Tag: iOS

By AppleInsider Staff
Saturday, March 21, 2020, 09:14 pm PT (12:14 am ET)

Apple this weekend updated its Siri voice assistant with information and assets designed to triage users who believe they are suffering from COVID-19.

Siri’s response to COVID-19 queries.

With the new capability, built using information provided by the U.S. Public Health Service and the Centers for Disease Control, Siri guides users through a set of questions designed in part to screen for the new coronavirus. Depending on user responses, the process branches to provide additional information about the disease and, if necessary, contact emergency services or a health provider.

The feature is triggered by queries like “Hey Siri, do I have the coronavirus?” and “Hey Siri, I think I have COVID-19.”

Siri first asks if users are exhibiting symptoms including fever, dry cough, or shortness of breath. A positive answer leads to a follow-up question regarding severity which, depending on the response, results in an option to automatically call 911. Those without symptoms are asked if they have been exposed to someone who tested positive for COVID-19.

Users who answer “yes” to certain questions, specifically those referencing COVID-19 symptoms, are urged to isolate and closely monitor the situation, or contact a medical provider if the condition worsens, are age 65 or over, or have a serious medical condition.

If the situation is not dire, Siri directs users to the CDC’s COVID-19 webpage or the App Store, the latter of which currently features a PSA on social distancing from the White House Coronavirus Task Force. The same PSA is in rotation on the Apple.com homepage and in the “Browse” section of Apple Music.

Siri’s COVID-19 protocol is currently restricted to the U.S., likely because the feature’s underlying information was derived from American health authorities. Whether Apple is working on similar solutions for other regions is unknown.

CNBC reported on the new Siri capability on Saturday.

In addition to user-facing resources, Apple is assisting the general public through monetary donations and the contribution of face masks in the U.S. and abroad.

By AppleInsider Staff
Monday, March 02, 2020, 07:50 pm PT (10:50 pm ET)

Following a months-long closed beta period, Nintendo on Monday announced a long-awaited multiplayer mode will be added to popular iOS racing game Mario Kart Tour on Sunday.

According to a tweet posted to Nintendo’s official Mario Kart Tour account, the upcoming mode supports up to eight simultaneous players including “in-game friends, nearby, or around the world.”

Nintendo breaks down three multiplayer game options in a separate tweet. Players can challenge friends or other nearby players to games with custom rules. A second option, called “Standard Races,” pits players against other other gamers around the world in races with two sets of rules that change daily. Finally, “Gold Races” are restricted to Mario Kart Tour Gold Pass subscribers and allow users to compete in races with four sets of rules that change daily. Rank, or “grades,” are applied to Standard and Gold Races based on performance.

Testing of the multiplayer system commenced in a closed beta round in December and was followed by public testing in January.

Multiplayer competition has been a defining feature of the Mario Kart franchise since its launch on the Super Nintendo Entertainment System in 1992 and its absence on mobile was viewed by some as a hindrance to adoption. Currently, players are limited to racing against AI bots, with in-game incentives like character unlocks and parts pushing users to continue play.

The feature is due to go live on March 8 at 8 p.m. Pacific.

Mario Kart Tour launched in September after multiple delays, with first week performance estimated at 90 million downloads. Android accounted for some 53.5 million downloads, while Apple’s iOS notched 36.5 million downloads, according to Sensor Tower.

A new development in the Apple versus Corellium legal battle has drawn two high-value private companies — L3Harris Technologies and Santander Bank —into the fight for using the iPhone virtualization software in question.

Corellium software virtualizes iOS and lets researchers look for vulnerabilities

Apple subpoenaed the companies to hand over all the communications between their companies and Corellium, how they used the iPhone virtualizing technology, and all contracts and information about Chris Wade, Corellium’s cofounder. Apple believes that this data will aid Apple’s claim that Corellium’s software is being used in violation of the DMCA by creating an exact clone of iOS for jailbreaking and security breaching services.

The subpoena for L3Harris targets its subsidiary Azimuth Security, which is known for seeking vulnerabilities in iPhone software in its role as a defense contractor. Acquisition of information about known iPhone vulnerabilities could not only aid Apple in the court case, but help them close up previously unknown vulnerabilities.

Forbes claims knowledge of court filings not publicly available as of yet. The publication claims that Apple targeted Santander Bank after it used the software in a trial. The nature of the trial or what a bank would need with iOS virtualization software is unknown, however.

Santander Bank went on the record in saying they are not currently a Corellium client. A Tweet from bank head of research, Dan Cuthbert, suggested they were at least in possession of it.

In a follow up to the tweet, Daniel Cuthbert continued to remark that Apple was making a poor move in suing Corellium. That the software provided streamlined testing by removing clunky physical devices.

This clash has no end in sight. In other court filings, it was disclosed that Apple attempted to purchase Corellium in 2018, and the offer was declined. Since then, Corellium and Apple seem to be fighting in and out of the courtroom, with Corellium’s lawyer describing Apple as a “bully.”

Corellium’s lawyer David Hecht says that “we will continue to expose Apple’s bad faith tactics and, ultimately, prevail against it.”

Following our initial publication, Hecht, the Managing Partner of Pierce, Bainbridge, Beck, Price & Hecht, reached out to AppleInsider to comment on Apple’s filings.

“Apple’s subpoenas to Santander and Harris appear to have been issued solely to harass Corellium and harm its business relationships. Apple is trying to intimidate a Corellium supporter by subpoenaing his employer, Santander, even though Santander has no relationship to Corellium,” said David Hecht to AppleInsider. “Apple has been trying to harm Corellium’s business and reputation since its failed acquisition of Corellium in 2018 and is now issuing subpoenas to Corellium’s client, Harris. Corellium will be moving to quash both subpoenas.”

Apple also stated that Corellium is harassing its own people, citing an incident with their SVP of software engineering, Craig Federighi. Forbes notes that the SVP met with Corellium cofounder Harris multiple times, yet Apple says there are others in the company more knowledgeable about their dealings with Corellium.

This case continues, amidst calls for Apple to submit to government requests to weaken security and encryption. Apple’s viewpoint is that the Corellium software is an unlawful engineering of iOS, and seeks to prevent its spread while saying that it is trying to protect not just its own intellectual property, but the core of iOS encryption as well.

Update 3:50 P.M. Eastern time: Added further comment from David Hecht.

By AppleInsider Staff
Tuesday, December 17, 2019, 02:22 pm PT (05:22 pm ET)

Apple on Tuesday updated its new Apple Developer app to support Developer Program enrollment for coders based in mainland China, offering the feature as an app-based renewable subscription for the first time.

Announced in a post to Apple’s developer website, the new Apple Developer app capability enables a fast and easy membership route for Chinese developers.

With in-app purchase support, app makers are able to start and finish their membership purchase with local payment methods on iOS devices like iPhone or iPad, negating the need to visit Apple’s dedicated web portal. And like other versions of the Apple Developer app, enrollment in the Developer Program appears as an auto-renewable subscription, facilitating painless upkeep and account management.

Apple introduced the Apple Developer app in November as a reworking of its dedicated WWDC app. Along with options for Developer Program enrollment and account management, the title offers access to year-round news, informational videos and other assets deemed helpful to the app making process.

Previously, developer content was spread across the WWDC app, Apple’s developer webpage and other online repositories. According to Apple, the redesigned app will serve its original role as a guide to the Worldwide Developers Conference when the gathering takes place in June.

Initially available to U.S. users, the option to enroll in Apple’s Developer Program through Apple Developer will slowly roll out to additional locales. China is one of the first to net the feature.

By Malcolm Owen
Friday, September 06, 2019, 06:13 am PT (09:13 am ET)

Leaked documents relating to Siri reveal upgrades to the digital assistant are coming in late 2021, aimed at supporting a new piece of hardware.

A list of Siri upgrades expected to arrive before “fall 2021” includes expected elements for “new hardware support” for a “new device,” though a report published on Friday is light on those details. Codenamed “Yukon,” the upgrades to Siri will introduce support for Find my Friends to the voice-based service, the documents claim. Siri will also include support for accessing the App Store, though the capabilities relating to that are not advised by a report.

Built-in machine translation could enable language interpreting capabilities within Siri, without needing a cellular or other network connection at all, a feature that could be handy for travelers.

A large section of the internal documents, provided to The Guardian by a former Siri “grader,” mentions how Siri could work with other devices in a variety of ways. At its simplest, features to enable Siri to read out message notifications to users wearing AirPods is suggested, while the ability to use Shazam via Siri on Apple Watch is also touted.

A bigger feature could be commanding Siri on one device to perform actions on another. One example given is to “Play Taylor Swift on my HomePod,” which could be said on an Apple Watch or iPhone remotely and interpreted to control the user’s smart speaker at home.

Arguably the biggest element is the ability to “have a back-and-forth conversation about health problems” with Siri. While this could take the form of Siri providing a basic diagnosis of the user to see if medical treatment is worth attaining, it is also possible that the conversations could form part of HealthKit or ResearchKit, Apple’s initiatives in the medical field.

Despite the lack of information relating to what kind of new Siri-equipped devices are on the way, one of the most likely candidates is the HomePod, which is enjoying success in reaching markets like China where rival systems from Google and Amazon aren’t available. It is plausible that Apple could produce a “mini” version of the HomePod, offering consumers a cheaper and smaller version in a similar vein to the Google Home Mini and the Amazon Echo Dot.

Apple has been rumored to be working on a new generation of the audio device for some time, with a cheaper variant also predicted by analyst Ming-Chi Kuo in April 2018, though such a model has yet to be launched.

By Malcolm Owen
Monday, September 02, 2019, 06:31 am PT (09:31 am ET)

Burberry has worked with Apple on a chat service called ‘R Message,’ one that allows customers to communicate with sales associates from within from the retailer’s app, allowing consumers to make appointments, receive personalized recommendations with staff members who know them, and to buy products.

R Message aims to extend how the fashion brand communicates with its most important customers. The invitation-only service will put customers directly in touch with sales associates, which will enable the customer and the staff member to build a relationship, with the customer able to receive a more personalized service, while stores can encourage more purchases down the line.

Created in partnership with Apple, R Message is relatively similar to the idea of Apple Business Chat, except rather than functioning within iMessage, the activity occurs entirely within Burberry’s R World app, reports Vogue Business.

The app will also offer numerous benefits for Burberry, with its integration with its back-end inventory system enabling not only for orders to be made, but for sales associates to see what is available and to drive sales to customers who may be interested in the items. The employee-side app also includes a newsfeed that includes company updates, advertising campaign images, and press mentions, to try and encourage store staff to use the app.

“”You’ve got highly skilled associates who know how to serve in a luxury way, but even for a great associate, there might be 10 percent extra that you can give them by giving them the right information at the right time,” said Burberry VP of digital commerce. “Customers now know much more about what they want, and to be at that service level where you can give credible advice, you need the basics.

Burberry is piloting the app at its flagship store in Manchester, with a view to rolling it out to all 431 global stores and 6,000 associates.

Researchers at security conference Def Con 2019 demonstrated a method of exploiting regular database searches to produce malicious results, and used Apple’s standard iOS Contacts app to prove it.

Apple’s iOS Contacts is one of the many applications that uses SQLite

Security firm Check Point has demonstrated a vulnerability in the industry-standard SQLite database format which can be exploited. Speaking at Def Con 2019, the company showed the technique being used to manipulate Apple’s iOS Contacts app. Searching the Contacts app under these circumstances can be enough to make the device run malicious code.

“SQLite is the most wides-spread database engine in the world,” said the company in a statement. “It is available in every operating system, desktop and mobile phone. Windows 10, macOS, iOS, Chrome, Safari, Firefox and Android are popular users of SQLite.”

“In short, we can gain control over anyone who queries our SQLite-controlled database,” they continued.

When you search for a contact or look up information in any app, you are really searching a database and very commonly that will be using SQLite.

Documented In a 4,000-word report seen by AppleInsider, the company’s hack involved replacing one part of Apple’s Contacts app and it also relied on a known bug that has hasn’t been fixed four years after it was discovered.

“Wait, what? How come a four-year-old bug has never been fixed?” write the researchers in their document. “This feature was only ever considered vulnerable in the context of a program that allows arbitrary SQL from an untrusted source and so it was mitigated accordingly. However, SQLite usage is so versatile that we can actually still trigger it in many scenarios.”

In other words, the bug has been considered unimportant because it was believed it could only be triggered by an unknown application accessing the database, and in a closed system like iOS, there are no unknown apps. However, Check Point’s researchers then managed to make a trusted app send the code to trigger this bug and exploit it.

They replaced a specific component of the Contacts app and found that while apps and any executable code has to have gone through Apple’s startup checks, an SQLite database is not executable.

“Persistency [keeping the code on the device after a restart] is hard to achieve on iOS,” they said, “as all executable files must be signed as part of Apple’s Secure Boot. Luckily for us, SQLite databases are not signed.”

Detail from the Check Point team’s hack documentation

They had to have access to the unlocked device to install this replacement for part of Contacts. After that, though, they were able to choose what they wanted to happen when the Contacts database was searched.

For the purpose of the demonstration, they just had the app crash. The researchers said that they could have crafted the app to steal passwords.

“We established that simply querying a database may not be as safe as you expect,” they said. “We proved that memory corruption issues in SQLite can now be reliably exploited.”

“Our research and methodology have all been responsibly disclosed to Apple,” they concluded.

This is not the first time that a problem in an SQLite database has resulted in a bug, nor one that remained unfixed for years.

By Mikey Campbell
Monday, June 24, 2019, 07:06 pm PT (10:06 pm ET)

Lines of code discovered on a public Apple services content server reference iOS 13 support for Hong Kong’s Octopus, suggesting the widely used touchless payment system could arrive on iPhone this fall.

Smart Octopus in Samsung Pay

Spotted by Japan-centric Apple blog Ata Distance, a code snippet in Apple’s JSON backbone for Wallet now displays supported credentials for Octopus card on iPhones running iOS 13. The transit and retail payment card is also available via Express Card NFC technology.

Apple Watch is not yet supported, with Apple’s server showing a minimum supported watchOS value of “999.0,” though that could change as the company continues work on watchOS 6.

Launched in 1997, Octopus card was the second contactless “smart card” to hit the consumer market and is considered a forebear of modern reloadable electronic payment solutions. Initially marketed as a physical tap-to-pay card, Octopus expanded to smartphones with Smart Octopus for Samsung Pay in 2017.

Since it is based on the FeliCa standard, Smart Octopus is technically compatible with iPhone 7 and newer Apple devices, though an exclusivity agreement has so far kept the payment platform restricted to Samsung handsets. That could change this fall with the launch of iOS 13.

Initially developed by Sony as an RFID chip solution, FeliCa was later hybridized for cellphone use with the cooperation of Japan’s leading cellular provider NTT Docomo. That version, called Mobile FeliCa, served as the basis of Apple’s NFC Type-F implementation in iPhone and Apple Watch, and ultimately Apple Pay integration with Japan’s Suica mobile transit card system in 2016.

According to Ata Distance, Octopus’ Apple Pay device profile is identical to that of Suica, meaning users can generate and manage new cards without leaving the Wallet app on Japanese market iPhone 7 and 7 Plus models, and all iPhone 8 and 8 Plus, iPhone X, iPhone XS and XS Plus and iPhone XR variants.

GigSky is a mobile cell service provider with a history of catering to Apple users, providing service in more than 190 countries. When they announced their eSIM for iPhone XS, iPhone XS Max, and iPhone XR, AppleInsider gave it a shot.

You may not have heard of GigSky, but they aren’t new; they’ve been around since 2010. In 2015, the firm began offering support for the Apple SIM for iPads, a SIM Apple provides which lets you select providers from within iOS.

From the very beginning, they’ve placed an emphasis on providing service for international travelers, and the eSIM offering fits right in that niche.

What it is

The iPhone XS, iPhone XS Max, and iPhone XR are equipped with an eSIM.

A SIM card contains the SIM chip, essentially a very small computer that is programmed with all the carrier’s settings to enable phone service. With most modern phones, you have to insert a SIM to activate mobile phone service.

The eSIM, or embedded SIM, is that same functionality as a programmable computer built into the iPhone.

The advantage of doing this is that it saves space in the phone: you don’t need to have physical space for the physical card, you don’t need the contacts inside to receive it, you don’t need the ejector mechanism, which means Apple can use that interior space for something else.

With the 2019 iPhones, excluding the dual-SIM model for China, it’s possible to set up a mobile phone data provider directly from an app, such as the one provided by GigSky.

How it works

When Apple announced eSIM functionality, they mentioned using a QR code to set it up. In GigSky’s case, you download the GigSky app and are guided through choosing a plan.

GigSky has a range of four plans covering time, data and cost ranges

GigSky has data plans starting from 300MB (1 day, $10), and rising through 500MB, 1GB, 2GB (15 days, $15, $20, $30 respectively), and up to 5GB (30 days, $50.) After selecting the plan, the destination needs to be chosen from the long list of countries. For this review, Las Vegas was selected as the location.

Las Vegas is a difficult city for mobile data. The tall buildings of the strip negatively affect signal, and the increased number of people for conventions place huge demands on the cell towers, especially when tech conferences are in town.

In years’ past, we’ve used Verizon reasonably well, AT&T with poor results, and T-Mobile with mixed results, seemingly depending on how high up a building we were.

It’s not clear which providers GigSky uses in the US, or which providers they use in any of the 190 countries. We asked for this information, but had not received answers at time of publication. This was important to us, because if our regular carrier was Verizon, and they’re using Verizon’s towers, then it provides limited benefit to add as a secondary data provider.

After selecting a data plan, you give the eSIM a nickname, or can delete it if you need to, because perhaps you selected the incorrect plan or wrong country.

Payment for the plan was easy, but the steps that followed were a little more complicated, because you have to leave the GigSky app and be prompted to add the cellular plan within some screens that the iPhone displays. GigSky offers some screen images to help guide you through the process.

You add the plan to your phone, and have to give it a label, as well as changing any further settings, such as selecting it as a data-only plan.

Setting up GigSky is relatively easy

After doing this, reviewing the plan will show that the credits are active, and the signal strength bar will have a second line of bars below it indicating an additional plan is in use.

Using Control Center shows both signal bars with the names of the services, and indicators for whether they’re primary or secondary. In Settings > Cellular, it’s easy to change which service is primary or secondary, and it’s possible to set one service as primary for voice, and the other as primary for data.

Completing the iOS setup to get GigSky’s eSIM connected

When the screen is locked, you also get the carrier labels, although the labels are on the left side of the screen with the signal strength bars on the right side of the screen.

The lock screen and control center display both service’s signal strength

Speedtest.net’s app shows the GigSky eSIM tested at 74.21 Mbps, with AT&T detected as the nearest site to speed test through. The app also thought the provider was Zayo. As Zayo has 12.3 million miles of fiber according to their Web site, it’s possible that GigSky eventually routed back to Zayo’s backbone.

The different kinds of results from Speedtest.net. The slow result was my default Verizon Wireless service.

Testing Verizon Wireless against GigSky was revealing: download speeds were 10.4 Mbps. Even testing GigSky with different destinations offered better results than Verizon’s 10.4 Mbps. The worst GigSky result scored on the iPhone XS Max used for testing was 40.2 Mbps.

It’s important to note that this may not be similar to your experience if you don’t live or travel in Las Vegas or the Mid-Atlantic region of the US, but we are encouraged that GigSky partnered with competent carriers.

What we thought of it

Set up was easy, as at no time did we feel confused or lost, although we did take a minute to read all the steps, where normally we might have just tapped through. Even where setup is mildly complex (the handoff between GigSky and Apple), they do attempt to make it easy by providing the necessary information before hand.

Speeds are fast, at least in the areas we tested: Eastern USA and Las Vegas. We never felt like we were without signal in either region.

GigSky is probably the easiest method for having local data service, especially over the old ways of finding a cell phone store, buying a pay-go SIM, and having to figure out how to top up.

The use of the eSIM in general makes this easy, and doing it through an app is even easier. The downside we predict with international travel would be the fact that you need to have some sort of data connection to buy GigSky data in the first place, in which case users abroad have to find someplace with Wi-Fi long enough to set it all up.

The notion of buying 5GB for $50 is fine, but the notion of that being time-limited is lousy, and a real shame. If you buy 5GB for $50 and the unused portion expires, it’s fair to feel a little cheated. We understand this is how data is priced among carriers, but it’s a disappointment that there isn’t a carrier willing to change this.

Score: 4 out of 5

The GigSky app is available on the iOS App Store.