Privacy

Direct payments between Venmo and PayPal will finally become possible from November, some 11 years after it was first expected.

While some may find it convenient, it also opens a new route to scammers, so there’s a privacy setting you may wish to change when it goes live …

Neon, the app that pays you to share your audio recordings with an AI system, says that it will return despite its recent massive security breach.

The app shot up the App Store ratings after promising to pay users hundreds or even thousands of dollars per year for allowing their audio conversations to be used to train AI chatbots …

We learned back in February that the British government had secretly ordered Apple to create a worldwide backdoor into iCloud. We said at the time that the demand was “as technically clueless as it is outrageous.”

Apple responded very intelligently, and it seemed from a development last month that the UK had withdrawn its demand. We’re learning today that this isn’t in fact the case …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Earlier this year, Apple announced that it was leading the charge on a cross-industry effort to bring end-to-end encryption (E2EE) to the RCS Universal Profile, which is published by the GSMA. Apple told 9to5Mac in March it would come to the iPhone in a future software update. Google soon after jumped in, stating it too was ‘committed to providing a secure messaging experience.’

I didn’t think it was completely unreasonable to assume we’d see this showcased at WWDC 2025…that didn’t happen. Then I thought maybe in one of the iOS 26 betas? Also nothing. So, what happened to cross-platform E2EE for RCS messaging? Is it still coming?

Researchers have discovered major Tile security flaws that could let both the company itself and a tech-savvy stalker track your location. These arise from two crucial differences between the security used for AirTags and Tile tags.

The flaw could even be exploited to allow a malicious actor to falsely frame a Tile owner for stalking, by making it appear as if one of your Tile tags is constantly in the vicinity of somebody else’s tag …

Earlier today, we covered the skyrocketing success of Neon, an app that pays users in exchange for recording their phone calls. Now, the app has gone offline, following the discovery of an egregious security breach. Here are the details.

A bizarre app that invites you to record and share your audio calls so that it can sell the data to AI companies has become the second most downloaded social app in the app store.

Neon Mobile says that users can sell their privacy for hundreds or even thousands of dollars per year by allowing their audio conversations to be used for AI training …

For many years, it was accepted wisdom that Mac malware wasn’t really an issue. One of the reasons for that was that the market share was simply too low to make it a worthwhile target for attackers.

Today, of course, is a very different world. Macs are the fourth most popular brand of personal computers, and as owners of a premium brand, Mac owners make a juicy target. Does that mean you need third-party antivirus software on a Mac, or are the built-in security protections good enough? A very thorough test sought to find out …

Mobile carriers are very slowly getting better at detecting and blocking scam texts, but it seems the fraudsters may still be staying ahead of the game.

Scammers are now using a technology known as SMS blasters, backpack-sized devices that can trick smartphones into thinking they are cell towers …

In a threat and incidents report released today, France’s Information Security Agency confirmed that Apple issued a new wave of threat notifications earlier this month. Here are the details.

After warning 9to5Mac last month about undetectable Mac malware hidden in a fake PDF converter site, Mosyle, a leader in Apple device management and security, has now uncovered a new infostealer. Dubbed ModStealer, the malware has remained invisible to all major antivirus engines since first appearing on VirusTotal nearly a month ago.

In details shared exclusively with 9to5Mac, Mosyle says ModStealer doesn’t just target macOS systems, but is cross-platform and purpose-built for one thing: stealing data.

A Plex data breach in 2022 exposed usernames, email addresses, and encrypted passwords. The company required all users to change their passwords as a precaution, and now history seems to be repeating itself.

The company is again emailing users, using virtually identical wording to describe to report a new data breach with the same data obtained …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

If you’re reading this week’s Security Bite on your desktop, look closely at your browser’s address bar. Notice how the main (root) domain is bolder, while the rest of the URL is a lighter grey? This is not an accident, it’s a purposly implemented psychological trick called salience bias. This little design choice has protected users from phishing attacks for over a decade.

A TransUnion data breach has exposed sensitive personal information for millions of US consumers, including dates of birth and social security numbers.

However, reports of a major Gmail security problem affecting all 2.5 billion users are false, though loosely based on a far more contained incident back in June …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

In an earlier edition of Security Bite, I predicted that Apple would finally announce end-to-end encryption (E2EE) to the RCS Universal Profile at WWDC 2025. That didn’t happen, but Apple did introduce two nice spam-protection tools along with a series of smaller updates designed to make the iPhone safer for everyone. Now that iOS 26 is basically in its final form ahead of wide release in tandem with the launch of iPhone 17, here’s a rundown of my favorite privacy features.

Apple’s commitment to end-to-end encryption is so strong that it withdrew a key privacy feature from the UK market rather than be forced to compromise it globally. The company also faced pressure on this front from the EU’s Digital Services Act (DSA).

In a surprising twist, the White House came out in support of strong encryption, and the Federal Trade Commission (FTC) is now urging Apple and other tech giants to stand firm on the issue …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

TikTok has been found selling GPS trackers through its Shop feature that are being marketed by viral videos explicitly encouraging secretly tracking a romantic partner. What’s most alarming is that these videos have millions of views, and metrics show that over a hundred thousand have been sold.

I usually reserve Security Bite for digital security topics, but this discovery was too riveting to ignore. As first reported by 404 Media, the trackers are being compared to Apple AirTags—but for the wrong reasons…

Earlier today, the Russian government announced a new rule requiring all phones and tablets to ship with MAX, its state-backed messenger app, preinstalled. Here are the details.

A former Meta product manager has claimed that the social network circumvented Apple’s privacy protections, as well as cheating advertisers, and fired him when he repeatedly raised the issue internally.

Meta is said to have found ways to identify Apple users even after they refused consent for app tracking, in order to avoid an estimated $10 billion loss of revenue …

The US Customs and Border Protection (CBP) carried out a record number of phone searches of travelers arriving at, or returning to, the US in the last quarter.

The legal position on these searches is unclear when it comes to US citizens, but there are steps you can take to protect your privacy …

More than 370,000 Grok AI chats have been published on the Grok website and indexed by search engines, making them public.

In addition to the interactive chats themselves, Elon Musk’s xAI company also published photos, spreadsheets and other uploaded documents …