Archive for August 25, 2022

Thursday, August 25, 2022 [Tweets] [Favorites]

Sales of Different iPhone 13 Models

canalys:

The North American smartphone market reached 35.4 million shipped units in Q2 2022, down 6.4% yearly amid economic challenges, high inflation, and poor seasonal demand. Apple grew 3% and has dominated over half the North American region for three consecutive quarters, thanks to solid iPhone 13 demand combined with a full quarter’s performance of its entry-level model, the iPhone SE (3rd Gen). Samsung’s shipments increased 4% as its S series and low-end A series devices continued to deliver. Lenovo (Motorola), TCL, and Google rounded of the top five, claiming 9%, 5% and 2% market share.

Via Matt Birchler:

  1. The SE is a beast!
  2. The really mini is such a niche iPhone
  3. Even a niche iPhone sells as much as any individual Android model

It sure seems like the mini will become the next SE.

Tim Hardwick:

With no iPhone 14 mini expected to feature in Apple’s upcoming iPhone 14 series lineup this September, we look at the best possible alternative iPhone options for those who prefer smaller form factor devices.

Previously:

Update (2022-10-06): Nick Heer:

The iPhone SE’s unique selling point is probably its price, not its form factor. Consider that the next most expensive iPhone in Apple’s lineup is the iPhone 11, which has the same 6.1-inch display as the rumoured SE 4. Why would Apple not simply slide this phone — more or less — down the price ladder?

Tim Hardwick:

Apple will base the next-generation iPhone SE on the design it used for the iPhone XR, claims leaker Jon Prosser, citing new information from his sources.

Twitter Whistleblower Peiter Zatko

Casey Newton:

On January 21, a moderately surprising headline hit the New York Times: in one of his first official acts as Twitter CEO, Parag Agrawal had fired the company’s chief information security officer, Rinki Sethi, and its head of security, Peiter Zatko. It was the latter firing that surprised; Zatko, who is known within cybersecurity circles as “Mudge,” is a veteran hacker who had previously worked at DARPA, Google, and Stripe.

[…]

In an 84-page complaint filed with the Securities and Exchange Commission, the Department of Justice, and the Federal Trade Commission, Zatko alleges severe negligence on the part of Agrawal and other company executives in protecting user data, misleading government officials, and violating a 2011 consent decree with the FTC.

[…]

The complaint alleges that about half of Twitter’s employees had access to critical systems that enabled them to make harmful changes or collect sensitive data. Historically that was true, I’m told, but began to change starting around 2018, and now access is more limited and audited more regularly.

Donie O’Sullivan (Hacker News):

First time Twitter CEO @paraga weighs in on whistleblower story.

CNN (via Hacker News, Slashdot):

The disclosure, sent last month to Congress and federal agencies, paints a picture of a chaotic and reckless environment at a mismanaged company that allows too many of its staff access to the platform’s central controls and most sensitive information without adequate oversight. It also alleges that some of the company’s senior-most executives have been trying to cover up Twitter’s serious vulnerabilities, and that one or more current employees may be working for a foreign intelligence service.

[…]

According to the disclosure, Agrawal and his lieutenants repeatedly discouraged Zatko from providing a full accounting of Twitter’s security problems to the company’s board of directors. The company’s executive team allegedly instructed Zatko to provide an oral report of his initial findings on the company’s security condition to the board rather than a detailed written account, ordered Zatko to knowingly present cherry-picked and misrepresented data to create the false perception of progress on urgent cybersecurity issues, and went behind Zatko’s back to have a third-party consulting firm’s report scrubbed to hide the true extent of the company’s problems.

[…]

Zatko’s disclosure argues that by reporting bots only as a percentage of mDAU, rather than as a percentage of the total number of accounts on the platform, Twitter obscures the true scale of fake and spam accounts on the service, a move Zatko alleges is deliberately misleading.

Zach Edwards:

First up… folks have known for awhile that tons of Chinese advertisers were/are buying Twitter ads… But no one had pieced it together that those Chinese advertisers would be using Twitter Custom Audiences to doxx VPN users who verified with real contact info…

[…]

Twitter apparently used their cookies for “all purposes” (security cookies used for advertising) ++ once told by the French CNIL to change this, they kept it on purposefully for another month “in order to extract maximum profit from French users before rolling out the fix.”

[…]

“Twitter employees were repeatedly found to be intentionally installing spyware on their work computers at the request of external organizations. Twitter learned of this several times only by accident, or because of employee self-reporting.”

[…]

“…The Indian government forced Twitter to hire specific individual(s) who were government agents… it was believed by the executive team that the Indian government had succeeded in placing agents on the company payroll…”

Nick Heer:

You can read Mudge’s whistleblower disclosure and infosec report — both PDFs — for yourself, if you would like. Both contain heavily redacted sections, especially around claims of corporate fraud.

Mike Masnick reviewed these reports in two parts at Techdirt. Masnick’s first analyzed Mudge’s claims about Twitter’s security infrastructure, its compliance with an FTC consent decree, and whether it had hired foreign spies deeply embedded in the company. The second piece, published today, is exclusively responding to the many stories claiming Mudge’s investigations will help Elon Musk’s justification for backing out of his acquisition of Twitter:

John Gruber:

Remember too that Twitter DMs are not end-to-end encrypted. They are stored on Twitter’s servers in a form that Twitter can read. The phone numbers and email addresses of anonymous dissidents are very sensitive, but I’d argue that the contents of DMs are the most sensitive information Twitter holds.

You should never put anything in a Twitter DM that you wouldn’t print on a postcard sent in the mail.

[…]

I don’t think there’s any way to overstate how damning Zatko’s allegations are. He describes a criminally corrupt company and board.

John Gruber:

Anyone inside Twitter aware of Zatko’s concerns could have leaked them to Musk. Jack Dorsey, for example, personally hired Zatko and was CEO until just a few weeks before Zatko’s firing. Musk’s allegations about Twitter misreporting bot activity might be fully legitimate, not an empty pretext for backing out of his acquisition.

See also: Bruce Schneier.

Previously:

Update (2022-08-26): John Gruber:

All I meant to imply is that Mudge’s allegations seem to back Musk’s claims that Twitter’s “mDAU” category of users is mostly a pile of horseshit when it comes to the experience of using Twitter. […] As Masnick exquisitely illustrates, the problem for Musk is that when he agreed to buy Twitter, he agreed based on Twitter’s mDAU figures.

See also: Hacker News, Dithering.

Update (2022-09-03): Elaine Atwell (via Hacker News):

Still, it’s worth asking why the economic story is overshadowing the security one. Given the amount of sensitive data the site has on its users–including and especially journalists–and the fact that its security lapses have already caused global chaos, why aren’t we all more alarmed?

[…]

What’s remarkable about Mudge’s accusations is that Twitter wasn’t just failing to guard against hypothetical scenarios; they were failing to patch holes that had already led to breaches.

Update (2022-09-14): Lorenzo Franceschi-Bicchierai:

In testimony to a Senate committee, a Twitter whistleblower said that the Chinese government had placed at least one agent of the country’s intelligence agency undercover as a Twitter employee.

Ronan Farrow (via Hacker News):

“My family and I are disturbed by what appears to be a campaign to approach our friends and former colleagues under apparently false pretenses with offers of money in exchange for information about us,” Zatko told me. “These tactics should be beneath whoever is behind them.”

Rejected for Being Too Similar to a Web Site

Alin Panaitiu (via Hacker News):

I tried to launch a simple, no-frills iOS app for party-goers and music festivals in 🇷🇴 Romania.

[…]

The app is simple, fast, does what it says without any BS unneeded complexity. I thought subsequent features would be added based on what the users would ask for.

But sure, let’s add some premature iOS native features for Apple[…]

[…]

Three more days of Waiting for review and, as before, another rejection with the same generic message.

Aren’t most iOS apps simply native wrappers for Web sites?

Previously:

Update (2022-08-29): Alin Panaitiu:

About a week after this article started spinning around the internet[…] I got an email from App Store Connect that the app is now In Review. Without me submitting anything more than what was already there from the third try.

Good for him, but again it seems like there is no actual standard being set. It just depends on which reviewers you get, how they’re feeling at the time, and whether the rejection goes viral.

Joe Fabisevich:

This story about Apple’s App Store “simple apps” policy really upsets me, the policy is completely arbitrary. Apple puts a lot of effort into getting people started with programming on iOS, but those same people will build “simple apps” and get rejected.

I recently made an app that’s just for me and my friends to play daily word games together. I was able to get them onto TestFlight but TestFlight isn’t an adequate replacement. With no alternative distribution mechanism on iOS Apple is stifling creativity on their own platform.

I say all of this not as an Apple hater but as a person who loves building for Apple’s platforms and want to see them thrive. Heck, I plan to build my business atop iOS, but there’s room for home cooked apps that surprise and delight just a few people.

Previously: