Apple is looking to get over its sales woes in China by offering prospective customers interest-free financing with a little help from Alibaba.
Apple’s China website now offers financing packages for iPhones that include zero percent interest packages provided in association with several banks and Huabei, a consumer credit company operated by Alibaba’s Ant Financial unit, as first noted by Reuters.
The Reuters report further explains the packages on offer:
On its China website, Apple is promoting the new scheme, under which customers can pay 271 yuan ($40.31) each month to purchase an iPhone XR, and 362 yuan each month for an iPhone XS. Customers trading in old models can get cheaper installments.
Users buying products worth a minimum of 4,000 yuan worth from Apple would qualify for interest-free financing that can be paid over three, six, nine, 12 or 24 months, the website shows.
Apple is also offering discounts for customers who trade in devices from the likes of Huawei, Xiaomi and others.
The deals are an interesting development that comes just weeks after Apple cut revenue guidance for its upcoming Q1 earnings. The firm trimmed its revenue from the $89 billion-$93 billion range to $84 billion on account of unexpected “economic deceleration, particularly in Greater China.”
Offering attractive packages may convince some consumers to buy an iPhone, but there’s a lingering sense that Apple’s current design isn’t sparking interest from Chinese consumers. Traditionally, it has seen a sales uptick around the launch of iPhones that offer a fresh design, and the current iPhone XR, XS and XS Max line-up bears a strong resemblance to the one-year-old iPhone X.
The first quarter of a new product launch results in a sales spike in China, but Q2 sales — the quarter after the launch — are where devices can underwhelm.
It’ll be interesting to see if Apple offers similar financing in India, where it saw sales drop by 40 percent in 2018 according to The Wall Street Journal. Apple’s market share, which has never been significant, is said to have halved from two percent to one percent over the year.
Finance is a huge issue for consumers in India, where aggressively priced but capable phones from Chinese companies like Xiaomi or OnePlus dominate the market in terms of sales volume. With the iPhone costing multiples more than top Android phones, flexible financing could help unlock more sales in India.
China, however, has long been a key revenue market for Apple, so it figures that this strategy is happening there first.
Google announced an update on Wednesday to the Stable channel of its Chrome browser that includes a fix for an exploit that exists in the wild.
CVE-2022-2856 is a fix for “insufficient validation of untrusted input in Intents,” according to Google’s advisory. Intents are typically a way to pass data from inside Chrome to another application, such as the share button on Chrome’s address bar. As noted by the Dark Reading blog, input validation is a common weakness in code.
The exploit was reported by Ashley Shen and Christian Resell of the Google Threat Analysis Group, and that’s all the information we have for now. Details of the exploit are currently tucked behind a wall in the Chromium bugs group and are restricted to those actively working on related components and registered with Chromium. After a certain percentage of users have applied the relevant updates, those details may be revealed.
Google says the update—104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows—will “roll out over the coming days/weeks,” but you can (and should) manually update Chrome now (check the “About” section of your settings).
There are 10 other security fixes included in the update. Dark Reading notes that this is Chrome’s fifth zero-day vulnerability disclosed in 2022.
A security researcher says that Apple’s iOS devices don’t fully route all network traffic through VPNs, a potential security issue the device maker has known about for years.
Michael Horowitz, a longtime computer security blogger and researcher, puts it plainly—if contentiously—in a continually updated blog post. “VPNs on iOS are broken,” he says.
Any third-party VPN seems to work at first, giving the device a new IP address, DNS servers, and a tunnel for new traffic, Horowitz writes. But sessions and connections established before a VPN is activated do not terminate and, in Horowitz’s findings with advanced router logging, can still send data outside the VPN tunnel while it’s active.
In other words, you’d expect a VPN to kill existing connections before establishing a connection so they can be re-established inside the tunnel. But iOS VPNs can’t seem to do this, Horowitz says, a finding that is backed up by a similar report from May 2020.
“Data leaves the iOS device outside of the VPN tunnel,” Horowitz writes. “This is not a classic/legacy DNS leak, it is a data leak. I confirmed this using multiple types of VPN and software from multiple VPN providers. The latest version of iOS that I tested with is 15.6.”
Privacy company Proton previously reported an iOS VPN bypass vulnerability that started at least in iOS 13.3.1. Like Horowitz’s post, ProtonVPN’s blog noted that a VPN typically closes all existing connections and reopens them inside a VPN tunnel, but that didn’t happen on iOS. Most existing connections will eventually end up inside the tunnel, but some, like Apple’s push notification service, can last for hours.
The primary issue with non-tunneled connections persisting is that they could be unencrypted and that the IP address of the user and what they’re connecting to can be seen by ISPs and other parties. “Those at highest risk because of this security flaw are people in countries where surveillance and civil rights abuses are common,” ProtonVPN wrote at the time.
ProtonVPN confirmed that the VPN bypass persisted in three subsequent updates to iOS 13. ProtonVPN indicated in its blog post that Apple would add functionality to block existing connections, but this functionality as added did not appear to make a difference in Horowitz’s results.
Horowitz tested ProtonVPN’s app in mid-2022 on an iPad iOS 15.4.1 and found that it still allowed persistent, non-tunneled connections to Apple’s push service. The Kill Switch function added to ProtonVPN, which describes its function as blocking all network traffic if the VPN tunnel is lost, did not prevent leaks, according to Horowitz.
Horowitz tested again on iOS 15.5 with a different VPN provider and iOS app (OVPN, running the WireGuard protocol). His iPad continued to make requests to both Apple services and to Amazon Web Services.
ProtonVPN had suggested a workaround that was “almost as effective” as manually closing all connections when starting a VPN: Connect to a VPN server, turn on airplane mode, then turn it off. “Your other connections should also reconnect inside the VPN tunnel, though we cannot guarantee this 100%,” ProtonVPN wrote. Horowitz suggests that iOS’s Airplane Mode functions are so confusing as to make this a non-answer.
We’ve reached out to both Apple and OpenVPN for comment and will update this article with any responses.
Horowitz’s post doesn’t offer specifics on how iOS might fix the issue. For his part, Horowitz recommends a $130 dedicated VPN router as a truly secure VPN solution.
VPNs, especially commercial offerings, continue to be a complicated piece of Internet security and privacy. Picking a “best VPN” has long been a challenge. VPNs can be brought down by vulnerabilities, unencrypted servers, greedy data brokers, or by being owned by Facebook.
Does Google enjoy teasing and sometimes outright torturing some of its products’ most devoted fans? It can seem that way.
Tucked away inside a recent bleeding-edge Chrome build is a “Following feed” that has some bloggers dreaming of the return of Google Reader. It’s unlikely, but never say never when it comes to Google product decisions.
Chrome added a sidebar for browsing bookmarks and Reading List articles back in March. Over the weekend, the Chrome Story blog noticed a new flag in Gerrit, the unstable testing build of Chrome’s open source counterpart Chromium. Enabling that #following-feed-sidepanel flag (now also available in Chrome’s testing build, Canary) adds another option to the sidebar: Feed.