Connect with us


Developers highlight more anomalies in Apple’s 30% cut – 9to5Mac



Apple’s 30% cut on in-app purchases continues to spark controversy, with developers iA drawing attention to more anomalies in the company’s implementation of its commission.

The iPhone maker claims that it treats all apps equally, but the reality is that Apple has developed a complex set of rules which allow it to make exceptions to suit its own needs …


The exceptions began when Apple realized there were certain apps it needed on its platform, like Netflix, but the companies either couldn’t or wouldn’t agree to the Cupertino company taking a cut of their revenue. Apple thus created an exemption for something it dubbed ‘reader’ apps. These apps are allowed to sell subscriptions and content to customers outside of the app without having to offer a corresponding in-app purchase – something most developers can’t do.

We also learned in July that Amazon Prime Video pays half the usual App Store commission, in a special deal agreed between Jeff Bezos and Eddy Cue. Amazon is also allowed to sell ebooks on its own website which can be read in the Kindle app on iPhones and iPads, again under the ‘reader’ app exception.

The coronavirus crisis highlighted another interesting difference, in the way that Apple treats physical and digital products. Companies that offered say fitness classes in their own studios didn’t have to use in-app purchases, and didn’t have to pay Apple a commission. But when they were forced to switch to online classes, Apple considered those digital products and thus subject to its 30% commission.

More anomalies in Apple’s 30% cut

Developers iA – who count such companies as Nikkei, Vogue and Red Bull among their clients – have written a lengthy blog post drawing attention to further inconsistencies in Apple’s approach.

Some fall under the rather arbitrary ‘physical versus digital goods’ category. Uber, for example, doesn’t pay Apple a cut when people use the app to book rides. That might seem straightforward, yet Uber is insistent that it isn’t a taxi company, it is instead an IT company offering a service in connecting riders and drivers. Wouldn’t that mean its service is a digital product?

But a far bigger anomaly, says iA, is online advertising. This is the very definition of a digital product, and many companies – like Facebook – let people place and pay for ads through their apps. Yet Apple doesn’t take a cut.

Ads are digital goods. What else are ads? Spiritual goods? They are the digital good. They are what is driving the digital economy in the first place! And, yes, Facebook, Instagram, Twitter, and so on do have direct transactions built into the apps. And, no, they do not pay any fees to Apple for these in-app transactions […]

Apple keeps repeating that the rules are the same for all, but they are not. The top ten apps do sell digital goods and only two of the top ten apps pay Apple. 

The only reason for this exception, says iA, is the same reason Netflix and Amazon get special terms: Apple needs them. It especially needs popular ad-funded apps.

Apple needs Instagram, Amazon, Uber, and Google Maps. A more convincing reason why the top apps do not pay taxes is that Apple needs them as much as they need Apple. The iPhone without Instagram is like Instagram without iPhone. In spite of Apple’s Championship for privacy and Facebook’s championship for destroying privacy, the relationship between Instagram and Apple is a perfect symbiosis. An iPhone without YouTube? Possible, but for some exactly not as much fun. An iPhone without Facebook and Messenger? […] Apple still needs Facebook just as Facebook needs Apple.

Apple would likely justify the exception under guideline 3.1.5(a).

3.1.5(a) Goods and Services Outside of the App: If your app enables people to purchase goods or services that will be consumed outside of the app, you must use purchase methods other than in-app purchase to collect those payments, such as Apple Pay or traditional credit card entry.

But iA’s point is that Apple makes these exceptions for its own benefit. The post also tackles the oft-heard argument that developers who don’t want to pay Apple’s commission can develop for other platforms.

In spite of its tiny market share of 13%, the iPhone has economic leverage that creates a dependency for every IT company that sells physical or digital goods over the Internet. Physical, digital, advertisement—Apple holds the key to the biggest spenders.

We spend 50% more time on the phone than on desktop. Mobile Users spend 85% of their time in Apps, versus 15% on the Web. Apple users outspend Android users by a factor of three […]

Apple has, without any doubt, a monopoly. It’s not defined in market share but in revenue share.

iA argues that Apple can’t have it both ways: on the one hand claiming that all apps and developers are treated equally, and on the other coming up with a complex set of rules which allow it to grant exceptions when it’s in the iPhone maker’s interest to do so.

It’s a well-argued piece, and the growing number of examples of exceptions to Apple’s 30% cut will provide more fodder for the various antitrust investigations into the App Store.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

[embedded content]

Let’s block ads! (Why?)

Source link

Continue Reading


Microsoft: Some ransomware attacks take less than 45 minutes – ZDNet



Image: Microsoft

For many years, the Microsoft Security Intelligence Report has been the gold standard in terms of providing a yearly overview of all the major events and trends in the cyber-security and threat intelligence landscape.

While Microsoft unceremoniously retired the old SIR reports back in 2018, the OS maker appears to have realized its mistake, and has brought it back today, rebranded as the new Microsoft Digital Defense Report.

Just like the previous SIR reports, Microsoft has yet again delivered.

Taking advantage of its vantage points over vast swaths of the desktop, server, enterprise, and cloud ecosystems, Microsoft has summarized the biggest threats companies deal with today in the face of cybercrime and nation-state attackers.

The report is 88 pages long, includes data from July 2019 and June 2020, and some users might not have the time to go through it in its entirety. Below is a summary of the main talking points, Microsoft’s main findings, and general threat landscape trends.


2020 will, without a doubt, be remembered for the COVID-19 (coronavirus) pandemic. While some cybercrime groups used COVID-19 themes to lure and infect users, Microsoft says these operations were only a fraction of the general malware ecosystem, and the pandemic appears to have played a minimal role in this year’s malware attacks.

Email phishing in the enterprise sector has also continued to grow and has become a dominant vector. Most phishing lures center around Microsoft and other SaaS providers, and the Top 5 most spoofed brands include Microsoft, UPS, Amazon, Apple, and Zoom.

Microsoft said it blocked over 13 billion malicious and suspicious mails in 2019, and out of these, more than 1 billion contained URLs that have been set up for the explicit purpose of launching a credential phishing attack.

Successful phishing operations are also often used as the first step in Business Email Compromise (BEC) scams. Microsoft said that crooks gain access to an executive’s email inbox, watch email communications, and then spring in to trick the hacked users’ business partners into paying invoices into wrong bank accounts.


Image: Microsoft

Per Microsoft, the most targeted accounts in BEC scams were the ones for C-suites and accounting and payroll employees.

But Microsoft also says that phishing isn’t the only way into these accounts. Hackers are also starting to adopt password reuse and password spray attacks against legacy email protocols such as IMAP and SMTP. These attacks have been particularly popular in recent months as it allows attackers to also bypass multi-factor authentication (MFA) solutions, as logging in via IMAP and SMTP doesn’t support this feature.

Furthermore, Microsoft says it’s also seeing cybercrime groups that are increasingly abusing public cloud-based services to store artifacts used in their attacks, rather than using their own servers. Further, groups are also changing domains and servers much faster nowadays, primarily to avoid detection and remain under the radar.

Ransomware groups

But, by far, the most disruptive cybercrime threat of the past year have been ransomware gangs. Microsoft said that ransomware infections had been the most common reason behind the company’s incident response (IR) engagements from October 2019 through July 2020.

And of all ransomware gangs, it’s the groups known as “big game hunters” and “human-operated ransomware” that have given Microsoft the most headaches. These are groups that specifically target select networks belonging to large corporations or government organizations, knowing they stand to receive larger ransom payments.

Most of these groups operate either by using malware infrastructure provided by other cybercrime groups or by mass-scanning the internet for newly-disclosed vulnerabilities.


Image: Microsoft

In most cases, groups gain access to a system and maintain a foothold until they’re ready to launch their attacks. However, Microsoft says that this year, these ransomware gangs have been particularly active and have reduced the time they need to launch attacks, and especially during the COVID-19 pandemic.

“Attackers have exploited the COVID-19 crisis to reduce their dwell time within a victim’s system – compromising, exfiltrating data and, in some cases, ransoming quickly – apparently believing that there would be an increased willingness to pay as a result of the outbreak,” Microsoft said today.

“In some instances, cybercriminals went from initial entry to ransoming the entire network in under 45 minutes.”

Supply-chain security

Another major trend that Microsoft chose to highlight was the increased targeting of supply chains in recent months, rather than attacking a target directly.

This allows a threat actor to hack one target and then use the target’s own infrastructure to attack all of its customers, either one by one, or all at the same time.

“Through its engagements in assisting customers who have been victims of cybersecurity intrusions, the Microsoft Detection and Response Team has observed an uptick in supply chain attacks between July 2019 and March 2020,” Microsoft said.

But Microsoft noted that while “there was an increase, supply chain attacks represented a relatively small percentage of DART engagements overall.”

Nonetheless, this doesn’t diminish the importance of protecting the supply chain against possible compromises. Here, Microsoft highlights dangers coming from the networks of Managed Service Providers (MSPs, third-parties that provide a very specific service and are allowed to access a company’s network), IoT devices (often installed and forgotten on a company’s network), and open-source software libraries (which make up most of a company’s software these days).

Nation-state groups

As for nation-state hacking groups (also known as APTs, or advanced persistent threats), Microsoft said this year has been quite busy.

Microsoft said that between July 2019 and June 2020, it sent out more than 13,000 nation-state notification (NSN) to its customers via email.

According to Microsoft, most were sent for hacking operations linked back to Russian state-sponsored groups, while most of the victims were located in the US.


Image: Microsoft

These email notifications were sent for email phishing attacks against its customers. Microsoft said it tried to counter some of these attacks by using court orders to seize domains used in these attacks.

Over the past year, Microsoft seized domains previously operated by nation-state groups like Strontium (Russia), Barium (China), Phosphorus (Iran), and Thallium (North Korea).

Another interesting finding of the Microsoft Digital Defense Report is that the primary targets of APT attacks have been non-governmental organizations and the services industry.

This particular finding goes against the grain. Most industry experts often warn that APT groups prefer to target critical infrastructure, but Microsoft says its findings tell a different story.

“Nation state activity is more likely to target organizations outside of the critical infrastructure sectors by a significant measure, with over 90% of notifications served outside of these sectors,” Microsoft said.

As for the techniques that have been preferred this past year (July 2019 to June 2020) by nation-state groups, Microsoft noted several interesting developments, with the rise of:

  • Password spraying (Phosphorus, Holmium, and Strontium)
  • Use of penetration testing tools (Holmium)
  • The use of ever-more-complex spear-phishing (Thallium)
  • The use of web shells to backdoor servers (Zinc, Krypton, Gallium)
  • The use of exploits targeting VPN servers (Manganese)

Image: Microsoft

All in all, Microsoft concludes that criminal groups have evolved their techniques over the past year to increase the success rates of their campaigns, as defenses have gotten better at blocking their past attacks.

Just like in years prior, the entire cybersecurity landscape appears to be sitting on a giant merry-go-round, and constant learning and monitoring is required from defenders to keep up with the ever-evolving attackers, may them be financially-motivated or nation-sponsored groups.

Let’s block ads! (Why?)

Source link

Continue Reading


OnePlus CEO confirms we're not getting an 8T Pro this year – MobileSyrup



As we inch closer to OnePlus’ October 14th event, the company’s CEO has clarified that fans should only get excited about the OnePlus 8T because there won’t be an 8T Pro.

This isn’t a huge surprise since there have been no leaks regarding a higher-level phone.

That said, if you’ve seen the battery and screen specs that the company has shared plus some of the leaks, you’ll know that the 8T is stacking up to be a flagship-level device in its own right.

Last year in Canada, OnePlus only released the 7T in Canada with no 7T pro, so the fact that there’s no pro version this year shouldn’t rattle Canadians too much.

The 8 Pro is still a good option as well since it also has a 120Hz display and a fairly modern chipset. If the 8T leaks are correct, the 8 Pro will be a bit of a larger phone, so people who like giant phones will likely be happier with the 8 Pro.

Beyond the lack of an 8T Pro, OnePlus also mentioned recently that the 8T is going to come with OxygenOS 11 right out of the box. In the OxygenOS 11 beta for the OnePlus 8 and 8 Pro, there are still a lot of bugs, so hopefully, OnePlus can address these before the 8T ships.

Source: 9to5Google

Let’s block ads! (Why?)

Source link

Continue Reading


US judge says Epic was dishonest when it added direct payments to Fortnite – MobileSyrup



A U.S. judge criticized Epic Games for being dishonest during the first court hearing in the ongoing antitrust lawsuit between the Fortnite maker and Apple.

Judge Yvonne Gonzalez Rogers of the United States District Court for the Northern District of California heard arguments from both companies during a three-hour Zoom hearing Monday. Gonzalez Rogers expressed skepticism about Epic’s arguments, especially its claim that it didn’t pose a security threat to Apple.

According to a report from CNN, the judge said that Epic lied and “that’s the security issue.” Gonzalez Rogers went on to say that “there are a lot of people in the public who consider [Epic] heroes for what [they] did, but it’s still not honest.”

Epic has long argued that it was standing up to Apple’s “monopoly.” The game maker says that Apple’s control over iOS and the App Store allows it to force developers into using its payment method and thus hold up monopolistic control over apps.

It all started with a payment system

Back in August, Epic introduced a direct payment method in its popular Fortnite game, which allowed it to bypass Apple’s 30 percent App Store fee. Apple charges the fee for any payments that use its in-app payment method, and also restricts developers from using other payment methods with its App Store guidelines.

Because Fortnite‘s new direct payment directly violated Apple’s rules, it kicked the game off the App Store. Epic responded in turn with a lawsuit. It’s worth noting similar events took place with Google’s Play Store on Android devices. However, a significant difference between the two is that Google allows third-party app stores and the installation of apps from sources outside of the Play Store. As such, Fortnite fans could still get the game on Android by downloading it from other places. Players on iOS can only get the game through the App Store.

After Epic sued Apple, both companies engaged in back-and-forth attacks on each other, ranging from petty to serious. For example, Epic said Apple threatened to terminate its Unreal Engine developer account, which isn’t associated with Fortnite. Gonzalez Rogers previously ruled that Apple can’t terminate that account, but was free to terminate the developer account Epic used for Fortnite. At the same time, the judge ruled Apple didn’t have to return Fortnite to the App Store.

Likewise, Epic also engaged in a public relations campaign positioning itself as the good guy with an ad mimicking Apple’s famous ‘1984’ commercial. Epic added a playable character called ‘Tart Tycoon’ to Fortnite as well. Apple sued Epic seeking damages for harm to its reputation over the campaign. These are just a few examples of the fight between the two companies.

Throughout the lawsuit, Epic petitioned the courts to force Apple to allow Fortnite back on the App Store. That included arguing that the game’s removal caused it irreparable harm. Apple responded in turn, saying Epic used the lawsuit to draw attention to the game as interest waned.

Judge feels the antitrust questions deserve a jury

The hearing didn’t answer any of the looming questions about the antitrust allegations or whether Apple would have to return Fortnite to the App Store. For the latter, the New York Times reports a decision will arrive in the coming days. I don’t expect it to be in Epic’s favour, considering Gonzalez Rogers previously ruled Apple didn’t have to reinstate Fortnite and seems unconvinced by Epic’s arguments.

As for the bigger questions about antitrust, Gonzalez Rogers believes the they are important enough that the case be taken to a jury trial in July 2021.

However, CNN reports that Gonzalez Rogers wasn’t persuaded by Epic’s argument that Apple’s bundled App Store and payment method violate antitrust law. The judge also didn’t completely agree that Apple harmed Epic’s ability to distribute Fortnite through control of the App Store.

“Walled gardens have existed for decades. Nintendo has had a walled garden. Sony has had a walled garden. Microsoft has had a walled garden. What Apple’s doing is not much different… It’s hard to ignore the economics of the industry, which is what you’re asking me to do,” Gonzalez Rogers said.

Epic isn’t the only company taking issue with Apple’s policies

However, Epic’s lawsuit has become something of a rallying cry for many developers who feel they’ve been wronged by Apple’s App Store guidelines. Last week, several companies formed the Coalition for App Fairness, which aims to “defend the fundamental rights of creators to build apps and to do business directly with their customers,” according to Epic CEO Tim Sweeney. Along with Epic, the coalition includes Spotify, Tile and Match Group, which owns several dating services including Tinder and Hinge.

Many developers have accused Apple of applying its App Store rules unfairly, especially in the last few months. For example, a group of news publishers sent a letter to Apple seeking a deal that reduces the 30 percent cut the company takes from subscription services. The letter cited a similar deal Apple gave to Amazon, which CEO Tim Cook testified in a congressional hearing was available to any developer that met the criteria. Apple has not shared what those criteria are.

Epic has also pointed out that Apple’s in-app payment rules differ from app to app, and listed several other services that aren’t forced to use Apple’s system. Finally, there was an instance where Apple blocked updates to the WordPress iOS app until the developer added in-app payments. The company later back-pedalled on the move.

Source: CNN, New York Times Via: The Verge

Let’s block ads! (Why?)

Source link

Continue Reading