Apple could be buying cobalt from mining companies directly


Cobalt is the new oil. Car companies and battery manufacturers are all rushing to secure multiyear contracts with mining companies for their lithium-ion batteries. According to a Bloomberg report, Apple is also participating in this game as the company wants to secure its long-term supplies.

The company has never done this before with cobalt. Apple relies on a ton of suppliers for all the components in its devices — including for batteries. And yet, cobalt prices have tripled over the past 18 months. Chances are Apple will secure a contract much more easily than a battery supplier.

While an Apple Watch battery is an order of magnitude smaller than a car battery, Apple sells hundreds of millions of devices every year. All those iPhone and Mac batteries represent quite a bit of cobalt.

But the issue is that car manufacturers are putting a ton of pressure on cobalt suppliers. BMW and Volkswagen are also looking at signing multiyear contracts to secure their supply chains. And other car manufacturers are probably also paying attention to cobalt prices.

As a side effect, buying cobalt straight from the mines makes it easier to control the supply chain. It’s hard to know where you cobalt is coming from when you buy batteries from third-party suppliers. And in that case, it can be a big issue.

Amnesty International published a report in January 2016 about cobalt mines, saying that tech companies and car manufacturers aren’t doing enough to prevent child labor in the Democratic Republic of the Congo — the country is responsible for 50 percent of global cobalt production.

A couple of months ago, Amnesty International published an update, saying that Apple is more transparent than others. The iPhone maker now publishes a list of its cobalt suppliers. But there’s still a long way to go in order to make sure that mining companies respect basic human rights.

But let’s be honest. In today’s case, Apple mostly wants to be able to buy enough cobalt at a fair price for its upcoming gadgets. And the company has deep enough pockets to sign this kind of deals.

Update for iOS and Macs negates text bomb that crashed devices


Last week we reported a major bug in Apple operating systems that would cause them to crash from mere exposure to either of two specific Unicode symbols. Today Apple fixes this major text-handling issue with iOS version 11.2.6 and macOS version 10.13.3, both now available for download.

The issue, discovered by Aloha Browser in the course of normal development, has to do with poor handling of certain non-English characters. We replicated the behavior, basically an immediate hard crash, in a variety of apps on both iOS and macOS. The vulnerability is listed on MITRE under CVE-2018-4124. If you were curious.

Apple was informed of the bug and told TechCrunch last week that a fix was forthcoming — and the patches just dropped in the last few minutes (iOS; macOS). Apple calls the magical characters a “maliciously crafted string” that led to “heap corruption.” It seems that macOS versions before 10.13.3 aren’t affected, so if you’re running an older OS, no worries.

The iOS patch also fixes “an issue where some third-party apps could fail to connect to external accessories,” which is welcome but unrelated to the text bomb.

You should be able to download both updates right now, and you should, or you’ll probably get pranked in the near future.

People are trolling iPhone users with the ‘killer symbol’ that crashes their apps


Surprise! Assorted jerks on the internet have weaponized the unicode-based bug we reported yesterday to insta-crash apps running on an iPhone or a Mac. The result is somewhere between the old Alt + F4 trick and a script kiddie stunt and it ranges from being annoying to rendering a device unusable, depending on the tenacity of the troll.

The bug causes many iOS and Mac apps to crash when rendering two characters in Telugu, a south Indian language. While anyone can avoid viewing the symbols themselves, problems arise when someone ill-intentioned starts spamming out the symbols or sending them directly to devices where they will be received as a notification.

Droves of Twitter users have taken to tweeting the symbols out over the last day with messages like “read this to log off instantly” and “retweet this to crash anyone using an Apple device,” though luckily most of them don’t have many followers. Still, if the symbol shows up in your @ replies or in the handle of someone who likes one of your tweets, then it’s game over for whatever app you have open (Motherboard writer Joseph Cox learned this the hard way). From what we’ve observed, the only way to get an app working again is to reinstall it from scratch — a time consuming process, especially if a troll just crashes it all over again.

As captured on Twitter, one security researcher added one of the symbols to his Uber handle as an experiment. “I suspect a crashed phone means you get routed to the next driver… who gets crashed too. Like an Uber routing worm” he wrote. We reached out to Uber to see if they’re aware of the issue and will update when we hear back.

For now, most of the trolling seems to be on Twitter. A search on both Facebook and Reddit yielded conspicuously few signs of Telugu trolling, so it appears that those platforms may have taken steps to limit the fallout from the iPhone-killing unicode symbols.

Meanwhile, a thorough blog post by a Mozilla engineer Manish Goregaokar suggests that the scope of the unicode bug could be broader than the two symbols we know. “… From some experimentation, this bug seemed to occur for any pair of Telugu consonants with a vowel, as long as the vowel is not ై (ai),” he wrote. His findings so far:

“So, ultimately, the full set of cases that cause the crash are:

Any sequence <consonant1, virama, consonant2, ZWNJ, vowel> in Devanagari, Bengali, and Telugu, where:

consonant2 is suffix-joining – i.e. र, র, য, and all Telugu consonants
If consonant2 is र or র, consonant1 is not the same letter (or a variant, like ৰ)
vowel is not ై or ৌ”

TechCrunch has reached out to Twitter, Facebook and Reddit to see how those platforms are handling the bug, which is particularly destructive when blasted out on an open social network. We’ve also been in touch with Apple and they’ve confirmed that there is a “dot update” fix coming soon, though declined to confirm if it would be iOS 11.2.6. Apple noted that the bug is fixed in current betas of iOS, tvOS, macOS and watchOS.

Featured Image: Jane_Kelly/Getty Images (IMAGE HAS BEEN MODIFIED)

People are trolling iPhone users with the ‘killer symbol’ that crashes their apps


Surprise! Assorted jerks on the internet have weaponized the unicode-based bug we reported yesterday to insta-crash apps running on an iPhone or a Mac. The result is somewhere between the old Alt + F4 trick and a script kiddie stunt and it ranges from being annoying to rendering a device unusable, depending on the tenacity of the troll.

The bug causes many iOS and Mac apps to crash when rendering two characters in Telugu, a south Indian language. While anyone can avoid viewing the symbols themselves, problems arise when someone ill-intentioned starts spamming out the symbols or sending them directly to devices where they will be received as a notification.

Droves of Twitter users have taken to tweeting the symbols out over the last day with messages like “read this to log off instantly” and “retweet this to crash anyone using an Apple device,” though luckily most of them don’t have many followers. Still, if the symbol shows up in your @ replies or in the handle of someone who likes one of your tweets, then it’s game over for whatever app you have open (Motherboard writer Joseph Cox learned this the hard way). From what we’ve observed, the only way to get an app working again is to reinstall it from scratch — a time consuming process, especially if a troll just crashes it all over again.

As captured on Twitter, one security researcher added one of the symbols to his Uber handle as an experiment. “I suspect a crashed phone means you get routed to the next driver… who gets crashed too. Like an Uber routing worm” he wrote. We reached out to Uber to see if they’re aware of the issue and will update when we hear back.

For now, most of the trolling seems to be on Twitter. A search on both Facebook and Reddit yielded conspicuously few signs of Telugu trolling, so it appears that those platforms may have taken steps to limit the fallout from the iPhone-killing unicode symbols.

Meanwhile, a thorough blog post by a Mozilla engineer Manish Goregaokar suggests that the scope of the unicode bug could be broader than the two symbols we know. “… From some experimentation, this bug seemed to occur for any pair of Telugu consonants with a vowel, as long as the vowel is not ై (ai),” he wrote. His findings so far:

“So, ultimately, the full set of cases that cause the crash are:

Any sequence <consonant1, virama, consonant2, ZWNJ, vowel> in Devanagari, Bengali, and Telugu, where:

consonant2 is suffix-joining – i.e. र, র, য, and all Telugu consonants
If consonant2 is र or র, consonant1 is not the same letter (or a variant, like ৰ)
vowel is not ై or ৌ”

TechCrunch has reached out to Twitter, Facebook and Reddit to see how those platforms are handling the bug, which is particularly destructive when blasted out on an open social network. We’ve also been in touch with Apple and they’ve confirmed that there is a “dot update” fix coming soon, though declined to confirm if it would be iOS 11.2.6. Apple noted that the bug is fixed in current betas of iOS, tvOS, macOS and watchOS.

Featured Image: Jane_Kelly/Getty Images (IMAGE HAS BEEN MODIFIED)

Sorry, Apple’s ‘Carpool Karaoke’ gets a second season


Despite its almost universally negative reception from critics, Apple has chosen to renew James Corden’s “Carpool Karaoke” series for Apple Music for a second season. CBS CEO Leslie Moonves announced the renewal on the company’s earning call this week, as part of its commitment to producing more original content, according to a report from Deadline.

The series, which is based on the recurring segment from “The Late Late Show with James Corden,” has been streaming on Apple Music since August 2017. It’s essentially an expanded format of what had previously been much shorter clip when it was aired on TV. It also doesn’t have Corden hosting, save for a couple of the episodes.

In 20+-minute long videos, the Apple series has featured a cavalcade of guests like Will Smith, Alicia Keys, John Legend, LeBron James, Billy Eichner, Metallica, Sophie Turner, Maisie Williams, Seth MacFarlane, Ariana Grande, Miley Cyrus, Queen Latifah, Jada Pinkett Smith, Shaquille O’Neal, John Cena, Shakira, Trevor Noah, and many others.

Despite the big names, reviews for the show have not been kind.

The Guardian, for example, called it “marginally more watchable than the feeble ‘Planet of the Apps,’” which is a low blow, considering how badly “Planet of the Apps” tanked. Variety said that by making the show a standalone series, its “weaknesses are magnified.” And TechCrunch’s Brian Heater said the show is “not a compelling reason to subscribe to Apple Music.”

And yet, it will return – which must indicate that at least some people are watching. Deadline says, in fact, that “Carpool Karaoke” has been the most popular video content on Apple Music. (It didn’t say how it sourced this claim, however.)

Of course, the series currently has very little competition, as Apple Music today features few other original series. That will soon change, however.

Apple has upped its investment in originals, and now has a number of more promising shows in the works, including a Witherspoon-backed comedy starring Kristen Wiig and thriller starring Octavia Spencer, a documentary series about extraordinary homesa revival of “Amazing Stories” exec-produced by Steven Spielberg, a new space drama from “Battlestar Galactica’s” creator Ronald D. Moore, called “See,” a scripted basketball show based on Kevin Durant’s life, and show from “La La Land” director Damien Chazelle.

Sorry, Apple’s ‘Carpool Karaoke’ gets a second season


Despite its almost universally negative reception from critics, Apple has chosen to renew James Corden’s “Carpool Karaoke” series for Apple Music for a second season. CBS CEO Leslie Moonves announced the renewal on the company’s earning call this week, as part of its commitment to producing more original content, according to a report from Deadline.

The series, which is based on the recurring segment from “The Late Late Show with James Corden,” has been streaming on Apple Music since August 2017. It’s essentially an expanded format of what had previously been much shorter clip when it was aired on TV. It also doesn’t have Corden hosting, save for a couple of the episodes.

In 20+-minute long videos, the Apple series has featured a cavalcade of guests like Will Smith, Alicia Keys, John Legend, LeBron James, Billy Eichner, Metallica, Sophie Turner, Maisie Williams, Seth MacFarlane, Ariana Grande, Miley Cyrus, Queen Latifah, Jada Pinkett Smith, Shaquille O’Neal, John Cena, Shakira, Trevor Noah, and many others.

Despite the big names, reviews for the show have not been kind.

The Guardian, for example, called it “marginally more watchable than the feeble ‘Planet of the Apps,’” which is a low blow, considering how badly “Planet of the Apps” tanked. Variety said that by making the show a standalone series, its “weaknesses are magnified.” And TechCrunch’s Brian Heater said the show is “not a compelling reason to subscribe to Apple Music.”

And yet, it will return – which must indicate that at least some people are watching. Deadline says, in fact, that “Carpool Karaoke” has been the most popular video content on Apple Music. (It didn’t say how it sourced this claim, however.)

Of course, the series currently has very little competition, as Apple Music today features few other original series. That will soon change, however.

Apple has upped its investment in originals, and now has a number of more promising shows in the works, including a Witherspoon-backed comedy starring Kristen Wiig and thriller starring Octavia Spencer, a documentary series about extraordinary homesa revival of “Amazing Stories” exec-produced by Steven Spielberg, a new space drama from “Battlestar Galactica’s” creator Ronald D. Moore, called “See,” a scripted basketball show based on Kevin Durant’s life, and show from “La La Land” director Damien Chazelle.

Essential Phone’s new ‘Halo Gray’ color goes on sale exclusively at Amazon


The Essential Phone is currently in the midst of being rolled out in a range of new colors, including three that will be released excessively on Essential’s own website, with a staged release schedule that began Thursday. On Friday, however, Essential revealed a surprise fourth new color, “Halo Gray,” which will be exclusive to Amazon and which is now available to pre-purchase.

Amazon is a partner to Essential both as a sales channel, and as an investor. The distribution partnership with Amazon has been particularly fruitful, among all its sales channels, according to Essential President Niccolo de Masi, so it made sense to do something unique for Amazon with the ‘Halo Gray’ colorway.

With the Halo Gray Essential Phone, customers get the dark, matte finish of the ‘Stellar Gray’ color it released itself, along with the natural titanium, silver look of the band on the current white Essential model. The combination should be a good one, I can say from having seen both the matte finish and the titanium bands separately on other versions of Essential’s device.

The phone will also be unique in another way: It’ll include the Alexa app in the app drawer right from setup (though it’s still user removable, too, unlike pre-loaded stuff on most other Android devices). Given the popularity of Echo devices, and the gadget–buying audience Amazon is probably reaching anyway, it’s very likely that Essential buyers will appreciate saving a step with Alexa ready to go out of the box.

Amazon has been a solid partner for Essential, de Masi says, especially given its relative youth. The Essential Phone was one of the top-selling unlocked phones for Amazon on Cyber Monday last year, for instance, and also been an avenue for bringing the unlocked device to other markets via international shipping options.

  1. ph1-halo-gray-angled-hi-res

  2. ph1-halo-gray-34-hi-res

I asked De Masi about the recent IDC report that claims Essential sold just around 90,000 phones in its first six months of availability. Essential has always been upfront about the fact that it wouldn’t approach sales volumes of giants like Apple or Samsung in its first few years, but de Masi said he’s been pleasantly surprised by their performance, and called those estimates off-base relative to their actual sales volume thus far.

“I have yet to see any estimate throughout the life of this company that wasn’t low,” De Masi said. “Every single industry number has been low throughout the life of this product. I’m comfortable saying we sold in the six figures last year. We weren’t in the seven figures, but we certainly weren’t in the five figures.”

The Essential President also noted that Xiaomi’s first-year sales were in the same ballpark, so in general it’s happy with the company it’s keeping. De Masi also hinted about more to come, though he wouldn’t provide any specifics on any potential Essential Phone successors. New accessories are also in the pipeline, as are additional software improvements to build on the great work the company has done with the Essential Phone’s camera to date.

Like the other limited edition new colors from Essential, this Halo Gray version will be sold out once all the inventory is gone. de Masi acknowledged that Essential is taking cues from other limited release products in the lifestyle, including watches and sneakers, in pursuing this kind of strategy. Essential’s industrial design is unique and distinct enough that it seems like a good fit, but it’ll be interesting to see how it impacts overall sales numbers for the smartphone startup.