Connect with us

Apps

What is Trustjacking? The iOS Exploit that Allows for Remote Control

blank

Published

on

Trustjacking

Hoo boy, a new vulnerability has come up for iPhone users everywhere. In today’s day and age where the biggest concern is privacy, we shouldn’t take any sort of vulnerability that can result in other users taking control of our devices lightly. As such, we’re going to take a few moments to explain what’s the latest iOS vulnerability, TrustJacking.

iTunes Wi-Fi Sync is all that’s needed in order to allow any malicious actors to gain control over iOS devices. It also allows them to record and control any and all sort of activities remotely. And yes, this is a problem that has been spreading on mobile phones before, not even Android users were safe from this.

Despite the fact that iTunes Wi-Fi Sync is pretty useful for many iOS users considering the fact it allows them to sync the devices without the need of cables. There are also other features that Wi-Fi Sync offers such as access the photos on the device, perform backups, and install apps. However, the iOS device user never gets notified about this on their phone.

This is what happens when a malicious actor wants to make their move. Once the victim and the attackers are connected to the same network, a vague prompt asking whether or not to trust the computer pops up. If the victim allows this computer to be trusted, they are pretty much allowing the malefactor to record activity without the victim knowing.

Not to mention, even if you have disconnected the device from the malicious computer. The user can enable the iTunes Wi-Fi Sync feature, regardless of whether or not the victim authorizes it. Basically, once the user chooses to trust the malicious computer. They can get any and all sort of access to the affected party’s iPhone device, gathering data from them or even installing virus apps.

Apple sort-of-but-didn’t address this issue by adding a mechanism that ensures the real owner of the iOS device chooses whether or not to trust this computer. However, there isn’t a way to choose to “Untrust” previously selected computers and the prompt is still vague so this really isn’t a solution more like a bandaid.

The best way to ensure that no unwanted computers are being trusted by your iOS device is to clean the trusted computers list by going to Settings > General > Reset > Reset Location & Privacy. Afterwards any and all affected users can pretty much start from scratch and cautiously re-authorize other computers for data access to their iOS device.

This exploit was discovered by Symantec and they are working hard to keep users informed about Trustjacking in iOS devices. I’d suggest you take a full read at their article which explains the situation in more depth. I also would recommend to refrain from using iTunes Wi-Fi Sync for the time being until it’s better implemented by Apple.

I always wanted to be a journalist who listens. The Voice of the Unspoken and someone heavily involved in the gaming community. From playing as a leader of a competitive multi-branch team to organizing tournaments for the competitive scene to being involved in a lot of gaming communities. I want to keep moving forward as a journalist.

iOS

Apple has introduced a new fee for apps in response to the EU’s gatekeeper rules

blank

Published

on

blank

Apple has unveiled a series of upcoming updates to iOS in the European Union, which will include a new fee for developers. These changes are part of the iPhone maker’s efforts to comply with the Digital Markets Act (DMA), the bloc’s competition reform initiative.

In September, the EU classified Apple as one of six “gatekeepers” under the DMA, identifying the iOS App Store and Safari browser as “core platform services.” The regulation places a set of responsibilities and limitations on gatekeepers. Apple is being compelled to accept sideloading of apps, along with other alterations. The gatekeepers must comply with the DMA by March 7, which is the deadline.

Today, Apple announced the availability of iOS 17.4 in beta. According to Apple, this update will assist developers in getting ready for the upcoming changes to its mobile platform. To meet the EU’s compliance deadline, these changes will go into effect next month.

During a background briefing with journalists prior to the beta launch, Apple revealed that it has dedicated significant time and effort to developing its solution in order to meet the requirements of the DMA. However, it also cautioned that certain modifications may introduce additional vulnerabilities for users. This echoes a well-established concern about sideloading, as it has the potential to compromise the security and privacy of iOS users.

Apple has announced upcoming changes for iOS developers who distribute apps in the European Economic Area (EEA). These changes include:

  • Exciting developments have emerged in the realm of distributing iOS apps, with the introduction of fresh APIs and tools that empower developers to make their iOS apps available for download from various alternative app marketplaces.
  • Introducing a cutting-edge framework and APIs that empower developers to build their own app marketplaces. With this innovative solution, marketplace developers can effortlessly install apps and seamlessly handle updates on behalf of other developers, all within their dedicated marketplace app.
  • Introducing new frameworks and APIs that empower developers to utilize different browser engines is expanding the possibilities for browser apps and apps with in-app browsing experiences beyond just WebKit.
  • A form is available for developers to submit requests for interoperability with iPhone and iOS hardware and software features.

There was new information last week regarding an offer that Apple made to the EU in an effort to end an antitrust investigation involving Apple Pay. Today, it was indicated that the proposed changes to contactless payments on iOS are in line with industry standards. These changes include new APIs that enable developers to utilize NFC technology in their banking and wallet apps across the EEA. Additionally, users will have the ability to choose a third-party contactless payment app or an alternative app marketplace as their default option.

As with the various changes Apple is introducing today, it will be the responsibility of the European Commission to evaluate their compliance with the DMA and determine if they meet the legal requirements.

If EU regulators determine that Apple’s modifications do not align with the DMA, it may result in substantial fines amounting to 10% of their global annual turnover and compel Apple to reconsider their approach.

Introducing fresh business terminology and an additional fee for essential technology.

Alongside the various DMA-focused changes that developers will have access to, Apple is also rolling out new business terms in Europe. These terms include the implementation of a new fee known as the “Core Technology Fee.”

This appears to be designed to guarantee that Apple can still receive a portion of the revenue in certain situations, even if developers choose to go beyond its controlled environment. This could include distributing their apps through other app stores or directing users to their own websites to make payments for additional content.

According to Apple, iOS apps that are downloaded from the App Store or another app marketplace will incur a fee of €0.50 for each initial installation per year if the number of installations exceeds 1 million.

Developers who wish to utilize the newly announced features, such as the option to distribute their apps through different app stores, are required to agree to the updated business terms.

“The new business terms for apps in the EU are crucial to meet the DMA’s requirements for alternative distribution and payment processing,” stated Apple in a press release. Apple’s fee structure is designed to acknowledge the various ways in which they contribute to the success of developers’ businesses. This includes providing distribution and discovery opportunities on the App Store, secure payment processing, a trusted mobile platform, and a range of tools and technology to facilitate the creation and sharing of innovative apps with users worldwide.

As part of the new business terms, Apple is adjusting the percentage it receives from digital purchases made on iOS apps in its App Store. This adjustment applies to transactions involving digital goods and services, with a reduced cut of 17%. Additionally, for the majority of developers and subscriptions after their first year, Apple will only take a 10% share.

Apple will charge a payment processing fee of an extra 3% for iOS apps on the App Store that wish to utilize their own payment technology.

However, developers have the option to utilize a different payment service provider within their app or direct users to their website for payment processing without incurring any extra charges from Apple.

In addition, Apple announced that developers will have the option to continue with its current business terms. This means that they can still collect a commission on in-app purchases made through apps on the App Store, with the standard rate being 30% (or 15% for small businesses).

Developers can choose their own terms and still have access to the App Store’s payment processing technology and distribution platform in the EU, according to Apple.

According to the new business terms, the tech giant predicts that the majority of developers will either decrease or keep the fees they owe.

Additionally, it indicates that a very small percentage of developers will be required to pay the Core Technology Fee for their EU apps. This fee is specifically aimed at apps that have achieved significant popularity, such as being installed on millions of iOS devices.

Apple is defending the implementation of the new fee by stating that it accurately represents the worth of its technology platform and services, which are separate from the App Store’s capabilities and distribution.

Although the DMA requires app stores to allow sideloading, it does not enforce any particular business models on them. Yet, it is uncertain if Apple’s strategic adjustments to its business terms in the EU, along with the options it is offering to developers, will meet the approval of regulators.

According to Article 6(12) of the DMA:

The gatekeeper shall apply fair, reasonable, and non-discriminatory general conditions of access for business users to its software application stores, online search engines and online social networking services listed in the designation decision pursuant to Article 3(9).

In order to avoid violating the DMA, Apple will have to convincingly argue that the framework it has developed is “equitable, rational, and unbiased.”

As part of its updates, Apple is introducing several new features to its platform. These features include notarization for iOS apps, which involves a thorough review process to ensure platform integrity and user protection. It will include both automated checks and human reviews. Apple is also implementing app installation sheets, which provide users with concise descriptions and functionality overviews before downloading an app. Additionally, Apple will require marketplace developers to meet ongoing requirements to safeguard users and developers. Lastly, Apple is enhancing its malware protections to prevent iOS apps from launching if they are found to contain malware after installation.

During the last press event, Apple emphasized that the modifications mandated by the EU would introduce whole new vulnerabilities for iOS users.

The business emphasized the security concern of allowing iOS applications to install other apps on the user’s device, which Apple refers to as “marketplace apps.” This is considered a typical method for malware attacks. While its reps said that there has never been a prevalent consumer malware assault on iOS up until now,.

Developers who agree to Apple’s new business rules will have the opportunity to create alternative app stores, also known as marketplace applications. However, they will still be required to go through Apple’s app review process and fulfill certain criteria that aim to safeguard consumers and developers.

Additional modifications are forthcoming, addressing various DMA requirements regarding Apple’s App Store and Safari browser. Some of these changes appear to be aimed at prompting iOS users to exercise caution before choosing any non-Apple alternatives. One such change involves the introduction of a choice screen, which will allow iOS users to designate their default browser. This screen will present a range of competing browsers alongside Apple’s Safari browser. Furthermore, developers will now have the capability to offer browsers that are not reliant on the WebKit browser engine. Apple has introduced new labels on the App Store product pages to notify users when an app they are downloading uses a different payment processing system. Additionally, in-app disclosure sheets will inform users when they are no longer making transactions with Apple and when a developer is directing them to use an alternative payment processor. Apple has introduced new procedures for reviewing apps. These procedures aim to ensure that developers provide accurate information about transactions involving alternative payment processors. Additionally, Apple has expanded the data portability feature on its Data & Privacy site. This allows users in the European Union to access and export new data about their App Store usage to an authorized third party.

One strategy Apple may use to encourage customers to continue using its own payment technology for third-party applications is by notifying iOS users when they are no longer doing transactions with Apple. However, Apple may argue that this is only an “equitable and rational” cautionary message sent to its customers when they go outside its controlled environment.

The DMA grants gatekeepers the authority to implement “strictly necessary and proportionate” actions to safeguard the integrity of the hardware, software, or operating systems they offer. This includes protecting against potential risks posed by third-party apps and stores as well as complying with the interoperability requirements mandated by the DMA. It’s crucial to remember that the gatekeeper must justify any measures taken.

Apple has announced another update that would allow developers to provide a streaming game app store.

In response to Apple’s action, Epic Games, which had previously filed a lawsuit against the tech giant in the United States on the terms of the App Store, expressed their disapproval. They referred to their offering in the European Union as “malicious compliance” and criticized it for including excessive and unnecessary costs.

Continue Reading

Apps

Now WhatsApp users can log into two accounts simultaneously

blank

Published

on

blank

WhatsApp launched dual-account support today. You can switch between accounts in WhatsApp.

Mark Zuckerberg announced the feature on Facebook and said it would soon be available.

People used to need two phones for two WhatsApp accounts. The company now allows two accounts on one phone. App cloning lets users use multiple WhatsApp instances on Xiaomi and Oppo phones.

“Helpful for switching between accounts – such as your work and personal – now you no longer need to log out each time, carry two phones or worry about messaging from the wrong place,” the company wrote in a blog post.

blank

Users can add accounts under Settings > Add Account. Your second SIM or multi-SIM phone is needed for setup. Account-specific notifications and privacy settings are available, the company said.

WhatsApp discouraged fake apps to prevent fraud.

WhatsApp added Android passkey support this week, enabling access without SMS-based two-factor authentication.

Continue Reading

Apps

X experiments with a $1-per-year new user fee

blank

Published

on

blank

X, formerly Twitter, announced today that it will experiment with charging “new unverified” users $1 per year to interact with posts. The company said this test is live in New Zealand and the Philippines and won’t affect existing users.

Users can post, like, repost, reply, bookmark, and quote for that fee. Free users get a read-only account to view posts and follow accounts.

This “Not A bot” program is not a profit driver, according to the company’s support account, but reason is hard to trust. The Elon Musk-owned company claims this program will reduce spam.

We created this new test to improve our already successful efforts to reduce spam, platform manipulation, and bot activity while balancing platform accessibility with the small fee. It does not generate profits, the company said.

blank

The company said it would share spam-fighting program results on its support page.

Musk announced that X will charge “a small monthly payment” to use its service. The test program pays annually, but ethos is the same.

X (then Twitter) started requiring logins to view posts in June. Days later, the platform allowed logged-out users to view posts.

One year after Musk’s $44 billion acquisition, Simialrweb reports X traffic has dropped. The company has taken drastic measures to cut costs and make money.

In an interview last month, CEO Linda Yaccarino predicted X’s 2024 profitability. The former NBCU executive avoided discussing X’s user fees in the interview.

As of now, X only offers a $8 monthly plan. According to recently discovered code, the company may introduce three premium tiers, one ad-free.

Continue Reading

Trending