Apple Warns Sideloading Apps Would Undermine Privacy Protections

Apple

Apple has released a report titled: “Building a Trusted Ecosystem for Millions of Apps”. In short, it provides information about how the App Store protections are important for the safety and security of iOS and iPadOS. Sideloading would undermine this system because it would enable nefarious apps to cause harm to those who download them.

The report is an interesting read for those who use iOS and/or iPadOS. It provides details about what happens “behind the scenes” that enables Apple to provide security and privacy protections to users. It also talks about its App Review process, in which developers and users are screened and checked for malicious components like unwanted purchases or providing access to personal data.

In 2020, 100,000 apps and updates were reviewed each week on average by a team of over 500 dedicated experts, who review apps in different languages.

Nearly one million problematic new apps and a similar number of updates were rejected or removed. That includes more than 150,000 for being spam or copycats, or misleading users; more than 215,000 for violating privacy guidelines; more than 48,000 for containing hidden or undocumented features; and about 95,000 for fraudulent violations (predominantly for including “bait and switch” functionalities to commit criminal or other forbidden actions.)

Features like Apple’s privacy labels on the App Store, and its App Tracking Transparency, provide protections to users. Apple points out that allowing sideloading – allowing developers to distribute their apps outside of the App Store through websites or third-party app stores – “would degrade the security of the iOS platform and expose users to serious security risks not only on third-party app stores, but also on the App Store.”

One of the things that caught my attention in Apple’s report was that sideloading could cause harm to people who only download apps from the App Store. Those that choose to sideload apps will put other iOS or iPadOS users at risk. A malicious developer could attempt to fake something that looks like the App Store, which could trick users into thinking it was the real deal. That app could then grab people’s data, including health and financial information.

Amazon Dumps Millions of Products Annually! #1535

Podcast

So Amazon has been caught in an investigative piece in the UK of dumping literally millions of new and barely used items in landfills, while they claim it’s a recycling center the company doing the investigative work says it was a landfill? If so this is very damning info.

Become an Insider today to get access to this very private, very personal show that will give you complete behind-the-scenes access to yours truly.

Subscribe to the Newsletter.
Join the Chat @ GeekNews.Chat
Email Todd or follow him on Facebook.
Like and Follow Geek News Central Facebook Page.
New Geek Central Discord Channel
Download the Audio Show File

Support my Show Sponsor: 5 Best Godaddy Promo Codes
30% Off on GoDaddy Products & Services cjcgeek30
$4.99 GoDaddy coupon for a New or Transferred .com domain cjcgeek99
$1.00 a month Economy Hosting with a free domain name. Promo Code: cjcgeek1h
$1.00 a month Managed WordPress Hosting with free Domain name. Promo Code: cjcgeek1w
Support the show by becoming a Geek News Central Insider

Show Notes:

Podcast: Play in new window | Download | Embed

Subscribe: Apple Podcasts | Google Podcasts | Stitcher | Blubrry | Email | TuneIn | RSS | More

Podcast (video): Play in new window | Download | Embed

Subscribe: Apple Podcasts | Google Podcasts | Email | RSS | More

ERCOT is Raising Temperatures on Smart Thermostats

energy saving, ,

Some Texans in the Houston area said their homes have been much warmer this week, even while they are running their air conditioners, KHOU-11 reported. Many of these Texans claim that someone has been turning up the temperature on their thermostats since the energy shortage began.

It turns out that someone was, in fact, messing with the temperature on their thermostats. According to KHOU-11, ERCOT, the Electric Reliability Council of Texas, asked Texans to turn up their temperatures on their thermostats this week (to 78 degrees or higher).

In some cases, it appears ERCOT (and others) aren’t just asking – they are remotely raising the temperature on some Texan’s smart thermostats. The ability to do that, without informing the customer first, appears to be due to people opting-in to enroll their smart thermostats in a program called Smart Savers Texas. KHOU-11 reported that the program is operated by a company called EnergyHub.

The agreement states that in exchange for an entry into sweepstakes, electric customers allow them to control their thermostats during periods of high energy demand. EnergyHub’s list of its clients include TXU Energy, CenterPoint, and ERCOT.

The Verge reported that seasonal energy programs offered by utility companies across the country are intended to work the same way the EnergyHub one is. Consumers who opt-in to them are agreeing to allow their energy company to remotely change the setting on their thermostats.

According to The Verge, Nest owners can opt-in to programs directly via Google (Nest’s parent company), even if their local utility isn’t participating in a program. Honeywell told The Verge that customers who opted-in to their energy saving program allow their smart thermostats to be adjusted remotely. However, customers can override the change.

It is important to note that customers can opt-out of these programs at any time. That appears to include the Smart Savers Texas program run by EnergyHub.

Data Centers are Using Too Much Water During Droughts

Information,

Huge data centers are using a lot of water to keep warehouses filled with computers cool. This isn’t good for the climate – especially during droughts.

NBC News reported that on May 17, the City Council of Mesa, Arizona, approved the $800 million development of an enormous data center on an arid plot of land in the eastern part of the city.

That data center requires up to 1.25 million gallons of water each day. Mesa is currently experiencing a drought. Data centers like the one in Mesa create relatively few jobs, according to NBC News.

The U.S. also has at least 1,800 “colocation” data centers, warehouses filled with a variety of smaller companies’ server hardware that share the same cooling system, electricity, and security, according to Data Center Map. They are typically smaller than hyper scale data centers but, research has shown, more resource intensive as they maintain a variety of computer systems operating at different levels of efficiency.

The data that NBC News pointed at comes from an environmental research letter posted on IOP Science. The letter is titled: “The environmental footprint of data centers in the United States.” It was published in May of 2021. From the abstract of the letter:

…Our bottom-up approach reveals one-fifth of data center servers direct water footprint comes from moderately to highly stressed watersheds, while nearly half of servers are fully or partially powered by power plants located within water stressed regions. Approximately 0.5% of total US greenhouse gas emissions are attributed to data centers…

The letter offers some suggestions for more environmentally friendly ways data centers can keep cool. Data centers can be located in areas that typically have lower temperatures that would make them easier to cool. Data centers can invest in solar and wind energy (and use that as a coolant instead of water).

PayPal is Raising Merchant Fees on Some Transactions

Information

PayPal posted an article titled: “Upcoming Changes for Some US Businesses”. The new rates will apply to a portion of their merchant customers in the U.S. beginning on August 2, 2021.

Here is what is changing:

PayPal Digital Payments: For PayPal products, (such as PayPal Checkout, Pay with Venmo, Pay in 4, PayPal with Rewards, Checkout, and crypto), which include Seller Protection on eligible transactions, the new rate for online transactions will be 3.49% + 0.49 per transaction.

In-person Payments: For PayPal and Venmo QR code transactions over $10, the new rate will be 1.90% + $0.10. For transactions that are $10 and under, the rate will be 2.40% + $0.05. For certain in-person debit and credit transactions the rate will be 2.29% + $0.09.

Credit and Debit Card payments: Online credit and debit card transactions will be 2.59% + $0.49 per transaction without Chargeback Protection, or 2.99% + $0.49 with Chargeback Protection.

Charity Transactions: Fees for charity transactions will be 1.99% + $0.49 for confirmed charities (subject to application and pre-approval).

Non-standard Pricing: For U.S. merchants who have custom, non-standard pricing, rates will remain unchanged for those services as agreed.

The Verge reported that in the past, PayPal has had a flat rate for sellers processing payments, charging 2.9 percent of a transaction price, plus a 30-cent fee. The new higher rates will apply to the company’s newer products like PayPal Checkout, and Pay with Venmo.

Fortunately, there are alternatives to PayPal.

Ko-fi does not take any fees. (They make their money from Ko-fi Gold subscriptions and donations to their own Ko-fi page.) If you have a Ko-fi account, and connected it to your PayPal account as a payment processor, PayPal will still take its transaction fees.

Stripe charges fees that are lower than PayPal’s. Cards and Wallets: 2.9% + 30 cents; Bank debits and transfers: 0.8% – $5.00 cap; Additional payment methods: starting at 80 cents. Stripe offers invoicing at 0.4% per paid invoice with the first 25 invoices free per month.

SnapChat will Remove the “Speed Filter”

Social Media

SnapChat is eliminating the “speed filter” that allowed users to capture how fast they are moving and share it with friends, NPR reported.

According to NPR, Snap “has defended the feature in the face of warnings from safety advocates who’ve argued that it encourages reckless driving. The company has also faced lawsuits from the families of those who have been injured or killed in car crashes where drivers were moving at excessive speeds, allegedly to score bragging rights on the app.”

NPR provided some examples of reckless driving while using the speed filter:

A 2015 collision involving the speed filter left a driver in Georgia with permanent brain damage. That same year, the feature was tied to the death of three young women in a Philadelphia car accident. In 2016, five people in Florida died in a high-speed collision that reportedly involved the speed filter. In 2017, three young men in Wisconsin clocked a speed of 123 miles per hour on the feature before they crashed into a tree and died.

A spokeswoman from Snap confirmed to NPR that the speed filter would soon be gone. She said the feature is “barely used by Snapchatters, and in light of that, we are removing it altogether”.

BuzzFeed News reported that Snap has added a “don’t snap and drive” warning while the feature was in use. It also limited the top driving speed that can be shared to 35 mph.

It will take time for the speed filter to be entirely removed from Snap, so the warning and speed limitation are good ways to deter people from using it for reckless driving. Snap is still going to have to face existing lawsuits about the feature.

Ukraine picks up six hackers behind Clop ransomware

Hacker, Information,

It’s been a rough spell for hackers, one was just extradited from Mexico to face charges in California for a DDoS attack on the city of Santa Cruz. 

Now six members of a group responsible for the Clop ransomware were picked up in a raid in the Ukraine. It is not clear if these were all the members behind it or just one cell. The search of the home resulted in the seizure of hundreds of thousands of dollars and expensive vehicles such as an AMG 63 and a Tesla. 

A Ukrainian report states that “[in] 2021, the defendants attacked and encrypted the personal data of employees and financial reports of Stanford University Medical School, the University of Maryland and the University of California.” 

As S Korea and the US were also in on this roundup and have charges pending for hacks in both countries, it’s unclear where things go from here.