Connect with us

Biz & IT

Apple restricts ads and third-party trackers in iPhone apps for kids

Published

on

Apple has told developers to stop including third-party trackers in apps designed for kids — or they face having their apps pulled from the app store.

The tech giant quietly updated its guidelines for apps that are submitted to the app store’s kids category following the keynote address at its annual developer conference on Monday.

“Apps in the kids category may not include third-party advertising or analytics,” the new guidelines say. Previously, the guidelines only restricted behavioral advertising tracking.

Apple also currently prohibits apps in the kids category from including links that point outside the app or contain in-app purchasing.

Apple has come under fire for its recent marketing campaign claiming “what happens on your iPhone stays on your iPhone,”  which critics say is misleading. All too often apps include ads or tracking code that allows app makers to collect information about the device, including its location and other data, and send it back to base so companies can better target its users with ads, learn more about how you use the app, and more.

Just last week, the Washington Post found over 5,400 app trackers were uploading data from an iPhone over a single week — even at night when the phone owner was asleep.

As a TechCrunch investigation earlier this year found, some apps use so-called session replay technology, a kind of analytics software that records the screen when an app is open. Apps built by Expedia, Hollister and Hotels.com were found in violation of Apple’s rules and developers were told to remove the code.

Apple follows in the footsteps of Google, which last week set out new policies around kids’ apps available for Android through Google Play. The move came following a complaint by the Federal Trade Commission filed by close to two-dozen consumer advocacy groups, which accused the mobile giant of not ensuring app compliance with federal children’s privacy laws.

Now with Apple’s new restrictions, at least kids have a fighting chance of keeping their iPhone data private.

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

Microsoft announces AI-powered Bing search and Edge browser

Published

on

Enlarge / A screenshot of Microsoft’s new Bing search with AI integrations from OpenAI.

Microsoft

Fresh off news of an extended partnership last month, Microsoft has announced a new version of its Bing search engine and Edge browser that will integrate ChatGPT-style AI language model technology from OpenAI. These new integrations will allow people to see search results with AI annotations side by side and also chat with an AI model similar to ChatGPT. Microsoft says a limited preview of the new Bing will be available online today.

Microsoft announced the new products during a press event held on Tuesday in Redmond. “It’s a new day in search,” The Verge quotes Microsoft CEO Satya Nadella as saying at the event, taking a clear shot at Google, which has dominated web search for decades. “The race starts today, and we’re going to move and move fast. Most importantly, we want to have a lot of fun innovating again in search, because it’s high time.”

Microsoft

During the event, Microsoft demonstrated a new version of Bing that displays traditional search results on the left side of the window while providing AI-powered context and annotations on the right side. Microsoft envisions this side-by-side layout as a way to fact check the AI results, allowing the two sources of information to complement each other. ChatGPT is well known for its ability to hallucinate convincing answers out of thin air, and Microsoft appears to be hedging against that tendency.

Another mode allows users to interact with the Bing chatbot through a regular chat interface, such as ChatGPT, by asking it questions. In Edge, Microsoft will provide two new features: one called “compose,” which acts as a writing assistant; and “chat,” which can summarize a website or provide an interactive Q&A about the website’s contents.

The “new Bing” isn’t the first service to experiment with AI-assisted search engines. Both Perplexity Ask and YouChat currently provide similar conversational AI offerings. And on Monday, Google lifted the veil on Bard, an AI-powered conversational bot that it says will power the future of its search experience, although it’s not available in demo form yet. We expect to hear more about Bard and potentially other Google AI projects during an event scheduled for Wednesday.

For now, Microsoft has made the new Bing available on a limited preview basis with some prefilled search results at bing.com/new, where there’s also a sign-up link for a waitlist. This is a breaking news story, and we’ll update it as we learn new information.

Continue Reading

Biz & IT

Google and Mozilla are working on iOS browsers that break current App Store rules

Published

on

Enlarge / Mozilla’s current logo for Firefox.

Companies like Google, Mozilla, and Microsoft have versions of their web browsers on Apple’s iOS and iPadOS App Stores, but these versions come with a big caveat: The App Store rules require them to use Safari’s WebKit rendering engine rather than the engines those browsers use in other operating systems.

But that could be changing. According to The Register, Google and Mozilla have recently been spotted working on versions of Chromium and Firefox that use their normal Blink and Gecko rendering engines, respectively.

Apple hasn’t announced any rule changes. The correlated activity from Google and Mozilla could suggest that they’re expecting Apple to drop its restrictions on third-party browser engines in the near future, or the companies could simply be hedging their bets. Regulatory pressure from multiple governments is pushing Apple in the direction of loosening many of its App Store restrictions, including (begrudgingly) accepting third-party payment services and sideloading of apps and third-party app stores.

The iOS versions of Chrome, Firefox, Edge, and others can currently sync with their desktop counterparts and present whatever user interface they want, but the WebKit requirement means their capabilities and shortcomings are mostly the same as Safari’s. No such restriction exists on macOS, where third-party browsers can use whatever rendering engine they please.

Apple could still conceivably impose limitations on the way these browsers work—the amount of storage they’re allowed to use for caching content, how much memory and CPU capacity they’re permitted to use while running in the background, how aggressively tabs must be unloaded from RAM to make room for other apps, what extensions they’re allowed to use, and plenty of other possibilities. But for the iPad in particular, opening the platform up to third-party browser engines will hopefully mean more third-party browsers that look and act more like their macOS and Windows counterparts.

Continue Reading

Biz & IT

Hackers are mass infecting servers worldwide by exploiting a patched hole

Published

on

Getty Images

An explosion of cyberattacks is infecting servers around the world with crippling ransomware by exploiting a vulnerability that was patched two years ago, it was widely reported on Monday.

The hacks exploit a flaw in ESXi, a hypervisor VMware sells to cloud hosts and other large-scale enterprises to consolidate their hardware resources. ESXi is what’s known as a bare-metal, or Type 1, hypervisor, meaning it’s essentially its own operating system that runs directly on server hardware. By contrast, servers running the more familiar Type 2 class of hypervisors, such as VMware’s VirtualBox, run as apps on top of a host operating system. The Type 2 hypervisors then run virtual machines that host their own guest OSes such as Windows, Linux or, less commonly, macOS.

Enter ESXiArgs

Advisories published recently by computer emergency response teams (CERT) in France, Italy, and Austria report a “massive” campaign that began no later than Friday and has gained momentum since then. Citing results of a search on Census, CERT officials in Austria, said that as of Sunday, there were more than 3,200 infected servers, including eight in that country.

“Since ESXi servers provide a large number of systems as virtual machines (VM), a multiple of this number of affected individual systems can be expected,” the officials wrote.

The vulnerability being exploited to infect the servers is CVE-2021-21974, which stems from a heap-based buffer overflow in OpenSLP, an open network-discovery standard that’s incorporated into ESXi. When VMware patched the vulnerability in February 2021, the company warned it could be exploited by a malicious actor with access to the same network segment over port 427. The vulnerability had a severity rating of 8.8 out of a possible 10. Proof-of-concept exploit code and instructions for using it became available a few months later.

Over the weekend, French cloud host OVH said that it doesn’t have the ability to patch the vulnerable servers set up by its customers.

“ESXi OS can only be installed on bare metal servers,” wrote Julien Levrard, OVH’s chief information security officer. “We launched several initiatives to identify vulnerable servers, based on our automation logs to detect ESXI installation by our customers. We have limited means of action since we have no logical access to our customer servers.”

In the meantime, the company has blocked access to port 427 and is also notifying all customers it identifies as running vulnerable servers.

Levrard said the ransomware installed in the attacks encrypts virtual machine files, including those ending in .vmdk, .vmx, .vmxf, .vmsd, .vmsn, .vswp, .vmss, .nvram, and .vmem. The malware then tries to unlock the files by terminating a process known as VMX. The function isn’t working as its developers intended, resulting in the files remaining locked.

Researchers have dubbed the campaign and the ransomware behind it ESXiArgs because the malware creates an additional file with the extension “.args” after encrypting a document. The .args file stores data used to decrypt encrypted data.

Researchers from the YoreGroup Tech Team, Enes Sonmez and Ahmet Aykac, reported that the encryption process for ESXiArgs can make mistakes that allow victims to restore encrypted data. OVH’s Levrard said his team tested the restoration process the researchers described and found it successful in about two-thirds of the attempts.

Anyone who relies on ESXi should stop whatever they’re doing and check to ensure patches for CVE-2021-21974 have been installed. The above-linked advisories also provide more guidance for locking down servers that use this hypervisor.

Continue Reading

Trending