Technology - Google News

Facebook bug exposed up to 6.8M users’ unposted photos to apps - TechCrunch
Qualcomm seeks broader China iPhone ban as Apple pushes software update - Ars Technica
Samsung moves deeper into blockchain, adds crypto wallet to S10 - CoinGeek

Facebook bug exposed up to 6.8M users’ unposted photos to apps - TechCrunch

Posted: 14 Dec 2018 06:40 AM PST

Reset the “days since the last Facebook privacy scandal” counter, as a Facebook has just revealed a Photo API bug gave app developers too much access to the photos of up to 5.6 million users. The bug allowed apps users had approved to pull their timeline photos to also receive their Facebook Stories, Marketplace photos, and most worryingly, photos they’d uploaded to Facebook but never shared. Facebook says the bug ran for 12 days from September 13th to September 25th.

Facebook provided merely a glib “We’re sorry this happened” in terms of an apology. It will provide tools next week for app developers to check if they were impacted and it will work with them to delete photos they shouldn’t have. The company plans to notify people it suspects may have been impacted by the bug via Facebook notification that will direct them to the Help Center where they’ll see if they used any apps impacted by the bug. It’s recommending users log into apps to check if they have wrongful photo access. Here’s a look at a mockup of warning notifcation users will see:

Facebook initially didn’t disclose when it discovered the bug, but in response to TechCrunch’s inquiry, a spokesperson says that it was discovered and fixed on September 25th. They say it took time for the company to investigate whch apps and people were impacted, and build and translate the warning notification it will send impacted users. The delay could put Facebook at risk of GDPR fines for not promptly disclosing the issue within 72 hours that can go up to 20 million pounds or 4 percent of annual global revenue.

However, Facebook tells me it notified the Irish Data Protection Commission that oversees GDPR as soon as it established the bug was considered a reportable breach under GDPR guidelines. It says that it had to investigate to make that conclusion and let the IDPC know within 72 hours once it had. TechCrunch is awaiting a response from the IDPC about the matter.

Facebook tells me the bug did not impact photos privately shared through Messenger. The bug wouldn’t have exposed photos users never uploaded to Facebook from their camera roll or computer. But photos users uploaded but either decided not to post, that got interrupted by connectivity issues, or that they otherwise never finished sharing could have winded up with app developers.

The privacy failure will further weaken confidence that Facebook is a reponsible steward for our private data. It follows Facebook’s massive security breach that allowed hackers to scrape 30 million people’s information back in September. There was also November’s bug allowing websites to read users’ Likes, October’s bug that mistakenly deleted people’s Live videos, and May’s bug that changed people’s status update composer privacy settings. It increasingly looks like the social network has gotten too big for the company to secure. Curiously, Facebook discovered the bug on September 25th, the same day as its 30 million user breach. Perhaps it kept a lid on the situation in hopes of not creating an even bigger scandal.

That it keeps photos you partially uploaded but never posted in the first place is creepy, but the fact that these could be exposed to third-party developers is truly unacceptable. And it seems Facebook is so tired of its failings that it couldn’t put forward even a seemingly heartfelt apology is telling. This company’s troubles are not only souring users on Facebook, but employees and the tech industry as large as well. CEO Mark Zuckerberg told Congress earlier this year that “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.” What does Facebook deserve at this point?

Let's block ads! (Why?)

Qualcomm seeks broader China iPhone ban as Apple pushes software update - Ars Technica

Posted: 14 Dec 2018 07:03 AM PST

Enlarge / iPhones are seen at an Apple Store in Tianjin, China.
Zhang Peng/LightRocket via Getty Images

Apple's patent battle with Qualcomm in China has intensified this week, with Qualcomm seeking a broader ban and Apple claiming it has a workaround to avoid Qualcomm's patents.

On Monday, Qualcomm announced that a Chinese court had banned the sale of most iPhone models. However, Apple's newest models, the iPhone XS and XR, were not covered by the ban because they had not yet been introduced when Qualcomm filed its lawsuit late last year.

Qualcomm remedied that oversight this week, asking the same Chinese court to ban sales of the XS and XR.

But Apple isn't ready to capitulate to Qualcomm's demands. The company claims that the ruling is specific to an earlier version of iOS, iOS 11. Apple claims that the current version, iOS 12, doesn't infringe Qualcomm's patents—though Qualcomm denies this. The iPhone models mentioned in the ban continue to be available for purchase in China.

Apple has asked a Chinese court to reconsider the ban. And on Friday, Apple told Reuters it would push out a software update to work around Qualcomm's patents, clearing the way for Apple to continue selling all iPhone models in China. Apple claims that Qualcomm's patents cover "minor functionality" of the iPhone operating system.

Qualcomm is unlikely to accept this, of course. And the inherent vagueness of software patents means that it may not be easy to figure out who is right. Qualcomm has not provided us with details of the specific patents Apple has infringed, but software patents often cover broad, vaguely worded concepts, leaving it open to interpretation which software might infringe them. That vagueness can lead to the kinds of standoffs and confusion we're seeing in China right now.

Let's block ads! (Why?)

Samsung moves deeper into blockchain, adds crypto wallet to S10 - CoinGeek

Posted: 13 Dec 2018 06:13 PM PST

Tech giant Samsung is no stranger to innovation. It has always been on the front lines and has developed, among other products, the world’s most popular brand of cell phones. When blockchain technology was starting to emerge, it also grabbed hold, eventually launching the Nexfinance platform to provide a blockchain solution for digital identities, insurance payments and virtual assistants. Now, it has stepped even deeper into the space and is going to include a cold cryptocurrency wallet with its upcoming S10 smartphone.

As revealed by SamMobile, a website dedicated to everything Samsung, the company had sought trademarks with the European Intellectual Property Office for a number of blockchain-related terms, including “Blockchain Keystore,” “Blockchain Core” and “Blockchain key box.” From there, the site did a little more sleuthing and uncovered the closely-guarded secret of the crypto wallet-enabled S10.

According to SamMobile, “Samsung’s cryptocurrency service will essentially have two parts. A cold wallet for saving cryptocurrency, public and private keys as well as signing private keys for cryptocurrency transactions and a crypto wallet for transfers, viewing account information and transaction history. Names for Samsung’s cold wallet and crypto wallet have not yet been finalized.”

From launch, the phone will support Bitcoin Core (BTC), Ether (ETH) and Bitcoin BCH. However, support for additional currencies will more than likely be added in the near future. As with most wallets, the account associated with the wallet will be stored on the blockchain with only the user having access.

The cold wallet, the Samsung Bitcoin application, will include an additional layer of security above that incorporated into the phone. Authentication will be required to access the device and then to access the wallet. So far, all that is known about the security is that fingerprint biometrics and a PIN will be incorporated.

This isn’t the first time a crypto-based wallet has been introduced – HTC has its Exodus 1 and Sirin Labs has the Finney. However, they will face some stiff competition from Samsung, which has a solid reputation in the smartphone industry. No word has been given about the phone’s price, but it will almost definitely be competitive with the $999 price tag of the Finney.