Privacy

While Apple is currently lobbying against being given a legal responsibility for age verification when it comes to downloading apps, I think the company’s customers would very much benefit from it taking on this role.

Given the company’s track record in finding privacy-respecting approaches to personal data, I would like to see it go even further than the proposals we’ve seen to date …

Many social media apps encourage you to give them access to your contacts. If you do so, they will let you know which of your contacts are on the platform so that you can send them a friend request.

This can be problematic because you may not wish to share your online presence with everybody in your contacts, and because you are effectively sharing the personal data of other people without their consent. Bluesky says its own “privacy-first” approach is different …

Authoritarian governments don’t like their citizens being able to have private conversations using end-to-end encrypted messaging apps. This is the reason Russia has just banned FaceTime, but it was surprising iMessage had escaped a ban.

A potential reason for this has now been discovered: Apple may have accidentally made it almost impossible for a government to ban its end-to-end encrypted text messaging app …

The saga of a mandatory government security app which Apple and Google had to preinstall on their phones didn’t last long after Apple refused to play ball.

The Indian government had already backed down on preventing iPhone owners from deleting the “security” app, and has now made a complete U-turn in the space of just 48 hours …

The Indian government has ordered Apple and other smartphone manufacturers to pre-install a state-owned “security” app on all phones before they are sold to users. Update: As we predicted, Apple has pushed back, but more aggressively by stating outright that it will not comply.

Adding fuel to the privacy fire, the government is also requiring smartphone makers to ensure that the app cannot be removed by users …

If you receive a notification from ChatGPT provider OpenAI that one of its partners has suffered a data breach, it’s likely that your own data is safe. Only those who have an API account may have been affected

The company says it is being transparent by notifying all subscribers, even though only a small subset of them will have been impacted …

A competition regulator has accused Apple of misleading users about the level of privacy offered by the App Tracking Transparency feature. That accusation, while made in good faith, is based on a misunderstanding.

The iPhone maker has responded by saying that it may be forced to withdraw the privacy protection from EU users …

Hackers have obtained customer data from a third-party company used by major Wall Street banks, including JPMorgan Chase and Citi. The disclosure comes just days after a Doordash data breach exposed names, addresses, phone numbers, and more.

SitmusAMC helps banks process mortgage applications and other real estate loans, and says that accounting records and legal agreements have been impacted by the hack …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Plastic webcam covers—especially of the sliding kind—boomed in popularity sometime in the 2010s as a low-tech way to keep hackers from eavesdropping on compromised machines. The concern felt justified at the time. But by 2020, Apple was beginning to issue warnings that those covers aren’t actually needed and can even damage a MacBook’s display.

For this Security Bite, let’s set the tin-foil hats aside and talk about why webcam covers don’t meaningfully improve privacy, can cause features like True Tone to not work properly, and are far more likely to damage your screen than stop someone from spying on you.

A Doordash data breach has exposed the personal data of an unspecified number of customers, including name, phone number, email address, and physical address.

The food delivery company says that it has implemented a number of security measures in response, including reporting the attack to law enforcement …

Update, 7:11 p.m. ET: A Meta representative reached out to 9to5Mac and provided the following statement:

“We are grateful to the University of Vienna researchers for their responsible partnership and diligence under our Bug Bounty program. This collaboration successfully identified a novel enumeration technique that surpassed our intended limits, allowing the researchers to scrape basic publicly available information. We had already been working on industry-leading anti-scraping systems, and this study was instrumental in stress-testing and confirming the immediate efficacy of these new defenses. Importantly, the researchers have securely deleted the data collected as part of the study, and we have found no evidence of malicious actors abusing this vector. As a reminder, user messages remained private and secure thanks to WhatsApp’s default end-to-end encryption, and no non-public data was accessible to the researchers.” 

A massive WhatsApp security flaw exposed the phone number of almost every user on the planet – despite the fact that parent company Meta had been alerted to the vulnerability way back in 2017.

Security researchers were able to use what they described as a “simple” exploit to extract a total of 3.5 billion phone numbers from the messaging service …

Some 2 billion email addresses and 1.3 billion passwords have been compromised in a series of data breaches highlighted by a cybersecurity company.

Microsoft regional director Troy Hunt, who runs the site Have I Been Pwned, says the stolen data is more extensive than anything the site has ever processed …

Today, Google announced its own version of what Apple is doing with Private Cloud Compute, in what may be a landmark moment for the consumer AI market. Here’s why.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

PSA! Starting today (Nov. 3), Microsoft-owned LinkedIn will expand its use of user profile details, posts, and feed activity — excluding private messages — in the UK, EU, Switzerland, Canada, and Hong Kong to train its artificial intelligence models, as well as support personalized ads across Microsoft products.

The good news here: You can opt out of having your, presumably very humble posts and professional achievements, scraped into LLM-training pens.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Update, November 1, 10:59 a.m. ET: Apple has removed the sketchy ChatGPT clone app mentioned below. I’ve also received unverified claims that many other copycats have been taken down too.

Around this time two years ago, OpenAI’s incredibly popular GPT-4 API was spreading like wildfire all over the App Store. It wasn’t long before AI-powered productivity apps, chatbot companions, nutritional trackers, and basically anything else you could think of dominated the charts, garnering millions of downloads. Fast forward to today, many of those vibe-coded, opportunistic apps have disappeared, partly due to cooling hype but also Apple’s tougher stance against knockoffs and misleading apps.

However, this week, security researcher Alex Kleber noticed that one misleading AI chatbot, impersonating OpenAI’s branding, managed to achieve top marks in the Business category. Albeit on the less popular Mac App Store, this is still significant and warrants a brief PSA to be cautious when sharing personal information with these apps.

Security-conscious readers probably already use the data breach alert site Have I Been Pwned, but a new Proton website is aiming to alert you at an earlier stage with what the company says will be near real-time reporting.

The company behind ProtonMail says it has launched the Data Breach Observatory because it can sometimes take too long to find out when your personal data has been made available for sale on the dark web …

In a statement to the German Press Agency, Apple claimed that it may have to turn off App Tracking Transparency in Europe as a result of “intense lobbying efforts”. Here’s why.

A tactic used by a growing number of scammers is to impersonate help centres in order to trick victims into sharing their screens via WhatsApp. By doing so, they can obtain sensitive information like bank account details and verification codes.

Meta says WhatsApp will now intervene when someone attempts to use screen sharing with an unknown contact during a video call. The company will also proactively flag suspicious-looking chats in Facebook Messenger …

The Department of Homeland Security says that Chinese criminal gangs have made more than $1 billion from text scams sent to US phone numbers over the past three years.

Scam texts about fake highway toll payments, US Postal Service fees, and traffic violation fines are used to obtain credit card details. They also trick victims into submitting a one-time code from their bank, which allows the criminals to add the card to Apple Wallet …

Apple recently explained how it will comply with an App Store age verification law in Texas, and it will now face a similar requirement in California.

Apple found a privacy-respecting approach to the Texas law, and it seems that it will be able to adopt a similar one here …