International investigation finds 23 Apple devices that were successfully hacked. From a report: The text delivered last month to the iPhone 11 of Claude Mangin, the French wife of a political activist jailed in Morocco, made no sound. It produced no image. It offered no warning of any kind as an iMessage from somebody she didn't know delivered malware directly onto her phone -- and past Apple's security systems. Once inside, the spyware, produced by Israel's NSO Group and licensed to one of its government clients, went to work, according to a forensic examination of her device by Amnesty International's Security Lab. It found that between October and June, her phone was hacked multiple times with Pegasus, NSO's signature surveillance tool, during a time when she was in France. The examination was unable to reveal what was collected. But the potential was vast: Pegasus can collect emails, call records, social media posts, user passwords, contact lists, pictures, videos, sound recordings and browsing histories, according to security researchers and NSO marketing materials.

The spyware can activate cameras or microphones to capture fresh images and recordings. It can listen to calls and voice mails. It can collect location logs of where a user has been and also determine where that user is now, along with data indicating whether the person is stationary or, if moving, in which direction. And all of this can happen without a user even touching her phone or knowing she has received a mysterious message from an unfamiliar person -- in Mangin's case, a Gmail user going by the name "linakeller2203." These kinds of "zero-click" attacks, as they are called within the surveillance industry, can work on even the newest generations of iPhones, after years of effort in which Apple attempted to close the door against unauthorized surveillance -- and built marketing campaigns on assertions that it offers better privacy and security than rivals.

[...] Researchers have documented iPhone infections with Pegasus dozens of times in recent years, challenging Apple's reputation for superior security when compared with its leading rivals, which run Android operating systems by Google. The months-long investigation by The Post and its partners found more evidence to fuel that debate. Amnesty's Security Lab examined 67 smartphones whose numbers were on the Forbidden Stories list and found forensic evidence of Pegasus infections or attempts at infections in 37. Of those, 34 were iPhones -- 23 that showed signs of a successful Pegasus infection and 11 that showed signs of attempted infection.

Cellphones "can be transformed into surveillance devices," writes the Guardian, reporting startling new details about which innocent people are still being surveilled (as part of a collaborative reporting project with 16 other media outlets led by the French nonprofit Forbidden Stories).

Long-time Slashdot reader shanen shared the newspaper's critique of a "privatised government surveillance industry" that's made NSO a billion-dollar company, thanks to its phone-penetrating spy software Pegaus: [NSO] insists only carefully vetted government intelligence and law enforcement agencies can use Pegasus, and only to penetrate the phones of "legitimate criminal or terror group targets". Yet in the coming days the Guardian will be revealing the identities of many innocent people who have been identified as candidates for possible surveillance by NSO clients in a massive leak of data... The presence of their names on this list indicates the lengths to which governments may go to spy on critics, rivals and opponents.

First we reveal how journalists across the world were selected as potential targets by these clients prior to a possible hack using NSO surveillance tools. Over the coming week we will be revealing the identities of more people whose phone numbers appear in the leak. They include lawyers, human rights defenders, religious figures, academics, businesspeople, diplomats, senior government officials and heads of state. Our reporting is rooted in the public interest. We believe the public should know that NSO's technology is being abused by the governments who license and operate its spyware.

But we also believe it is in the public interest to reveal how governments look to spy on their citizens and how seemingly benign processes such as HLR lookups [which track the general locations of cellphone users] can be exploited in this environment.

It is not possible to know without forensic analysis whether the phone of someone whose number appears in the data was actually targeted by a government or whether it was successfully hacked with NSO's spyware. But when our technical partner, Amnesty International's Security Lab, conducted forensic analysis on dozens of iPhones that belonged to potential targets at the time they were selected, they found evidence of Pegasus activity in more than half.
The investigators say that potential targets included nearly 200 journalists around the world, including numerous reporters from CNN, the Associated Press, Voice of America, the New York Times, the Wall Street Journal, Bloomberg News, Le Monde in France, and even the editor of the Financial Times.

In addition, the investigators say they found evidence the Pegasus software had been installed on the phone of the fiancée of murdered Saudi journalist Jamal Khashoggi. NSO denies this to the Washington Post. But they also insist that they're simply licensing their software to clients, and their company "has no insight" into those clients' specific intelligence activities.

The Washington Post reports that Amnesty's Security Lab found evidence of Pegasus attacks on 37 of 67 smartphones from the list which they tested. But beyond that "for the remaining 30, the tests were inconclusive, in several cases because the phones had been replaced. Fifteen of the phones were Android devices, none of which showed evidence of successful infection. However, unlike iPhones, Androids do not log the kinds of information required for Amnesty's detective work."

Familiar privacy measures like strong passwords and encryption offer little help against Pegasus, which can attack phones without any warning to users. It can read anything on a device that a user can, while also stealing photos, recordings, location records, communications, passwords, call logs and social media posts. Spyware also can activate cameras and microphones for real-time surveillance.

"This week, a 22-year-old self-described Bitcoin millionaire introduced the Freedom Phone, a $499 device meant to be completely free from 'Big Tech's' censorship and influence," reports PC Magazine.

"But it turns out the same smartphone is actually from China, and probably just a cheap knock-off." The Freedom Phone comes from Erik Finman, who unveiled the device earlier this week. He claims the product has everything Trump supporters could dream of, including an "uncensorable" app store, preinstalled conservative-friendly apps including Parler and Rumble, and even its own anti-surveillance operating system called FreedomOS... However, The Daily Beast noticed the Freedom Phone looks strikingly similar to a budget smartphone device from a Chinese vendor called Umidigi. The device is called the Umidigi A9 pro, and you can actually buy it over on the Chinese e-commerce site AliExpress starting at $119. Finman later told The Daily Beast that the Freedom Phone was indeed sourced from Umidigi, a company that's based in Shenzhen, China...

An uncensorable app store opens the door for hackers and shady developers to circulate malware and data-collecting programs to users. We're also doubtful Freedom Phone has its own operating system if it can run apps such as Parler and Rumble, in addition to Signal, Telegram and Brave
The Daily Beast adds this anecdote: The Freedom Phone's "Freedom OS" operating system is based on Google's Android operating system, according to Finman. But during a livestream video promoting the phone, right-wing activist Anna Khait was confused by her fans' basic questions about the phone. "Is it an Android?" Khait said. "I'm not really sure. No, it's a Freedom Phone."
Gizmodo calls the phone's web site "radically vague on the details." There is no information about the phone's operating system, storage, camera, CPU, or RAM capabilities. It has a list of features, but there are no actual details about them. Instead, under each feature, there's merely a "Buy it now" button which redirects you to the site's shopping cart. The phone's hefty price, combined with the company's total lack of transparency, is ridiculous — essentially asking the buyer to cough up half a grand in exchange for, uh, something...!
But Gizmodo also shares a philosophical thought: Before we get into the specifics of why this device probably sucks, let me just say that the desire to have a phone that is dedicated to protecting your autonomy and privacy is a reasonable one — and should be encouraged. That said, I don't think the Freedom Phone provides that. Actually, aside from its overt partisan bent, it's impossible to tell what kind of device this is because Finman and his acolytes haven't provided any information about it...

The funny thing is, if Trump voters are looking for a way to get off the "Big Tech" grid, there's no need for them to buy this sketchy shit. There are actually entire subcultures within the phone industry dedicated to escaping the Android/iOS paradigm. You can wade into the de-Googled phone sector, for instance — where Android phones are sold that have ostensibly been refurbished to rid the devices of code that will "send your personal data" back to the tech giant. There's also the Linux-based Pinephone, which sells at a fraction of the Freedom Phone's cost (between $150 and $200), and is a favorite of those in the privacy community. All of these come with caveats, obviously, but the point is that there are much more transparent and affordable options than the Freedom Phone...

It'd be nice if Americans could actually come together around the issue of privacy since it's an area where — regardless of political party — we're all collectively getting screwed.

Chinese smartphone maker Xiaomi was the second-largest smartphone maker in the second quarter, overtaking Apple, according to analyst firm Canalys. CNBC reports: Xiaomi had a 17% share of global smartphone shipments, ahead of Apple's 14% and behind Samsung's 19%. "Xiaomi is growing its overseas business rapidly," Canalys research manager Ben Stanton said in a press release, noting shipments increased 300% year on year in Latin America and 50% in Western Europe. The Chinese smartphone maker posted year-on-year smartphone shipment growth of 83% versus 15% for Samsung and 1% for Apple. Stanton noted, however, that Xiaomi phones are still skewed toward the mass market, with the average selling price of its handsets 75% cheaper than Apple's.

A few months ago PC Magazine explained eSIMs: You almost certainly have a SIM card: a thumbnail-sized chip that sits in your mobile phone, telling it which carrier and what phone number you use. Now those SIMs are going digital (or "e") and moving your information to a reprogrammable, embedded chip.

A SIM card is a "subscriber identity module." Required in all GSM, LTE, and 5G devices, it's a chip that holds your customer ID and details of how your phone can connect to its mobile network... An eSIM takes the circuitry of a SIM, solders it directly to a device's board, and makes it remotely reprogrammable through software... There are some minor consumer downsides, though. With eSIMs, it's harder to switch one plan between devices — you can't just swap the physical card around — and they can make it harder for you to temporarily remove your SIM if you don't want to be tracked by a carrier.

Google's Pixels have had eSIMs since 2017, and Apple's iPhones have had them since 2018...
Now let's see how long-time Slashdot reader shanen feels about them: Shopping for a new smartphone due to premature battery swelling of a cheapie, but surprised to find out I can't just plug the SIM into a new phone. There ain't no SIM here, but rather the dying phone has an eSIM.... Quick research indicated it's only software, so my obvious question is "How secure can an eSIM be?" (The obvious search results also fail to produce "fresh" results.)

But the black hats have already had a couple of years to work on the problem, and it seems intrinsically difficult to do anything securely if you're only using software. My probably obsolete understanding is that part of the basis of SIM security is that you'd have to destroy the SIM to save its data, but is there an actual security expert in the house?

Related question based on my surprise. How would you even know if you're using an eSIM? Especially since it appears to be possible to use an eSIM on a phone with a SIM.
Share your own thoughts and opinions in the comments.

How secure is an eSIM?

Motherboard bought an FBI "Anom" phone that the agency secretly sells to criminals to monitor their communications. Joseph Cox reports: The sleek, black phone seems perfectly normal. Unlocking the Google Pixel 4a with a PIN code reveals some common apps: Tinder, Instagram, Facebook, Netflix, and even Candy Crush. But none of those apps work, and tapping their icons doesn't do anything. Resetting the phone and typing in another PIN opens up an entirely different section of the device, with a new background and new apps. Now in place of the old apps sit a clock, a calculator, and the device's settings. Clicking the calculator doesn't open a calculator -- it opens a login screen.

"Enter Anom ID" and a password, the screen reads. Hidden in the calculator is a concealed messaging app called Anom, which last month we learned was an FBI honeypot. On Anom, criminals believed they could communicate securely, with the app encrypting their messages. They were wrong: an international group of law enforcement agencies including the FBI were monitoring their messages and announced hundreds of arrests last month. International authorities have held press conferences to tout the operation's success, but have provided few details on how the phones actually functioned.

Motherboard has obtained and analyzed an Anom phone from a source who unknowingly bought one on a classified ads site. On that site, the phone was advertised as just a cheap Android device. But when the person received it, they realized it wasn't an ordinary phone, and after being contacted by Motherboard, found that it contained the secret Anom app. When booting up the phone, it displays a logo for an operating system called "ArcaneOS." Very little information is publicly available on ArcaneOS. It's this detail that has helped lead several people who have ended up with Anom phones to realize something was unusual about their device. Most posts online discussing the operating system appear to be written by people who have recently inadvertently bought an Anom device, and found it doesn't work like an ordinary phone. After the FBI announced the Anom operation, some Anom users have scrambled to get rid of their device, including selling it to unsuspecting people online. The person Motherboard obtained the phone from was in Australia, where authorities initially spread the Anom devices as a pilot before expanding into other countries.

An anonymous reader shares the findings of a new study from the University of Chicago. From a report: If service becomes slow when you're trying to send a quick email on your smartphone, you might scroll through your network options and discover how many Wi-Fi networks there are. In fact, this plethora of options is itself the problem. These networks are in competition with one another, limiting the speed at which each can operate. University of Chicago researchers have demonstrated how this increased network competition could negatively impact internet service for everyday users.

When a cellular provider, such as T-Mobile or AT&T, licenses a spectrum band from the FCC, they reserve its exclusive use. As a result, networks operating on licensed bands experience little interference. This allows providers to establish fast and reliable service, but it comes at a cost. To improve bandwidth [to accommodate] more users] without breaking the bank, these providers have begun to also use the unlicensed spectrum via cellular networks using a mode called licensed assisted access (LAA), which operates on the same bands used for Wi-Fi. [The researchers] set out to examine how this shared use of the unlicensed spectrum, called coexistence, impacted both Wi-Fi and cellular users.

"We actually found an LAA station located on the UChicago campus, on a pole in front of the bookstore, and in this outside space campus Wi-Fi is also in use," [Monisha Ghosh, associate member in the Department of Computer Science at the University of Chicago and research professor in the Pritzker School of Molecular Engineering] said. "That provided an experimental platform in our backyard, so we started taking measurements." [...] By accessing multiple networks simultaneously, the group found that competition decreased performance -- reducing the amount of data transmitted, the speed of transmission, and the signal quality. This competition was particularly detrimental to Wi-Fi. When LAA was also in active use, data transmitted by Wi-Fi users decreased up to 97%. Conversely, LAA data only exhibited a 35% decrease when Wi-FI was also in use. Ghosh explained that the incompatibility between Wi-Fi and LAA owes in part to the different protocols each employs to deal with heavy internet traffic. The researchers presented their findings in a paper via arXiv.

Popular benchmark site Geekbench has removed OnePlus 9 benchmarks from its charts due to allegations that the company designed Oxygen OS optimization tools in such a way that they could be viewed as cheating. Android Authority reports: Yesterday, AnandTech posted some information about "weird behavior" it spotted with the OnePlus 9 Pro. According to the team's research, Oxygen OS apparently limits the performance of some popular Android apps -- but none of those apps are benchmark suites. Geekbench, one of the more popular benchmarking sites, took these allegations seriously. After conducting its own investigation, Geekbench recently announced that it has removed all OnePlus 9 benchmarks from its charts. Geekbench, one of the more popular benchmarking sites, took these allegations seriously. After conducting its own investigation, Geekbench recently announced that it has removed all OnePlus 9 benchmarks from its charts. Geekbench called Oxygen OS's behavior a form of "benchmark manipulation." OnePlus has yet to issue a statement on the matter. In some of our own testing, we found that AnandTech's data is on the mark. We found that the OnePlus 9 series limits the performance of Google Chrome while older OnePlus phones do not. OnePlus issued a statement to Android Authority addressing the matter: "Our top priority is always delivering a great user experience with our products, based in part on acting quickly on important user feedback. Following the launch of the OnePlus 9 and 9 Pro in March, some users told us about some areas where we could improve the devices' battery life and heat management. As a result of this feedback, our R&D team has been working over the past few months to optimize the devices' performance when using many of the most popular apps, including Chrome, by matching the app's processor requirements with the most appropriate power. This has helped to provide a smooth experience while reducing power consumption. While this may impact the devices' performance in some benchmarking apps, our focus as always is to do what we can to improve the performance of the device for our users."

This is reminiscent of when the company was caught pushing the OnePlus 5's performance capabilities when the OS detected a benchmark app. This resulted in artificially inflated scores that users would not see during real-world usage.

Last month, it was revealed that OnePlus will become an Oppo sub-brand. Now, the company announced that it's also merging OxygenOS with Oppo's ColorOS operating system. 9to5Google reports: In a forum post today, OnePlus explains that the sub-brand of Oppo is "working on integrating the codebase of OxygenOS and ColorOS." Apparently, the change will go unnoticed because it is happening behind the scenes: "This is a change that you will likely not even notice since it's happening behind the scenes. We now have a larger and even more capable team of developers, more advanced R&D resources, and a more streamlined development process all coming together to improve the OxygenOS experience."

OnePlus also further reiterates that OxygenOS will remain the "global" operating system for OnePlus-branded devices rather than ColorOS, which runs on Oppo devices and OnePlus devices in China, too. It's not mentioned if OxygenOS will change visually, but it's fairly clear that will happen based on early looks at the Android 12 Beta which is available for OnePlus 9 devices. The bright side of this change, however, is that OnePlus will be committing to a stronger Android update schedule that delivers at least three years of support to the company's entire portfolio.

An anonymous reader quotes a report from 9to5Google: SMS is widely regarded as an insecure form of two-factor authentication, and another example of this has just emerged. A carrier looks to be injecting ads into the Google verification code used to sign in to services like Gmail. Action Launcher developer Chris Lacy today tweeted how his Google verification code -- which starts with "G-" -- featured an "SMS AD." The advertisement -- for a VPN -- includes a quick message and short URL. For those that immediately suspect this is just a phishing attempt, the verification code is legitimate and was requested by Lacy to successfully verify a login attempt. Google Messages even flagged the link/message as spam. As such, Googlers responding to the thread suspect this is an occurrence of a carrier appending an ad -- note the extra spaces -- into a real text message. It's very unlikely that Google's security teams would allow advertising into a very crucial part of the login process where end user trust is paramount.

Google issued the following statement to us today: "These are not our ads and we are currently working with the wireless carrier to understand why this happened." Google confirms that the "SMS AD" did not originate from its own advertising network. Meanwhile, it's working with the wireless carrier in question to find out what occurred. Lacy has decided "not to state the carrier for privacy reasons," and Google did not share that information either.

An anonymous reader quotes a report from The Verge: United Airlines is adding a long-awaited feature to the in-flight entertainment seatback screens of its new Boeing 737 Max 8 jets -- support for Bluetooth headphones. The company is making the upgrade as part of "United Next," a new plan to expand and modernize its fleet with what it says are larger, fuel-efficient jets and a more comfortable in-flight experience. Adding seatback screens made a huge difference in how tolerable flying is, but it's been held up by lagging audio support that The Verge has even written a guide to getting around. And this isn't a problem unique to United. Other airlines like Delta or JetBlue have been offering seatback screens for years, but have also saddled flyers with analog audio. United just might be one of the first airlines to start the next wave of inflight entertainment improvements (hopefully).

However, there's room for things to go a bit sideways. As part of its upgrades, United's new 737 Max 8 jets offer 10 or 13-inch inflight entertainment screens on the backs of all seats, which might mean a lot of people trying to connect to Bluetooth at once. That could cause interference, and might also make the process of connecting your headphones more of a chore if you're having to hunt through multiple devices trying to pair in the same menu. United currently only offers Bluetooth on its Max 8 jets which it says should start flying this summer. The company didn't share how it plans to address issues with Bluetooth, but said it's still "studying the technology."

"When U.S. law enforcement officials need to cast a wide net for information, they're increasingly turning to the vast digital ponds of personal data created by Big Tech companies via the devices and online services that have hooked billions of people around the world," reports the Associated Press: Data compiled by four of the biggest tech companies shows that law enforcement requests for user information — phone calls, emails, texts, photos, shopping histories, driving routes and more — have more than tripled in the U.S. since 2015. Police are also increasingly savvy about covering their tracks so as not to alert suspects of their interest... In just the first half of 2020 — the most recent data available — Apple, Google, Facebook and Microsoft together fielded more than 112,000 data requests from local, state and federal officials. The companies agreed to hand over some data in 85% of those cases. Facebook, including its Instagram service, accounted for the largest number of disclosures.

Consider Newport, a coastal city of 24,000 residents that attracts a flood of summer tourists. Fewer than 100 officers patrol the city — but they make multiple requests a week for online data from tech companies. That's because most crimes — from larceny and financial scams to a recent fatal house party stabbing at a vacation rental booked online — can be at least partly traced on the internet. Tech providers, especially social media platforms, offer a "treasure trove of information" that can help solve them, said Lt. Robert Salter, a supervising police detective in Newport.

"Everything happens on Facebook," Salter said. "The amount of information you can get from people's conversations online — it's insane."

As ordinary people have become increasingly dependent on Big Tech services to help manage their lives, American law enforcement officials have grown far more savvy about technology than they were five or six years ago, said Cindy Cohn, executive director of the Electronic Frontier Foundation, a digital rights group. That's created what Cohn calls "the golden age of government surveillance." Not only has it become far easier for police to trace the online trails left by suspects, they can also frequently hide their requests by obtaining gag orders from judges and magistrates. Those orders block Big Tech companies from notifying the target of a subpoena or warrant of law enforcement's interest in their information — contrary to the companies' stated policies...

Nearly all big tech companies — from Amazon to rental sites like Airbnb, ride-hailing services like Uber and Lyft and service providers like Verizon — now have teams to respond...
Cohn says American law is still premised on the outdated idea that valuable data is stored at home — and can thus be protected by precluding home searches without a warrant. At the very least, Cohn suggests more tech companies should be using encryption technology to protect data access without the user's key.

But Newport supervising police detective Lt. Robert Salter supplied his own answer for people worried about how police officers are requesting more and more data. "Don't commit crimes and don't use your computer and phones to do it."

According to new research from Strategy Analytics, half the world's entire population now owns a smartphone in June 2021. Some 4 billion people use a smartphone today. It has taken 27 years to reach this historic milestone. From a report: Yiwen Wu, Senior Analyst at Strategy Analytics, said, "We estimate the global smartphone user base has risen dramatically from just 30k people in 1994 to 1.00 billion in 2012, and a record 3.95 billion today in June 2021. With an estimated 7.90 billion people in total on the planet in June 2021, it means 50% of the whole world now owns a smartphone. It has taken 27 years to reach this historic milestone."

London Underground passengers will be able to get mobile coverage across the rail network by the end of 2024, it has been announced. MacRumors reports: In a press release, Transport for London (TfL) said the capital's Oxford Circus, Tottenham Court Road and Bank stations would be among the first fully connected stations by the end of the year, followed by Tottenham Court Road, Euston, and Camden Town by the end of 2022. Mobile reception was introduced on the eastern half of the Jubilee line in March last year. TfL says the additional infrastructure will support 5G as well as 4G, but that it will be the responsibility of mobile operators to offer support for the fastest network speeds.

TfL is partnering with BAI Communications (BAI), a global provider of 4G and 5G connected infrastructure, to plug so-called coverage "not-spots" in the underground network. The over 1,242 miles of fibre cabling installed in London Underground tunnels will also benefit above-ground coverage for buildings and other infrastructure by allowing more mobile transmitters to be installed.

The government in Pakistan's largest province, Punjab, has decided to block SIM cards of unvaccinated citizens, reports the Hindustan Times (one of the largest newspapers in India), citing reports from news agency ANI.
Dr. Rashid, the provincial health minister in Pakistan's Punjab, said that there has been a "considerable decrease" in Covid-19 cases in the province due to mass vaccinations. However, a report compiled by the Punjab primary health department shows that the province still failed to achieve its set target for Covid-19 vaccination, reports ARY News, adding that around 300,000 recipients of the first dose of the vaccine never returned for the second dose since the start of Pakistan's mass inoculation drive on February 2.

"Apple paid a multimillion dollar settlement to a woman after iPhone repair techs posted risque pictures from her phone to Facebook," reports the Washington Post, citing legal documents obtained by the Telegraph.

An unnamed Oregon college student "sent her phone to Apple for repairs after it stopped working" in 2016, and the iPhone ended up at Apple-approved repair contractor Pegatron... Two iPhone repair technicians in Sacramento, uploaded "10 photos of her in various stages of undress and a sex video" to her Facebook account, resulting in "severe emotional distress" for the young woman, according to the Telegraph's review of legal records. Pegatron, a major Apple manufacturer with facilities across the globe, had to reimburse Apple for the settlement and face insurers who didn't want to pay for it, according to the news outlet...

The settlement isn't the first time Apple has had to handle the misdeeds of employees. In 2019, a California woman alleged that an Apple store employee had texted a private picture on her phone to himself. That employee was no longer working for the company after Apple conducted its investigation. Apple store employees at a Brisbane, Australia, location were fired in 2016 for taking candid pictures of female employees and customers' bodies and stealing photos from consumers' phones to rank their bodies.
"Apple keeps a firm grip on the repair of its devices, arguing that allowing only approved retailers and vendors to repair its products ensures the privacy of its customers," the article points out.

"The revelation of the lawsuit pokes holes in the company's stance that only authorized retailers can keep customer information secure."

During the Epic v. Apple trial, an email chain surfaced that reveals Apple seemingly admitted "it manually boosted the ranking of its own Files app ahead of the competition for 11 entire months," reports The Verge. This comes after two monstrous reports by The Wall Street Journal and The New York Times showed Apple's App Store clearly and consistently ranking its own apps ahead of competitors. Apple claimed it had done nothing wrong. The Verge reports: "We are removing the manual boost and the search results should be more relevant now," wrote Apple app search lead Debankur Naskar, after the company was confronted by Epic Games CEO Tim Sweeney over Apple's Files app showing up first when searching for Dropbox. "Dropbox wasn't even visible on the first page [of search results]," Sweeney wrote. As you'll see, Naskar suggested that Files had been intentionally boosted for that exact search result during the "last WWDC." That would have been WWDC 2017, nearly a year earlier, when the Files apps first debuted. The email chain actually reflects fairly well on Apple overall. Apple's Matt Fischer (VP of the App Store) clearly objects to the idea at first. "[W]ho green lit putting the Files app above Dropbox in organic search results? I didn't know we did that, and I don't think we should," he says. But he does end the conversation with "In the future, I want any similar requests to come to me for review/approval," suggesting that he's not entirely ruling out manual overrides.

But Apple tells The Verge that what we think we're seeing in these emails isn't quite accurate. While Apple didn't challenge the idea that Files was unfairly ranked over Dropbox, the company says the reality was a simple mistake: the Files app had a Dropbox integration, so Apple put "Dropbox" into the app's metadata, and it was automatically ranked higher for "Dropbox" searches as a result. I'm slightly skeptical of that explanation -- partially because it doesn't line up with what Naskar suggests in the email, partially because Apple also told me it immediately fixed the error (despite it apparently continuing to exist for 11 months, hardly immediate), and partially because the company repeatedly ignored my questions about whether this has ever happened with other apps before. The most Apple would tell me is that it didn't manually boost Files over competitors, and that "we do not advantage our apps over those of any developer or competitor" as a general rule.

At WWDC today, Apple announced an update to its Wallet app that will let you add information from an ID card in certain supported U.S. states. One of the first partners to support the digital identities will be the U.S. Transportation Security Administration. AppleInsider reports: All of the information in Wallet will be stored in a secure and encrypted fashion. Like an actual ID, it will include a person's legal name, date of birth, photo, and Real ID status. In addition to the support for IDs, Apple is also expanding the types of keys that users can add to Wallet. That includes keys to a smart home lock, keys to hotel rooms, and work badges that can be scanned to gain entry to a workplace. For example, Hyatt is rolling out its support for digital keys in Wallet to more than 1,000 properties later in 2021. The company says your license or state ID will be encrypted and stored in the iPhone's secure enclave. It's also working on adding features for unlocking cars from various manufacturers using their ultra-wideband chip (UWB) found in the new iPhones and Apple Watches.

"Apple's tightly controlled App Store is teeming with scams," argues a 3,000-word exposé in Sunday's Washington Post

"Among the 1.8 million apps on the App Store, scams are hiding in plain sight. Customers for several VPN apps, which allegedly protect users' data, complained in Apple App Store reviews that the apps told users their devices have been infected by a virus to dupe them into downloading and paying for software they don't need. A QR code reader app that remains on the store tricks customers into paying $4.99 a week for a service that is now included in the camera app of the iPhone. Some apps fraudulently present themselves as being from major brands such as Amazon and Samsung. Of the highest 1,000 grossing apps on the App Store, nearly two percent are scams, according to an analysis by The Washington Post. And those apps have bilked consumers out of an estimated $48 million during the time they've been on the App Store, according to market research firm Appfigures.

The scale of the problem has never before been reported. What's more, Apple profits from these apps because it takes a cut of up to a 30 percent of all revenue generated through the App Store.

Even more common, according to The Post's analysis, are "fleeceware" apps that use inauthentic customer reviews to move up in the App Store rankings and give apps a sense of legitimacy to convince customers to pay higher prices for a service usually offered elsewhere with higher legitimate customer reviews...

Apple has long maintained that its exclusive control of the App Store is essential to protecting customers, and it only lets the best apps on its system. But Apple's monopoly over how consumers access apps on iPhones can actually create an environment that gives customers a false sense of safety, according to experts... Apple isn't the only company that struggles with this issue: They're also on Google's Play Store, which is available on its Android mobile operating system. But unlike Apple, Google doesn't claim that its Play Store is curated. Consumers can download apps from different stores on Android phones, creating competition between app stores...

When it comes to one type of scam, there's evidence that Apple's store is no safer than Google's. Avast analyzed both the Apple and Google app stores in March, looking for fleeceware apps. The company found 134 in the App Store and 70 on the Play Store, with over a billion downloads, about half on Android and half on iOS, and revenue of $365 million on Apple and $38.5 million on Android. Most the victims were in the United States.

"Walmart will give 740,000 employees free Samsung smartphones by the end of the year," reports CBS News, "so they can use a new app to manage schedules, the company announced Thursday." The phone, the Samsung Galaxy XCover Pro, can also be used for personal use, and the company will provide free cases and protection plans. The phone's retail price is currently $499... Up until now, associates at Walmart stores used handheld devices they shared to communicate, but an initial test with employee smartphones was received well and will now be expanded upon, Walmart said...

The company promised that it would not have access to any employee's personal data and can "use the smartphone as their own personal device if they want, with all the features and privacy they're used to." The test will be expanded by the end of the year, Walmart said.

Earlier this year, Walmart announced pay increases for nearly a third of its U.S. workforce of 1.6 million. In February, digital and store workers saw their starting hourly rates increase from $13 to $19 depending on their location and market.