Apple refuses to back GOP convention because of Trump politics

Despite having provided aid in the past, Apple is withholding financial and technological support from this year's Republican presidential convention — owing to controversial positions by candidate Donald Trump, a report claimed on Saturday.

The company privately told Republicans it won't offer support because of Trump's comments on minorities, women, and immigrants, according to two Politico sources. The website didn't say whether the topic of Trump's direct criticisms of Apple came up in discussions.

In January, Trump promised to make Apple manufacture its products in the U.S. instead of overseas. A month later, he suggested people should boycott Apple unless it backed down in its fight with the Department of Justice over unlocking the iPhone of San Bernardino shooter Syed Rizwan Farook.

Later on it was found that Trump's Twitter account was still being updated from an iPhone, and that he owned over $1 million in Apple shares.

Google, Facebook, and Microsoft are still supporting this year's GOP convention, despite having sometimes expressed their own concerns about Trump. Apple has traditionally curried favor by backing both Democratic and Republican conventions — in 2008, for instance, it supplied roughly $140,000 in MacBooks and other materials to the two parties. It skipped 2012, when the Democrats decided against taking corporate donations for their event.

Opposition to Trump may be steep at Apple. In March, stopping his presidential run was allegedly the main topic of discussion in a meeting with GOP representatives attended by Apple CEO Tim Cook and other tech industry figures, as well as various financial giants and politicians.

This weekend is proving an unusually political one for Apple, as Lisa Jackson — the company's VP Environment, Policy, and Social Initiatives — said she will be speaking at the Bay Area Women's Summit on June 21. Many other prominent figures will be at the event, like the mayors of San Francisco and Oakland, U.S. Treasurer Rosie Rios, and senior advisor to President Obama Valerie Jarrett.

Inside watchOS 3: New 'Breathe' app for Apple Watch reminds you to relax, focus

In addition to reminding you to stand and walk throughout the day, watchOS 3 will also prompt Apple Watch users to take a minute to relax, focus and meditate with a new app dubbed "Breathe."

Breathe is an all-new app found in watchOS 3. Upon updating, the default settings will have Breathe prompt a user to have a focused breathing session every four hours.

The app guides users through a series of deep breaths, intended to help manage everyday stress. By default, the app offers a one-minute session of seven breaths, but these can be extended to longer sessions, and breathing can be slowed to four breaths per minute, or expanded to ten per minute.

When a Breathe notification pops up, users can either begin a session or choose to snooze it. A dedicated Breathe app on the app screen — as well as a new Breathe complication that can be added to watch faces — also allow users to start a session whenever they choose.

Once users begin, the app informs them to "be still and bring attention to your breath." A series of circles on the Apple Watch display gradually expand, accompanied by taptic feedback on the wrist, letting the user know to slowly inhale.

The use of feedback in the app can allow users to focus on their breathing and following along with their eyes closed, without a need to look at the app on their wrist.






The circles on the Apple Watch face then gradually contract as the user exhales along with the Breathe app. In the default settings, this will repeat seven times over one minute.

Once the session is completed, users are presented with a summary screen that lets them know how many Breathe sessions they have completed so far today, and what their heart rate was measured at during the last session. There's also a "Breathe Again" button that allows users to continue, if they choose.

watchOS 3 is a free update for all Apple Watch owners that will arrive this fall. It's currently available in beta for for developers to test.

Withings' Body Cardio scale delivers at-home heart health monitoring

. Withings on Wednesday launched a fourth-generation Wi-Fi connected scale called Body Cardio, offering users access to cutting edge cardiovascular health measurements formerly restricted to clinical settings, and other key health metrics, right on their iPhone.

The data is made possible thanks to pulse wave velocity (PWV) measurements, which are the speed at which heartbeat-generated vibrations spread out along the arterial wall. High PWV indicates stiff arteries or high blood pressure, while low readings suggest soft, healthy arteries.

To bring PWV into the home Withings developed a system sensitive enough to detect slight variations in weight caused by forces exerted each time the heart pumps blood in the aorta. Using impedance plethysmography at the foot, Body Cardio calculates pulse transit time (PTT), or the time it takes a systolic pressure wave generated at the base of the aorta to reach a user's foot. PTT readings are then used to deduce an estimated PWV.

The scale also reads measures of weight, body mass index, fat, muscle, water, bone mass and standing heart rate thanks to a scientific technique called biometrical impedance.

As a connected device, Body Cardio syncs with its partner Health Mate app to display graphs showing weight trends over time, step counts gathered by the iOS app or other Withings products and even the day's weather report on a built-in screen. Health Mate automatically syncs data for in-app viewing after every use of the scale.

Body Cardio is 0.7 inches thick, with a flat aluminum base, footless design and heat-tempered glass surface. Withings claims the design provides accurate readings on almost material, from hard floors to thick carpet. A built-in rechargeable battery lasts up to one year between charges.

Priced at $179.95, the Body Cardio is available in white and black from the Apple Store and the Withings website.

CurrentC inches closer to death as Apple Pay adds over 30 banks

Payments industry hopeful CurrentC continued its slow death march on Tuesday, announcing plans to officially end beta testing later in June without plans for wider rollout. In related news, Apple Pay this week gained support from more than 30 U.S. banks and credit unions. 

The Merchant Customer Exchange, a consortium of retailers responsible for developing the CurrentC platform, sent out an email notifying beta testers in Columbus, Ohio, that the program's trial period will end on June 28, reports The Consumerist. 

An update to the CurrentC website confirms the upcoming services shutdown. When the late June deadline rolls around participating stores will no longer be able to process CurrentC transactions, and all customer accounts will be disabled. Beta testers who loaded a gift card into the CurrentC app and disposed of the original hard copy are being asked to use the balance by June 28.

MCX offers little insight into CurrentC's future, saying only that plans are in place to analyze data accumulated from the beta period. Last month the consortium postponed a scheduled nationwide rollout for the second time in as many years, reportedly firing 30 employees. The development prompted speculation on the system's impending demise. 

In development since 2012, CurrentC was designed to link directly with customer bank accounts, allowing major retailers like Walmart to skirt credit card network fees. The system got off to a rocky start and was immediately challenged by tech sector players, including in-house offerings from Apple and Google. MCX attempted to thwart competition by restricting member retailers from accepting other NFC payment platforms, but ongoing troubles and industry pressure prompted Rite Aid and Best Buy to break rank late last year. Walmart followed suit in May by launching its own branded solution. 

The news comes as Apple continues to build out its own mobile payments product, Apple Pay, with the addition of 34 banks and credit unions. 

According to the company's Support webpage cards from the following banks can now be provisioned on Apple Pay:

121 Financial Credit Union
Acclaim Federal Credit Union
Boston Firefighters Credit Union
Catholic Vantage Federal Credit Union
Clackamas County Bank
Coastal Community Federal Credit Union
Commonwealth Community Bank
Cumberland Valley National Bank
Discovery Federal Credit Union
Easthampton Savings Bank
First Bank & Trust (IL)
First Bank & Trust (TX)
First Federal Lakewood
First Heritage Federal Credit Union
First National Bank of Carrollton
First National Bank of Fort Smith
First Security Bank & Trust
First State Bank of Wyoming
Home Bank
Members Credit Union
Nebraska State Bank
Origin Bank
Pegasus Bank
Sandia Area Federal Credit Union
Siouxland Federal Credit Union
State Farm Bank
Summit Bank
Synergy Federal Credit Union
Texas First State Bank
The Bank of Monroe
The Honesdale National Bank
University of Toledo Federal Credit Union
Wayne County Bank
Willis Credit Union

Apple is aggressively expanding Apple Pay beyond the domestic market and most recently struck deals with Canada's "big five" bank holdouts. The payments service is available in Australia, Canada, China, Singapore, the U.S. and the UK, with future launches rumored for Brazil, France and Japan.

A report earlier today claimed preparations for a debut in Switzerland could be completed in time for announcement at next week's Worldwide Developers Conference. The rumblings are in line with Apple's immediate focus on expanding Apple Pay into markets within Asia and Europe.

Success of next-generation iPhone could rest with Siri, survey says

A fresh survey published ahead of Apple's Worldwide Developers Conference suggests updates to Siri and the unlocking of the digital assistant's software development kit could be a key factor in future iPhone adoption, a topic of keen interest coming off Apple's first ever handset sales contraction. 

About 42 percent of iPhone owners in Fluent's pre-WWDC survey indicated they would be "somewhat more likely" to purchase the next iPhone if the Siri voice recognizing assistant is vastly improved. Apple is expected to announce Siri innovations, highlighted by the first Siri SDK release, at its developer conference next week.

Siri alone is unlikely to drum up iPhone sales above cooling expectations, however. The survey found only about 19 percent of iPhone users are "much more likely" to buy the next iPhone.

"Overall, Apple needs to recapture that wow factor, and could potentially do so with more aggressive moves into the automotive and television markets," Jordan Cohen, CMO for Fluent told AppleInsider.

Even if excitement surrounding Siri's SDK doesn't reach Amazon Echo and Alexa-level buzz, Apple can still count on about 87 percent of iPhone users staying loyal to the brand. That's the percentage of survey respondents that indicated that they plan on buying iPhones for their next upgrade, a figure approximately 13 percent higher than Android's reported retention rates.

In the face of sagging global smartphone sales and meatier options from a fleshed out mid-tier market, consumers are sticking with Apple because they simply want premium products in their pockets and purses. About 65 percent of iPhone users said they feel iPhone is worth the comparatively high cost, according to the survey.

While Fluent discovered high consumer confidence in Apple products, the firm also confirmed that there are low expectations among iPhone users for this year's release.

"Many consumers have been trained not to expect major improvements in Apple's new releases," Cohen said. "Our research indicates low expectations for the new iPhone, iPad and Mac, with nearly half of consumers expecting little to no change in the next generation of products."

Apple is expected to announce major Siri developments alongside a host of iOS, Mac, tvOS and watchOS improvements at next week's WWDC 2016. AppleInsider will be reporting live from the five-day event scheduled to kick off with a keynote on Monday, June 13 at 10 a.m. Pacific.

Acer, Asus, Dell, HP, Lenovo all add bloatware with high-risk vulnerabilities to Windows 10 notebooks

A study by Duo Labs looking at a series of name-brand PC makers revealed that their bundled software "is making us vulnerable and invading our privacy." 

"Updaters are an obvious target for a network attacker, this is a no-brainer," wrote Duo Labs researcher Darren Kemp. "There have been plenty of attacks published against updaters and package management tools in the past, so we can expect OEM's to learn from this, right?

"Spoiler: we broke all of them."Every vendor shipped with a preinstalled updater that had at least one vulnerability resulting in arbitrary remote code execution as SYSTEM

Kemp noted that an analysis of Windows 10 notebooks from Acer, Asus, Dell, HP and Lenovo found that "every vendor shipped with a preinstalled updater that had at least one vulnerability resulting in arbitrary remote code execution as SYSTEM, allowing for a complete compromise of the affected machine."

He added, "the level of sophistication required to exploit most of the vulnerabilities we found is somewhere between that possessed by a coffee stain on the Duo lunch room floor and your average potted plant - meaning, trivial."

Even without third party partners adding their own poorly designed bloatware, Microsoft Windows 10 was discovered to continue to connect to Microsoft's servers and send unknown data, even after users activate data privacy settings.

Lenovo scrambles to save its sloppy security record


China's Lenovo—the largest producer of both Windows PCs and Android smartphones—responded to the report by issuing a security advisory that "recommends customers uninstall Lenovo Accelerator Application by going to the 'Apps and Features' application in Windows 10, selecting Lenovo Accelerator Application and clicking on 'Uninstall,'"

One of the components of the Lenovo Accelerator Application is UpdateAgent, which Duo Labs had called "one of the worst updaters" due to the fact that it pings Lenovo's servers for new updates every ten minutes. 

Because there is "no verification or encryption protecting the transmission of updates, it's trivial for an attacker to insert malicious code," noted a report by ThreatPost.

Duo Labs researcher Mikhail Davidov noted of UpdateAgent, "It was unclear at the time of discovery what its legitimate use was for," adding that "Lenovo's decision to advise users to uninstall it manually seems strange to me, as an update can be pushed to all affected models to uninstall itself without requiring user interaction."

ThreatPost added, "These issues are not unique to Lenovo. All of the vendors' machines Duo Labs examined had similar flaws around a lack of encryption, privilege escalation and remote code execution vulnerabilities. Of those vendors who did encrypt the transmission of updates, for example, some were either poorly implemented or failed to include proper validation checks."

One year after Lenovo's Superfish scandal


Last year, Lenovo was discovered to have bundled Superfish adware on its notebook computers, software that was designed to hijacks users' browser sessions to inject customized advertisements but had a side effect of seriously degrading the security of encrypted connections.

To inject ads in pages involving encrypted HTTPS requests, Superfish loaded its own a self-signed root certificate on the Lenovo machines. Pages loaded over HTTPS are signed with this certificate, rather than the actual certificate of the site owner, allowing Superfish to decrypt the contents without the user knowing. 

Bank of America's website being signed with a Superfish certificate, as noticed by Google security engineer Chris Palmer


Lenovo responded by saying it would stop sending ads to Superfish-tained machines and stop installing Superfish on its new Windows PCs, but did nothing to solve the actual problem Superfish created for users. 

The company effectively blew off the findings of researchers by claiming in a statement that it "thoroughly investigated this technology and do not find any evidence to substantiate security concerns."

Windows, like Android, endangered by hardware partner's malice or incompetence


The fact that top tier PC makers are all bundling their own poorly designed software with Windows, introducing easy to exploit security vulnerabilities, has a clear parallel on Android, where hardware vendors routinely bundle not just buggy software updaters but often even purposely disable the security configuration settings that protect devices from installing apps from malicious third-party sources and in some cases install security backdoors.

A 2014 study by Bluebox Labs tested a dozen Black Friday bargain Android tablets from major retailers including Amazon, Best Buy, Kmart, Kohl's, Staples, Target and Walmart and reported "shocking" security flaws, malware and active backdoors installed on the new devices.

These flaws are on top of issues that affect the Android OS itself, which have included vulnerabilities such as Masterkey, FakeID and Stagefright.

Security is a key issue for Apple


While Google's chairman Eric Schmidt boasted to the media in 2014 that "our systems are far more secure and encrypted than anyone else, including Apple," groups that take privacy and security seriously, like the Electronic Frontier Foundation, have recommended Apple's messaging products for their end-to-end encryption while cautioning that Google did not provide similar security for its users.

Last November, Chris Soghioan, the principal technologist for the American Civil Liberties Union, went even further to state that Apple's efforts to protect the privacy of its users, including end-to-end encryption of their communications, effectively separated its more affluent iOS users from the poor and disadvantaged forced to use Android. 

"The security people I know at Google are embarrassed by Android," Soghioan noted.
Both Android devices and Windows PCs have a wide variety of over the counter spyware tools and privacy exploits that are easy for even amateurs to find, while even tools sold to law enforcement (including FinSpy, above, from global surveillance firm Gamma Group) note that they won't work on iPhones and other iOS devices unless their security has been jailbroken by the user. 

Apple has doubled down on security and privacy as key features of its Mac and iOS platforms. Additionally, without any commercial interest in collecting user data for marketing purposes, Apple is in a unique position to defend user privacy and security.

Last summer, Apple introduced WebKit Content Blockers as a secure new App Extension to enable developers to create tools that filter out any web content, including display ads and user tracking.

The company is likely to outline further new initiatives in security and user privacy at its Worldwide Developer Conference to be held in San Francisco the week after next.