MacStories:
Bezel [Web site] is one of those simple, easy-to-use apps that feels like it should have been made years ago. The one-line summary of Bezel is that it mirrors your iPhone screen to your Mac. But it actually does much more than that, elevating the app from a basic tool to a fully functioning utility with genuine, everyday use cases.
In addition to mirroring, Bezel offers many different ways to capture the screen of the mirrored device. You can place the screenshot in the frame of your iPhone and add padding around the frame with any pattern or color you want, or make the padding transparent. All of this together yields unique results, enabling many real-world applications. You can layer your phone’s screen onto other videos, show what you are doing on your screen during a big presentation, take screenshots with a frame for a how-to guide, and much more. Bezel also includes excellent keyboard shortcuts for almost every action within the app, as well as the ability to resize its window to a custom size or even to the device’s actual pixel size.
Niléane Dorffer:
I initially remembered that it is already possible to natively mirror an iPhone’s display on a Mac using QuickTime Player[…] Unfortunately, QuickTime Player’s video capture often produces artifacts and has a latency of up to one second. This is far from ideal for screen recording or showcasing the iPhone’s display during a presentation. In contrast, I found Bezel’s video to be smoother and nearly instant.
Previously:
Bezel iOS iOS 18 iPhone Mac Mac App macOS 15 Sequoia QuickTime Screenshots
Joseph Cox:
Hackers claim to have compromised Gravy Analytics, the parent company of Venntel which has sold masses of smartphone location data to the U.S. government. The hackers said they have stolen a massive amount of data, including customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples’ precise movements, and they are threatening to publish the data publicly.
[…]
The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating apps like Tinder, to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection is occurring through the advertising ecosystem —not code developed by the app creators themselves— this data collection is likely happening both without users’ and even app developers’ knowledge.
Nick Heer:
You remember Gravy Analytics, right? It is the one from the stories and the FTC settlements, though it should not be confused with all the other ones.
Juli Clover:
Gravy Analytics’ parent company Unacast disclosed the data breach earlier this month [PDF], and said that its AWS cloud storage environment had been accessed by an unauthorized person using a “misappropriated access key.”
[…]
The order required Gravy Analytics to delete all historic location data and any data products developed using data collected from consumers, but it was apparently too late because the company’s systems had likely already been breached at the time.
Gravy Analytics collects location data through a real-time ad bidding process that allows companies competing to buy an ad to see customer IP address and more precise location data if enabled.
[…]
Baptiste Robert, CEO of security firm Predicta Lab, told TechCrunch that iPhone users that had app tracking disabled did not have their data shared.
See also: Bruce Schneier:
Previously:
Advertising App Tracking Transparency Breach GPS iOS iOS 18 Privacy
Filipe Espósito (AppleInsider):
Apple and Google have been fined R$19 million (about US$3.1 million) in Brazil after a judge ruled that the companies contributed to allowing the controversial photo editor FaceApp to improperly collect data from its users. The app has a long history of questionable privacy policies.
[…]
The judge believes that the photo editor app violates the Brazilian Civil Rights Framework for the Internet, a law that regulates the use of the internet and digital platforms in the country.
Under Brazilian law, platforms are prohibited from “massive and improper collection of personal data” without users’ consent.
Previously:
Android Android App App Store Brazil FaceApp Google Play Music iOS iOS 18 iOS App Privacy
Lawrence Abrams (Slashdot):
Chinese state-sponsored threat actors hacked the U.S. Treasury Department after breaching a remote support platform used by the federal agency.
[…]
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” reads the letter seen by the New York Times.
[…]
The threat actors utilized this access to target the text messages, voicemails, and phone calls of targeted individuals, and to access wiretap information of those under investigation by law enforcement.
Emma Roth:
The threat actor stole a key used by BeyondTrust “to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users.” With the key, they overrode the security to remotely access those users’ workstations and “some unclassified documents” they maintained.
Richard Speed:
Writing on Mastodon, cyber security researcher Kevin Beaumont had a warning for Software-as-a-Service users: “One thing every org needs to start to plan for: SaaS provider breaches. What’s your playbook for when your SaaS provider gets breached?
Bruce Schneier quotes the Washington Post:
The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the United States, Taiwan, Europe and elsewhere.
Previously:
Breach China Privacy Security
