Apple turned off a private communication tool in China just before major protests broke out

Earlier this month, Apple restricted the use of AirDrop in China. The file-sharing tool for iOS was used by protesters to communicate freely without the risk of censorship, because the tool uses direct connections between devices, creating a local network that cannot be monitored by government internet regulators.

Initially, people could choose to receive AirDrops from everyone nearby. However, a recent iOS update has made that impossible. The update made a change to AirDrop’s usage that only applies in mainland China, while the rest of the world can still use it to communicate as before.

Users in China can only receive from everyone nearby for only ten minutes, putting restrictions on how it’s used.

AirDrop has been used by protesters in Hong Kong to communicate with other protesters and bystanders, as well as send messages to tourists from mainland China. On the mainland, protesters have used AirDrop to spread protest literature.

Keep reading

Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests

Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.

Snap Inc. received a forged legal request from the same hackers, but it isn’t known whether the company provided data in response. It’s also not clear how many times the companies provided data prompted by forged legal requests.

Cybersecurity researchers suspect that some of the hackers sending the forged requests are minors located in the U.K. and the U.S. One of the minors is also believed to be the mastermind behind the cybercrime group Lapsus$, which hacked Microsoft Corp., Samsung Electronics Co. and Nvidia Corp., among others, the people said. City of London Police recently arrested seven people in connection with an investigation into the Lapsus$ hacking group; the probe is ongoing.

Keep reading

Leaked Documents Show Apple’s Attempts to Silence Whistleblowers

Tech giant Apple previously told the SEC that it does not attempt to silence employees in relation to workplace harassment or discrimination, but a whistleblower’s nondisclosure agreement is bringing new scrutiny to this claim.

Business Insider reports that on October 18, tech giant Apple made a number of statements to the Securities and Exchange Commission (SEC) including claims that the company does not attempt to silence former employees or whistleblowers in relation to the company’s working conditions.

Now, a new nondisclosure agreement given to a company whistleblower is bringing greater scrutiny to these claims. Apple’s lawyers reportedly wanted former engineer Cher Scarlett to state only the following words upon her departure from the company: “After 18 months at Apple, I’ve decided it is time to move on and pursue other opportunities.”

This language was included in an extremely strict nondisclosure and non-disparagement agreement as part of a separation agreement that Apple offered Scarlett last month. Scarlett, who spent months working to improve pay equity at Apple allegedly resulting in harassment and intimidation from the company, said that when she received the nondisclosure agreement she was “shocked.”

She added: “In my mind, I should be able to say whatever I want as long as I’m not defaming Apple.” Scarlett refused to sign the gag order but was reminded of the agreement upon seeing Apple’s statements to the SEC.

Apple claimed that when it comes to NDAs “in the context of harassment, discrimination, and other unlawful acts,” its “policy is to not use such clauses.” Scarlett filed a whistleblower complaint with the SEC on October 25 in which she claims Apple made “false statements or misleading statements” to the SEC.

Keep reading

Scanning your iPhone for Pegasus, NSO Group’s malware

In collaboration with more than a dozen other news organizations The Guardian recently published an exposé about Pegasus, a toolkit for infecting mobile phones that is sold to governments around the world by NSO Group. It’s used to target political leaders and their families, human rights activists, political dissidents, journalists, and so on, and surreptitiously download their messages/photos/location data, record their microphone, and otherwise spy on them. As part of the investigation, Amnesty International wrote a blog post with their forensic analysis of several compromised phones, as well as an open source tool, Mobile Verification Toolkit, for scanning your mobile device for these indicators. MVT supports both iOS and Android, and in this blog post we’ll install and run the scanner against my iOS device.

Keep reading

Apple’s Plan to “Think Different” About Encryption Opens a Backdoor to Your Private Life

Apple has announced impending changes to its operating systems that include new “protections for children” features in iCloud and iMessage. If you’ve spent any time following the Crypto Wars, you know what this means: Apple is planning to build a backdoor into its data storage system and its messaging system.

Child exploitation is a serious problem, and Apple isn’t the first tech company to bend its privacy-protective stance in an attempt to combat it. But that choice will come at a high price for overall user privacy. Apple can explain at length how its technical implementation will preserve privacy and security in its proposed backdoor, but at the end of the day, even a thoroughly documented, carefully thought-out, and narrowly-scoped backdoor is still a backdoor.

To say that we are disappointed by Apple’s plans is an understatement. Apple has historically been a champion of end-to-end encryption, for all of the same reasons that EFF has articulated time and time again. Apple’s compromise on end-to-end encryption may appease government agencies in the U.S. and abroad, but it is a shocking about-face for users who have relied on the company’s leadership in privacy and security.

Keep reading

Apple bans, at Amazon’s request, app that reveals fake Amazon reviews

Calling out scammers has always been a perilous approach when it comes to tech giants.

Amazon has requested that Apple delete from its App Store the app Fakespot, a popular service that tries to uncover false reviews on Amazon.

The incident put two of the internet industry’s greatest behemoths against a small startup and Fakespot is disappointed.

Keep reading

7 Apple suppliers in China have links to forced labor programs, including the use of Uyghur Muslims from Xinjiang, according to a new report

Seven of Apple’s suppliers were found to be linked to suspected forced labor of Uyghur Muslims and other persecuted groups sourced from the Xinjiang region, according to an investigation by The Information.

Apple has previously denied using suppliers that rely on the forced labor of Uyghurs, a Muslim minority group that has faced persecution in China. The Information’s investigation suggests the use of forced labor by some of Apple’s largest suppliers is more widespread than previously reported.

Apple did not immediately respond to Insider’s request for comment.

As the Information notes, just one of the suppliers is in Xinjiang, the western region of China that consists predominately of the Uyghur Muslim population, which is native to the area. Other workers were shipped from Xinjiang to companies like Luxshare, which is one of Apple’s biggest Chinese suppliers, according to records viewed by the outlet.

Keep reading

Apple Removes RSS Feed Readers From Chinese App Store

Apple has reportedly removed two RSS feed reader apps from China’s App Store to comply with Chinese law. Fiery Feeds and Reeder both tweeted that their iOS apps had been removed in China over content that is considered “illegal” in the country.


Fiery Feeds quoted a three-year-old tweet from Inoreader, a similar RRS service that was banned from Apple’s Chinese ‌App Store‌ back in 2017 and had its entire service blocked in the country in April. Apple’s original message to Inoreader read:

We are writing to notify you that your application will be removed from the China ‌App Store‌ because it includes content that it illegal in China, which is not in compliance with the ‌App Store‌ Review Guidelines:

5. Legal
Apps must comply with all legal requirements in any location where you make them available (if you’re not sure, check with a lawyer). We know this stuff is complicated, but it is your responsibility to understand and make sure your app conforms with all local laws, not just the guidelines below. And of course, apps that solicit, promote, or encourage criminal or clearly reckless behavior will be rejected.

It’s not clear why Apple waited until now to block the additional feed readers, but the fact that it pulled these apps at all suggests RSS readers can sometimes circumvent China’s Great Firewall and pull in content from third-party websites that are otherwise on its blocked list.

Apple has faced increasing pressure from investors and human rights activists about its relationship with China and its tendency to comply with Beijing’s demands. Last year, for example, Apple removed the app of news outlet Quartz from China’s ‌‌‌App Store‌‌‌ after complaints from the government that it included content that is illegal in the country. The app was covering the Hong Kong Umbrella Movement protests at the time.

Keep reading