Home Tags WWDC

Tag: WWDC

Report: Apple shows it’s taking the Mac seriously with WWDC laptop...

MacBook, MacBook Pro, and MacBook Air could all be on the docket.

Desktops MIA.

Report: Amazon is making an Apple TV app almost 2 years...

Currently, Amazon neither offers an Apple TV app nor sells the Apple TV at all.

Imagining a new Mac Pro, the “iMac Pro,” and the future...

Apple says it's taking pro users' complaints seriously. We'll see.

A tour of iOS 10.3: Checking out APFS, the Settings app,...

New update is likely to be iOS 10's last hurrah.

Apple’s 2017 Worldwide Developers Conference starts June 5, costs $1,599

Registration opens up on March 27; attendees will be selected randomly.

Testing out snapshots in Apple’s next-generation APFS file system

We brave beta software and do some cautious testing—and it looks like it works.

New watchOS beta adds SiriKit and keeps you from annoying people...

Update's final release will likely coincide with iOS 10.3.

The official Tor browser for iOS is free to use

EnlargeTechno Fishy reader comments 26 Share this story When Mike Tigas first created the Onion Browser app for iOS in 2012, he never expected it to become popular. He was working as a newsroom Web developer at The Spokesman-Review in Spokane, Washington, at the time, and wanted a Tor browser app for himself and his colleagues.

Expecting little interest, he then put Onion Browser on the Apple App Store at just $0.99/£0.69, the lowest non-zero price that Apple allows. Fast forward to 2016, and Tigas found himself living in New York City, working as a developer and investigative journalist at ProPublica, while earning upwards of $2,000 a month from the app—and worrying that charging for it was keeping anonymous browsing out of the hands of people who needed it. So a few weeks ago, he made the app free.
Since then, its popularity has exploded, with thousands of downloads recorded every day.

The results of the recent US presidential election might have had something to do with this decision, and its impressive results, Tigas told Ars. "Given recent events, many believe it's more important than ever to exercise and support freedom of speech, privacy rights, and digital security," he wrote in a blog post. "I think now is as good a time as ever to make Onion Browser more accessible to everyone." Global concerns also influenced his decision. "Iran is not technically a country where you can get an iPhone, but on the grey market you can," he told Ars. "People over there can't get apps you have to pay for, because you have to have a credit card that Apple actually accepts," he added, noting that economic sanctions forbid Apple from selling to Iranian iOS users. Onion Browser is the official Tor Project-endorsed Web browser for iOS.

But it lacks some of the features available for Tor Browser (Linux, MacOS, Windows) and OrFox (Android), due to technical roadblocks peculiar to iOS. Onion Browser for iOS. In order to gain control over the browser's network settings, and route web traffic over Tor, Tigas has to use the older WebKit API (UIWebView) instead of the newer version (WKWebView).

The newer version uses the device's system settings for network and proxy settings and cannot be modified by an app. Onion Browser settings The two biggest challenges Tor developers on iOS face, as Tigas outlined in this blog post on the Tor Project website, are Apple's requirement that all browsers use the iOS WebKit rendering engine, and the inability to run Tor as a system-wide service or daemon on iOS. Developers have found workarounds to both problems, and iOS users can soon expect to see a new, improved Onion Browser, as well as a Tor VPN that routes all device traffic over Tor—probably in the first quarter of 2017. Not quite as secure Unlike the Tor or OrFox, Onion Browser is not based on the Firefox Gecko rendering engine.

This is good—Onion Browser is not vulnerable to Firefox exploits—but also bad, because code cannot be reused. A further challenge, Tigas said, is that Apple’s WebKit APIs "don’t allow a lot of control over the rendering and execution of Web pages, making a Tor Browser-style security slider very difficult to implement." Many of iOS's multimedia features don't use the browser's network stack, making it difficult to ensure the native video player does not leak traffic outside of Tor. "Onion Browser tries to provide some functionality to block JavaScript and multimedia, but these features aren’t yet as robust as on other platforms," Tigas wrote. Moreover, it doesn't support tabbed browsing, and the UX is pretty basic, but Tigas is working on a rewrite based on Endless. "It adds a lot of important features over the existing Onion Browser,” he said, “like a nicer user-interface with tabbed browsing, HTTPS Everywhere, and HSTS Preloading.

There’s a new version of Onion Browser in the works that’s based on Endless that will hopefully enter beta testing this month." Welcome to the sandbox The biggest challenge to getting Tor working seamlessly on iOS, though, is the inability to run Tor as a system-wide service or daemon, something which is trivial to accomplish with most other operating systems, but unavailable to iOS app developers.

To prevent misbehaving apps from getting up to their usual mischief, Apple sandboxes apps from each other, and from the underlying OS.

This means you can't install Tor on iOS, let it run in the background, and route all your device traffic over Tor. “In iOS the moment you leave an app, the app goes to sleep,” Tigas told Ars. “With Tor Browser Bundle or OrBot on Android, other apps can use the Tor in Tor Browser Bundle, other apps can use OrBot's connection on Android.” In fact, to get Onion Browser to work, he has to compile Tor into the app itself—as does any other iOS app developer who wishes to offer a Tor connection.

But that's about to change, thanks to iCepa. A Tor VPN for iOS Enlarge / OrBot, the official Tor routing service for Android. iCepa—from the Latin cepa for onion, and pronounced i-KAY-puh—is a Tor VPN for iOS currently under development that will enable iOS users to route all their traffic over Tor. "A lot of us had the idea simultaneously after Apple released iOS 9, which added some APIs that allowed you to talk to network traffic," iCepa developer Conrad Kramer told Ars. "It was intended for companies like OpenVPN or Cisco to build their own VPN solutions for iOS, but we realised we could build a version of Tor using this API." "It's similar to how OrBot works," he added, "which also uses a VPN approach." Apple-imposed memory limits had prevented Kramer from finishing work on iCepa until recently.

The memory limit for packet-tunnel extensions, he explained, was 5MB—and Tor needs around 10MB to run. Kramer said he was able to continue development work on a jailbroken iOS 9 device, but with little motivation since a jailbroken solution would not scale.

An encounter with Apple engineers at the WWDC conference gave him the chance to lobby Apple engineers to raise the limit—which they did, in iOS 10, to 15MB, more than enough to get a Tor VPN working in iOS. Kramer told Ars he had just gotten iCepa working on his test device in mid-December, and plans to share the working code in a private alpha with other Tor developers before the end of the year. He hopes to release iCepa to the public through the App Store at the end of the first quarter of 2017. "The timeline is still uncertain," he emphasised, "but I do want to get it out as soon as possible.” Paying for Tor development Since making Onion Browser free in early December, Tigas says the number of downloads has jumped from around 3,000 paid downloads per month to thousands per day. He is at peace with his decision, though, convinced he has done the right thing, but worries about the loss of income. "[The extra money] helped keep me doing investigative journalism by day," he told Ars. "If I can get to even 15 percent of where it was before, I would be really happy and amazed.
I think I have like five people on Patreon right now." Tigas has received some financial support from the Guardian Project to continue work on Onion Browser, but, he says, the money does not come close to replacing the income lost from the App Store. “I'm still a little terrified that I've made this change,” he wrote in his blog post, “but I'm happy this day has come—and judging from the responses I've already received, so have many of you.

Thanks for your support.” J.M. Porup is a freelance cybersecurity reporter who lives in Toronto. When he dies his epitaph will simply read "assume breach." You can find him on Twitter at @toholdaquill. This post originated on Ars Technica UK

Apple gives iOS app developers more time to encrypt communications

Apple has backtracked on a plan to force iOS developers to encrypt their app communications by the end of the year. The company had previously announced at its Worldwide Developers’ Conference in June that all apps submitted to the App Store will need support the App Transport Security (ATS) feature starting January 1st, 2017.
It has not yet set a new deadline. ATS is a feature first introduced in iOS 9 that forces apps to communicate with internet servers using encrypted HTTPS (HTTP over SSL/TLS) connections.
It's an improvement over the third-party frameworks that developers previously used to implement HTTPS because it ensures that only industry-standard encryption protocols and ciphers are used. Even if ATS is enabled by default in iOS, on a technical level app developers can disable some of its features or can opt out of it entirely through various exception settings that ATS makes available. A recent study performed by security firm Appthority on the top 200 apps present on iOS enterprise devices showed that 97 percent of them bypassed at least some ATS requirements and weakened the default and recommended configuration. Apple planned to include ATS compliance as a requirement in its App Store review process starting next year and to require reasonable justifications for any exceptions. However, as the Appthority study showed, many developers are unprepared to fully enable ATS in their apps. "At WWDC 2016 we announced that apps submitted to the App Store will be required to support ATS at the end of the year," Apple said in an announcement on its developer site Wednesday. "To give you additional time to prepare, this deadline has been extended and we will provide another update when a new deadline is confirmed." There are many reasons why developers might not be ready or even able to encrypt all of their apps' traffic.

For example, many apps integrate with third-party advertising, analytics and media hosting services and the adoption of HTTPS by those services is not something that app developers can control. As of December 22, the 3 percent ATS readiness figure among iOS apps had grown to only 5 percent, the Appthority researchers said Thursday in a blog post. "We assume that Apple, too, realized that an unacceptably high number of apps would fail to meet the ATS deadline unless it was extended." The researchers believe that even if Apple hasn't abandoned its plans for full ATS compliance, this is not something that can be achieved very soon, which is probably why a new deadline hasn't been announced yet. "In light of this new development, we recommend that enterprises track the state of apps’ ATS compliance and consider alternatives to apps that access sensitive corporate data and don’t secure their network connections using ATS," they said.

iOS 10 beta still encrypts user data, but not the kernel

The iOS 10 developer betas come with an unencrypted kernel.Andrew Cunningham Apple has made encryption and user privacy a pillar of the iOS platform in recent years, but earlier this week, security researchers made a curious discovery: as reported by the MIT Technology Review, the operating system kernel in the iOS 10 betas released at WWDC last week is unencrypted.

This makes it much easier to dig into the code and look for security flaws. There was some speculation as to why Apple had done this or whether the company had even released an unencrypted kernel on purpose.

After declining to comment initially, an Apple spokesperson confirmed to TechCrunch that the kernel had been left unencrypted on purpose but that user data continues to be encrypted as it normally is. “The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,” the spokesperson said. User data in iOS is encrypted with a key derived from the device's unique identifier (UID) and the user's passcode, which makes it very difficult to decrypt user data without that user's passcode. Hardware-enforced delays between passcode guesses and an optional setting that wipes phones after 10 incorrect passcode attempts provide protection from brute-force attacks. All of this is still true in iOS 10.

But an unencrypted kernel could potentially make it easier for people outside Apple to track down and report (or exploit) security flaws like the one the FBI used to break into the iPhone 5C used by the attacker in the San Bernardino case.

That said, newer phones with TouchID have additional hardware protection in the form of the Secure Enclave, making it more difficult to get at encrypted user data even if a security flaw is found in the kernel.

Apple quietly launches next-gen encrypted file system

It's not ready for primetime, but it may prove revolutionary It didn't get any airtime at the big opening day of the annual Apple Worldwide Developers Conference (WWDC), but excitement is building around Apple's next-generation file system. Early specs show the system will bring your hard drive into the modern era, most notably by supporting native encryption.
It will also time-stamp files by nanoseconds (rather than seconds), making it better for modern databases, and take snapshots of the file system, massively reducing the time needed to make backups. Other interesting features include crash protection, space sharing – which will enable much more flexible partitioning – optimization for solid-state hard drives, and a better system for cleaning up deleted files. In short, the new Apple File System (APFS) can be expected to bring significant advances in speed and efficiency, and the updating of Apple's file sharing technology, which hasn't changed in nearly 20 years (others, of course, have developed more modern systems that are now 10 years old). APFS' preliminary information has been released to developers, and sessions on it will take place this week at WWDC.
It is scheduled to ship sometime in 2017, meaning that the company may be able to boast big performance improvements in its products toward the end of that year.
It is designed to work with all of Apple's operating systems – iOS, watchOS, tvOS and macOS. There is still a lot of work to be done, however.
It is not currently possible to start your computer directly with the file system, and it doesn't work with Apple's current encryption and archiving systems – presumably because it is intended to replace them. The file system is also case-sensitive and that apparently cannot be disabled, which will lead to all sorts of knock-on compatibility issues. Yep, you will have to buy more Apple gear: a new watch to go with your new phone to sync with your new laptop.

Apple is always looking after that bottom line. Regardless, developers are excited about the possibilities.

Find out more at Apple's AFPS developer page. ® Sponsored: Rise of the machines

Apple expands data encryption under iOS 8, making handover to cops...

"Apple cannot bypass your passcode and therefore cannot access this data."