ITy Bytes 7 April are digestible byte-sized chunks of new you need to know. In this edition

  • Kaspersky now detects stalkerware;
  • Amazon plans to launch 3236 satellites for broadband coverage;
  • 540 million Facebook user’s data left unprotected on Amazon Cloud;
  • Most mobile financial apps not safe;
  • Nokia X71 knocks the notch for a six – prefers Samsung O-hole;
  • Apple Series-11 iPhones coming in September;
  • Microsoft adds 8th gen Intel Core and USB-C to Surface Book 2;
  • Google blocked 1.6 billion potentially harmful apps (PHA) in 2018;
  • Google Street View becomes Kakadu park View;
  • Australia broadband worse than many third world countries;
  • Crapple grappling with quality;
  • Don’t trust Facebook in combining WhatsApp and Instagram;
  • Telstra Plus loyalty programme;
  • iFixit tears down iPad Mini 4 – sorry 5!
  • iFixit tears into iPad Air 3 – more of the same;
  • Ford waits to 2020 to introduce the Escape PHEV;
  • The most beautiful construction sets in the world – TimeforMachine (T4M)

ITy Bytes 7 April

Kaspersky now detects stalkerware

Kaspersky has been focusing on the technology used by spies, stalkers and abusers and it has found a way to flag if an Android device is infected.

In case you think it is a numerically small problem Kaspersky’s new algorithms detected nearly 59,000 infected devices – and that is only from the Android phones it protects.

Stalkerware evades detection because it is not a virus or malware – it is installed by ordinary people with access to someone’s phone (most are not secured with a pin, fingerprint or other security) or via a phishing email and clicking on a link. It can report on your location, copy SMS and MMS, open microphones and much more.

Motherboard has a good article on stalkerware here. Scarily it says, “It’s difficult to tell if someone has installed stalkerware on your phone, being that there’s typically no visible evidence.”

ITy Bytes 7 April

Amazon aims sky-high with plans to launch 3236 satellites for ubiquitous broadband coverage

Amazon’s project Kuiper plans to spend billions of dollars on providing broadband internet access to around 95% of the world’s population via 3236 satellites in low Earth orbit. It will cover from latitude 56 degrees north to south.

It is not the first audacious plan – and let’s call it for what it is a plan, not a certainty. SpaceX has its Starlink plan for 12,000 satellites. OneWeb has plans for ‘hundreds’ of satellites and has completed a successful $1.25 billion funding round. Telesat plans hundreds of satellites by early 2020s. And Facebook in conjunction with Boeing has a LeoSat program.

Motivation? I wish I could say it is altruistic but in Amazon’s and Facebook’s case it is to tie you into their ecosystems. Or is someone channelling Bezominator and Skynet? Space truly is the next frontier.

ITy Bytes 7 April
Would you buy a used rocket from this man – Amazon’s Geoff Bezos

540 million Facebook user’s data left unprotected on Amazon Cloud

Researchers at Upguard found two more third-party Facebook app developers exposed 540 million (146GB) and 22,000 Facebook user data. User data that Facebook allows app developers to collect.

The 540 million user data mainly has Facebook ID, like/dislikes, account names and comments. The second breach has columns for fk_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_movies, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, password, and more.

It reflects the cavalier attitude Facebook has to data security – it’s Cambridge Analytica all over again. Facebook cannot be trusted with our data when it’s business model clearly allows sharing with third-party app developers and their clients.

Upguard says, “The data exposed in each of these sets would not exist without Facebook, yet these data sets are no longer under Facebook’s control.”

#DeleteFacebook

ITy Bytes 7 April
All there for the taking – no security at all

Most mobile financial apps not safe

A report from Aite Group and Arxan Technologies in the US revealed glaring security holes in most of the top 30 mobile financial apps.

  • 97% of the apps could easily be reverse engineered, providing access to sensitive source code data, including account credentials, API keys, server file locations, and incorrectly stored health savings account information.
  • 90% shared services with other apps leaving financial data accessible on the device
  • 83% insecurely stored data outside the apps control in a device’s local file system, external storage, and copied data to the clipboard allowing shared access with other apps; and exposed a new attack surface via APIs
  • 80% of the apps tested implemented weak encryption algorithms or the incorrect implementation of a strong cipher, allowing adversaries to decrypt sensitive data and manipulate or steal it as needed
  • 70% of the apps use an insecure random-number generator, a security measure that relies on random values to restrict access to a sensitive resource, making the values easily guessed and hackable

In all, there were 180 critical vulnerabilities across the 30 apps. You can read an overview of vulnerabilities here. If this is happening in the US imagine how prevalent it is here. For the present avoid using mobile apps for financial purposes.

ITy Bytes 7 April

Nokia X71 knocks the notch for a six – prefers Samsung O-hole

Nokia has voted that the divisive notch is out and the Samsung O-hole is in – at least in its new X71, a mid-range phone with decidedly premium range features and qualities. It is currently on its Japan website.

Now to be clear that model number may not be the same here (we suspect it will be 6.2)– it will launch in China on 30 April.

But it has a three rear camera setup (48/8/5MP) with 1.6um huge pixels and Zeiss optics; Qualcomm SD660 AIE; 6/128GB/microSD; Wi-Fi AC and BT 5.0 aptX; 3500mAh battery with USB-C 9V/2A (18W) fast charge; a 6.39-inch, 19.3:9, 2316 x 1080 IPS screen, 500 nits, 96% NTSC (93% S-T-B-R); and Pure Android 9.x – all for around $600.

I wish Nokia would stop making better and better phones. The new Nokia 7.1 and 8.1 are extraordinary already offering features way above the $499/699 price.

ITy Bytes 7 April

Apple Series-11 iPhones coming in September

Rumours are starting to flow about the series-11 due for launch in September. It appears, according to TF International Securities analyst Ming-Chi Kuo (who seems to be always right) to be more of the same – 6.1-inch LCD, 5.8-inch and 6.5-inch OLEDs with a 10-15% battery capacity increase, A12 Bionic chip and wireless, perhaps two-way, wireless charging. It still looks like a Lightning connector is still standard.

Apple asked users to call its X-series ‘10’ in commemoration of its ten years of iPhones. Instead, we called it X, XR, XS and XS Max.

Kuo says the number one thing 65% of Apple owners complain about is battery life followed by camera quality (54%), and phone appearance (mainly broken screens 28%). Little in series-11 will change that to much.

Other rumours seem to confirm that it won’t have 5G until the series-12 in 2020.

iMore said its more of the same given the lack of innovation we have seen in new iPads, MacBook’s and AirPods. Apple usually has a tick (update), tick (update), tock (new) cycle. If 8/X was a tock (new), XR/XS/Max a tick and now series-11 is a tick it will allow Apple to eke out every last cent of manufacturing efficiency. Let’s hope series 12 in late 2020 will be a tock!

A loss of momentum – lack of exciting new features – hurts phone sales. Apple really needs to step up to reverse its iPhone sales death slide particularly when Samsung and Huawei are battling it out for the number one spot. Oh, we forgot – iPhone is now a platform for feeding Apple apps and ‘+’ services – a kind of printer and ink situation.

ITy Bytes 7 April
Artists render only

Microsoft quietly adds 8th gen Intel Core and USB-C to Surface Book 2

Microsoft is another company that seems content with the ‘Ain’t broke, don’t fix it,” mantra as its Surface line becomes dated and outclassed by offerings from Dell, HP, Lenovo, Acer and ASUS. Still Surface was the original and the best – it is now for most purposes still very good – but not the best.

The Surface Book is almost unique in that it has a detachable tablet and a keyboard base that houses a second battery (total up to 17 hours) and an NVIDIA GPU (in i7).

Its Australian website shows the 13-inch in 8th Gen Core i5-8550U, and i7-8650U (with NVIDIA GTX 1050 GPU) and the top price for a 15-inch, i7 and 1TB of SSD is $4,849.

On the plus side, the new models have 2 x USB-A 3.1 gen 1 and in the tablet section 1 x USB-C 3.1 gen 1 (5Gbps) with USB Power Delivery 3.0. That means it will charge from the USB-C port as well as Microsoft’s proprietary Ribbon connector.

The problem is that other makers are now releasing the 9th generation Intel Core CPUs very soon and these will have Thunderbolt as well!

ITy Bytes 7 April

Google, the Sherriff of Google Play, blocked 1.6 billion potentially harmful apps (PHA) installations in 2018

Google Play and Google Play Protect have seen PHAs steady at about .08% of Apps in the App Store compared to .68% in unofficial apps stores (requires a rooted device).

The Google Android Security and Privacy review 2018 is 31-pages that essentially show the impact on security of 10 years of Android development. Each year it gets more secure, and cybercriminals grow more audacious.

It says that App security is a four layers defence process. First, the Operating system is hardened. Next, the App safety defence (Play Protect) gets smarter; suspect apps get analysed by humans, and overall developers taught to embrace security as part of development.

ITy Bytes 7 April

Google Street View becomes Kakadu park View

If you have not been to NT’s amazing Kakadu Park do it before you die. If that is too extreme, Google Street View now has amazing images from the region.

ITy Bytes 7 April

Australia broadband worse than many third world countries

If you have read of my Trials and Tribulations with Telstra/NBN you will have seen that contrary to over-hyped PR reports Fing Box found that, based on real users analytics, Australia, Telstra and the NBN did not even make the top 20 global speed providers – in fact, Telstra was in the bottom 32%.

A new report of global Groupon users shows Australia ranking 55th in the speed index and 84th in the price rankings. It concludes Australia’s internet is not great shape – you pay A$2.26 per Mbps, down in 66th place, below India, Uruguay and the French island of Réunion.

Come on Telstra, NBN e al – bloody 66th in price and 55th in speed – not good enough for a first world country let alone a third-world one.

The full data set and report are worth pondering over.

ITy Bytes 7 April

NotebookCheck says Crapple is grappling with quality

Apple makes good gear – right? According to NotebookCheck, you may be wrong because the insistence by long-departed Steve Jobs that, “Our customers must never be our testers” is long over.

NotebookCheck is one of the techiest sites ever – sometimes it is even hard going for me to understand (perhaps because it is translated from German). But it is spot on with its findings.

Well it has found eleven current exchange or repair programs and that does not count the latest MacBook 3rd gen KeyboardGate and StageLightGate; iPad Pro 2018 BendGate issues; iPad Smart Keyboards; Error 53 (resolved but still happening); Apple battery replacement (mandated by ACCC); and a host of Jony Ive design issues that may haunt Apple soon.

NotebookCheck dryly comments. “Apple has arguably a largely boring product portfolio. Let’s hope that Apple’s renewed push into entertainment content services doesn’t further detract from their focus on hardware and product quality.”

Well, it is hard to make a faulty ‘service’ but no doubt any issues here will become ‘features’.

In other bad news for Apple, Gerard Williams III has left the building. He is the lead designer for Apple’s A7 to A12 Bionic chips and much, if not all the credit, for these ARM chips belongs to him. Williams had completed the A13 chip design, so it gives Apple a small breathing space to fill his overly large shoes.

ITy Bytes 7 April

Facebook has ulterior motives in combining WhatsApp and Instagram on its platform

A social media expert and Senior Research Fellow at the University of Western Australia, Dr David Glance BSc, PhD, Lond, says contrary to Zuckerberg’s claims, the combined Facebook, WhatsApp and Instagram platform weakens the privacy of WhatsApp.

Glance said unifying the three messaging platform’s infrastructure had the potential to weaken the app’s privacy because of how Facebook Messenger is built.

“By default, messages that are sent on WhatsApp are encrypted so that Facebook can’t read the contents as they pass through it systems. Facebook Messenger, however, does not turn on encryption by default. If you want to encrypt a message, you must select the option to start a ‘secret’ conversation. Almost nobody does this.”

Bottom line: If this respected academic thinks it is suspect what do the rest of us paranoid types think?

ITy Bytes 7 April

Telstra Plus loyalty programme

If you are a Telstra customer and join Telstra Plus by 30 June 2019, you can earn 10 points on your monthly Telstra spend. Also, bonus points will be awarded for longevity as a Telstra customer, and three privilege levels, Member, Silver and Gold depend on annual spends of $<1,500, <$3000, and >$3000.

Telstra has not announced what the point redemption value is nor set up its Telstra Plus Rewards Store. In its press release, it stated that an $80 monthly spend you could earn enough points for a smart speaker after 18 months. – that’s is around $1,440 spend (14,400 points) for what may be a $60 speaker or about half a cent per point.

Loyalty programs are all about marketing – to brutally harvest information to allow highly targeted advertising. Telstra says it will collect and use your data in accordance with Telstra’s Privacy Statement. When you first join the program, you will automatically opt-in to marketing. You can later selectively unsubscribe from marketing channels, but it says, you will miss out on special offers and promotions.

Read the Privacy Statement – “We may use the information … to market and promote directly to you. This also may include products, services and offers provided by our trusted partners. In some cases, this marketing activity can continue after you have stopped using our products or services.”

It goes on, “In some cases, the organisations that we may disclose your information to may be based outside the location where the information is collected. For example, we may share your information with our third parties in Australia, Canada, Chile, China, Hong Kong, countries within the European Union, India, Japan, Malaysia, New Zealand, Philippines, Russia, Singapore, South Africa, South Korea, Sri Lanka, Taiwan, the UAE, the United States of America, and Vietnam.”

Sorry, I would like to know in advance who these so-called trusted partners are (especially if one is Facebook) before I share any more data with Telstra for a lousy half a cent per point spent.

ITy Bytes 7 April

iFixit tears down iPad Mini 4 – sorry 5!

After three and a half years without a refresh, the iPad Mini 5 (teardown here) has awoken from its slumber with some updated internals. The teardown confirms that this is not a shrunken-down version of the new iPad Air—it is a reworked iPad Mini 4, with some fresh silicon for 2019. Tim Cook is saving money again!

iFixit also criticised the build saying the iPad Mini unceremoniously glues components together—with no sign of the elegance or serviceability. Battery and screen replacements are the two most common repairs. The iPad Mini makes both unnecessarily difficult – the battery lacks pull-to-remove adhesive tabs, and the display requires a tricky removal of the home button if you want to keep Touch ID after your repair.

iFixit tears into iPad Air 3 – more of the same

IFixit says despite the new moniker – iPad Air – it is just an iPad Pro 10.5-inch minus some good bits. Yes, it gets Apple Pencil support but only Gen 1. These days, the non-Pro iPad line-up is just frankensteined components and designs from other iPads. Too bad all this mismashing manages to leave out almost all the good stuff. Like modularity and battery pull-tabs. Tim, saving money again are we? “No,” he replies. “It is a feature, and you pay more for it.”

Ford waits to 2020 to introduce the Escape PHEV

Ford Escape goes PHEV (Plug-in Hybrid Electric Vehicle) in 2020 as its first electric model in Australia. PHEV means both petrol and electric motors getting over the mileage limitations of battery alone. GadgetGuy will start to cover alternative power source vehicles.

The most beautiful construction sets in the world – TimeforMachine (T4M)

I am a Meccano tragic – as a kid, I amassed a huge collection of bits an pieces and spent too much time building models. T4M brings back that feeling with a serious set of models and bits that look stunning.

It is a Kickstarter project that has already reached nearly five times its goal, and I am definitely going to order the Silver Bullet. Spend a few minutes looking over the models and as they say, “It’s time to assemble”.

“Right now our main models are the plane and the Steamliner. The plane was designed after the huge Hercules plane created by the great aviator Howard Hughes. The model stands on the base, which contains a winding mechanism that makes the plane rotors spin. As for the train, it has a retro-futuristic design. The layout of the wheels is reminiscent of the famous Union Pacific Big Boy. There is a winding key on its side to make the train run on the tracks. We also have some mechanical car models. There is no purpose of making them all realistic, for it is more beautiful and easier to assemble when the mechanisms remain seen. You can open the doors and hoods or turn the wheel. On top or on the side of the model there is a handle which you can turn and start the car. Our mechanical tank even reminds of a Faberge egg, decorated with intricate patterns and without any guns”, says Denis Ohrimenko.