MacRumors

Facebook today removed VPN app Onavo Protect from the iOS App Store after Apple decided that it violates App Store data collection policies, reports The Wall Street Journal.

Apple earlier this month told Facebook officials that the Onavo app, which serves as a virtual private network, violates June App Store rules that prevent apps from harvesting data to build advertising profiles or contact databases.

Earlier this month, Apple officials informed Facebook that the app violated new rules outlined in June designed to limit data collection by app developers, the person familiar with the situation said. Apple informed Facebook that Onavo also violated a part of its developer agreement that prevents apps from using data in ways that go beyond what is directly relevant to the app or to provide advertising, the person added.

Facebook and Apple met last week to discuss the Onavo app, and last Thursday, Apple suggested that Facebook voluntarily remove the Onavo app, which Facebook agreed to do.

Onavo, a free VPN, promised to "keep you and your data safe when you browse and share information on the web," but the app's real purpose was tracking user activity across multiple different apps to learn insights about how Facebook customers use third-party apps.

Whenever a person using Onavo opens up an app or website, traffic is redirected to Facebook's servers, which log the action in a database to allow Facebook to draw conclusions about app usage from aggregated data.

As of earlier this year, Onavo for iOS and Android had been installed on more than 33 million devices, giving Facebook a wealth of user data. Facebook was up front about the data collection in the app's description, but the data that was being collected is now above and beyond what Apple allows.

To provide this layer of protection, Onavo uses a VPN to establish a secure connection to direct all of your network communications through Onavo's servers. As part of this process, Onavo collects your mobile data traffic. This helps us improve and operate the Onavo service by analyzing your use of websites, apps and data. Because we're part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences.

It appears that the Onavo app has indeed been removed from the App Store at this time. People who have previously downloaded the app will still be able to use it, but it will no longer be updated. Onavo for Android will continue to be available.

Customers who have installed Onavo but do not want to be tracked by Facebook should uninstall the app from their iOS or Android device.

Update: Apple provided the following statement on the removal of Onavo: We work hard to protect user privacy and data security throughout the Apple ecosystem. With the latest update to our guidelines, we made it explicitly clear that apps should not collect information about which other apps are installed on a user's device for the purposes of analytics or advertising/marketing and must make it clear what user data will be collected and how it will be used.

Apple in iOS 12 introduced a new Password AutoFill API for apps like 1Password and LastPass, designed to allow password management apps to provide stored usernames and passwords for not only websites but also third-party apps.

1Password has introduced support for Password AutoFill in a beta capacity ahead of the launch of iOS 12, giving us a look at just how simple and easy Password AutoFill makes entering login details.

Note: This 1Password feature is not widely available yet because it is implemented in a beta version of the app, but it will be available for everyone when the 1Password app is updated following the release of iOS 12.

Set Up

Once a password management app that supports Password AutoFill has been installed, the feature needs to be enabled on an iOS device.

Go to Settings > Passwords & Accounts > AutoFill Passwords and toggle on the AutoFill Passwords option while also making sure your password management app, such as 1Password, is selected.

You can use third-party password management apps right alongside iCloud Keychain, or you can choose to disable iCloud Keychain and use just a password management app.

How it Works

The Password AutoFill feature lets a third-party app function just like iCloud Keychain, with your sensitive data protected but easily accessible within apps when you need your login information.

When you encounter a login field in an app or on the web, tapping in the entry field will display the stored username and password from your password management app if you've saved one.

From there, you can tap the information to enter it into the app or website's login window, such as in the Spotify example below.

There are instances where 1Password does not have saved information entirely right or where you have multiple logins, such as in the case of multiple Twitter or Instagram accounts.

In these situations, if you tap on the key icon and then select the "1Password" option, you can view all of the available accounts for a particular service.

In the case of Instagram, this means that when I'm logging into the Instagram app, I see my two Instagram accounts listed in 1Password and I can tap either one to enter my login information.

For apps that 1Password cannot automatically identify, you will be able to access your entire password vault to find the login information that you need.

Where it Works

What's great about the Password AutoFill API is that it does not require developers to implement any kind of integrations with your password management app to function, as was required in previous versions of iOS for this kind of functionality.

1Password's Password AutoFill feature, for example, works automatically in most apps and websites, with your 1Password archive available no matter where you're logging in.

As a caveat, 1Password will not recognize some apps and you'll see a message that the app is "Unidentified" with no identifying information provided. In this situation, you can still access your 1Password vault to search for the password that's required.

One-Time Passwords

When logging into apps and websites that require two-factor authentication, using a one-time password is also simplified.

If your two-factor authentication setup is linked to 1Password, when you log into an app or website that requires two-factor authentication, your password is entered in the field and your one-time authentication password is automatically copied and pasted to the clipboard for easy entry.

For apps that use your phone number for authentication purposes, iOS 12 introduces a feature that takes a code from an incoming iMessage and copies it to the clipboard, so two-factor authentication is simplified no matter the method.

Password AutoFill on Apple TV

Password AutoFill extends to the Apple TV using the continuity keyboard that permits the iPhone to be used to enter passwords and login information on the Apple TV.

For this to work, both the Apple TV and the iOS device need to be signed into the same iCloud account, and from there, the process is identical to using Password AutoFill on the iPhone.

In a text entry field, when prompted to use the iPhone to enter login information, passwords stored in a password management app and linked to Password AutoFill will be able to be entered on the Apple TV.

Note: tvOS 12 and iOS 12 are required for Password AutoFill to work on the Apple TV.

Security

Every time your password management account is activated, you will need to confirm your identity with either Face ID or Touch ID to enter a password.

If Face ID or Touch ID fails, you will need to enter a password. In the case of 1Password, this means that if biometric authentication does not work, you will need to use the master password.

Release Date

1Password's Password AutoFill update will be available following the release of iOS 12, which we expect to see debut next month, shortly ahead of the launch of new iPhones. 1Password is available on Macs and iOS devices for as little as $2.99 per month for an individual account. A free 30 day trial is available from the 1Password website.

Apple today added banners to the App Store and iTunes Store on Mac and iOS devices as well as its homepage allowing customers to donate to Mercy Corps to support those who have been affected by massive flooding in Kerala, India.

Flooding began in Kerala earlier this summer with the arrival of monsoon rains, and picked up again on August 8 following days of torrential downpour. Approximately 420 people have died since the flooding began, and more than a million are living in relief camps.

Apple is allowing customers to donate to Mercy Corps using credit and debit cards that are already on file with the iTunes Store and App Store for a no-hassle donation process. Apple customers can donate $5, $10, $25, $50, $100, or $200, 100 percent of which goes to Mercy Corps.

Apple often uses the iTunes Store and App Stores to raise money for charity during major disasters. Apple recently collected money on behalf of the American Red Cross to help fight California wildfires, and Apple has also collected donations for major disasters like the 2015 Nepal earthquake, the 2013 Philippines typhoon, Hurricane Sandy in 2012, the 2011 Japan earthquake and tsunami, and the 2010 earthquake in Haiti.

Mercy Corps is a global humanitarian aid organization that says its mission is to "Alleviate suffering, poverty and oppression by helping people build secure, productive and just communities."

From the period between August 13 to August 20, Kerala received 18.5 inches of rainfall, an above average amount caused by two bands of heavy rain exacerbated by areas of low pressure in the Western Ghats mountain range, according to NASA.

For those who do not want to donate through Mercy Corps and iTunes, there are other options. The government of Kerala is accepting direct money transfers and has set up a website where people can donate using credit and debit cards.

Other relief organizations working in Kerala are also accepting donations, including Oxfam India, Goonj, and Habitat for Humanity India.

European Commission antitrust regulators are set to approve Apple's acquisition of music discovery service Shazam with no conditions, reports Reuters.

Apple announced its planned acquisition of Shazam in December, but the deal has yet to be completed due to an ongoing EU investigation.

Regulators were worried that the merger between the two companies would provide Apple with a wealth of data that could allow it to target its competitors' customers, ultimately resulting in fewer music streaming options for European citizens.

There were also concerns that Apple would disallow Shazam from referring EU customers to Shazam's rivals, such as Spotify. At the current time, Shazam can be connected to either Apple Music or Spotify, allowing Shazamed songs to be opened in either service.

While European Commission spokesman Ricardo Cardoso declined to comment at this time, a final decision on the acquisition is expected on September 18. Once approved, Apple will be able to finalize the deal and complete the Shazam purchase.

Shazam, for those unfamiliar with the service, is a cross-platform app designed to identify music, TV shows, and more. It has been baked into Apple devices as part of Siri for several years now, and it's what powers Siri's ability to answer questions like "What song is this?" Shazam also offers apps for iOS devices, Android devices, Macs, and PCs.

When announcing the acquisition of Shazam, Apple said that it had "exciting plans in store," but declined to provide further information on how the Shazam service would be used.

Apple CEO Tim Cook is poised to receive 560,000 shares of Apple stock on Friday, worth approximately $120.4 million based on Tuesday's closing price of $215.04. The two-part award is tied to Cook's continued service as CEO, and Apple's relative performance on the stock market under his leadership.

The total includes the vesting of 280,000 restricted stock units for Cook remaining CEO over the past year, and the vesting of another 280,000 restricted stock units for Apple achieving a higher shareholder return than at least two-thirds of other companies in the S&P 500 over the past three years.

Apple's total shareholder return was 119 percent from August 25, 2015 through Tuesday's closing bell, outperforming more than 80 percent of firms in the S&P 500, according to Bloomberg. So, unless Apple suffers a major collapse on the stock market in the next 48 hours, Cook will receive all 560,000 shares.

Cook receives these annual awards as part of a grant he received upon succeeding the late Steve Jobs as CEO of Apple in 2011.

Cook will receive an additional 560,000 shares in each of the next three years if he remains CEO, and Apple's total shareholder return continues to rank among the top-third of companies in the S&P 500. He is also set to receive a lump sum of 700,000 tenure-based shares on August 24, 2021, as part of his grant.

Cook also receives a $3 million salary and earned a $9.33 million cash bonus in 2017, according to Bloomberg.

Cook now has a net worth of around $700 million, according to Bloomberg, but has previously said he plans to give away most of his wealth. Just this week, an SEC filing revealed that Cook recently donated 23,215 shares of Apple stock to charity, worth nearly $5 million based on Tuesday's closing price.

Apple became the world's only trillion dollar publicly traded company, in terms of market capitalization, earlier this month.

Idle Android devices typically send data ten times more often to Google than iOS devices do to Apple's servers, according to new research shared by trade association Digital Content Next.

In a paper titled "Google Data Collection," Douglas C. Schmidt, a computer science professor at Vanderbilt University, arrives at some stark conclusions regarding how much Google is collecting about consumers who use the company's products, even when they aren't interacting with their smartphones and tablets.

Among several findings, Schmidt's experiments found that an idle Android phone with Chrome web browser active in the background communicated location information to Google 340 times during a 24-hour period. An equivalent experiment found that on an iOS device with Safari open but not Chrome, Google could not collect any appreciable data unless a user was interacting with the device.

In addition, he found that an idle Android phone running Chrome sends back to Google nearly fifty times as many data requests per hour as an idle iPhone running Safari. Overall, an idle Android device was found to communicate with Google nearly 10 times more often than an Apple device communicates with Apple servers.

As well as data transmission frequencies, Schmidt's research also turned up some of the ways that Google can potentially tie together anonymous data collected through passive means with the personal information of its users.

For example, on an Android device, so-called "anonymous" advertising identifiers that collect activity data on apps and third-party web page visits can get associated with a user's real Google identity by the passing of device-level identification information to Google servers.

The same goes for the supposedly user-anonymous DoubleClick cookie ID, which tracks a user's activity on third-party web pages. According to Schmidt's research, Google can associate the cookie to a user's Google account when a user accesses a Google app in the same browser that a third-party web page was accessed.

The research follows a recent investigation conducted by the Associated Press which revealed that Google continues to track location data even after a consumer has turned off the setting in many of its apps, including Google Maps.

In response to a query about location history tracking, Google said that it is clear about its location policies, yet the company continues to collect data through app features that come under "My Activity" even when its "Location History" setting is turned off. The practice has since led to a class action lawsuit against the company by a user arguing breach of privacy.

Location information stored in "My Activity" is used for ad targeting purposes, which is still Google's primary business model. In contrast, Apple uses differential privacy to gather anonymous usage insights from devices like iPhones, iPads, and Macs, allowing it to crowdsource data from a large number of users without compromising the privacy of any individual.

Apple says the data it collects off-device is used to improve services like Siri suggestions, and to help identify problematic websites that use excessive power or too much memory in Safari, but the data is randomized before being sent from devices, so that its servers never see or receive raw data from users.

When users set up their device, Apple explicitly asks users if they wish to provide usage information on an opt-in basis. If a user declines, no data is collected by Apple unless they choose to opt in at a later time.

Apple executives have said several times that Apple customers are not the company's product, and Apple CEO Tim Cook has maintained that privacy is a fundamental human right. The company also has a dedicated privacy website that explains its approach to privacy, outlines tools available to customers to protect their privacy, and details government data requests.

Verizon recently throttled the data used by a Santa Clara, California fire department that was in the midst of fighting wildfires, reports Ars Technica. Verizon's actions were outlined this week in an addendum to a brief filed by 22 state attorneys challenging the recent repeal of net neutrality rules.

According to Santa Clara County Fire Department Fire Chief Anthony Bowden, the fire department paid Verizon for "unlimited" data, but its data speeds were heavily throttled while it was combating the still-ongoing Mendocino Complex Fire until the department shelled out more money for an upgraded unlimited plan.

Verizon's data throttling policies affected "OES 5262," a fire vehicle with a Verizon SIM card that is responsible for acting as a "command and control resource" for "the rapid deployment and organization of thousands of personnel and hundreds of fire engines, aircraft, and bulldozers." Data speeds were reduced to 1/200, interfering with the vehicle's ability to "function effectively."

Santa Clara Fire communicated with Verizon via email about the throttling and requested that it be "immediately lifted for public safety purposes," but Verizon staff demanded the fire department update to a new plan before service could be restored.

Verizon representatives confirmed the throttling, but, rather than restoring us to an essential data transfer speed, they indicated that County Fire would have to switch to a new data plan at more than twice the cost, and they would only remove throttling after we contacted the Department that handles billing and switched to the new data plan.

As Ars Technica points out, even when net neutrality rules were in effect, major carriers imposed throttling during times of network congestion. The fire department claims, however, that it was throttled at all times (not just at peak congestion) once the vehicle's 25GB data limit was exceeded.

Net neutrality rules also allowed for Internet users to file complaints for unjust or unreasonable prices and practices, but the complaint option has been eliminated, giving Santa Clara no options for contacting the FCC over Verizon's practices.

Bowden said that Verizon's throttling had a "significant impact" on the fire department's ability to provide emergency services. The Mendocino fire was also not the only time Verizon's throttling limited fire services, with other incidents occurring in December and June.

According to Bowden, the Santa Clara Fire Department believes that Verizon is going to continue to use catastrophic events to force public agencies into higher-cost data plans.

In light of our experience, County Fire believes it is likely that Verizon will continue to use the exigent nature of public safety emergencies and catastrophic events to coerce public agencies into higher cost plans ultimately paying significantly more for mission critical service-even if that means risking harm to public safety during negotiations.

After a long series of emails (PDF) with Verizon, the Santa Clara Fire Department was ultimately required to purchase a data plan that costs $99.99 per month for the first 20GB of data usage and $8 per gigabyte afterwards to avoid throttling during emergencies.

Update: Verizon provided the following statement to The Verge:

This situation has nothing to do with net neutrality or the current proceeding in court. We made a mistake in how we communicated with our customer about the terms of its plan. Like all customers, fire departments choose service plans that are best for them. The customer purchased a government contract plan for a high-speed wireless data allotment at a set monthly cost. Under this plan, users get an unlimited amount of data, but speeds are reduced when they exceed their allotment until the next billing cycle.

Regardless of the plan emergency responders choose, we have a practice to remove data speed restrictions when contacted in emergency situations. We have done that many times, including for emergency personnel responding to these tragic fires. In this situation, we should have lifted the speed restriction when our customer reached out to us. This was a customer support mistake. We are reviewing the situation and will fix any issues going forward.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Costco, the world's second largest retailer behind Walmart, recently confirmed that it now accepts Apple Pay and other contactless payment methods at all of its 527 warehouse locations in the United States.

Walmart appears to be unfazed by the move, however, as it remains committed to its own Walmart Pay platform in the United States.

"Walmart Pay is the exclusive form of mobile payment accepted at Walmart and we have no plans for that to change," said Walmart spokesperson Erin Hulliberger, in a statement provided to MacRumors today.

Walmart Pay, built into the Walmart app for iOS and Android, works at any checkout lane with any major credit, debit, pre-paid, or Walmart gift card. To use it, a customer must tap on Walmart Pay and scan the QR code displayed at the checkout. An electronic receipt is automatically sent to the app.

In late 2015, Walmart's senior vice president of services Daniel Eckert said Walmart Pay allows "for integration of other mobile wallets in the future," which provided hope that the big-box chain may eventually accept Apple Pay and other contactless payments, but nearly three years later, that has yet to happen.

Walmart's resistance to Apple Pay continues despite many other large retailers, including Best Buy, Rite Aid, and now Costco, reversing course and accepting the payments solution in stores. Apple recently confirmed that pharmacy chain CVS and 7-Eleven convenience stores will also accept Apple Pay starting later this year.

Last year, rival big-box chain Target likewise said it had "no plans" to make Apple Pay available in its stores, despite accepting it as a payment method in its app. Instead, Target launched a barcode-based solution.

Apple Pay launched in the United States in October 2014, providing tap-to-pay functionality with a compatible iPhone or Apple Watch after setting up a supported credit or debit card in the Wallet app. Apple Pay is now available in more than 20 countries, and is set to launch in Germany later this year.

Correction: Costco has 527 warehouses in the United States, and 758 worldwide, as of August 2018.

Apple today began sending out notifications to customers letting them know that support for Back to My Mac is ending in macOS Mojave.

Back to My Mac was not present in the first developer beta of macOS Mojave and it has not been available in any subsequent beta, but many customers may have missed the news of its imminent sunsetting, which has now been confirmed by Apple.

Back to My Mac is a feature that is designed to allow Mac owners to connect to one Mac from another Mac for file transfers and screen sharing purposes. It lets users set up a network of Mac computers with two or more Macs, but it can be complicated to set up and use, which may be why Apple has decided to discontinue it in favor of simpler measures.

Apple is directing customers to a support document that outlines the changes coming to Back to My Mac, instructing them on how to transition to iCloud Drive, screen sharing, and Apple Remote Desktop.

Back to My Mac will not be available on macOS Mojave. You can get ready now by learning about alternatives for file access, screen sharing, and remote desktop access.

Apple's support document suggests customers can access all of their files across devices with iCloud Drive, operate other Macs with screen sharing, and manage Macs remotely with Apple Remote Desktop, software available from the Mac App Store for $80.

Many Back to My Mac users are likely to be unhappy with Apple's suggestion to transition to Apple Remote Desktop for remote management given its high price and the fact that it sees few updates, but there are other options like TeamViewer and LogMeIn.