The FBI is mad because it keeps getting into locked iPhones without Apple’s help

The debate over encryption continues to drag on without end.

In recent months, the discourse has largely swung away from encrypted smartphones to focus instead on end-to-end encrypted messaging. But a recent press conference by the heads of the Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) showed that the debate over device encryption isn’t dead, it was merely resting. And it just won’t go away.

At the presser, Attorney General William Barr and FBI Director Chris Wray announced that after months of work, FBI technicians had succeeded in unlocking the two iPhones used by the Saudi military officer who carried out a terrorist shooting at the Pensacola Naval Air Station in Florida in December 2019. The shooter died in the attack, which was quickly claimed by Al Qaeda in the Arabian Peninsula.

Early this year — a solid month after the shooting — Barr had asked Apple to help unlock the phones (one of which was damaged by a bullet), which were older iPhone 5 and 7 models. Apple provided “gigabytes of information” to investigators, including “iCloud backups, account information and transactional data for multiple accounts,” but drew the line at assisting with the devices. The situation threatened to revive the 2016 “Apple versus FBI” showdown over another locked iPhone following the San Bernardino terror attack.

After the government went to federal court to try to dragoon Apple into doing investigators’ job for them, the dispute ended anticlimactically when the government got into the phone itself after purchasing an exploit from an outside vendor the government refused to identify. The Pensacola case culminated much the same way, except that the FBI apparently used an in-house solution instead of a third party’s exploit.

You’d think the FBI’s success at a tricky task (remember, one of the phones had been shot) would be good news for the Bureau. Yet an unmistakable note of bitterness tinged the laudatory remarks at the press conference for the technicians who made it happen. Despite the Bureau’s impressive achievement, and despite the gobs of data Apple had provided, Barr and Wray devoted much of their remarks to maligning Apple, with Wray going so far as to say the government “received effectively no help” from the company.

This diversion tactic worked: in news stories covering the press conference, headline after headline after headline highlighted the FBI’s slam against Apple instead of focusing on what the press conference was nominally about: the fact that federal law enforcement agencies can get into locked iPhones without Apple’s assistance.

That should be the headline news, because it’s important. That inconvenient truth undercuts the agencies’ longstanding claim that they’re helpless in the face of Apple’s encryption and thus the company should be legally forced to weaken its device encryption for law enforcement access. No wonder Wray and Barr are so mad that their employees keep being good at their jobs.

By reviving the old blame-Apple routine, the two officials managed to evade a number of questions that their press conference left unanswered. What exactly are the FBI’s capabilities when it comes to accessing locked, encrypted smartphones? Wray claimed the technique developed by FBI technicians is “of pretty limited application” beyond the Pensacola iPhones. How limited? What other phone-cracking techniques does the FBI have, and which handset models and which mobile OS versions do those techniques reliably work on? In what kinds of cases, for what kinds of crimes, are these tools being used?

We also don’t know what’s changed internally at the Bureau since that damning 2018 Inspector General postmortem on the San Bernardino affair. Whatever happened with the FBI’s plans, announced in the IG report, to lower the barrier within the agency to using national security tools and techniques in criminal cases? Did that change come to pass, and did it play a role in the Pensacola success? Is the FBI cracking into criminal suspects’ phones using classified techniques from the national security context that might not pass muster in a court proceeding (were their use to be acknowledged at all)?

Further, how do the FBI’s in-house capabilities complement the larger ecosystem of tools and techniques for law enforcement to access locked phones? Those include third-party vendors GrayShift and Cellebrite’s devices, which, in addition to the FBI, count numerous U.S. state and local police departments and federal immigration authorities among their clients. When plugged into a locked phone, these devices can bypass the phone’s encryption to yield up its contents, and (in the case of GrayShift) can plant spyware on an iPhone to log its passcode when police trick a phone’s owner into entering it. These devices work on very recent iPhone models: Cellebrite claims it can unlock any iPhone for law enforcement, and the FBI has unlocked an iPhone 11 Pro Max using GrayShift’s GrayKey device.

In addition to Cellebrite and GrayShift, which have a well-established U.S. customer base, the ecosystem of third-party phone-hacking companies includes entities that market remote-access phone-hacking software to governments around the world. Perhaps the most notorious example is the Israel-based NSO Group, whose Pegasus software has been used by foreign governments against dissidents, journalists, lawyers and human rights activists. The company’s U.S. arm has attempted to market Pegasus domestically to American police departments under another name. Which third-party vendors are supplying phone-hacking solutions to the FBI, and at what price?

Finally, who else besides the FBI will be the beneficiary of the technique that worked on the Pensacola phones? Does the FBI share the vendor tools it purchases, or its own home-rolled ones, with other agencies (federal, state, tribal or local)? Which tools, which agencies and for what kinds of cases? Even if it doesn’t share the techniques directly, will it use them to unlock phones for other agencies, as it did for a state prosecutor soon after purchasing the exploit for the San Bernardino iPhone?

We have little idea of the answers to any of these questions, because the FBI’s capabilities are a closely held secret. What advances and breakthroughs it has achieved, and which vendors it has paid, we (who provide the taxpayer dollars to fund this work) aren’t allowed to know. And the agency refuses to answer questions about encryption’s impact on its investigations even from members of Congress, who can be privy to confidential information denied to the general public.

The only public information coming out of the FBI’s phone-hacking black box is nothingburgers like the recent press conference. At an event all about the FBI’s phone-hacking capabilities, Director Wray and AG Barr cunningly managed to deflect the press’s attention onto Apple, dodging any difficult questions, such as what the FBI’s abilities mean for Americans’ privacy, civil liberties and data security, or even basic questions like how much the Pensacola phone-cracking operation cost.

As the recent PR spectacle demonstrated, a press conference isn’t oversight. And instead of exerting its oversight power, mandating more transparency, or requiring an accounting and cost/benefit analysis of the FBI’s phone-hacking expenditures — instead of demanding a straight and conclusive answer to the eternal question of whether, in light of the agency’s continually-evolving capabilities, there’s really any need to force smartphone makers to weaken their device encryption — Congress is instead coming up with dangerous legislation such as the EARN IT Act, which risks undermining encryption right when a population forced by COVID-19 to do everything online from home can least afford it.

The bestcase scenario now is that the federal agency that proved its untrustworthiness by lying to the Foreign Intelligence Surveillance Court can crack into our smartphones, but maybe not all of them; that maybe it isn’t sharing its toys with state and local police departments (which are rife with domestic abusers who’d love to get access to their victims’ phones); that unlike third-party vendor devices, maybe the FBI’s tools won’t end up on eBay where criminals can buy them; and that hopefully it hasn’t paid taxpayer money to the spyware company whose best-known government customer murdered and dismembered a journalist.

The worst-case scenario would be that, between in-house and third-party tools, pretty much any law enforcement agency can now reliably crack into everybody’s phones, and yet nevertheless this turns out to be the year they finally get their legislative victory over encryption anyway. I can’t wait to see what else 2020 has in store.

Apple expands App Store, Music, iCloud and other services to dozens of additional markets

Apple said today it is launching its services App Store, Apple Podcasts, iCloud, and Apple Music to dozens of additional markets in Africa, Europe, Asia-Pacific, and Middle East among others in what is one of the biggest geographical expansions for one of the world’s biggest firms.

The App Store, Apple Arcade, Apple Podcasts, and iCloud are now available in 20 additional nations, whereas the iPhone-maker’s music streaming service, Apple Music, has launched in an additional 52 countries.

Apple said Music streaming service includes locally curated playlists including Africa Now, Afrobeats Hits, Ghana Bounce in new markets and, as an introductory offer, it is offering a six-month free trial on Music in the newly launched markets.

The App Store, Apple Arcade, Apple Music, Apple Podcasts and iCloud are now available in the following countries and regions:

  • Africa: Cameroon, Côte d’Ivoire, Democratic Republic of the Congo, Gabon, Libya, Morocco, Rwanda, and Zambia.
  • Asia-Pacific: Maldives and Myanmar.
  • Europe: Bosnia and Herzegovina, Georgia, Kosovo, Montenegro, and Serbia.
  • Middle East: Afghanistan (excluding Apple Music) and Iraq.
  • Oceania: Nauru (excluding Apple Music), Tonga, and Vanuatu.

Apple Music is expanding to the following countries and regions:

  • Africa: Algeria, Angola, Benin, Chad, Liberia, Madagascar, Malawi, Mali, Mauritania, Mozambique, Namibia, Republic of the Congo, Senegal, Seychelles, Sierra Leone, Tanzania, and Tunisia.
  • Asia-Pacific: Bhutan.
  • Europe: Croatia, Iceland, and North Macedonia.
  • Latin America and the Caribbean: the Bahamas, Guyana, Jamaica, Montserrat, St. Lucia, St. Vincent and the Grenadines, Suriname, Turks and Caicos, and Uruguay.
  • Middle East: Kuwait, Qatar, and Yemen.
  • Oceania: Solomon Islands.

“We’re delighted to bring many of Apple’s most beloved Services to users in more countries than ever before,” said Oliver Schusser, Apple’s vice president of Apple Music and International Content, in a statement.

“We hope our customers can discover their new favorite apps, games, music, and podcasts as we continue to celebrate the world’s best creators, artists, and developers,” he added.

App Store is now available in 175 countries and regions, whereas Apple Music has reached 167 markets. In comparison, music streaming service giant Spotify is available in fewer than 100 nations.

The availability of the aforementioned services in dozens of new markets should help Apple further grow sales in its services segment, which already clocks more revenue than the Mac, iPad, and wearables and accessories.

Their availability should also persuade more users to explore Apple’s products. iPhone users in the past have expressed their disappointment when they don’t have access to the wider services ecosystem.

App Store customer spending hit record $1.42B from Christmas Eve through New Year’s Eve

Apple this morning released a year-end retrospective of its Services business, which includes the App Store, Apple Music, iCloud, and new in 2019, Apple Arcade, Apple TV+, Apple News+, and Apple Card. In particular, the company highlighted new holiday 2019 records set on the App Store which sees over a half a billion visits from people in 155 countries per week. To date, App Store developers have earned over $155 billion, Apple noted.

What’s remarkable is that a quarter of those earnings came in last year alone.

Apple also noted it saw a busy holiday season on the App Store with customers spending reaching $1.42 billion between Christmas Eve and New Year’s Eve — a 16% increase over 2018.

On New Year’s Day, customers spend $386 million alone — a 20% increase over 2019 and a new single-day record.

The company confirmed the year’s top 10 free and paid apps and games, with YouTube, Facetune, Mario Kart Tour and Minecraft snagging the No. 1 positions. (Full lists are below). Apple Arcade, meanwhile, grew to include over 100 games.

Beyond the App Store, Apple touted some of the major achievements for its other Services businesses, but not in terms of revenue generated.

For example, it said that more than 50% of Apple Music listeners tried the time-synced lyrics feature on iOS 13. It also noted that its Apple TV+ shows received Golden Globe and SAG nominations in year one. And it said Apple News now as over 100 million monthly active users in the U.S., U.K., Australia, and Canada.

On the podcasting front, Apple noted its Podcasts app now includes over 800,000 shows in 155 countries. For comparison’s sake, its chief rival Spotify has over 500,000.

Apple Pay allowed entry to more than 150 stadiums, ballparks, arenas and entertainment venues around the world was available with contactless tickets in 2019, and users could ride public transit in Shanghai, Beijing, Tokyo, Moscow, London, and New York. This year, more cities are being added, including Washington D.C., Shenzhen, Guangzhou, and Foshan, plus several U.S. universities.

In terms of security, over 75% of iCloud users have enabled two-factor authentication, Apple noted.

“2019 was the biggest year for Services in Apple’s history. We introduced several exciting new experiences for our customers, all while setting the standard for user privacy and security,” said Eddy Cue, Apple’s senior vice president of Internet Software and Services, in a statement. “We begin the new decade with incredible momentum and gratitude to our customers who have shown such enthusiasm for all of our Services, and we continue to celebrate the work of the world’s best creators, storytellers, journalists and developers,” he added.

Top Apps of 2019

Top Free iPhone Apps
  1. YouTube: Watch, Listen, Stream
  2. Instagram
  3. Snapchat
  4. TikTok – Make Your Day
  5. Messenger
  6. Gmail – Email by Google
  7. Netflix
  8. Facebook
  9. Google Maps – Transit & Food
  10. Amazon – Shopping made easy
Top Paid iPhone Apps
  1. Facetune
  2. HotSchedules
  3. Dark Sky Weather
  4. The Wonder Weeks
  5. AutoSleep Tracker for Watch
  6. TouchRetouch
  7. Procreate Pocket
  8. Sky Guide
  9. Toca Hair Salon 3
  10. Scanner Pro: PDF Scanner App
Top Free iPhone Games
  1. Mario Kart Tour
  2. Color Bump 3D
  3. aquapark.io
  4. Call of Duty: Mobile
  5. BitLife – Life Simulator
  6. Polysphere – art of puzzle
  7. Wordscapes
  8. Fortnite
  9. Roller Splat!
  10. AMAZE!!
Top Paid iPhone Games
  1. Minecraft
  2. Heads Up!
  3. Plague Inc.
  4. Bloons TD 6
  5. Geometry Dash
  6. Rebel Inc.
  7. The Game of Life
  8. Stardew Valley
  9. Bloons TD 5
  10. Grand Theft Auto: San Andreas

UnitedMasters releases iPhone app for DIY cross-service music distribution

Alphabet-backed UnitedMasters, the music label distribution startup and record label alternative that offers artists 100 percent ownership of everything they create, launched its iPhone app today.

The iPhone app works like the service they used to offer only via the web, giving artists the chance to upload their own tracks (from iCloud, Dropbox or directly from text messages), then distribute them to a full range of streaming music platforms, including Spotify, Apple Music, Tidal and more. In exchange for this distribution, as well as analytics on how your music is performing, UnitedMasters takes a 10% share on revenue generated by tracks it distributes, but artists retain full ownership of the content they create.

UnitedMasters also works with brand partners, including Bose, the NBA and AT&T, to place tracks in marketing use across the brand’s properties and distributed content. Music creators are paid out via PayPal once they connect their accounts, and they can also tie-in their social accounts for connecting their overall online presence with their music.

UnitedMasters

Using the app, artists can create entire releases by uploading not only music tracks but also high-quality cover art, and by entering information like whether any producers participated in the music creation, and whether the tracks contain any explicit lyrics. You can also specific an exact desired release date, and UnitedMasters will do its best to distribute across services on that day, pending content approvals.

UnitedMasters was founded by former Interscope Records president Steve Stoute, and also has funding from Andreessen Horwitz and 20th Century Fox. It’s aiming to serve a new generation of artists who are disenfranchised by the traditional label model, but seeking distribution through the services where listeners actually spend their time, and using the iPhone as manage the entire process definitely fits with serving that customer base.

How to download your data from Apple

Good news! Apple now allows U.S. customers to download a copy of their data, months after rolling out the feature to EU customers.

But don’t be disappointed when you get your download and find there’s almost nothing in there. Earlier this year when I requested my own data (before the portal feature rolled out), Apple sent me a dozen spreadsheets with my purchase and order history, a few iCloud logs, and some of my account information. The data will date back to when you opened your account, but may not include recent data if Apple has no reason to retain it.

But because most Apple data is stored on your devices, it can’t turn over what it doesn’t have. And any data it collects from Apple News, Maps and Siri is anonymous and can’t attribute to individual users.

Apple has a short support page explaining the kind of data it will send back to you.

If you’re curious — here’s how you get your data.

1. Go to Apple’s privacy portal

You need to log in to privacy.apple.com with your Apple ID and password, and enter your two-factor authentication code if you have it set-up.

2. Request a copy of your data

From here, tap on “Obtain a copy of your data” and select the data that you would like to download — or hit “select all.” You will also have the option of splitting the download into smaller portions.

3. Go through the account verification steps

Apple will verify that you’re the account holder, and may ask you for several bits of information. Once the data is ready to download, you’ll get a notification that it’s available for download, and you’ll have two weeks to download the .zip file.

If the “obtain your data” option isn’t immediately available, it may still take time to roll out to all customers.

Leaked App Store entry suggests Apple will launch a file-management app for iOS

 A leak spotted on the eve of Apple’s WWDC event suggests that the company is preparing to revamp the way iPhone owners manage and store files on their phone. That’s according to a new app placeholder unearthed by developer Steve Stroughton Smith which hints at a new ‘Files’ app for iOS coming soon. A major feature would almost certainly ship within the iOS 11 software… Read More

Apple quietly bought iCloud.net domain, shuts down eponymous social network

screen-shot-2017-02-22-at-00-37-44 It looks like Apple has finally picked up one of the last remaining pieces of internet property linked to one of its key service brands: the iPhone and Mac giant has quietly taken over ownership of iCloud.net, TechCrunch has learned. Subsequent to that, the small-time Asian social network that existed at the site has informed its users that it will be shutting down by the end of this… Read More

It’s not just you, iCloud calendar spam is on the rise

trackback-spam If you’re using iCloud to sync your calendar across your devices, chances are you just received a bunch of spammy invites over the last few days. Many users are reporting fake events about Black Friday “deals” coming from Chinese users. If you’re looking for cheap Ray-Ban or Louis Vuitton knockoffs, you might find these invites useful. Otherwise, you might be wondering:… Read More