Lit Apple Mac, iPhone, iPad User Group

.
Posting this in case you've any of these installed.


More Data-Stealing Apps Yanked from Mac App Store


Mac anti-malware applications and utilities published by cybersecurity company Trend Micro have been removed from the macOS App Store after online allegations that the programs were collecting and exporting user browsing histories to external servers.

The apps include Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery and Duplicate Finder.

The company claims that the software uploaded only the last 24 hours of browsing history at the time of installation for “security purposes ... to analyze whether a user had recently encountered adware or other threats.” That argument doesn't completely make sense because many Mac adware infections persist for months, and one day's browsing history wouldn't be much help in detecting those.

The browsing history was uploaded to an Amazon cloud server, which goes against Apple developer rules. It's not clear whether Apple booted the programs or whether Trend Micro voluntarily pulled them out of the App Store.
.

.
Apple's iOS 12 will be available Monday September 17


some of the notable iOS 12 features:

• A speed boost for older phones like the iPhone 6+ much faster: 40% faster app launches, 50% faster keyboard opening, and a 70% improvement in opening the camera.
  
  
• Notifications on the lock screen are now stacked and grouped together by app and topic. Swiping will dismiss multiple notifications at the same time, and you can easily change your notification settings from the tray.
  
  
• "Siri Shortcuts" is much smarter, and now you can customize it so it does a series of actions when you ask it to do one thing,
  
  
• CarPlay, the iPhone integration with certain car infotainment systems, hen you plug your iPhone into your car, now itwill support Google Maps and Waze.
  
  
• "Screen Time" adds the ability to monitor and limit your time in certain apps.
  A suite of new tools helps you see a tally of how you're spending your time on your phone and possibly cut down on your usage.
  
  
• Apple photos is getting better, with search suggestions for people, places, and activities.
  
  
• Apple plans to add FaceTime calling with up to 32 participants later this year, but it won't be in the iOS 12 release on Monday. Making it easy keeping track of the conversation with the video tile of whoever is talking bigger.
  
  
• The messages app is becoming a lot more like Snapchat, with the ability to add filters, stickers, and other fun goodies to your iMessages and texts.

.

Apple Released Safari 12 for High Sierra and Sierra



The updated browser primarily improves security and privacy. It blocks social media buttons or embedded content from tracking cross-site browsing without permission, and makes it harder for advertisers to identify individual Macs and the option to block or allow popups on a per-site basis.

Also automatically turns off Safari extensions that negatively impact browsing performance. And you can now see a website's icon in each tab, making it less confusing to switch.

Safari 12 can be downloaded through Updates in the Mac App Store.

.
Best-Selling Mac App Steals Your Browsing History


Adware Doctor, was the fourth-ranked top paid application in the Mac App Store, seems to be sending users' sensitive information to servers in China. The apparent violation of Apple's privacy rules

Adware Doctor bypasses Apple's application sandboxing security technique, which are designed to prevent programs from gaining access to system details and to each other's details.

In this case, Adware Doctor asks user permission to access certain files, and, if that permission is granted by the user, gains read and write access to that information. So when you download the $4.99 application and opens it for the first time, it will ask for access to your Home Directory and all the files stored within it.

"Adware Doctor contains several methods for collecting a variety of information about the system and user," Wardle wrote. "While some (such as a process list), perhaps have a legitimate reason for being collected by an anti-malware or anti-adware product, others such as the user's browsing history seem to be a blatant violation of the user's privacy (and of course Apple strict Mac App Store rules)."



It's typically a good idea to look at reviews before downloading anything from the Mac App Store, but that wouldn't have protected you in this case. Adware Doctor had a 4.8 star rating after more than 7,000 reviews, although many of those reviews are fake.

Reminds me of MacKeeper, even recommended by Macworld, with made-up terminology that makes outrageous claims, that suddenly during week of July 13, 2010, downloads went from 163 at macupdate (131 at versiontraker) to over 24,000 in 3 days.
And don't forget the pop-up windows. Yeah, that's a sign of a legitimate program






Can you tell that I took courses both on-line and with for profit colleges to be a Graphic Artist?

Google quietly started logging people into Chrome without their consent

.
“This change has enormous implications for user privacy and trust.”

An update to Google’s Chrome browser undermines users’ privacy



The issue is complex, but it revolves around how and when people choose to log in to the Chrome browser (which is different than logging in to Google services like Gmail). In past versions of the browser, this was a voluntary step. Doing so means users can sync information like bookmarks, passwords, and browsing history between devices, a feature Google calls “Chrome Sync.” It also means that their user data is stored on Google’s servers — something that some people are understandably unhappy about.

But with Chrome 69, the latest version of the browser, whenever someone logs in to a Google service like Gmail or YouTube, they are now automatically logged in to Chrome as well. This is an underhand change that will nudge people into inadvertently sharing more data with Google.

The option to turn on Chrome Sync is a “dark pattern” — a term for the user interface tricks used by websites and apps to nudge people towards certain actions. By logging users into Chrome automatically,



You can read more at Matthew Green’s, a cryptography expert who teaches at Johns Hopkins University, blog post, titled "Why I'm done with Chrome,"

Apple gives you a TRUST rating – and it’s based on your phone call and email habits


The new ratings were added as part of the latest iOS 12 update.

Apple's new system was revealed after the company updated its iTunes Store privacy page: on the official website.
"To help identify and prevent fraud, information about how you use your device, including the approximate number of phone calls or emails you send and receive, will be used to compute a device trust score when you attempt a purchase,"

Apple builds a score based on the number calls and emails you send and receive – to help spot fraudulent transactions made using your device. The data used to create the score – including the number of phone calls you've made – is only ever stored on your device. Importantly, when Apple sees the score, it doesn't see the contents of your communications. It's not reading your emails. The so-called "trust score" only takes into account usage patterns, or metadata, and it's sent to Apple when a purchase is made on the app store.

Users can request any of their data at any time from this link.






Working on a post for Monday about Facebook. And, yet again — for the umpteenth time — the company comes across looking sleazy.
And this isn't about the Facebook hack affecting 50 million people also let the attackers access users' Tinder, Spotify, and Instagram accounts.

thanks for posting these updates!

FBI Force Suspect To Unlock An Apple iPhone X With Their Face


A child abuse investigation unearthed by Forbes includes the first known case in which law enforcement used Apple Face ID facial recognition technology to open a suspect's iPhone. That's by any police agency anywhere in the world, not just in America.

A child abuse investigation unearthed by Forbes includes the first known case in which law enforcement used Apple Face ID facial recognition technology to open a suspect's iPhone. That's by any police agency anywhere in the world, not just in America.

The case marks another significant moment in the ongoing battle between law enforcement and tech providers, with the former trying to break the myriad security protections put in place by the latter. Since the fight between the world's most valuable company and the FBI in San Bernardino over access to an iPhone in 2016, Forbes has been tracking the various ways cops have been trying to break Apple's protections.

First came multiple cases in which suspects were told to unlock iPhones with their fingerprints, via Apple's Touch ID biometric login. The same technique was then used on dead subjects.



Full article - Feds Force Suspect To Unlock An Apple iPhone X With Their Face | Forbes

sultrysandy said:

First came multiple cases in which suspects were told to unlock iPhones with their fingerprints, via Apple's Touch ID biometric login. The same technique was then used on dead subjects.

Click to expand...

Fingerprints and facial recognition were insecure even before these legal precedents. Anybody who can find your prints somewhere, or get a few photos of your face, can build a fake to spoof your ID. PINs are probably the best option for protecting your device, as long as you don't pick something obvious.

Bramblethorn said:

Fingerprints and facial recognition were insecure even before these legal precedents. Anybody who can find your prints somewhere, or get a few photos of your face, can build a fake to spoof your ID. PINs are probably the best option for protecting your device, as long as you don't pick something obvious.

Click to expand...

Angry wife beats up husband on flight after discovering he's cheating, forces plane to make emergency landing - NY Daily News


According to India's Hindustan Times reports that as the husband was sleeping, his wife used his hand to unlock his fingerprint-protected cell phone. As she was going through it, the woman reportedly discovered her husband was being unfaithful.

She then started hitting her husband. Crew members on the flight tried to calm the situation down, but when they couldn't get the woman to stop attacking her spouse, the pilot decided to land in Chennai, India. Times of India reported that alcohol played a role in the mid-flight brawl.

.
Your Facebook Shadow Profile


If you’re on Facebook you created your profile, But it also appears that Facebook has created a shadow profile of you. And it reportedly sells that data to advertisers.

When people provide Facebook with their phone number for two factor authentication, they think that they’re making their account more secure. Not giving advertisers more ways to target them. An article outlines how advertisers can target consumers based on phone numbers and email addresses that they have on file. Facebook can then cross reference that information not just with info that users put into their profile, but also information that people provide for security purposes, and data collected from friend’s contact books.


Facebook statement:
“We use the information people provide to offer better more personalized experience on Facebook, including ads. We are clear about how we use the information we collect, including the contact information people upload or add to their own accounts. You can manage and delete the contact information you’ve uploaded at any time.”


Facebook encourages two factor authentication to secure accounts. And providing a phone number is the easiest way to set that up. The question is whether Facebook adequately communicates how personal information is used.
.

sultrysandy said:

When people provide Facebook with their phone number for two factor authentication...

Click to expand...

but Facebook owns WhatsApp, which uses your phone number also. And wants access to your contacts.

astuffedshirt_perv said:

sultrysandy said:

When people provide Facebook with their phone number for two factor authentication,

Click to expand...

but Facebook owns WhatsApp, which uses your phone number also. And wants access to your contacts.

Click to expand...

I'm sorry, but I don't understand your point.



You may find these interesting:

WhatsApp co-founder Jan Koum quits Facebook | Financial Times
May 1, 2018
His announcement came shortly after The Washington Post reported that he had clashed with Facebook as it attempted to weaken the end-to-end encryption on WhatsApp and use its personal data.


WhatsApp founder plans to leave after broad clashes with parent Facebook - The Washington Post
April 30
Chief executive of WhatsApp, Jan Koum, is planning to leave the company after clashing with its parent, Facebook, over the popular messaging service’s strategy and Facebook’s attempts to use its personal data and weaken its encryption.

my point is that Facebook has other ways of getting your phone number already, two factor being just another one. WhatsApp is incredibly useful, has billions of users, and it uses your phone number, you get phone calls and texts through your phone number. Facebook know this.

.
If you were hoping to revert back to High Sierra, or install an older OS X,
you will not be able to get the installer if you are running Mojave


Apple appears to have completely removed the ability to download the installers of older versions of macOS and Mac OS X from the new version of the Mac operating system. Previously users could go to the Mac App Store, click on the Purchased tab and see a list of all the apps they had ever downloaded. This was particularly useful if a Mac user wanted to revert to an older version of Mac OS X, or run more than one version of the operating system (perhaps for testing, or because they were running old software).

It was previously possible to locate an older version of Mac OS X in the Purchased tab, re-download its installer. Now that Apple has updated the Mac App Store in macOS Mojave, there is no longer a Purchased tab. Users can see some of their previously purchased items if they click on Store in the Apple Store and choose: View My Account. However, this will no longer show any older versions of MacOS, though it did previously.







Checked the same link to the Mac App Store on a computer that doesn't have Mojave installed and can confirm that it is still possible to download the installer. Also tested the link Apple provided to download El Capitan back when High Sierra launched. But that download also no longer appears to be valid if you access it in Mojave,

In fact, Apple even states as much on its page about creating a bootable installer: "To download macOS Mojave or High Sierra for this purpose, download from a Mac that is using macOS Sierra 10.12.5 or later, or El Capitan 10.11.6." This means that we have to recommend that you download the installer for High Sierra, and any other installer you feel you may need in the future before updating to Mojave.

.
iOS 12.0.1 update available, fixes Lightning charging issues


Apple released an update for iOS 12 devices for a charging issue with iPhone XS and XS Max users. These new models wouldn't start charging if their screen was sleeping or turned off. To get the iPhone to start charging is wake the display or unplug and re-plug the Lightning cable.

You can update to the latest version of iOS by heading to Settings > General > Software Update.
.

.
(in)Secure: Apple's Unsafe Mac App Store Is Simply Inexcusable






Mac fans haven’t felt the love from Apple lately, but the problems go beyond a lack of new products. It’s become a matter of security.

A string of recent reports has shown certain apps in the Mac App Store were stealing data without user knowledge. These apps were supposedly vetted by Apple, and were popular, frequently-downloaded apps on the Mac App Store. Users had no reason to suspect the apps were malicious.

People’s trust in Apple has left them vulnerable, and it’s time Apple addressed it.
An app store legacy

The success of the iPhone has a lot to do with the app store’s curation. Each app available on iOS has an implied seal of approval from Apple. If you can download an app on your iPhone, it can be trusted. It’s safe.





Much of the iOS App Store’s credibility has carried over to the Mac App Store, but apparently, it’s not deserved. An app called Adware Doctor has been copying people’s browsing history from Chrome, Firefox, and Safari, and sending it off to a China-based domain. The app requests access to several questionable functions, though because of the trust people have put in the highly-rated app, they often approve the access.

The app was able to pass through the security controls of MacOS undetected, pull sensitive browsing history data, and download it as a zip archive. That flies in the face of Apple’s own data privacy policies. Of course, security breaches happen. That’s something every software company in the world deals with. The real problem is Apple’s failure to quickly remove the app.

Adware Doctor wasn’t just a small app that snuck through the fence. The app was listed in the number four spot in the “Top Paid” app list, right behind first-party software like Final Cut Pro. It was listed with endless five-star reviews, which were no doubt fake. It’s not hard to imagine why people would trust an app with such a high profile.

While Adware Doctor has since been removed, it took widespread media coverage for Apple to protect Mac owners who were actively having their data stolen. Apple’s failure to act quickly breaches the trust owners have put in Apple’s store.


It’s not just a few oddballs. It’s a trend


Adware Doctor isn’t the only app that’s been caught. In fact, an entire suite of apps from Trend Micro has been flagged for capturing the same data. That includes Dr. Antivirus, Dr. Cleaner, Dr. Unarchiver, and App Uninstall. Trend Micro initially denied the findings, but has since removed all such functions from the apps in attempts to get back into Apple’s good graces.

How could an app like this pass muster to begin with?

As it turns out, Adware Doctor was first accepted by Apple under the name of Adware Medic, which just happened to share its name with AdwareMedic app, a legitimate piece of software run by Malwarebytes. Trend Micro’s app was then removed, only to be re-accepted as Adware Doctor.

With Apple’s renewed focus on the App Store in MacOS Mojave, we can only hope it takes back responsibility for cleaning up its mess. Yet with Apple’s attention squarely on iOS, we’re not getting our hopes up. If security isn’t a good enough reason to remember the Mac, then what is?
.

.
FCC tells court it has no “legal authority” to impose net neutrality rules

FCC defends repeal in court, claims broadband isn't "telecommunications."



The Federal Communications Commission opened its defense of its net neutrality repeal Thirsday, telling a court that it has no authority to keep the net neutrality rules in place.

Chairman Ajit Pai's FCC argued that broadband is not a "telecommunications service" as defined in federal law, and therefore it must be classified as an information service instead. As an information service, broadband cannot be subject to common carrier regulations such as net neutrality rules, Pai's FCC said. The FCC is only allowed to impose common carrier regulations on telecommunications services.

"Given these classification decisions, the Commission determined that the Communications Act does not endow it with legal authority to retain the former conduct rules," the FCC said in a summary of its defense filed Thursday in the US Court of Appeals for the District of Columbia Circuit.

The FCC is defending the net neutrality repeal against a lawsuit filed by more than 20 state attorneys general, consumer advocacy groups, and tech companies. The FCC's opponents in the case will file reply briefs next month






My comments:

Ajit Pai continues siding with the deep pockets of lobbyists for the telecommunication firms (Cable and Cell Phone Carriers) and against consumers.



FCC's power to preempt state laws isn't unlimited. The FCC previously tried to preempt state laws that restrict the growth of municipal broadband networks, but a federal appeals court struck down that FCC decision in 2016.


Four lobbying groups representing companies such AT&T, Comcast, T-Mobile, Sprint, and Verizon, among others filed a federal lawsuit on Wed Oct 3 seeking to overturn California’s newly minted net neutrality law.




Know this post is not about Apple products or services, but rather services utilized using Apple. Let me know if you rather I stick specifically to Apple
.

It's official: Apple sends out invitations for event on October 30



Distributed at 12pm Eastern on Thursday, the invitations reveal the event will take place in New York City at 10am on October 30, held at the Brooklyn Academy of Music, Howard Gilman Opera House. Apple doesn't usually launch new products in New York, often opting for a venue closer to its home base in Cupertino, California.

Along with the teaser text advising "There's more in the making," it is noted that not everyone received the same invitation. Shared images of the invitations on Twitter reveal a number of different designs for the Apple logo are being used to promote the event, suggesting the theme for the event could be art related.

Apple has historically given seven or eight days notice before an October event. The company hasn't given more than that for a fall event since Steve Jobs was CEO.



Since posts can contain only 10 images, will do 2 so can share more of them.

.
iPhone users targeted via fake Spotify and iTunes emails from scammers looking to steal your login details


A new phishing email scam is targeting people by using a fake Spotify email confirming a year's subscription to Spotify's Premium streaming service — it's likely intended to prey on your surprise that you may have been erroneously charged. The email prompts victims to click a link to cancel or "review your subscription." in order to get you to hand over your Apple ID credentials.

This scam is likely taking advantage of recent changes made to Spotify subscription payments. Spotify users used to have the option to pay for their Spotify Premium account via their Apple ID, but that's no longer the case as of August 6, 2018. Spotify is now requiring its Premium subscribers to switch to Spotify's own payment system.


If you click on the link in the email, it leads you to a convincing-yet-fake Apple ID sign-in screen, where you're expected to enter your Apple ID credentials.







there's a clear sign that this Apple ID login screen is fake. The website's URL in the browser bar starts off looking legitimate enough, with the words "myappleid-confirmcancellation," but the following words, "aijcbtgroup...," would never be associated with an official Apple website.







If it were real, the site's URL address would also be green on Apple's iOS devices, indicating that it's a secure site with "HTTPS" certification. On computers, you should also check if it has the "https" letters at the very beginning of the URL address



.

.
It's not just you — several iCloud services are experiencing problems, according to Apple's system status dashboard.

"Users may be experiencing slower than normal performance with this service," Apple's website explains, adding that "some users" are affected.

Will try to update you when learning more.
.

sultrysandy said:

.
iOS 12.0.1 update available, fixes Lightning charging issues
.

Click to expand...

man i was hoping this was my problem, but no, my SE looks like it has decided to no longer take a charge.

.
Been working on a post about privacy, or lack thereof, and thought of when things were simpler, and about my first Mac, a Classic II.

Remember being bummed missed buying a Classic, first Mac to sell for less than $1,000, but reviews weren't all that good, 8 MHz Motorola 68000 with 1 MB RAM. But a II had a 16 MHz 68030 with 2 MB, for only $250 more! To me a great deal: 32 vs 16-bit, twice as fast, and two times the RAM of it's predecessor. And only for $250 more at CompUSA







And with System 7 that had multitasking and networking.





What I miss is the ability to customize the Apple menu, but what I don’t is Disk First Aid, it was near useless.
.

.
Apple announces new iPad Pro and Mac computers



The new iPad Pros eliminate the home button and incorporate Apple's facial recognition technology, Face ID, that was first introduced with the company's iPhone X product line last year. They ship with up to 1 terabyte of storage, and trade out Apple's typical Lightning port for a USB-C port, similar to high-end computers. The USB-C port will also let users connect accessories like digital cameras and high-resolution desktop displays to the iPad Pro. It does not have a traditional headphone jack, which means you will need an adapter to plug in your headphones. The new iPad Pro starts at $799 for the 11-inch model and $999 for the 12.9-inch model. Both models are available to order today and will arrive on Nov. 7.

Apple updated its high-tech stylus, the Apple Pencil, as well. The Pencil now magnetically attaches to the tablet to charge wirelessly. It also has touch gestures for switching between digital drawing tools on the iPad.


The new MacBook Air comes with a 13.3-inch, edge-to-edge retina display, as well as Touch ID that allows users to unlock the device with the scan of a fingerprint. The sensor sits in the keyboard and enables touch-based Apple Pay. The revamped keyboard and track pad, too, and upgraded the microphones and speakers for better audio. The new MacBook Air offers up to 16GB of storage — double the memory capacity of its predecessor. The new MacBook Air starts at $1,199, about $100 cheaper than the baseline MacBook computer, but more expensive than the last-generation of MacBook Air, which started at $999. It's available to order today and pickup Nov. 7.


A new Mac mini Tuesday, in the first update to the smaller Mac model in four years. It comes with up to 64GB of memory and works five times faster than its predecessor. Storage wise, all Mac minis now have all-flash storage up to 2 TB. It starts at $799, and it too is available to order today and for pickup Nov. 7.
.