Apple addresses iOS source code leak, says it appears to be tied to three-year-old software


Earlier this week, iOS source code showed up on GitHub, raising concerns that hackers could find a way to comb the material for vulnerabilities. Apple has confirmed with TechCrunch that the code appears to be real, but adds that it’s tied to old software. 

The material is gone now, courtesy of a DMCA notice Apple sent to GitHub, but the occurrence was certainly notable, given the tight grip the company traditionally has on such material. So, if the code was, indeed, what it purported to be, has the damage already been done?

Motherboard, which was among the first to note the code labeled “iBoot,” reached out to author Jonathan Levin, who confirmed that the code certainly looks real and called it “a huge deal.” While the available code appears to be pretty small, it could certainly offer some unique insight into how Apple works its magic.

“Old source code from three years ago appears to have been leaked,” the company said in a statement provided to TechCrunch, “but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”

Much of the security concern is mitigated by the fact that it appears to be tied to iOS 9, a version of the operating system released three-and-a-half years ago. Apple’s almost certainly tweaked significant portions of the available code since then, and the company’s own numbers show that a large majority of users (93-percent) are running iOS 10 or later. But could the commonalities offer enough insight to pose a serious potential threat to iPhone users?

Security researcher Will Strafach told TechCrunch that the code is compelling for the information it gives hackers into the inner workings of the boot loader. He added that Apple’s probably not thrilled with the leak due to intellectual property concerns (see: the DMCA request referenced above), but this information ultimately won’t have much if any impact on iPhone owners.

“In terms of end users, this doesn’t really mean anything positive or negative,” Strafach said in an email. “Apple does not use security through obscurity, so this does not contain anything risky, just an easier to read format for the boot loader code. It’s all cryptographically signed on end user devices, there is no way to to really use any of the contents here maliciously or otherwise.”

In other words, Apple’s multi-layered approach to keeping iOS secure involves a lot more safeguards than what you’d see in a leak like this, however it may have made its way to GitHub. Of course, as Strafach correctly points out, the company’s still probably not thrilled about the optics around having had this information in the wild — if only for a short while.

iPhone sales numbers dipped slightly, but revenue is up courtesy of the iPhone X


As far as sales figures go, this last quarter wasn’t entirely rosy for Apple. During today’s earnings report, the company posted sales of 77.3 million iPhones, down just under a million from this time last year. Of course, that 78.2 million figure from 2017 represented a new record for the company.

But Wall Street still expected another increase, up to 80.2 million phones for the quarter, as the company added a 10th anniversary flagship to the line. In spite of that disappointment, Apple actually saw a 13-percent bump in revenue for Q1 2018, thanks in no small part to the fact that the iPhone X represents a significant price premium over the iPhone 8 and past models. The average price per iPhone is ~$40 higher then it was this time last year.

The price premium hasn’t stopped the iPhone X from topping Apple’s own sales charts, either. An analysis of the industry recently singled out the high-end handset as the top selling phone for the holidays, in spite of failing to hit some industry goals. Today Apple added that the X has been the best selling iPhone model since launch.

“We’re thrilled to report the biggest quarter in Apple’s history, with broad-based growth that included the highest revenue ever from a new iPhone lineup,” Tim Cook says in a press release tied to this evening’s news. “iPhone X surpassed our expectations and has been our top-selling iPhone every week since it shipped in November.”

Cook also notes that the company’s overall active installed device base just hit 1.3 billion.

Likely the company is still viewing all of this disappointment, but still a net positive. After all, revenue is really the bottom line here, even if the optics of a sales dip aren’t as cheery. Apple’s shifted to a new sales model, and even if the iPhone X wasn’t a wild success by every metric, the company’s demonstrated that people are willing to pay $999+ for a premium smartphone experience.

Tech Fix: Your iPhone Slowed Down. Here’s What to Do When the Solution Is Just as Slow.

Apple may be dealing with the fallout for a while. The company published a lengthy memo in December saying that smartphone batteries became less effective over time and that its software was intended to prevent iPhones with older batteries from unexpected shutdowns. Apple also apologized to customers for the slowdowns, offered discounts for its battery-replacement program and said it would introduce software to gain visibility into the health of an iPhone battery.

Yet since then, consumer advocacy groups have filed lawsuits against the company for failing to disclose that the software would throttle old iPhones. The Justice Department and the Securities and Exchange Commission have also started an inquiry into the matter, according to a person with knowledge of the situation, who asked not to be named because the details were confidential. Bloomberg earlier reported the inquiry.

Early Wednesday, Apple said in a statement that it had received questions from some government agencies and that it was responding to them; the company did not specify the agencies it had heard from. The Justice Department declined to comment.

As for the wait times that Ms. Schipper and others are experiencing for a battery replacement, a spokeswoman referred to Apple’s support webpage, which states that battery supplies at its stores may be limited.

Let’s not wait around. Here’s a guide to other solutions to keep an iPhone running in the absence of an Apple battery replacement.

Third-Party Repair Shops

Plenty of irate Apple customers are turning to local third-party repair shops to get their iPhone batteries replaced. At Mega Mobile Boston, twice as many customers are coming in for iPhone battery replacements than in years past, said Adam Fullerton, the store’s operations manager.

Third-party repairs are a decent — but imperfect — solution. One drawback is that they vary in quality; some repair shops buy lower-quality batteries that don’t last. So to find a good shop, rely on word of mouth and reviews on the web, similar to how you might seek out a good car mechanic.

Another issue is that if you service your phone with a third-party battery and later take your device in to Apple for repair, the company could refuse to service your phone. So if you go the third-party route, chances are you will have to stick with third-party repair shops through the end of your phone’s life.

There’s a less risky route here. On Apple’s support webpage, you can look up third-party repair shops that are authorized by Apple as service providers. These are fixers who have been trained by Apple and carry original parts. But the list is short.

If you find a good local fixer, there are plenty of benefits to sticking with one long term. For one, third-party shops tend to have shorter waits. Mr. Fullerton said his shop could typically get an iPhone battery replacement done in about 30 minutes. The process involves opening the device, cleaning away the old waterproofing adhesive, replacing the battery and applying a new waterproofing adhesive.

For another, local repair shops make their prices competitive with the manufacturer’s. In the case of batteries, many shops are discounting their battery replacements to match Apple’s $29 pricing.

“We’re probably losing money on it with the cost of a half-hour time from a technician,” Mr. Fullerton said. “But it’s like a loss leader in any other industry. If you’re Best Buy and you get them to buy one item at cost, maybe you can teach them something about your business.”

Finding a good repair shop can feel daunting, but if you ask around, your peers will probably have recommendations. For a sample, here’s a list of highly recommended repair shops in the United States that I compiled from talking to repair experts I trust:

■ In Chicago: uBreakiFix Chicago

■ In San Francisco: MacRepair

■ In New York: Simple Mac

■ In Boston: Mega Mobile Boston

■ In Washington: Computer Geeks

■ In Austin, Tex.: Austin Mac Repair

Fix It Yourself

You can always replace an iPhone battery by yourself. The pros: You can choose the best components for repairs and minimize costs. The cons: Learning repairs can be time consuming, and if you mess up, you have no one to blame but yourself. And again, Apple stores could refuse to service your phone if it sees you have repaired it with third-party parts.

A good place to start for D.I.Y. repairs is iFixit, a company that provides instruction manuals and components for repairing devices. It is offering discounts on battery replacement kits for older iPhones, which cost $17 to $29. Each kit includes a new battery and the tools for disassembling iPhones.

Installing a phone battery can be intimidating. Replacing an iPhone 7 battery, for example, requires eight tools and 28 steps. Kyle Wiens, the chief executive of iFixit, said some customers also opted to buy a battery from iFixit and then take it to a local repair shop for installation.

Carry a Battery Pack

If you don’t feel confident hiring a third-party fixer or installing your own battery, you can always wait for Apple to replace your battery. But since that could take weeks or months, don’t suffer with a sapped phone battery in the meantime.

A better temporary solution is to invest in a battery pack that you can carry around until replacement batteries arrive at an Apple store. Wirecutter, a New York Times company that reviews products, has tested hundreds of battery packs to recommend a few. My favorite is the Anker PowerCore 20100, which can charge a smartphone every day for a week.

Ms. Schipper, the Seattle resident, is considering buying a battery pack. In the meantime, she is constantly plugging her iPhone into a power outlet because her battery lasts only two hours a day.

Yet she has resisted what she thinks Apple wants: for her to buy a new phone.

“I was tempted to just chuck this phone and suck it up and spend $1,000-plus and get the iPhone X,” she said. “I said, ‘No, darn it, I have a budget I’m saving up.’ I’m not going to let Apple push me around.”

Continue reading the main story

Apple reportedly under investigation by SEC and DOJ for phone slowdown


The U.S. Department of Justice and the Securities Exchange Commission are jointly investigating Apple’s communications about the software update that slowed down older models of the iPhone, Bloomberg is reporting.

Citing sources familiar with the matter, the government has reportedly requested details on the company’s communications about the software update.

The Bloomberg report indicates that the two agencies are in very early stages of their investigation.

We’ve reached out to Apple, the SEC and the DOJ for comment and will update when we hear back.

For background, Apple got into a lot of trouble with customers who noticed that the performance of their older model phones was degrading over time. Apple was pushed to disclose that it had issued a software update that privileged power management over performance in older devices that had degraded batteries.

There was, unsurprisingly, some pushback and Apple was forced to apologize for the way it handled the update.

The U.S. isn’t the only country where people are pressing Apple for more information. Consumer advocacy groups around the world — from Europe to Asia — are pressing for an investigation into the slowdown.

Apple, in Sign of Health Ambitions, Adds Medical Records Feature for iPhone

Apple, more than the others, has been reticent to publicize its long-term vision for health technology. But recent product introductions, like the new health records feature, highlight how focused Apple is on using its iPhone, Apple Watch and apps to give people more control over their health care.

In addition to the iPhone Health app, Apple has developed ResearchKit, software to help researchers develop iPhone apps to conduct health studies, and HealthKit, a platform that allows consumers to share health data on their iPhone or Apple Watch with health and fitness apps. Apple is also sponsoring clinical research, called the Apple Heart Study, at Stanford University to determine whether an app for the Apple Watch can detect irregular heart rhythms.

Photo

Part of the Apple Health app, the new health records feature can transfer medical data like immunization records and prescriptions. Credit Apple

A review of Apple’s current job openings also gives clues about the company’s wider ambitions in the health care sector.

According to the company’s site, Apple is seeking a hardware engineer to develop “next-generation” health sensors for products like the iPhone and iPad; software engineers for the company’s “health special projects team” to join “an exciting new project at an early stage”; an engineering manager for the company’s motion technologies team “to help shape the next set of groundbreaking features” in fitness and health; and a biomedical scientist to help design studies for health, wellness and physiological measurement apps.

“We will empower you to engage with a variety of internal teams and external partners to continually question the limitations of technology implemented in health products,” says an Apple job description for a health tech hardware development engineer.

Apple’s personal medical record feature is hardly a new idea. With much fanfare about a decade ago, both Google and Microsoft introduced free services — called Google Health and Microsoft HealthVault — that helped consumers centralize their personal health data.

But the concept of the personal medical record did not generate widespread adoption in that era, which predated the popularization of the iPhone and mobile apps. Google shut down Google Health in 2011. Microsoft still offers its HealthVault service.

Correction: January 24, 2018
An earlier version of this article misstated when Apple plans to allow consumers to try testing the new Health app feature that allows users to automatically download and see parts of their medical records on their iPhones. Consumers will be allowed to test a beta version of the feature on Thursday, not Friday.

Continue reading the main story

The latest iOS update fixes a glitch that would let others crash your phone with a text message

Last week, software developer and researcher Abraham Masri shared details of a bug that would allow others to freeze your iPhone with little more than a quick text message.

Apple has just pushed out iOS 11.2.5, which patches that issue back up.

This bug, the likes of which are often referred to as a “text bomb”, had a would-be attacker send a URL via text message. When the recipient’s phone started processing it for preview, the device would start doing all sorts of weird things — from freezing, to homescreen crashes, to kernel panics.

The company rarely says much about the whats and whys of a bug, but it mentions in the security notes that it stemmed from the way links received in text messages are processed and presented. Apple credits Masri for finding the bug.

This update also preps iOS devices for the coming launch of Apple’s HomePod speaker, and teaches Siri how to read the news (albeit only in the US, UK, and Australia) when you say the right magic words — which, wouldn’t you know it, are “Hey Siri, play the news”. You can also get a bit more specific, saying things like “business news” or “sports news”.

Apple’s enterprise evolution

Back in 2010, Apple’s iconic co-founder Steve Jobs was not entirely enthralled with the enterprise. In fact, Jobs is famously quoted as saying, “What I love about the consumer market, that I always hated about the enterprise market, is that we come up with a product, we try to tell everybody about it, and every person votes for themselves.”

He added, “They go ‘yes’ or ‘no,’ and if enough of them say ‘yes,’ we get to come to work tomorrow. That’s how it works.”

That was an accurate enough representation of the way things worked when Jobs made the statement. Back in those days, IT kept tight control over the enterprise, issuing equipment like BlackBerries and ThinkPads (and you could have any color you wanted — as long as it was black). Jobs, who passed away in 2011, didn’t live long enough to see the “Bring Your Own Device” (BYOD) and “Consumerization of IT,” two trends that were just hovering on the corporate horizon at the time of his death.

I have the feeling he would have quite liked both movements and would have taken great pleasure in the fact that in many ways those trends were driven by his company’s mobile devices, the iPhone and the iPad. People were using those devices at home and they were increasingly bringing them to work. IT had little choice but to begin accommodating them.

That movement has helped fuel Apple’s enterprise evolution. Over time, Apple has partnered with enterprise stalwarts like IBM, SAP and Cisco. It has provided tools for IT to better manage those i-devices, and Macs, too, and it has built the enterprise into a substantial business (to the extent that we can tell).

What do we have here?

Trying to find data on the size of Apple’s enterprise business is a challenge because it doesn’t often break out enterprise revenue in earnings calls, but to give you a sense of the market, Tim Cook did reveal a number in the Q4 2015 earnings call.

“We estimate that enterprise markets accounted for about $25 billion in annual Apple revenue in the last 12 months, up 40 percent over the prior year and they represent a major growth vector for the future,” Cook said at the time.

In a June 2017 Bloomberg interview, Cook didn’t provide any numbers, but he did call the enterprise, “the mother of all opportunities.” That’s because enterprises tend to buy in bulk, and as they build an Apple support system in-house, it feeds other parts of the enterprise market as companies buy Macs to build custom apps for both internal users and consumers of their products and services.

This connection did not escape Cook in the Bloomberg interview. “For most enterprises, iOS is the preferred mobile operating system. IOS is a fantastic platform because of the ease with which you can write apps that are great for helping you run your business efficiently or interface with your customers directly. We see many, many enterprises now writing apps. Well, what do they use to write the apps? They use the Mac. The Mac is the development platform for iOS,” Cook told Bloomberg.

Photo: Justin Sullivan/Getty Images

Another way to look at the market is to look at Jamf, an Apple enterprise tool partner that helps companies manage Apple devices in large organizations. The company, which launched in 2002 long before the iPad or the iPhone, has been growing in leaps and bounds. It reports it has 13,000 customers today. To put that into perspective, it took 13 years to reach 6,000 customers and just 2.5 years to more than double to 13,000.

“A lot of people say Apple is getting more focused on enterprise, but I believe Apple helped enterprise focus more on users and they’ve had more success,” Jamf CEO Dean Hager told TechCrunch. “It started with Apple creating great products people wanted to bring to work and then they just demanded it,” he said.

Forcing their way into the enterprise

That organic momentum can’t be underestimated, but once it got in, Apple had to give IT something to work with. IT has always seen its role as hardware and software gatekeeper, keeping the enterprise safe from external security threats.

Ultimately the company never set out to build out enterprise-grade devices with the iPhone and iPad. They simply wanted devices that worked better than what was out there at the time. That people liked to use them so much that they brought them to work was an extension of that goal.

In fact, Susan Prescott, vice president of markets, apps and services at Apple was at the company when the first iPhone was released, and she was aware of the company’s goals. “With iPhone, we set out to completely rethink mobile, to enable the things we knew that people wanted to do, including at work,” she said.

Susan Prescott of Apple. Photo: Justin Sullivan/Getty Images

The notion of apps and the App Store and bringing in developers of all ilks to build them was also attractive to enterprises. When IBM and SAP got involved, they began building apps specifically geared towards enterprise customers. Customers could access these apps from a vetted App Store, which also was appealing to IT. The Cisco deal gave IT faster on-boarding of Apple devices on networks running Cisco equipment (which most enterprises use).

At the 2010 iPhone 4 keynote, Jobs was already touting the kinds of features that would appeal to enterprise IT, including mobile device management, wireless app distribution through the App Store and even support for Microsoft Exchange Server, the popular corporate email solution of choice at the time.

He may have spoken derisively about the enterprise in a general sense, but he clearly saw the potential of his company’s devices to transform the way people worked by giving them access to tools and technologies that previously were not in reach of the average worker.

Apple also was quietly talking to enterprises behind the scenes and figuring out what they needed from the earliest days of the iPhone. “Early on we engaged with businesses and IT to understand their needs, and have added enterprise features with every major software release,” Prescott told TechCrunch.

Driving transformation

One of the factors driving the change inside organizations was that mobile and cloud were coming together in that 2011 time frame, driving business transformation and empowering workers. If IT wouldn’t give employees the tools they wanted, the App Store and similar constructs gave them the power to do it themselves. That fueled the BYOD and Consumerization of IT movements, but at some point IT still required some semblance of control, even if that didn’t involve the same level they once had.

The iPhone and other mobile devices began to create the mobile worker, who worked outside the protection of the firewall. People could suddenly look at their documents while waiting for the train. They could update the CRM tool in-between clients. They could call a car to get to the airport. All of this was made possible by the mobile-cloud connection.

It was also causing a profound change inside every business. You simply couldn’t do business the same way anymore. You had to produce quality mobile apps and you had to get them in front of your customers. It was changing the way companies do business.

It was certainly something that Capital One saw. They realized they couldn’t remain a “stodgy bank” anymore, and control every aspect of the computing stack. If they wanted to draw talent, they had to open up, and that meant allowing developers to work on the tools they wanted to. According to Scott Totman, head of Mobile, Web, eCommerce, and personal assistants at Capital One, that meant enabling users to use Apple devices for work, whether their own or those issued by the company.

Workers at Capital One. Photo: Capital One/Apple.

“When I came in [five years ago], the Apple support group was a guy named Travis. We weren’t using Apple [extensively] in the enterprise, [back then],” he says. Today, they have dozens of people supporting more than 40,000 devices.

It wasn’t just people inside the company whose needs were changing. Consumer expectations were changing, too, and the customer-facing mobile tools the company created had to meet those expectations. That meant attracting those app developers to the enterprise and giving them an environment where they felt comfortable working. Clearly, Capital One has succeeded in that regard, and they have found ways to accommodate and support that level of Apple product usage throughout the organization.