Archive for October 7, 2020

Wednesday, October 7, 2020 [Tweets] [Favorites]

Apple Will Temporarily Stop Taking a 30 Percent Cut on Facebook Event Fees

Juli Clover (also: James Vincent):

Apple has decided to temporarily waive the 30 percent cut that it takes from in-app purchases for Facebook’s in-app paid event feature, reports CNBC. Facebook had accused Apple of hurting small businesses by collecting fees from the new feature, which lets users attend online classes and events through Facebook.

The policy update will pertain to ClassPass and Airbnb, two companies that are also offering new digital experiences and classes within their apps.

An Apple spokesperson said that Apple reversed its decision on the Facebook event fees due to the pandemic and a desire to give companies more time to adapt to digital business models.

The article doesn’t make it clear, but I assume that Apple means allowing external payment processing, not waiving the fees for transactions processed through the IAP system.

Steve Kovach:

Apple’s reversal comes weeks after it blocked an update to the Facebook app that displayed a warning to users that a cut of transactions for paid events would go to Apple. At the time, Facebook said Apple would not make an exception to its rules to give the full amount of the transactions to the businesses hosting the events.

[…]

The Apple spokesperson said the decision does not affect gaming companies because gaming businesses have not been hurt by the pandemic and have always been digital-only.

It seems like a special carve-out for three big companies who complained loudly.

From the House Judiciary Committee report:

In response to the COVID-19 pandemic, some businesses moved physical events online, often booking through an app and holding the event through a video chat application. Educators have also shifted resources online, including through apps. The New York Times reported that Apple demanded a 30% commission from these virtual class offerings. As a result, one company stopped offering virtual classes to users of its iOS app. The Times reported that Apple threatened Airbnb that it would remove its app from the App Store if Airbnb did not comply with Apple’s demand for a share of its revenues.

In interviews with Subcommittee staff, multiple app developers confirmed the The New York Times’ reporting. Airbnb spoke with Subcommittee staff and described conversations with the App Store team in which Apple said it had observed an uptick in the number of apps offering virtual classes in lieu of in-person classes due to the COVID-19 pandemic. As a result, Apple began canvassing the App Store to require app developers implement IAP, entitling Apple to take 30% of in-app sales. Airbnb explained that Apple’s commission, plus compliance with Apple’s pricing tiers for in-app purchases would ultimately result in a 50-60% price increase for consumers.

[…]

At the Subcommittee’s hearing on July 29, 2020, Chairman Jerrold Nadler (D-NY) asked Mr. Cook about the allegations that Apple was canvassing the App Store to extract commissions from businesses that have been forced to change their business model in order to survive during the pandemic. Mr. Cook responded that Apple “would never take advantage” of the pandemic, but justified the conduct, explaining that the app developers were now offering what Apple defined as a “digital service” and Apple was entitled to commissions.

Previously:

House Report on Competition in Digital Markets

John Gruber:

The House Judiciary subcommittee that held a hearing with the CEOs of Amazon, Apple, Facebook, and Google back in July has issued a 449-page report on its findings and recommendations.

The report is here. Some of the parts I found interesting:

Apple’s market power is durable due to high switching costs, ecosystem lock-in, and brand loyalty. It is unlikely that there will be successful market entry to contest the dominance of iOS and Android.

[…]

In response to these concerns, Apple has not produced any evidence that the App Store is not the sole means of distributing apps on iOS devices and that it does not exert monopoly power over app distribution. Apple says it does not create—nor is it aware of third-party data—that tracks market share in the app distribution market.

[…]

Apple’s monopoly power over software distribution on iOS devices appears to allow it to generate supra-normal profits from the App Store and its Services business. Apple CEO Tim Cook set a goal in 2017 to rapidly double the size of the Services business by the end of 2020. Apple met this goal by July 2020, six months ahead of schedule.

[…]

Apple also makes some exceptions to its rules and may change or update its rules.

[…]

Industry observers have also challenged Apple’s implicit claim that the iPhone was the start of the online software distribution market.

[…]

In an interview with Subcommittee staff, Phillip Shoemaker, former director of app review for the App Store, estimated that Apple’s costs for running the App Store is less than $100 million. […] Although only estimates, these figures indicate that as the mobile app economy has grown, Apple’s monopoly power over app distribution on iPhones permits the App Store to generate supra-normal profits. These profits are derived by extracting rents from developers, who either pass on price increases to consumers, or reduce investments in innovative new services. Apple’s ban on rival app stores and alternative payment processing locks out competition, boosting Apple’s profits from a captured ecosystem of developers and consumers.

[…]

In Apple’s internal documents and communications, the company’s senior executives previously acknowledged that IAP requirement would stifle competition and limit the apps available to Apple’s customers.

Juli Clover:

Apple in a statement to MacRumors said that it strongly disagrees with the conclusions reached in the report in respect to Apple, and that Apple does not have dominant market share in categories where it does business.

See also: Hacker News, Steve Troughton-Smith, Steve Streza, Brent Simmons, Michael Love, Matt Birchler, Ben Thompson.

Previously:

Update (2020-10-09): James O’Leary:

here’s the landing page for all the docs they referenced, segmented by company

checkra1n T2 Exploit

Niels Hofmans (Hacker News, MacRumors):

The mini operating system on the T2 (SepOS) suffers from a security vulnerable also found in the iPhone 7 since it contains a processor based on the iOS A10. Exploitation of this type of processor for the sake of installing homebrew software is very actively discussed in the /r/jailbreak subreddit.

So using the checkm8 exploit originally made for iPhones, the checkra1n exploit was developed to build a semi-tethered exploit for the T2 security chip, exploiting a flaw. This could be used to e.g. circumvent activation lock, allowing stolen iPhones or macOS devices to be reset and sold on the black market.

Normally the T2 chip will exit with a fatal error if it is in DFU mode and it detects a decryption call, but thanks to the blackbird vulnerability by team Pangu, we can completely circumvent that check in the SEP and do whatever we please.

Since sepOS/BootROM is Read-Only Memory for security reasons, interestingly, Apple cannot patch this core vulnerability without a new hardware revision. This thankfully also means that this is not a persistent vulnerability, so it will require a hardware insert or other attached component such as a malicious USB-C cable.

[…]

I’ve reached out to Apple concerning this issue on numerous occasions[…]. Since I did not receive a response for weeks […] I am hereby disclosing almost all of the details. You could argue I’m not following responsible disclosure, but since this issue has been known since 2019, I think it’s quite clear Apple is not planning on making a public statement and quietly developing a (hopefully) patched T2 in the newer Macs & Silicon.

Dan Moren:

Strafach says that the T2 is indeed vulnerable to checkm8, and has been for some time, meaning that those with physical access to your computer can essentially reboot it into the device firmware upgrade (DFU) mode, and then execute arbitrary code.

However, Strafach also points out that what’s less clear is whether the arbitrary code will will last through a reboot:

DanyL:

People should really chill down regarding T2 publicly exploited. The vulnerability has been public for more than a year now and always been there on T2. Moreover, there are plenty of other vulnerabilities, including remote ones that undoubtedly have more impact on security.

If anything, our exploit enables researches to explore the internals more closely, possibly uncovering other issues that may lead to greater security on the mac; as well as allowing better repairability for otherwise pricy repairs or worse, issues Apple bluntly refuses to handle.

peterindark:

The biggest issue with this is that Apple cannot patch it via an update like most of other security issues

Update (2020-10-09): See also: Patrick Wardle.

Update (2020-10-14): Ben Lovejoy (tweet, also: MacRumors):

The T2 exploit team who found a way to take over the security chip in modern Macs has demonstrated a way to do so without user intervention — using nothing more than a modified USB-C cable.

The ad-hoc team, who call themselves Team t8012 after Apple’s internal name for the chip, believe that nation-states may already be using this approach.

The Era of Visual Studio Code

Roben Kleene:

Text editors, on the other hand, are a software category where the most popular options are not the oldest. According to the Stack Overflow Annual Developer Survey, Sublime Text was the most popular text editor available on the Mac from 2015–2017. Sublime Text was released in 2008, a sprightly youth compared to Excel and Illustrator. Text editors have been a category with a lot of movement: In the last 20 years, TextMate, Sublime Text, and Atom have all been the text editor with the most momentum. For big complicated desktop software, has any other category ever had so much movement?

I believe the era of new text editors emerging and quickly becoming popular has now ended with Visual Studio Code. VS Code has reached unprecedented levels of popularity and refinement, laying a foundation that could mean decades of market dominance.

[…]

With VS Code, the extension-based text editor has seemingly reached its final form. Ever since TextMate, extensions have increased in prominence and capabilities, and with VS Code, that progression appears to have culminated. There just isn’t anywhere else to go. Correspondingly, there isn’t a way a new text editor can leapfrog VS Code the same way previous text editors have been leapfrogging each other by improving extensions.

VS Code certainly has lots of features and extensions, but I remain quite happy with BBEdit and its Mac interface.

Previously:

Luna Display for Windows

Kickstarter:

Tens of thousands already use Luna Display for Mac and now we’re bringing that same magic to Windows. Whether you’re working remotely, looking to maximize your workspace, or seeking more creative flexibility - Luna has you covered. As the only hardware solution on the market, you can...Turn any iPad into a wireless second display for your PC or Mac[…]

Matt Ronge:

We tried to use Objective-C on Windows, it didn’t work.

[…]

Rust has been a GREAT choice for cross-platform work. Our core engine is in Rust and we use language bindings to C# (Windows) and Objective-C (Mac/iPad) for the UI.

[…]

There’s a huge opportunity outside of the Mac ecosystem. There are literally 10x as many Windows users as there are Mac users!

So we are super excited about the opportunity in front of us.

Jonathan Deutsch:

There’s a lot to the story; the interesting bit is a company once firmly entrenched in the Apple and Mac ecosystems now embraces Microsoft Windows.

It is a bright outlook: Luna’s kickstarter just hit 2x its goal.

Hell has frozen over because Apple became cold to its developers.

It’s sad to see top developers pushed to Windows. However, it makes total sense for something like Sidecar to be built into iOS and macOS. And all is not lost on macOS, since Luna Display has some advantages over Sidecar.

Previously: