Apple security in 2019: year in review

Computer security is constantly evolving, as new issues and vulnerabilities are discovered, as new software and devices are deployed, and as hackers figure out new ways to get around barriers.

Some security and privacy threats change over time. Ten years ago, we didn’t have to worry much about Internet of things (IoT) devices or data breaches, let alone hardware and even CPU architecture vulnerabilities like Spectre and Meltdown; we continued to see the emergence of similar discoveries and a continuance of these trends throughout 2019.

One thing that hasn’t changed over the past decade is that some Mac malware continues to disguise itself as Flash Player updates, even though Adobe is abandoning Flash at the end of 2020. Perhaps the fake-Flash malware trend will finally die toward the end of this year; time will tell.

Here is an overview of the main issues that affected Apple products and software in 2019:

  • Vulnerabilities and security updates
  • Malware—more than a dozen unique Mac threats
  • Data breaches
  • Phishing, fraud, and scams
  • Facebook failures
  • Internet of things issues

Read the rest of the article on The Mac Security Blog.

Apple’s Cook says global corporate tax system must be overhauled – Reuters

Everyone knows that the global corporate tax system needs to be overhauled, Apple Chief Executive Tim Cook said on Monday, backing changes to global rules that are currently under consideration.

The growth of internet giants such as Apple has pushed international tax rules to the limit, prompting the Organisation for Economic Cooperation and Development (OECD) to pursue global reforms over where multinational firms should be taxed.

The reforms being examined center around the booking of profits by multinational firms in low-tax countries such as Ireland where they have bases – and where Cook was speaking on Monday – rather than where most of their customers are.

“I think logically everybody knows it needs to be rehauled, I would certainly be the last person to say that the current system or the past system was the perfect system. I’m hopeful and optimistic that they (the OECD) will find something,” Cook said.

“It’s very complex to know how to tax a multinational… We desperately want it to be fair,” the Apple CEO added after receiving an inaugural award from the Irish state agency responsible for attracting foreign companies recognizing the contribution of multinationals in the country.

I think Tim Cook sees the writing on the wall, and wants to get out in front of it. Apple has long been the poster child for tax avoidance, but Cook knows this has to change.

While it is certainly complex, one thing is obvious: companies with subsidiaries in countries other than their own should pay taxes on earnings in those countries. Apple funnels all (or most) of its earnings to Ireland; Amazon funnels theirs to Luxembourg. I live in the UK, where Apple paid £3.8 million in taxes on £1.2 billion in sales, and Amazon earned £10.9 billion last year, and paid a paltry £220 million in tax. (That’s all taxes, not just corporate income tax, but including, say, payroll taxes.) That’s 0.3% for Apple, and just over 2% for Amazon, for all taxes; I pay 19% on my business’s earnings.

The company should certainly not be taxed for the full value of what they sell; much of that value is made in their home country. But there should be a reasonable way to calculate the wholesale value of an item, such as an iPhone, and what share of the retail price is profit in the local country.

It’s worth noting that Cook is calling for this overhaul after Apple saved $40 billion thanks to the “GOP’s corporate tax handout.”

Source: Apple’s Cook says global corporate tax system must be overhauled – Reuters

Intego Mac Podcast, Episode 118: Your Photos Can Tell People Where You Live

Photos you shoot with your iPhone, and with some cameras, store location data. Sharing these photos on social media may pinpoint your location: where you live, or where you work. It’s easy to remove this data. In the news, we talk about listening in on Skype audio, another Apple – FBI spat about accessing data on an iPhone, Google getting rid of cookies, and more.

Check out the latest episode of The Intego Mac Podcast, which I co-host with Josh Long. We talk about Macs and iOS devices, and how to keep them secure.

The European Union wants all mobile devices on a universal charging standard – TechSpot

As outlined in a recent newsletter posted on the European Parliament’s website, the 2014 Radio Equipment Directive called for a common charger to be developed that would fit all mobile phones, tablets, e-book readers and other portable devices.

The Commission ultimately “encouraged” the industry to adopt change but that hands-off approach has not yet produced the desired results.

The truth is, most decent Android phones have already switched to a unified standard in USB-C. The few remaining stragglers that still use something like micro-USB largely do so for cost-cutting measures. But should such legislation pass, the company with the most at stake would be Apple as its line of iPhones continue to utilize the proprietary Lightning connector.

This is an interesting story. For years, the European Union has been bothered by the issue of multiple cables and chargers needed for different portable devices. For the most part, portable devices, other than those from Apple, depend on micro-USB, that little unevenly-shaped plug you see for portable devices such as Android phones, Kindles, etc. (The most common is a Micro-B plug.) Apple is the exception, with their proprietary lightning connector, which has made Apple a lot of money.

But the EU document discusses “chargers,” not “charging cables.” Is this simply an error on their part? I don’t think they want to normalize the amperage of chargers; I think they are concerned about the cables that get wasted, but also the fact that chargers are provided with most new portable phones and tablets (except those at the low end).

There are a few issues here. First, the lightning connector offers some additional features, so you can, for example, put an iPhone in a dock, or use digital headphones, transfer data using a variety of adapters, etc. And, of course, this is a proprietary Apple technology, so they get licensing fees from any company that makes accessories.

Lately, it’s been clear that Apple is planning to move to USB-C, which has a number of advantages, such as higher data throughput and higher power. Recent iPad Pro models have a USB-C connector. So Apple should welcome this change, but what if the EU wants to standardize on micro-USB? They probably don’t want to, but even if the lightning connector is ditched, I don’t think we’ll see USB-C on all devices. My guess is that it’s a bit more expensive than a micro-USB jack, because of circuitry needed behind it.

Also, USB-C is quite perilous. Different USB-C cables have different capabilities, such as power or data throughput, and it can be quite difficult to know which one you need. And if you have the wrong one, you can actually damage a device.

I have a lot of devices in my home that use micro-USB: my Kindles, batteries for security cameras, chargers for camera batteries (though my Fujifilm X-T3 has a USB jack), and other devices. The fact that I can charge them all using the same cables is practical. Having both micro-USB and USB-C won’t be a problem, and I assume that the EU is only looking at devices like phones.

But the broader question of chargers is probably one that should be addressed. Do we really need to get a charger with each new device? I have lots of Apple chargers in my house, but for people who don’t have extras, should they have to pay another, say, $10 or so when they buy a new phone?

Source: The European Union wants all mobile devices on a universal charging standard – TechSpot

Apple’s MacBook Pro TouchBar and Safari

When I bought a new MacBook Pro last year, I was catching up to a new interface element that had been around for a while, but that I had never used: the TouchBar. This bar replaces the function keys with a set of dynamic “buttons,” allowing you to control certain things on your Mac. You can adjust volume and brightness, and different apps provide different virtual buttons on the bar.

There’s one app where it’s is really useless: Safari. On my MacBook Pro, with Safari frontmost, I have six tabs, but the TouchBar only shows two of them; that’s because the other four are “pinned tabs,” that are minimized at the left of the tab bar. There’s no way to use the TouchBar to access those tabs. (I’ve tried to scale the image so it looks about the same as what I see.)

Touch bar

And even if I did want to use the TouchBar to access different Safari tabs, there’s nothing on the TouchBar that helps me see what the tabs contain. Okay, I can see that the one on the left is Facebook, but what if I have a lot more tabs open?

Touch bar2

I would have expected the TouchBar to display favicons, which would at least give a better idea of which sites are open in each tab. It’s clear that an option to do this would make it a lot more usable.

Welcome to Apple – A one-party state – Tortoise

A secretive culture – bordering on paranoia – was first fostered by Steve Jobs, the founder of Apple, and then by his successor Tim Cook, who took over in 2011.

Apple employees typically sign several non-disclosure agreements (NDAs) per year, use codenames to refer to projects, and are locked out of meetings if they fail to obtain the appropriate documentation, former workers told us.

“Secrecy is everything at Apple,” one ex staffer said. “Many employees don’t like Apple Park [the company’s new headquarters] because it has very few private offices. Confidentiality on projects and the ability to step behind a closed door is vital.”

Another recent ex-employee said that security was weaponised across the company, with internal blogs boasting about the number of employees caught leaking and NDAs required even for non-sensitive or mundane projects. The employee described how they were once asked to read a negative story about the company and then identify the Apple insider suspected of leaking information.

This is the first part of a story that looks at Apple “as if it is (sic) a country.” An interesting approach, given the size of these big companies. Apple’s market valuation “is roughly equal to the national net worth of Denmark, the 28th wealthiest country in the world.” I’m not sure what that means; it’s not like Apple’s market valuation is a fixed asset, it is subject to the whims of the stock market. However, I do agree that “It has as many users as China has citizens. Its leader has a close relationship with the US president and other heads of state. In all but name, this is a superpower, wielding profound influence over our lives, our politics and our culture.”

I have mixed thoughts about Apple. On the one hand, I make my living writing about the company, and Apple is most certainly the least bad of the big tech firms. However, I’ve long been irked by Apple’s tax avoidance, which, while technically legal under US law, deprives countries where Apple makes money of their share of taxes on products and services the company sells. And it’s skanky; they stash money in the Cayman Islands and other offshore locations.

As for the internal security, it’s important to understand how much trade secrets are worth. Apple may be a bit more obsessed with security, but I sign several NDAs with clients and vendors who show me products and software every year.

I do know, from contacts in the company, that there is severe compartmentalization, which prevents people from knowing much about what others are doing, and it does seem, especially with the latest operating system releases, that this has contributed to a number of serious bugs. But any company this size is going to suffer from a lack of communication; perhaps Apple has just gotten too big to be manageable.

The truth, however, is that it represents what Apple has become: a secret garden with tremendously high walls. Most people who try to peer over the edge are summarily pushed back. Apple is a part of the world but also apart from it. It is Maoism for individualists.

Yes, the company is a “secret garden.” So is Boeing. So is Ford. So is any big company where intellectual property is how they make their living. As for “Maoism for individualists,” I don’t even know what that means.

A lot of this article is true, and much of it is not surprising for a company the size of Apple. Some of the article is just a timeline of the company’s history, skewed toward the negative. I’ll be interested to see what’s next in the series, and more interested to see what this site has to say about other companies, such as Google, Facebook, and Amazon.

Source: Welcome to Apple A one-party state

The empty promises of Marie Kondo and the craze for minimalism – The Guardian

Apple devices have gradually simplified in appearance over time under designer Jony Ive, who joined the company in 1992, which is why they are so synonymous with minimalism. By 2002, the Apple desktop computer had evolved into a thin, flat screen mounted on an arm connected to a rounded base. Then, into the 2010s, the screen flattened even more and the base vanished until all that was left were two intersecting lines, one with a right angle for the base and another, straight, for the screen. It sometimes seems, as our machines become infinitely thinner and wider, that we will eventually control them by thought alone, because touch would be too dirty, too analogue.

The Guardian publishes an excerpt from a forthcoming book about minimalism; not the music, but the lifestyle. This excerpt covers two topics: Marie Kondo’s decluttering cult, and Apple’s design philosophy.

For the former, whose method is uncreatively called KonMarie, I like to say that you can’t spell KonMarie without “con.” For our minimal Marie has ventured into the sale of Goop-worthy useless objects, such as, for $75, a tuning fork a quartz crystal. “Marie uses a tuning fork in her everyday life to help her to reset – and she’s never without a crystal. Striking the fork against a crystal creates pure tones that are believed to help restore a sense of balance.”

As for Apple, yes, their products are minimalist, but I think that the approach that the millennial writer takes shows a bit of ignorance of the history of the design of computing devices, and of other electronic devices. Much of the minimalism in Apple devices is a result of miniaturization. We have thin devices because we can; because displays don’t need to be the massive, bulbous CRTs of yore. We have fewer buttons and knobs because we don’t need them. And, Jony Ive, at Apple, was following in the footsteps of his great influence Dieter Rams, whose ten principles for good design were Ive’s guide. Discussing Apple design without looking backward to the history of design, especially of electronic devices post-war, is useless.

The transistor radio I had when I was in my early teens was minimalist compared to radios that preceded it; the Walkman I had in 1980 was minimalist compared to boom boxes. The car I drive is minimalist compared to the fin-adorned Chevys of the 1950s. Minimalism in design is a long trend. What is different is that the word is used now to market devices (though I don’t ever recall hearing anyone at Apple utter that word), and perhaps that is just a recognition that the term has become mainstream.

Source: The empty promises of Marie Kondo and the craze for minimalism | Life and style | The Guardian

Intego Mac Podcast, Episode 113: Mac Pro costs the same as Tesla Cybertruck

Apple has released the new Mac Pro, along with updates for all its operating systems this week. Google Chrome gets a serious update, Google Maps gets incognito mode, and the Ring doorbell leaks some location data allowing journalists to create heat maps of Ring-protected homes. Plus an AirDrop vulnerability, a tweet with an iPhone decryption key, and more.

Check out the latest episode of The Intego Mac Podcast, which I co-host with Josh Long. We talk about Macs and iOS devices, and how to keep them secure.

Many App Store and iTunes customers no longer receiving email receipts for purchases – 9to5Mac

“An odd annoyance has emerged among many App Store and iTunes users. Over the last several weeks, many Apple customers have reported that they are no longer receiving email receipts for purchases they made via the App Store or iTunes.”

I’ve been having the same problem. And this is a problem, because I need receipts for software that I purchase for my business. In fact, I had forgotten about this until seeing the article this morning, and went and got a bunch of receipts re-sent.

The biggest issue with this, however, is that without receipts I won’t see any unauthorized purchases, if, by chance, someone managed to compromise my account, or if I was billed for something I didn’t buy.

The article explains how to view your purchase history, but you can do so more quickly by clicking this link: https://finance-app.itunes.apple.com/purchases.

Source: Many App Store and iTunes customers no longer receiving email receipts for purchases – 9to5Mac

Intego Mac Podcast, Episode 112: Twitter Trickery, Charging Insecurity, Cryptocurrency Malware, and More

We follow up on our Black Friday purchases, then talk about some Twitter trickery, some Russian rigidity, some charging insecurity, some location confusion, and some new Mac cryptocurrency malware.

Check out the latest episode of The Intego Mac Podcast, which I co-host with Josh Long. We talk about Macs and iOS devices, and how to keep them secure.