app. After that, you can launch a game and start playing. Most games will require a gamepad, so you might want to pair a gamepad with your iPhone or iPad as well. Apple's iOS supports Xbox One and PlayStation 4 controllers using Bluetooth as well as controllers specifically designed for iOS. You can also play with the Stadia controller, but it's optional. If you just want to check your inventory quickly, Stadia on iOS also supports touch controls.

Facebook said it would assist the company behind popular videogame "Fortnite" in its high-profile legal battle with Apple, as the social-media giant ramps up its own counterattack against what it says are the iPhone maker's self-serving measures cloaked in the interest of privacy. From a report: Facebook has been feuding with Apple for months on issues ranging from prices for paid apps to privacy rule changes. As part of a pledge to assist challenges to what it called Apple's anticompetitive behavior, Facebook plans to provide supporting materials and documents to Epic Games Inc. The "Fortnite" parent sued Apple earlier this year, claiming the tech giant's App Store operates like a monopoly. Facebook said it isn't joining the lawsuit but helping with discovery as the case heads to trial next year.

Facebook attacked Apple in a series of full-page newspaper ads Wednesday, claiming the iPhone maker's anticipated mobile software changes around data gathering and targeted advertising are bad for small businesses. From a report: The ads, slated to run in the New York Times, Wall Street Journal and Washington Post, carry the headline "We're standing up to Apple for small businesses everywhere." They home in on upcoming changes to Apple's iOS 14 operating system that will curb the ability of companies like Facebook to gather data about mobile users and ply them with advertising. Facebook previously told investors that Apple's changes, scheduled to go live early next year, will lead to significant headwinds because most of its advertisers are small businesses. Apple has pushed back, accusing Facebook in November of showing a "disregard for user privacy." "While limiting how personalized ads can be used does impact larger companies like us, these changes will be devastating to small businesses," Facebook claims. The social giant, citing its own data, says ads that disregard personalized targeting generate 60% fewer sales than ads that do target consumers. The newspaper ads are the latest in what has become a vicious and public battle between two of the world's most valuable companies.

Apple is officially launching its so-called "nutrition label" privacy disclosures for all iOS device owners running the latest version of iOS 14. The Verge reports: Apple says the new labels will be required for apps on all of its platforms -- that includes iOS, iPadOS, macOS, watchOS, and tvOS -- and they will have to be up to date and accurate every time a developer submits a new update. Apple is also holding itself to the same standard, something the company clarified last week when Facebook-owned WhatsApp criticized the company for an apparent inconsistency in its requirements, before Apple said it, too, will provide labels for all its own software. The company's own first-party apps will all have the same disclosures on their App Store product pages. In the event an app doesn't have an App Store product page because it cannot be removed, like the Messages app, Apple says it will be providing privacy label information on the web. Every piece of software on the App Store will also have its privacy label viewable on the web, too.

As for how the labels are structured, Apple has broken down data collection into three categories: "data used to track you," "data linked to you," and "data not linked to you." Tracking in this context means the app developer is linking data from the app -- like personal information, or data collected from your device, such as location data -- with other data from other companies' apps or websites for the purpose of targeted advertising or some other ad-related metric. Apple says it's also using the term tracking here to mean sharing user or device information with companies that sell it, like data brokers.

The "data linked to you" portion of the label is any data that can be used to identify you. That means data gleaned from using the app or having an account with the service or platform, and any data pulled from the device itself that could be used to create a profile for advertising purposes. "Data not linked to you" is the portion of the privacy label that clarifies when certain data types, like location data or browsing history, are not being linked to you in any identifiable fashion. Apple has specific, developer-focused information on the new labels at its developer portal page, with more general information available on the consumer-facing page.

The iPhone's original -- and unofficial -- app store has sued Apple, accusing the company of having a monopoly on the distribution of apps. Cydia, an app store created and launched in 2007 by Jay "Saurik" Freeman, one of the original jailbreakers filed the lawsuit against Apple on Thursday. From a report: "Were it not for Apple's anti competitive acquisition and maintenance of an illegal monopoly over iOS app distribution, users today would actually be able to choose how and where to locate and obtain iOS apps, and developers would be able to use the iOS app distributor of their choice," the lawsuit reads. Before Apple created the App Store, Freeman and a group of iPhone hackers created an unofficial app store where users that were willing to jailbreak -- a technique to exploit one or more bug to disable the iPhone security mechanism called code-signing enforcement that allows for only Apple-approved code to run on the phone -- could download and install apps. In 2010, according to Freeman, Cydia had around 4.5 million users.

Microsoft has shared some details about the roadmap for its cloud gaming service. In addition to Android devices, the company confirms that it plans to add support for more platforms. In Spring 2021, Microsoft will launch its cloud gaming service on iOS and on computers. From a report: Originally called Project xCloud, Microsoft's cloud gaming service lets you play Xbox games on non-Xbox devices. The games run on a server in a data center near you. The video is streamed to your device, and your interactions are relayed to the server in real time. Xbox cloud gaming isn't a separate subscription. People who subscribe to the Xbox Game Pass Ultimate for $14.99 per month can access cloud gaming as part of their subscription. The plan also includes access to a library of games, EA Play and Xbox Live Gold. When it comes to new devices, you'll soon be able to launch a game on Xbox cloud gaming from a PC. The service will be available in the Xbox app and using a web browser.

Cold Spring Harbor Laboratory (CSHL) scientists developed the world's first mobile genome sequence analyzer, a new iPhone app called iGenomics. By pairing an iPhone with a handheld DNA sequencer, users can create a mobile genetics laboratory, reminiscent of the "tricorder" featured in Star Trek. Phys.Org reports: The iGenomics app runs entirely on the iOS device, reducing the need for laptops or large equipment in the field, which is useful for pandemic and ecology workers. Aspyn Palatnick programmed iGenomics in CSHL Adjunct Associate Professor Michael Schatz's laboratory, over a period of eight years, starting when he was a 14-year-old high school intern. The iPhone app was developed to complement the tiny DNA sequencing devices being made by Oxford Nanopore.

Users can AirDrop sequencing data to each other, enabling DNA analysis in the most remote locations -- even those without internet access. iGenomics may soon even find its way into the hands of astronauts, Schatz describes: "There's a lot of interest to do DNA sequencing in space. I'm trying to see if there's a way we can get iGenomics up there. There's a lot of people that are interested to do that. It's a real testament about how it would be impossible to do, you know, any sort of analysis on regular computers. It's just impossible to bring them with you." In the journal Gigascience, Palatnick and Schatz report the iGenomics algorithm can quickly map DNA sequences of viral pathogens, such as a flu virus or Zika virus, and identify mutations important for diagnosis and treatment. They also provide an online tutorial for analyzing other viral genomes, such as from a SARS-CoV-2 patient.

California is partnering with Apple and Google on an app to let people use their phones to track potential exposure to COVID-19. CNET reports: The digital system uses Bluetooth signals from people's phones to alert them if they've been in contact with someone who's tested positive for the novel coronavirus. The project takes advantage of two of the world's most popular operating systems -- Apple's iOS and Google's Android -- to potentially reach billions of people. To use the features, people can download the app, called CA Notify, starting Thursday. On iPhones, people can turn on the alerts in their phone settings. The companies said they intend to shut down the tools after they are no longer needed to fight the pandemic.

Apple has always gone out of its way to build features for users with disabilities, and VoiceOver on iOS is an invaluable tool for anyone with a vision impairment -- assuming every element of the interface has been manually labeled. But the company just unveiled a brand new feature that uses machine learning to identify and label every button, slider and tab automatically. From a report: Screen Recognition, available now in iOS 14, is a computer vision system that has been trained on thousands of images of apps in use, learning what a button looks like, what icons mean and so on. Such systems are very flexible -- depending on the data you give them, they can become expert at spotting cats, facial expressions or, as in this case, the different parts of a user interface. The result is that in any app now, users can invoke the feature and a fraction of a second later every item on screen will be labeled. And by "every," they mean every -- after all, screen readers need to be aware of every thing that a sighted user would see and be able to interact with, from images (which iOS has been able to create one-sentence summaries of for some time) to common icons (home, back) and context-specific ones like "..." menus that appear just about everywhere. The idea is not to make manual labeling obsolete -- developers know best how to label their own apps, but updates, changing standards and challenging situations (in-game interfaces, for instance) can lead to things not being as accessible as they could be.

Google News Showcase visitors will soon be able to read select paywalled articles at no extra charge. TechCrunch reports: Google says it will be paying participating publishers to provide "limited access to paywalled content for News Showcase users." Those users will, however, still need to register directly with the publishers, which Google says will give them a way to build a relationship. The main News Showcase format is essentially story panel, and Google says it's introducing a new panel allowing publishers to curate a daily selection of their most important stories. Those panels will be shown to users who follow those publishers.

Google is also bringing the News Showcase to new devices and channels. It started out on Google News on Android and is now available on iOS as well, with plans to expand to the news.google.com website and Discover soon. And it says it has doubled the number of partners since the launch in October -- the list of nearly 400 publishers participating in the program includes new names like Le Monde, Courrier International, L'Obs, Le Figaro, Liberation and L'Express in France, plus Pagina12, La Gaceta and El Dia in Argentina.