Home Blog

How to use FileVault to protect business data on Macs


If you run a business on Macs (and many companies do) then you should become familiar with FileVault, the disk encryption system that’s built into macOS. When used properly, it makes it extremely hard for any malicious person to access your company’s confidential data in the event your Mac is lost or stolen.

What’s the problem FileVault tries to solve?

Most businesses possess various forms of sensitive data. This might include corporate  or supplier data, confidential order books, financial records, contact names and addresses, and more. That information has business value, but if compromised could also place you, your employees, or your customers at risk. In many industries, protection of such information is mandatory and legally required.

Apple’s FileVault makes it much harder for unauthorized users to extract this kind of data from company Macs. It does so by encrypting the data on the Mac and decrypting it only once an appropriate login is used. FileVault encyrypts and decrypts data in the background, so the system can be used while the it does.

What is FileVault?

Apple introduced FileVault in 2005 with Mac OS X Panther (10.3). At that time, it only protected a user’s Home folder. The technology has evolved since then and now offers XTS-AES 128 data encryption for the whole disk, protected by a 256-bit key.

When it comes to business, IT can manage FileVault using most available MDM systems and consoles.  When a Mac is protected by FileVault, no one can access its data unless they have the FileVault decryption key or user account credentials.

The current implementation of FileVault is available on both recent Intel and Apple Silicon Macs.

How to enable FileVault

FileVault is not enabled by default.

To enable it you must be an Admin user on your Mac. If so, you can open System Preferences>Security & Privacy and check the FileVault tab.

You will be given two choices, to protect the Mac using your iCloud account and password, or to use a Recovery Key. The first option is fine for personal users, but most enterprises will probably use a Recovery Key.

It is very important to note your login password and the recovery key generated for you when you enable FileVault. That’s because if you forget them both, all the data on your Mac will be unavailable to you. One protection here is that console-based MDM-based systems may be able to remotely assign new keys.

NB: Once you enable FileVault, it cannot be turned off until the first full encrypt has taken place. That first encryption can take time, depending on how much information you have on your Mac. Subsequently, in the event the passphrase or recovery key is changed the entire volume must be decrypted and re-encrypted.

Know your limits

It is extremely important to note that an individual user who cannot recall their password or recovery key will never be able to access that data, as they will eventually need to delete and reinstall macOS.

However, a business that makes use of a modern MDM system to manage its Macs can also assign institutional recovery keys that can be managed and stored from the MDM console. That’s useful as it means that if a user forgets their password, IT can use the recovery key to reset FileVault and assign a new password to get them back in.

What to consider when creating passcodes

Companies should consider passcode policy for FileVault volumes. A generalization is that longer passcodes are stronger passcodes (so long as they aren’t 12345678910), but it’s also important to consider passcode rotation schedules and alphanumeric codes. In my experience, the challenge with the FileVault recovery key is that since it is used so infrequently, it is very easy to forget the code. This is one code that needs to be written down and locked away somewhere, even if you use a transposition cipher to secure that written key.

[Also read: How to stay as private as possible on the Mac]

Some Macs already encrypt

Macs equipped with an Apple T2 Security chip automatically encrypt data already. It’s still worth using FileVault with those systems as it enhances the inherent protection by requiring your login password to decrypt your data.

Apple maintains a list of Macs that make use of the T2 Security Chip here.

Should all your Macs be protected by FileVault?

As a rule of thumb, any Mac that carries or has access to personal or sensitive business data should use FileVault encryption.

What are the consequences of using FileVault?

Other than the complete loss of data in the event you forget your passcodes and lose access to your Mac, the biggest negative outcome when using FileVault is that I/O performance can sometimes be affected.

What can I use instead of FileVault?

Though FileVault has the big advantage of being Mac-native, some businesses may prefer to use alternative solutions such as VeraCrypt.

Where can I find out more about FileVault?

Apple’s current advice on use of FileVault in macOS Monterey is available here.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Copyright © 2021 Softwaretoolapps, Inc.

The Pixel-exclusive rebirth of a beloved Android feature


Friends, rabbits, internet-persons, lend me your ears (bunny-shaped or otherwise). Today, we need to take a titillating trip back in time — ’cause a pivotal part of our Android-flavored past is about to poke its way into the present.

So rewind with me for a sec, won’t ya? The year was 2012 — the same exact numbers as our current moment on this earth, only with a flickety-flick of those final two digits. The Android version of the era was Android 4.1, better known as sweet, juicy Jelly Bean. Google’s Pixel phones didn’t yet exist; rather, the Samsung-made Galaxy Nexus served as the flagship of the platform that summer, while the LG-birthed Nexus 4 was on its way out of the virtual womb and into the world.

And at that precise moment in time, lemme tell ya: We were getting a glimpse of the future.

That future was a groundbreaking Google service called Google Now. Remember it? Google Now launched as part of Android 4.1 and showed us just how good Google’s existing intelligence could be when it was woven together in clever new ways and transformed into a whole new whole.

Google Now was Google’s golden ticket — its key to a future no other company could unlock. The service combined bits of innocuous-seeming info only Google could know to create a predictive personal portfolio, which then conjured up what you wanted before you even asked for it and served it to you automatically at exactly the right time.

[Psst: Got a Pixel? Check out my free Pixel Academy e-course to uncover all sorts of advanced intelligence lurking within your phone!]

Copyright © 2021 IDG Communications, Inc.

What’s needed to consolidate Apple’s enterprise gains?


Enterprise adoption of Macs, iPads, and iPhones grew dramatically during the pandemic. Apple and its enterprise partners want to consolidate this expansion in 2022, which should be another big year in hardware investment.

Delivering a growth strategy

We’ve been watching the Apple in the enterprise expand rapidly throughout the pandemic; 2021 was a record year for hardware sales as companies invested in computers and devices to support hybrid teams. Apple evidently benefited.

Apple in the business sector is now served by more MDM providers than ever and competition among Apple-focused enterprise service providers is intensifying. Why? Because enterprise demand for Apple products has never been higher, and — pushed by employee preferences — deployment continues to grow. At the same time,  enterprise spending on devices climbed 15.1% this year and will maintain those levels (albeit with slower growth) into 2022, according to Gartner.

Apple surely wants to maintain its foothold of this expanding market. It knows M-series Macs are winning converts, even as enterprise iPad sales continue to grow. With a view to maintaining this momentum, Apple Business Essentials is a strategically important step to make its solutions more attractive to business users. The scheme acts as a gateway to provide smaller businesses with an easy-to-manage entry point into the larger world of MDM solutions served by Apple partners, including Jamf.

Get your lease on

But enhancing the availability of support for Apple devices isn’t the only trend in the enterprise space the company is trying to address. There’s an emerging desire among enterprise users to lease their technology hardware, claims BNP Paribas.

The BNP Paribas research shows 76% of IT hardware continues to be purchased outright in Europe, but suggests businesses are moving toward access, rather than ownership. That’s not surprising, given that 77% of businesses already lease vehicles. Leasing computers makes sense — particularly while handling limited budgets during international crisis.

Apple perhaps is quietly working to meet the growing desire for leasing tech. We recently learned of an arrangement between Apple and financing partner CIT under which US businesses can lease their Macs from as little as $30/month/machine. The scheme makes it easier for companies to field Apple devices across their business – and may also help them deploy devices across remote teams as hybrid workplaces are normalized.

We don’t yet know if this push reflects a wider global strategy to enable business users to access Apple as a service, or whether it reflects a single offer from one place. But even this isn’t the end of the story.

What follows deployment?

That’s because even with effective MDM solutions and leasing schemes, businesses have a lot of work to do to unlock the opportunities of digital transformation. Pre-pandemic, a Deloitte survey showed that despite huge mobile device deployments, many enterprises continue to use dated business practices.

That report describes simple, but critical, key tasks that can’t yet be handled by mobile devices: 59% of employees can’t complete timesheets, for example; 39% can’t file holiday requests; and just 41% are able to approve invoices on mobile devices.

This reflects a reality in which many businesses haven’t yet shifted their mindset enough to change existing business practices, and changing them poses additional demand on tech budgets. Gartner says 65% of corporate board members want to accelerate digital transformation projects.

There’s a need to meet those pain points head on — particularly when enterprises are juggling a big basket of challenges, not limited by but including: COVID-19 issues, supply chain challenges, a mass move to hybrid work, employees who want  technology choice, the Great Resignation, considerations around office space reduction, and the need to deploy new kit to support the new workplace.

This cornucopia of challenge is nurturing recognition that investment in new digital business processes may be essential in order to help businesses navigate these sometimes-conflicting problems.

While Apple Business Essentials and the new business leasing scheme may help resolve some of these pain points, the next stage to consolidate Apple’s gains in the enterprise market will depend on partners such as IBM, Cisco, SAP, and others delivering accessible tools Apple-wielding businesses can affordably use to quickly and easily digitize their business processes.

Perhaps Apple might encourage such development by creating an App Store for the enterprise?

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Copyright © 2021 Softwaretoolapps, Inc.

What the media doesn’t say about Apple


There’s a real lack of nuance and context these days in so much of the reporting about Apple. Products the company has never announced are declared delayed, while rumored products might be described as being abandoned — not because they are delayed or abandoned, but because those rhetorical terms fit the narratives being put together by the latest breed of crisis journalists.

What if everything is true?

Some math is simple. One plus one usually equals two. But there are exceptions. And it’s the lack of awareness of those exceptions that’s fostering cognitive dissonance in the Apple sphere.

Take Apple’s work in energy.

Energy is essential. Apple invests in energy across the lifecycle of its products: It invests in energy production in the form of renewable sources; it continues to improve product energy consumption and invests in battery and power delivery technologies, as seen in MagSafe.

The company has been investing in wireless energy for years. Research sometimes hits hurdles, however, as proved when AirPower was announced and subsequently withdrawn, presumably because the tech at the time proved itself less capable of delivering a consistent experience than required in a mass market product. But AirPower’s stumble didn’t mean Apple stopped working on energy technologies. Work continued somewhere in Apple’s massively financed c.$21 billion R&D department.

That shouldn’t be surprising.

Taking a look at it all

To be blunt, it’s simply common sense that Apple’s research teams continue to explore every possible pillar supporting its consumer electronics empire. It stands to reason  that Apple continues to develop short-range and long-range wireless charging and the capacity for devices to charge up each other inductively. (It would be more surprising if it didn’t — particularly when QuantumScape, Volkswagen’s favored solid-state battery technology firm, is based in its San Jose back yard.)

The same logic applies to Apple Car.

Over the many years this speculation has existed, we’ve been told the project has stopped, been rebooted, delayed — and now we hear the car will be hitting roads perhaps as soon as 2025 (with a subsequent report claiming another delay).

Confusing, isn’t it?

The more nuanced approach to this topic would be to report that Apple is developing a range of technologies that relate to autonomous and semi-autonomous vehicle design. Those technologies must surely include everything from the wheels to seat design, from building processors capable of running the AI to developing Face ID for door entry. Not every component will be improvable, but those that can benefit from Apple’s touch will be redesigned (and many may be outsourced). Though redesigning everything takes time.

Think about the M1 Macs.

We were told speculation Apple wanted to move Macs to Arm chips was misplaced. And yet, we’ve now learned that Apple worked for years to achieve its own Mac chips.

Once again the polarized “all-or-nothing” approach to Apple reporting masked a more nuanced truth: Apple is always working on alternative solutions somewhere in its labs. That implies it may already looking at other processor designs to replace ARM.

Apple probably has a patent for that

Apple’s researchers do keep a low profile, but they show up, attend industry events, and deeply examine emerging technologies. Apple’s people even work with others on industry standards, including for future tech evolutions such as 6G.

Look at Apple’s patents. It files hundreds every year. Most come to nothing, but each reflects research that has taken place behind the scenes. In the last few weeks, dozens of patents for gesture controls for headsets and displays, holographic projections, AR headsets, glass ceramics in imaging sensors, retractable keyboards, vehicle suspensions and smart clothing have all been granted.

Does Apple plan a range of kinetic energy powered smart clothing with built-in textile screens? Perhaps — it owns more than 40 patents associated with the idea. It won a patent to anchor virtual to real-world environments in 2016, one year before AR hit iPhone.

That’s the nature of Apple. If you want to get a sense of what’s possible, spend time glancing through the c.147,000+ patents it holds.

They don’t all come to life, of course.

What it doesn’t do

How many times have we been told the company is as proud of the things it doesn’t ship as of those it does? But don’t imagine Apple’s internal teams don’t occasionally dust off those old project files to see if the plan makes more sense now, given any relevant technology advances that may have emerged

You can even tell this is what the company does.

How many Apple TV patents and products existed before Apple TV? How many tablet-style mobile devices? How many portable gaming devices that may look more tempting with Apple Arcade? Will Apple introduce an M-processor powered 8K QuickTake video camera to reclaim the brand that launched the digital camera industry while putting its AI-enhanced imaging technologies into the heart of Hollywoodland?

To my mind, it’s way more interesting to embrace the many different areas in which Apple is applying its research muscle, rather than remaining trapped in a product-driven and inherently polarized “good/bad,” “true/false” narrative.

I see it as the best approach to thinking about the company, particularly if it is your business to be ready first when Apple turns its research into mass market platforms that unleash new opportunity. Such as the incoming Apple AR glasses.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Copyright © 2021 Softwaretoolapps, Inc.

How to get more out of Edge (and bolster its security)


I use Edge, the built-in browser in Windows, though I’m very much in the minority. I even think it has the potential to be a better browser than Firefox or Chrome. Case in point: the recent “Super Duper Secure Mode” that has rolled out to the default Edge version after being in beta channels for several weeks. (Let’s call it the “SDSM” setting.)

As noted in a past Edge blog post, SDSM provides additional security features that allows you to disable just-in-time Javascript and then enable Controlflow-Enforcement Technology (CET) instead. Just-in-time Javascript has been used in many zero-day browser attacks in the past — thus, blocking it will help protect our systems and platforms going forward. In my testing so far, I have not seen any side effects running Edge in this mode, even when doing online shopping or banking.

Do you want your security balanced or strict?

If you use Edge, or are considering using it, I recommend that you try the following settings:

Launch Edge and click on the three dots to go into the settings menu. In the search settings box, type in Security. Now, scroll to the section called “Enable Security mitigations for a more secure browser experience.” Click on Balanced, which adds security protection for sites you don’t visit often. You can even go one more level and click on Strict, which boosts security for all sites. (If you have issues with any site, you can click on Exceptions and add websites you want to exclude from this setting.)

secure edge Microsoft

Users can choose varying levels of security in Edge.

While you’re there, review the setting for “Blocking potentially unwanted applications.” This blocks downloads of low-reputation apps that might cause unexpected behaviors. Especially if you download from various websites, this helps block any apps that could be malicious.

While I love the SDSM mode in Edge, I’m not a fan of some of the other settings included in the Edge browser beta testing process. One add-on, in particular, I hope Microsoft drops — or, at a minimum, allows me to block — is the “Buy now, pay later” setting. It lets online shoppers break up purchase payments into equal installments, often interest-free, so they get the item up front, instead of having to wait until it’s paid in full.

Copyright © 2021 IDG Communications, Inc.

Apple’s NSO lawsuit targets illegal spying by oppressive regimes


Apple says its lawsuit against NSO Group this week is an attempt to hold the surveillance firm “accountable for … the surveillance and targeting of Apple users.” And it spared no ire in accusing the Israeli spyware company of its selling surveillance software to authoritarian governments — regardless of whether those governments use it to target dissidents, journalists, and activists.

NSO Group was already facing legal problems after messenger platform provider WhatsApp filed suit in 2019 for similar reasons. Earlier this month, the US Ninth Circuit Court of Appeals rejected the spyware company’s claim that it should be protected under sovereign immunity laws. In the high-profile case, WhatsApp alleged NSO’s spyware was used to hack 1,400 users of the messaging app.

The two lawsuits open the company to discovery requirements as the cases move forward. Until now, NSO Group has been able to cloak its business practices in secrecy.

In September, Citizen Lab, a cybersecurity watchdog organization, released a report outlining what it found to be zero-day zero-click exploits by NSO Group’s Pegasus spyware against various electronic devices and digital documents.

“I think it’s highly unlikely they had no ability to control and no idea about the misuses of their software — especially over the past year or two because Citizen Lab and other organizations have been documenting the misuse of the software,” said Cindy Cohn, executive director of the Electronic Frontier Foundation (EFF), a non-profit digital rights group based in San Francisco. “I mean, after [Jamal] Khashoggi was killed, how do you not wonder.”

Various media outlets have alleged that NSO Group’s hacking malware was used to monitor people close to Saudi Arabian journalist and dissident Jamal Khashoggi both before and after his death at the Saudi consulate in Istanbul in 2018.

Copyright © 2021 IDG Communications, Inc.

Will Windows come to M1 Macs soon?


If you use Apple Silicon Macs, there’s a slightly improved chance you may soon be able to run a licensed version of Windows on your machines, as an Arm-exclusive deal between Microsoft and Qualcomm seems set to expire.

Qualcomm has a key

XDA-Developers tells us Qualcomm holds an exclusive arrangement with Microsoft to provide the processors to drive Windows on Arm. That’s why you find Qualcomm’s chips inside Windows for Arm devices, and don’t find processors from anyone else.

The report claims this deal will expire soon, which means MediaTek, Samsung, and others may begin to manufacture Arm-based chips for Windows — and may also give Mac users a chance to run Windows on M-series Macs.

There is certainly a chance this won’t happen. Microsoft recently suggested an Arm version of Windows 11 for Apple Silicon is not “a supported scenario” – but things do change in tech.

Why it matters

Apple’s Mac sales continue to grow across most enterprise markets, but at present the M-series Macs have no official Windows support. All the same, we have known they can run Windows on Arm insider builds using virtualization tools such as Parallels. Beyond that, other than using Windows 365, there has been no official, fully-supported way to run Windows on an M-series Mac — you don’t even get Boot Camp.

Most Mac users — and Parallels — had been hoping Microsoft would simply offer up Windows for Arm licenses for sale, enabling businesses using multiple computing platforms to run Windows, iOS, and Mac apps on a single machine.

Microsoft has never given us much hope of this, and I think many industry watchers had begun to give up on the idea. But for many enterprises, the ability to run Windows in some way is an essential requirement, particularly for businesses still reliant on legacy systems for some tasks.

A stumbling block

One thing that might be in the way is Nvidia’s ongoing attempt to acquire Arm from Softbank. This attempt is currently being investigated by the UK Competition & Markets Authority. (They are concerned the deal would give Nvidia too much power in the growing number of markets that rely on Arm reference designs.)

We won’t know the conclusions of this investigation until 2022. But it’s a decision that will have far-reaching industry consequences, given we are the cusp of massive Arm adoption.

Where the industry is going

Apple has been working with Arm to develop its chips since 2014, when it introduced the A4 processor inside iPhone 4. Since then, the company’s decision to develop its own processors has paid dividends. Mac users upgrading to an M-series system seem thrilled with the performance and capability of these machines. Apple devices sit at or near the top of most benchmark charts in each category and competitors in the same class now seem to be running at best one year behind.

Apple has blazed a trail — and as usual in time-honored fashion, competitors want to follow that path, too. Most recently, Qualcomm announced plans to manufacture Apple M1-competitive silicon by 2023 with help from former Apple silicon team developers from Nuvia, which it acquired earlier this year.

What comes next?

XDA-Developers isn’t clear about when the Qualcomm deal will expire, but things could get more interesting when it does. Not only might we see a rash of faster PCs running Arm chips and Windows, but we may also see Microsoft’s OS appear on M-series Macs.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Copyright © 2021 Softwaretoolapps, Inc.

Apple pulls no punches in lawsuit against ‘amoral’ NSO Group


Apple has punched back against the “amoral” surveillance as a service industry of smartphone snoopers, filing suit against the NSO Group and its owner, Q Cyber Technologies, and taking steps to further secure digital lives.

Why this should matter to your business

Israeli firm NSO Group is a spyware firm that provides surveillance services to governments. It effectively privatizes state-sponsored snooping and enables even the most repressive government to outsource such tasks. It has been widely reported that software from NSO Group was used to target family members of murdered Saudi journalist Jamal Khashoggi.

These attacks are expensive and aimed at a very small number of people.

The problem is that some governments also use the technology to spy on journalists, political opponents — even businesses.

It’s that last part that may be of most importance, particularly (but not exclusively) to larger enterprises working on highly confidential matters. No business user should approve of unconstrained use of technologies of this kind as they undermine trust and enable disgraceful attempts at business sabotage.

In what could be seen as an ironic representation of that truth, it is interesting that NSO Group has never published a complete list of its clients.

Apple’s extensive litigation, described in more detail below, is an attempt to require NSO Group to reveal who it was working for and what data it obtained for those clients. If it succeeds, this will bring some instances of egregious surveillance into the light, where the consequences can be judged by all.

What is Apple saying?

Apple’s complaint against NSO Group pulls no punches:

“Defendants are notorious hackers — amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse. They design, develop, sell, deliver, deploy, operate, and maintain offensive and destructive malware and spyware products and services that have been used to target, attack, and harm Apple users, Apple products, and Apple. For their own commercial gain, they enable their customers to abuse those products and services to target individuals including government officials, journalists, businesspeople, activists, academics, and even U.S. citizens.”

The litigation observes that the US government has sanctioned the company, and seeks redress at every available level, including breach of the terms of use we all agree to every time we use a product.

It also points out that NSO has admitted the attacks it sells for profit have led to violations of fundamental human rights.

What NSO Group had to say

In a very brief statement, NSO Group said:

“NSO Group is dismayed by the decision given that our technologies support US national security interests and policies by preventing terrorism and crime, and thus we will advocate for this decision to be reversed.

“We look forward to presenting the full information regarding how we have the world’s most rigorous compliance and human rights programs that are based the American values we deeply share, which already resulted in multiple terminations of contacts with government agencies that misused our products.”

Apple security chief weighs in

Ivan Krstić, head of Apple Security Engineering and Architecture, doesn’t agree:

“At Apple, we are always working to defend our users against even the most complex cyberattacks. The steps we’re taking today will send a clear message: In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place.”

“Our threat intelligence and engineering teams work around the clock to analyze new threats, rapidly patch vulnerabilities, and develop industry-leading new protections in our software and silicon. Apple runs one of the most sophisticated security engineering operations in the world, and we will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group.”

How Apple threat notifications work

Moving forward, Apple says it will notify users if its security teams spot activity consistent with a state-sponsored attack being made against them. (Update: Reports claim the first such threat warnings have been received across multiple nations).

While most people won’t be impacted by such larcenies (in part because these attacks are expensive), they may be visible against certain individuals, such as journalists, politicians, industry leaders, strategically important business leaders, NGOs, and others. It really just depends if a government somewhere is willing to pay to surveil.

If Apple discovers activity consistent with a state-sponsored attack, it will send an affected user an email, an iMessage, and place a notification on the Apple ID page. It states:

  • A Threat Notification is displayed at the top of the page after the user signs into appleid.apple.com.
  • Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.

The notification will also suggest additional steps that can be taken to help protect the targeted person. Apple concedes such attacks are highly sophisticated and evolve over time, which means threat intelligence signals may sometimes yield false positives and that some attacks may not be detected.

  • Apple threat notifications will never ask you to click any links, open files, install apps or profiles, or provide your Apple ID password or verification code by email or on the phone.
  • To verify that an Apple threat notification is genuine, sign in to appleid.apple.com.
  • If Apple sent you a threat notification, it will be clearly visible at the top of the page after you sign in.

Basic security steps everyone should take

Human nature remains both the best and the worst line of defense. We live in a world in which everyone knows hacks happen, but “123456,” “password,” and “12345” continue to be the top three most commonly used passwords in the US.

While I imagine most business owners and employees understand the need to display more security intelligence than that, it’s not reassuring that even today so many people don’t. And while you can argue in the context of state-sponsored attacks that a person’s password is unlikely to provide all the defense you need, it does provide some protection.

In addition, while you may be highly secure, your close relative may not be — and their vulnerability represents an attack surface hackers can and do use en route to undermining your security. Like coronavirus, in this connected world no one is safe until everyone is safe.

Apple has published the following best practice recommendations:

  • Update devices to the latest software, which includes the latest security fixes.
  • Protect devices with a passcode.
  • Use two-factor authentication and a strong password for Apple ID.
  • Install apps from the App Store.
  • Use strong and unique passwords online.
  • Don’t click on links or attachments from unknown senders.

What claims for relief has Apple made?

Apple has made four claims for relief against NSO Group under the following counts:

  • Violations of Computer Fraud and Abuse Act;
  • Violations of California Business and Professions Code § 17200;
  • Breach Of Contract (specifically around iCloud Terms of use);
  • Unjust Enrichment (as an alternative to the third count).

What does Apple want?

Apple seeks numerous injunctions and financial penalties to punish NSO Group and also provide insight into who its clients are and whose data they obtained.

These include:

  • A permanent injunction to stop NSO Group from accessing and using any Apple servers, devices, hardware, software, applications, other Apple products or services.
  • A permanent injunction requiring NSO Group to identify the location of any and all information obtained from any Apple users’ Apple devices, hardware, software, applications, or other Apple products.
  • That all such data is deleted and that any and all entities with whom Defendants shared such information be identified.
  • An injunction to prevent NSO from developing, distributing, using, causing to be developed, or enabling use of spyware, malware and so on against any Apple hardware, software or services without consent.
  • Damages in compensation.
  • Punitive damages.
  • An accounting and disgorgement of profits made as a result of these acts.
  • Any additional relief the court sees as appropriate.

What about the security researchers?

Apple paid tribute to the independent security teams that have been investigating the work NSO Group does. The company is offering much more than lip service. It is contributing $10 million to support cybersurveillance researchers and advocates and says any compensation received as a result of the NSO litigation will be poured into the same pot.

In other words, Apple is prepared to flex its legal muscle to take on an international organization accused of human rights abuses against its customers, and is also very happy to invest in research it thinks may be able to help protect customers against such acts.

Apple will also support what it called the “accomplished” researchers at the Citizen Lab with pro-bono technical, threat intelligence, and engineering assistance. Where appropriate, it will offer the same assistance to other organizations doing critical work in this space.

What Apple says about NSO Group attacks

Apple also shared new information on NSO Group’s FORCEDENTRY exploit used to break into a victim’s Apple device to install the latest version of NSO Group’s spyware product, Pegasus. The exploit was originally identified by the Citizen Lab, a research group at the University of Toronto.

To deliver FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device. These allowed NSO Group or its clients to deliver and install Pegasus spyware without a victim’s knowledge. While Apple’s servers were misused during the process, the company’s servers were not hacked or compromised.

I’m pleased to see Apple take this action and I hope its litigation against NSO succeeds.

While NSO argues that it acts within the law and has vigorous protections in place, it seems appropriate that it should be forced to prove this to be true. After all, Amnesty International has identified at least 180 journalists around the world who have been attacked by Pegasus, which suggests the tech has in fact been abused.

As Apple CEO Tim Cook warned in 2018:

“We see vividly — painfully — how technology can harm rather than help. Platforms and algorithms that promised to improve our lives can actually magnify our worst human tendencies. Rogue actors and even governments have taken advantage of user trust to deepen divisions, incite violence, and even undermine our shared sense of what is true and what is false.”

I continue to believe tools such as those provided by NSO or mandated security back doors into products will enable more criminal and terrorist activity than they prevent.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Copyright © 2021 Softwaretoolapps, Inc.

13 hidden Pixel phone superpowers


One of the best parts of using a Pixel is the way tasty little specks of Google intelligence get sprinkled all throughout the experience. Those small but significant morsels show off the value of having Google’s greatest ingredients integrated right into your phone’s operating system, without any competing forces or awkwardly conflicting priorities at play.

And Goog almighty, does that make a world of difference. The features in question may not always be the most eye-catching or marketing-friendly advantages, but they’re incredibly practical touches that can make your life easier in some pretty powerful ways.

Today, we’re gonna zoom into an especially possibility-packed part of the Pixel’s software setup, and that’s the Android Overview area. The simple-seeming interface for switching between recently used apps is overflowing with advanced actions on a Pixel phone, and once you discover (or maybe just remind yourself) what’s there, you’ll be saving time and flyin’ around your phone like nobody’s business.

So as a supplement to my popular Pixel Academy e-course — a totally free seven-day email adventure that helps you uncover tons of next-level Pixel treasures — join me for this tour of outstanding and out-of-the-way Pixel Overview gems. Check ’em out, try ’em out, and then come sign up for the course for even more super-practical Pixel awesomeness.

(Note that most of the possibilities on this page require Android 11 or higher to work. That means if you’re still hangin’ onto a first-gen Pixel phone, they won’t be available for you, unfortunately. But don’t despair. You can still find lots of other worthwhile goodies in my Pixel Academy!)

Pixel superpower No. 1: The quick text copy

We’ll start with a simple but supremely helpful feature for copying text from practically anywhere in a snap. You can use it to snag words from something like a web page or a document, sure, but you can also use it to highlight and copy anything from within an image, a screenshot you’d previously saved, or even an area of Android that wouldn’t typically let you select and copy text — like a specific screen within the system settings, for instance.

Copyright © 2021 IDG Communications, Inc.

Edge and Windows 11 — the return of Microsoft’s IE fiasco?


Today, Microsoft dukes it out with the FAANG stocks for top place in the tech stock market. But 20 years ago, Microsoft let out a big sigh of relief when it dodged a bullet.

US District Court judge Thomas Penfield Jackson, who oversaw the Department of Justice vs. Microsoft, had ruled in 2000 that Microsoft was a monopoly that should be broken up into two companies. This part of his decision was overturned in 2001, or we’d be living in a very different technology world.

The root cause of Jackson’s decision? Microsoft had used its Windows monopoly to crush its web browser rival Netscape. The final decision gave Microsoft a wrist-slap and required it to give other browsers a chance to run on Windows. So what the heck is going on now with Windows 11 and Edge, Microsoft?!

In case you haven’t heard, a new Windows 11 Insider Preview build gets in the way of workarounds that enable users to set up other web browsers, such as Firefox and Chrome, as defaults for handling web links. So, for example, if I sent you an e-mail with a link to one of my favorite xkcd cartoons and you opened it in Outlook on a PC with this preview version of Windows 11, it would open in Edge — even if your preferred browser is Chrome.

This is not the first time Microsoft has tried to force Edge down users’ throats, just as it did with Internet Explorer in the 1990s. For example, in Windows 10 Insider Preview Build 17623 in 2018, Microsoft began “testing a change where links clicked on within the Windows Mail app will open in Microsoft Edge.”

This wasn’t an isolated instance. For example, in Windows 10 if you open an MSN news article, the default is to show you the page in Edge. Users are always complaining about being forced to use Edge. Last year, not long after Microsoft introduced its Chrome-based version of Edge, it pushed the revamped Edge onto all systems when they updated to Windows 10, version 2004. People were not happy.

Copyright © 2021 IDG Communications, Inc.

The Android 12 Quick Settings trick you’ve been missing


We’ve seen lots of significant changes to Android over the past decade. For the first time in a long time, though, Android 12 actually feels like a whole new smartphone experience.

That’s because Android 12 is the first Android version in years to introduce sweeping changes to the software’s front-facing appearance. The new Material You design standard represents a gigantic evolution for the way Android looks and what a device running the operating system is like to use.

By and large, that evolution is a good thing. But with any progression comes certain quirks that don’t always jibe with your day-to-day desires.

For lots of folks, one such element is Android 12’s adjusted approach to Quick Settings — y’know, that panel of fast-access tiles you can reach by swiping down from the top of your device’s screen. That was certainly the case with one of my Android Intelligence Platinum members, who recently contacted me on my Platinum Help Desk with the desperate plea for a creative solution to help her customize her phone’s Quick Settings and undo the “improvements” Android 12 introduced.

Well, here’s the good news — and the same thing I told her: As with most things in Android, the power to decide how you want your device to work ultimately resides in your hands. (Novel concept, no?) And if Android 12’s Quick Settings setup isn’t quite cuttin’ it for ya, lemme tell ya: You’ve got a spectacularly simple way to flex that phone-owner muscle and take control.

[Psst: Love shortcuts? My new Android Shortcut Supercourse will teach you tons of time-saving tricks for your phone. Sign up now for free!]

Copyright © 2021 IDG Communications, Inc.

With latest Safari preview release, Apple tweaks ProMotion scrolling issue


Apple this week released a Safari Technology Preview update that among changes appears to address a problem that surfaced with its new MacBook Pro laptops and ProMotion adaptive refresh display software.

The problem came to light when owners of the laptops — which were just unveiled last month — began using Firefox, Chrome, and even Apple’s own Safari browser on the MacBook Pro. They found scrolling was anything but smooth, despite the higher refresh rates offered by the new hardware.

Apple’s release notes for Safari Technology Preview 135 say it has addressed “lazy image loading, and updated smooth scroll animations to run at 120Hz on 120Hz displays.”

The issue cropped up quickly on user forums at MacRumors; the purported fix in Safari Technology Preview 135 was noted initially by 9to5 Mac.

First, a little background on how the issue has unfolded.

Last year, Apple introduced a major software change in support of the launch of its own M1 ARM-based silicon (The company is phasing out the use of Intel’s x86 processors.) Programs running on the new ARM-based silicon relied on an emulation layer until developers could update their code. (An emulation layer simulates the x86 architecture, so the CPU, file system and system information functions are all virtualized.)

Copyright © 2021 IDG Communications, Inc.

FileMaker Pro now supports Siri Shortcuts on Mac, iPhone, iPad


You can now run FileMaker scripts using Apple’s Siri Shortcuts app on Macs, iPhones, and iPads, a promising move that makes more automation possible for some business users.

Shortcuts for FileMaker

Apple subsidiary Claris first introduced support for Shortcuts a couple of years ago in FileMaker Go, the mobile version of its venerable cross-platform relational database application. The company has now extended this support to Mac users with its very recent macOS Monterey update.

The introduction of this support means you can run FileMaker scripts just like any other Shortcut, including via Siri.

You do need to designate which of your scripts you want to “donate” to Shortcuts, after which you can use those scripts in routines that you design. You also need to assign privileges to those scripts to enable access to them. “You can then run a shortcut using the Shortcuts app or Siri voice commands to open the file, run your script, and pass in an optional parameter,” says FileMaker.

This support makes it possible for companies using FileMaker to build voice commands to enable some tasks. These could include automations, inventory updates, or simply a process launcher.

You can also integrate your donated FileMaker scripts within workflows of any other Shortcut-enabled application. (This video may help explain how this works on iOS, but make sure your devices aren’t listening for the ‘Hey Siri’ command the narrator uses way too often during the presentation.)

How would you use this?

How useful is this? Prosaic deployments will include the capacity to automatically open specific databases or send business cards while more sophisticated uses include the capacity to check customer orders, create reports, or get business-critical data. You may want to ask Siri how many orders your company received last week or yesterday or check the status of a specific order, for example.

These Shortcuts will proliferate across all the devices you use signed into a specific iCloud account. They don’t necessarily need to be activated by Siri, they can also be location- or proximity-based and appear as a button (or application icon) on the Mac desktop or Home screen. 

I think this feature will work well along with the application’s support for Apple’s CoreML.

FileMaker developers can already use CoreML to add machine learning to apps. This makes it possible to achieve tasks such as object/face detection, image classification, text predictions and more. In conjunction with Shortcuts, it makes it possible to build automated inventory management systems leveraging cameras in iPads and iPhones, for example.

Why this matters

What’s most useful about this feature is that it is relatively accessible. While FileMaker Pro is complex, it’s not too complex, and many businesses worldwide use the app to support their work.

That’s because it is becoming a good example of a low-code solution that can be configured to meet real-world business tasks that can also scale up to deal with more complex demands. We know low-code and no-code environments will become increasingly popular across enterprise IT, particularly as demand for developers continues to grow. Reflecting this, Gartner claims the low/no-code market will be worth around $13.8 billion this year.

In part, this is because these kinds of options enable businesses to quickly build and deploy solutions to respond to changing needs without competing for (expensive) developer time. In part, relatively frictionless yet powerful development environments match the expectations of Millennials and Generation-Z employees. The idea is you scale up when you need to, but most routine tasks should be easy to automate.

“Globally, most large organizations will have adopted multiple low-code tools in some form by year-end 2021,” said Fabrizio Biscotti, research vice president at Gartner. “In the longer term, as companies embrace the tenets of a composable enterprise, they will turn to low-code technologies that support application innovation and integration.”

It is in this context that Claris’ move to embrace Apple’s Shortcuts tech matches emerging business needs. It also suggests that Shortcuts itself should evolve as a business-focused solution, serving more than primarily consumer needs.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Copyright © 2021 Softwaretoolapps, Inc.

Recent Windows 11 Insider build looks to thwart Edge browser workarounds


A recent Windows 11’s Insider Preview build appears to foil workarounds that let users set rival browsers as defaults, forcing them to rely on Microsoft’s Edge to handle web links.

Typically, a system uses whatever browser is set as the default in order to bring up https:// links. The latest Windows 11 build (22494), however, appears to push a user to set Edge as their browser by bringing up links as microsoft-edge:https://.

In other words, Microsoft updated the Windows 11 Preview to block any attempts to redirect some URLs away from the Edge browser.

Microsoft did not immediately respond to a request for comment.

The Windows Insider program offers three channels for early adopters: a Dev Channel where new features are introduced for initial testing; a Beta Channel, where more complete features are included for final testing (best for users who want the most stable builds); and a Program Release Preview channel for testing cumulative updates. After feedback from the Insider community, Microsoft may modify, keep, or remove updates.

That latest change to the Windows 11 build for users of the Insider program precludes user systems from bypassing Microsoft Edge in order to use third-party browsers such as Mozilla Firefox and Brave, as well as workaround apps, such as EdgeDeflector.

Copyright © 2021 IDG Communications, Inc.

A 20-second tweak for smarter, simpler Android security


Security is important. That much is obvious, right?

And despite all the over-the-top, hilariously sensational headlines suggesting the contrary, the most realistic security threats on Android aren’t from the big, bad malware monster lurking in the shadows and waiting to steal your darkest secrets whilst drinking all of your cocoa.

Nope — the biggest risk to your security on Android is (drumroll, please…) you. The likelihood that you’ll at some point provide personal information to an ill-intending person or fail to properly secure an account in some way is without a doubt the most realistic threat to your virtual wellbeing. Malware? Meh. That’s rarely scary in anything more than a theoretical sense.

And guess what? The best way to protect yourself, aside from that always-advisable juicy dollop of common sense, is to secure every account possible with both a strong, unique password and the extra layer of protection that’s two-factor authentication. That’s especially important for your Google account, but the same steps are advisable for any account where two-factor auth is an option.

The one problem with two-factor authentication, or 2FA for short, is that it can be a bit of a pain in the patootie (to use the technical term) in practice. The whole point of 2FA is that it requires a second step to sign into any account where it’s active. In many cases, that step is a single-use code that’s generated by a special app and then entered into the sign-in screen. And that typically means you have to stop what you’re doing, go back to your home screen, open your app drawer, and then open your 2FA code-generating app to get the necessary code and copy it over into whatever form you’re facing.

[Want even more advanced Android knowledge? Check out my free Android Shortcut Supercourse to learn tons of time-saving tricks for your phone.]

Copyright © 2021 IDG Communications, Inc.

With latest Safari preview release, Apple tweaks Pro Motion scrolling issue


Apple this week released a Safari Technology Preview update that among changes appears to address a problem that surfaced with its new MacBook Pro laptops and ProMotion adaptive refresh display software.

The problem came to light when owners of the laptops — which were just unveiled last month — began using Firefox, Chrome, and even Apple’s own Safari browser on the MacBook Pro. They found scrolling was anything but smooth, despite the higher refresh rates offered by the new hardware.

Apple’s release notes for Safari Technology Preview 135 say it has addressed “lazy image loading, and updated smooth scroll animations to run at 120Hz on 120Hz displays.”

The issue cropped up quickly on user forums at MacRumors; the purported fix in Safari Technology Preview 135 was noted initially by 9to5 Mac.

First, a little background on how the issue has unfolded.

Last year, Apple introduced a major software change in support of the launch of its own M1 ARM-based silicon (The company is phasing out the use of Intel’s x86 processors.) Programs running on the new ARM-based silicon relied on an emulation layer until developers could update their code. (An emulation layer simulates the x86 architecture, so the CPU, file system and system information functions are all virtualized.)

This year, on Oct. 18, Apple launched the new 14- and 16-in MacBook Pros running  macOS Monterey. One of big features in the new laptops is a new Mini-LED-based display offering more vibrant colors and a 120Hz refresh rate through Apple’s ProMotion adaptive technology.

ProMotion was initially launched in 2017 on the iPad Pro, and is now offered on the iPhone 13 Pro. The technology enabled adaptive refresh rates that would adjust to the responsiveness needed by applications. The promise ProMotion’s 120Hz refresh rate on the new MacBook Pro was improved responsiveness and smoother scrolling.

After the MacBook Pro launch, however, it appeared that some front-line applications, including Apple’s own Safari browser, didn’t support the new refresh rate via ProMotion. Users began complaining that scrolling was running at 60Hz, creating a jerky experience when navigating through web pages. (ProMotion works for other features such as minimizing windows or moving them around the desktop.)

Apple’s Safari Technology Preview is designed to provide users with an experimental version of the browser aimed at developers; their feedback weighs into what features the final version will have.

The release of the latest version of Safari Technology Preview prompted a new round of complaints from MacRumors users that the scrolling issue remains unfixed.

Because the process for vetting software updates via the Preview program will likely take time, it’s unclear when the regular release version of Safari will get the changes designed to bring full ProMotion support.

Copyright © 2021 Softwaretoolapps, Inc.

Chase suspending Sapphire Reserve upgrades until higher fee kicks in

Chase suspending Sapphire Reserve upgrades until higher fee kicks in

Update 1/9/20: Chase has clarified that upgrades won’t be available until Jan. 13, rather than Jan. 12, as previously reported. Well, I’m not exactly thrilled to be sharing this news, but hopefully it’ll save you some time on the phone. A number of readers …

iPad Pro 2018: A review