"Motherboard built and analyzed a database of over 500 iPhones seized by law enforcement," writes Slashdot reader em1ly. "It's a deep dive into the ongoing "Going Dark" conversation." Here's an excerpt from the report: Most of all, the records compiled by Motherboard show that the capability to unlock iPhones is a fluid issue, with an ebb and flow of law enforcement sometimes being able to access devices and others not. The data solidifies that some law enforcement officials do have trouble accessing data stored on iPhones. But ultimately, our findings lead experts to circle back to the fundamental policy question: should law enforcement have guaranteed access to iPhones, with the trade-offs in iPhone security that come with that?

Out of 516 analyzed cases, 295 were marked as executed. Officials from the FBI, DEA, DHS, Homeland Security and Investigations, the Bureau of Alcohol, Tobacco, Firearms and Explosives were able to extract data from iPhones in investigations ranging from arson, to child exploitation, to drug trafficking. And investigators executed warrants against modern iPhones, not just older models. In some cases, investigators obtained photos, text messages, call records, browsing data, cookies, and location data from seized iPhones. Some executed search warrants explicitly mention the type of extraction performed, such as so-called "Logical" or "Advanced Logical" extraction. The latter is a term with a meaning that varies between different phone data extraction companies, but generally it relates to creating a device backup as iTunes does normally and obtaining some more data on top of that, Vladimir Katalov, the CEO of iOS forensics firm Elcomsoft, told Motherboard. Katalov said those backups can contain the sorts of pieces of data that investigators obtained, and is available to all models of iPhone.

An anonymous reader quotes a report from Motherboard: Banjo, an artificial intelligence firm that works with police used a shadow company to create an array of Android and iOS apps that looked innocuous but were specifically designed to secretly scrape social media, Motherboard has learned. The news signifies an abuse of data by a government contractor, with Banjo going far beyond what companies which scrape social networks usually do. Banjo created a secret company named Pink Unicorn Labs, according to three former Banjo employees, with two of them adding that the company developed the apps. This was done to avoid detection by social networks, two of the former employees said.

Three of the apps created by Pink Unicorn Labs were called "One Direction Fan App," "EDM Fan App," and "Formula Racing App." Motherboard found these three apps on archive sites and downloaded and analyzed them, as did an independent expert. The apps -- which appear to have been originally compiled in 2015 and were on the Play Store until 2016 according to Google -- outwardly had no connection to Banjo, but an analysis of its code indicates connections to the company. This aspect of Banjo's operation has some similarities with the Cambridge Analytica scandal, with multiple sources comparing the two incidents. [...] The company has not publicly explained how it specifically scrapes social media apps. Motherboard found the apps developed by Pink Unicorn Labs included code mentioning signing into Facebook, Twitter, Instagram, Russian social media app VK, FourSquare, Google Plus, and Chinese social network Sina Weibo. The apps could have scraped social media "by sending the saved login token to a server for Banjo to use later, or by using the app itself to scrape information," reports Motherboard, noting that it's not entirely clear which method Banjo used. "Motherboard found that the apps when opened made web requests to the domain 'pulapi.com,' likely referring to Pink Unicorn Labs, but the site that would provide a response to the app is currently down."

Last weekend, Motherboard reported that Banjo signed a $20.7 million contract with Utah in 2019 that granted the company access to the state's traffic, CCTV, and public safety cameras. "Banjo promises to combine that input with a range of other data such as satellites and social media posts to create a system that it claims alerts law enforcement of crimes or events in real-time."

Apple Watch will add the ability to detect blood oxygen levels for the first time, 9to5Mac has learned based on an exclusive look at iOS 14 code snippets. From the report: Blood oxygen levels between 95 and 100% are considered healthy; blood oxygen levels below 80% may lead to compromised heart and brain functionality. Risk of respiratory or cardiac arrest is common after continued low blood oxygen saturation. To that end, Apple is developing a new health notification based on the vital measurement. When Apple Watch detects low blood oxygen saturation below a certain threshold, a notification will trigger alerting the user similar to current heart rate notifications.

It's unclear at this point what hardware and software will be required for blood oxygen detection and notifications. It's possible future Apple Watch Series 6 hardware will be required for the new health feature. It could also come to all or newer Apple Watch models with watchOS 7 in the fall. The original Apple Watch hardware is believed to be capable of measuring blood oxygen levels through the built-in heart rate monitor. Apple upgraded the heart rate monitor with Apple Watch Series 4, adding electrocardiogram features, but Apple Watch hasn't offered blood oxygen measurement features yet. Other hardware and software features have also been leaked, such as details about an upcoming iPad Pro with three cameras and Apple's Tile-like item trackers, called AirTags.

News outlet 9to5Mac, which tracks Apple news, has gotten hold of an iOS 14 build that uncovers a range of hardware details and software features that Apple intends to reveal later this year. The devices are: 1. An upcoming iPad Pro will include three cameras -- like the iPhone Pro -- plus an additional time-of-flight sensor for help with AR.
2. An iPhone with Touch ID is in the works. This is presumably the lower-end iPhone 9 or iPhone SE 2.
3. A new Apple TV box is in the works along with a new Apple TV remote.
4. AirTags, Apple's rumored Tile-like item tracker, will have user-replaceable batteries. Software features: 1. The iOS home screen will get a new list view, letting you more easily find and filter through your apps. It's not clear exactly where this screen will appear, but it'd offer a major change from the grid.
2. A new AR app will let you point your phone's camera at objects in the real world and have the phone display more information about what you're seeing. At an Apple store, for instance, it could display pricing information and product features. Apple is reportedly working with Starbucks to support the feature, too.
3. Third-party apps will be able to integrate wallpapers into the wallpapers section of the Settings app. This should make it easier to switch wallpapers and could finally open dynamic wallpapers up to outside developers.
4. HomeKit will be able to change the color temperature of lights throughout a day to match the sunlight.
5. An accessibility feature will let phones identify sounds like alarms and doorbells for people with hearing loss.

An anonymous reader quotes a report from BuzzFeed News: Sensor Tower, a popular analytics platform for tech developers and investors, has been secretly collecting data from millions of people who have installed popular VPN and ad-blocking apps for Android and iOS, a BuzzFeed News investigation has found. These apps, which don't disclose their connection to the company or reveal that they feed user data to Sensor Tower's products, have more than 35 million downloads. Since 2015, Sensor Tower has owned at least 20 Android and iOS apps. Four of these -- Free and Unlimited VPN, Luna VPN, Mobile Data, and Adblock Focus -- were recently available in the Google Play store. Adblock Focus and Luna VPN were in Apple's App Store. Apple removed Adblock Focus and Google removed Mobile Data after being contacted by BuzzFeed News. The companies said they continue to investigate.

Once installed, Sensor Tower's apps prompt users to install a root certificate, a small file that lets its issuer access all traffic and data passing through a phone. The company told BuzzFeed News it only collects anonymized usage and analytics data, which is integrated into its products. Sensor Tower's app intelligence platform is used by developers, venture capitalists, publishers, and others to track the popularity, usage trends, and revenue of apps. Randy Nelson, Sensor Tower's head of mobile insights, said the company's apps do not collect sensitive data or personally identifiable information and that "the vast majority of these apps listed are now defunct (inactive) and a few are in the process of sunsetting." But, as BuzzFeed points out, most of the apps are no longer available "because they were removed due to policy violations."

bigwophh writes: As the number of publishers pulling out of Nvidia's GeForce Now cloud game streaming service continues to grow, the company has found an ally in Tim Sweeney, CEO of Epic Games, who vowed on Twitter to "wholeheartedly" support the company's efforts. He also took potshots at Apple and Google over the royalty rate each one charges on their respective app stores and expects them to go to battle as game streaming gains momentum. "Just waiting till later this year when Google is lobbying against Apple for blocking Stadia from iOS, while Google blocks GeForce Now, xCloud, and Fortnite from Google Play, and this whole rotten structure begins collapsing in on itself," Sweeney added. It remains to be seen how things will pan out with GeForce Now. Nvidia maintains that "game removals will be few and far between" and that it has 1,500 additional games queued up. However, Nvidia only has so much control over the developers willing to continue supporting the platform. "Epic is wholeheartedly supporting Nvidia's GeForce Now service with Fortnite and with Epic Games Store titles that choose to participate (including exclusives), and we'll be improving the integration over time," Sweeney wrote. He also called GeForce Now "the most developer-friendly and publisher-friendly of the major streaming services," which is based on Nvidia not charging any "tax" on game revenues.

"Game companies who want to move the game industry towards a healthier state for everyone should be supporting this kind of service!" Sweeney wrote.

According to code seen by 9to5Mac, Apple is set to roll out rich system-wide support for mouse cursors with iOS 14. From a report: Apple added rudimentary compatibility with external mice in iOS 13 Accessibility settings, but iOS 14 (iPadOS 14) will make it mainstream. The iOS 14 build also referenced two new Smart Keyboard models in development. The changes coming to the software will bring most of the cursor features you recognize from a Mac desktop experience to iOS. One difference may be that the pointer disappears automatically after a few seconds of not touching the connected mouse or trackpad, a concession to the touch-first experience of the iPad. It would reappear when the user attempts to move the cursor again.

This includes support for multiple pointers depending on what is being hovered over, like switching from a standard arrow pointer to a pointing hand when hovering over links. It is possible these APIs could then automatically translate over to Mac apps using Catalyst, which currently lacks an API for changing mouse cursor type. Apple is also developing support for Mac-like gesture, like tap with two fingers to right-click.

Fast Company's Mark Sullivan argues that cancelling this year's tech conferences could have a silver lining -- by encouraging a movement toward virtual conferences: There are developers across the U.S. and around the world who get shut out when the conferences get sold out. Even more of them simply can't afford the admission fee (last year's WWDC was $1599) and travel expenses required to spend time in the Bay Area or Seattle. Apple uses a lottery system to pick registered developers at random, who then get the opportunity to buy a ticket for the event. "Not having a set of 5,000 people who paid to be there, and potentially millions of other people who don't get access to things exclusive to those attending, such as labs and all of the networking, but instead having everyone on the same level can be a good thing," says iOS developer Guilherme Rambo.

Even before the coronavirus came along, the major developer conferences were developing more robust online elements. Far more people stream the keynotes than watch them in person. Many conference now stream the developer sessions as well. And an increasing body of sessions from the events is archived online... With all the cancellations this year, big tech companies like Apple may get some time to really think about the value of big events in the age of live streaming. Apple, for one, might think about ways of further virtualizing WWDC.

Apple will now allow push notifications to be used for advertising, so long as users agree to receive the ads first. From a report: Apple updated its App Store guidelines today with a change to its traditionally strict restrictions around push notifications. Apple has long banned apps from using notifications for "advertising, promotions, or direct marketing purposes," but that changes today. Apps can now send marketing notifications when "customers have explicitly opted in to receive them." Users must also be able to opt out of receiving the ads.

TikTok, the hugely popular social media app, found a lot of early traction by giving users a way to create funny lip-synced versions of clips from well-known songs and then share them with friends (its predecessor in the West was even called Musically). Now at long last, TikTok's owner, China's ByteDance, is doubling down on the music connection with the release of its first standalone full music streaming app, starting first in India. From a report: Today, the company is launching Resso, which describes itself as a "social music streaming app": users are encouraged to share lyrics, comments and other user-generated content with each other, alongside full-length tracks of music that they can consume and also share with others. And the music begins to auto-play as soon as you open the app. Unlike its sister app TikTok, which is free to use and is built on an ad-based model, Resso is following the freemium route that a number of other big music apps, such as Spotify, have taken. A free tier includes ads and limits streaming quality to 128 Kbps; a premium, ad-free tier boosts streaming to 256 Kbps, includes downloads and the ability to skip tracks and costs INR 99/month ($1.35/month) on Android and INR 119/month ($1.62) on iOS.

The latest "feature drop" for Google's Pixel line of Android phones includes the ability to "firmly press" on the screen "to get more help from your apps more quickly." If that sounds familiar, it's because it's a lot like iPhone's 3D Touch, which Apple stopped supporting in all of its 2019 iPhones. The Verge reports: "Firmly press" sets off alarm bells because it sounds a lot like the iPhone's 3D Touch, which enables different actions depending on how hard you press on the touchscreen. It was a beloved feature for some people because it gave faster access to the cursor mode on the iPhone's keyboard (I think long-pressing the space bar works fine for that, but I get that people love it). It's also gone on the latest versions of the iPhone -- Apple has seemingly abandoned it because the hardware to support it was too expensive/thick/complex/finicky/whatever. But now, it seems that Google has done the same thing for the touchscreen that it does with the camera: use its software algorithms to make commodity parts do something special. That is a very Googley thing to do, but not quite as Googley as the fact that there was virtually no information about this feature to be found anywhere on the internet beyond a speculative note over at XDA Developers.

After a few hours of back and forth, I finally got more details from Google. Here's what this feature does, according to Google: "Long Press currently works in a select set of apps and system user interfaces such as the app Launcher, Photos, and Drive. This update accelerates the press to bring up more options faster. We also plan to expand its applications to more first party apps in the near future." Essentially, this new feature lets you press harder to bring up long-press menus faster. In fact, Google's documentation for Android's Deep Press API explicitly says it should never do a new thing, it should only be a faster way to execute a long press. The answer to why it only works in certain apps is that a lot of Android developers aren't using standard APIs for long press actions. Because Android. Okay, but how does it work? It turns out my hunch was correct: Google has figured out how to use machine learning algorithms to detect a firm press, something Apple had to use hardware for.

To make its iPhone messaging app run better -- especially on older phones -- Facebook rewrote it from the ground up. The new version is going live now. From a report: In August 2011, Facebook introduced Messenger, an iPhone and Android app that spun off the social network's chat feature into a stand-alone experience. [...] Messenger hit one billion monthly active users in 2016 and was the world's most-downloaded app in 2019, according to App Annie. Along the way, it supplemented its original text-based conversations with everything from voice and video calls to games to payments to bots to Snapchat-style stories. As its user base and ambitions grew, so did its size. What had been a wafer-thin 8.5MB download in 2012 expanded to take up 130MB of space on users' iPhones. That's about twice the size of WhatsApp, another Facebook messaging app that offers many similar features.

But now Facebook has put the iOS version of Messenger on an extreme weight-reduction plan. By rewriting it from scratch, it's shrunk Messenger's footprint on your iPhone down to an eminently manageable 30MB, less than a quarter of its peak size. According to the company, the new version loads twice as fast as the one it's replacing. The update is so compact that Facebook was able to quietly build it into the existing version and test it by exposing it to a subset of users. As a giant piece of programming, the downsizing is even more dramatic. Messenger is going from 1.7 million lines of code to 360,000, for an 84% reduction.

Apple has agreed to pay up to $500 million to settle litigation accusing it of quietly slowing down older iPhones as it launched new models, to induce owners to buy replacement phones or batteries. From a report: The preliminary proposed class-action settlement was disclosed on Friday night and requires approval by U.S. District Judge Edward Davila in San Jose, California. It calls for Apple to pay consumers $25 per iPhone, which may be adjusted up or down depending on how many iPhones are eligible, with a minimum total payout of $310 million. Apple denied wrongdoing and settled the nationwide case to avoid the burdens and costs of litigation, court papers show. Friday's settlement covers U.S. owners of the iPhone 6, 6 Plus, 6s, 6s Plus, 7, 7Plus or SE that ran the iOS 10.2.1 or later operating system. It also covers U.S. owners of the iPhone 7 and 7 Plus that ran iOS 11.2 or later before Dec. 21, 2017.

Malware developers are always trying to outdo each other with creations that are stealthier and more advanced than their competitors'. At the RSA Security conference last week, a former hacker for the National Security Agency demonstrated an approach that's often more effective: stealing and then repurposing a rival's code. From a report: Patrick Wardle, who is now a security researcher at the macOS and iOS enterprise management firm Jamf, showed how reusing old Mac malware can be a smarter and less resource-intensive approach for deploying ransomware, remote access spy tools, and other types of malicious code. Where the approach really pays dividends, he said, is with the repurposing of advanced code written by government-sponsored hackers. "There are incredibly well-funded, well-resourced, very motivated hacker groups in three-letter agencies that are creating amazing malware that's fully featured and also fully tested," Wardle said during a talk titled "Repurposed Malware: A Dark Side of Recycling." "The idea is: why not let these groups in these agencies create malware and if you're a hacker just repurpose it for your own mission?" he said.

To prove the point, Wardle described how he altered four pieces of Mac malware that have been used in in-the-wild attacks over the past several years. The repurposing caused the malware to report to command servers belonging to Wardle rather than the servers designated by the developers. From there, Wardle had full control over the recycled malware. The feat allowed him to use well-developed and fully featured applications to install his own malicious payloads, obtain screenshots and other sensitive data from compromised Macs, and carry out other nefarious actions written into the malware.

"Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date..." writes the Register.

Long-time Slashdot reader nimbius shares their report: The policy was unveiled by the iGiant at a Certification Authority Browser Forum (CA/Browser) meeting on Wednesday. Specifically, according to those present at the confab, from September 1, any new website cert valid for more than 398 days will not be trusted by the Safari browser and instead rejected.

Older certs, issued prior to the deadline, are unaffected by this rule.

By implementing the policy in Safari, Apple will, by extension, enforce it on all iOS and macOS devices. This will put pressure on website admins and developers to make sure their certs meet Apple's requirements — or risk breaking pages on a billion-plus devices and computers... The aim of the move is to improve website security by making sure devs use certs with the latest cryptographic standards, and to reduce the number of old, neglected certificates that could potentially be stolen and re-used for phishing and drive-by malware attacks... We note Let's Encrypt issues free HTTPS certificates that expire after 90 days, and provides tools to automate renewals.

Microsoft said today it plans to bring its antivirus software, Defender Advanced Threat Protection, to phones and other devices running Apple's iOS and Google's Android. From a report: The software, also called Defender ATP, is already available on Windows and MacOS. It offers features like preventive protection, post-breach detection and automated investigation and response, according to Microsoft. When it comes to mobile devices, Microsoft's Rob Lefferts said that the Defender software could help companies protect employees from things like malware and phishing attacks. Apple's and Google's app stores are "pretty safe," Lefferts said, but "malware does happen on those platforms."

Apple is considering giving rival apps more prominence on iPhones and iPads and opening its HomePod speaker to third-party music services after criticism the company provides an unfair advantage to its in-house products. From a report: The technology giant is discussing whether to let users choose third-party web browser and mail applications as their default options on Apple's mobile devices, replacing the company's Safari browser and Mail app, according to people familiar with the matter. Since launching the App Store in 2008, Apple hasn't allowed users to replace pre-installed apps such as these with third-party services. That has made it difficult for some developers to compete, and has raised concerns from lawmakers probing potential antitrust violations in the technology industry.

The web browser and mail are two of the most-used apps on the iPhone and iPad. To date, rival browsers like Google Chrome and Firefox and mail apps like Gmail and Microsoft Outlook have lacked the status of Apple's products. For instance, if a user clicks a web link sent to them on an iPhone, it will automatically open in Safari. Similarly, if a user taps an email address -- say, from a text message or a website -- they'll be sent to the Apple Mail app with no option to switch to another email program. The Cupertino, California-based company also is considering loosening restrictions on third-party music apps, including its top streaming rival Spotify, on HomePods, said the people, who asked not to be named discussing internal company deliberations.

Microsoft today launched Office for Android and iOS in general availability. The unified app means you no longer need to download, install, and switch between the individual Word, Excel, and PowerPoint apps. From a report: The company today also announced new features coming to the app this spring: Word Dictation, Excel Cards View, and Outline to PowerPoint. You can use Office for free, and if you sign in with a Microsoft Account or connect a third-party storage service you can access and store documents in the cloud. Microsoft has over 200 million monthly active Office 365 business users and over 37 million Office 365 consumer subscribers. When the company launched the new Office mobile app as a public preview in November, "tens of thousands of people" rushed to try it. Microsoft has found that most users and businesses want to use the Office app as a hub or starting point for all their document work.

In a blog post today, Google announced that Stadia will work on some Android phones from Samsung, Asus, and Razer starting on February 20th. Up until this point, Stadia only worked on certain Pixel phones. The Verge reports: Here's the full list of the 19 newly supported phones, which includes the Samsung Galaxy S20 line that's releasing on March 6th: [Samsung Galaxy S8 --> Galaxy S20 Ultra, Razer Phone, Razer Phone 2, Asus ROG Phone, and Asus ROG Phone II.] These new additions -- combined with the current support for the Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3A, Pixel 3A XL, and Pixel 4 -- mean that you can now play Stadia games on 26 different Android phones. Stadia's iOS app doesn't let you play games, though, so you will have to keep waiting if you want to play Stadia games on your iPhone or iPad.

Software developer Steve Streza: Over the years, Apple has built up a portfolio of services and add-ons that you pay for. Starting with AppleCare extended warranties and iCloud data subscriptions, they expanded to Apple Music a few years ago, only to dramatically ramp up their offerings last year with TV+, News+, Arcade, and Card. [...] If you don't subscribe to these services, you'll be forced to look at these ads constantly, either in the apps you use or the push notifications they have turned on by default. The pervasiveness of ads in iOS is a topic largely unexplored, perhaps due to these services having a lot of adoption among the early adopter crowd that tends to discuss Apple and their design. This isn't a value call on the services themselves, but a look at how aggressively Apple pushes you to pay for them, and how that growth-hack-style design comes at the expense of the user experience. In this post, I'll break down all of the places in iOS that I've found that have Apple-manufactured ads.