13 Aug 2022

feedEngadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Apple blocked the latest Telegram update over a new animated emoji set

Ever since Apple launched the App Store, developers big and small have gotten caught up in the company's approval process and had their apps delayed or removed altogether. The popular messaging app Telegram is just the latest, according to the company's CEO Pavel Durov. On August 10th, Durov posted a message to his Telegram channel saying the app's latest update had been stuck in Apple's review process for two weeks without any real word from the company about why it was held up.

As noted by The Verge, the update was finally released yesterday, and Durov again took to Telegram to discuss what happened. The CEO says that Apple told Telegram that it would have to remove a new feature called Telemoji, which Durov described as "higher quality vector-animated versions of the standard emoji." He included a preview of what they would look like in his post - they're similar to the basic emoji set Apple uses, but with some pretty delightful animations that certainly could help make messaging a little more expressive.

"This is a puzzling move on Apple's behalf, because Telemoji would have brought an entire new dimension to its static low-resolution emoji and would have significantly enriched their ecosystem," Durov wrote in his post. It's not entirely clear how this feature would enrich Apple's overall ecosystem, but it still seems like quite the puzzling thing for Apple to get caught up over, especially since Telegram already has a host of emoji and sticker options that go far beyond the default set found in iOS. Indeed, Durov noted that there are more than 10 new emoji packs in the latest Telegram update, and said the company will take the time to make Telemoji "even more unique and recognizable."

There are still a lot of emoji-related improvements in the latest Telegram update, though. The company says it is launching an "open emoji platform" where anyone can upload their own set of emoji that people who pay for Telegram's premium service can use. If you're not a premium user, you'll still be able to see the customized emoji and test using them in "saved messages" like reminders and notes in the app. The custom emoji can be interactive as well - if you tap on them, you'll get a full-screen animated reaction.

To make it easier to access all this, the sticker, GIF and emoji panel has been redesigned, with tabs for each of those reaction categories. This makes the iOS keyboard match up with the Android app as well as the web version of Telegram. There are also new privacy settings that let you control who can send you video and voice messages: everyone, contacts or no one. Telegram notes that, like its other privacy settings, you can set "exceptions" so that specific groups or people can "always" or "never" send you voice or video messages. The new update - sans Telemoji - is available now.

13 Aug 2022 7:15pm GMT

Apple reportedly tried to partner with Facebook to get a cut of its revenue

Facebook and Apple have been at odds for several years now; Apple announced back at WWDC 2020 that iOS would require apps to ask users to opt-in to cross-app advertising tracking. Facebook spent much of the next months speaking out against Apple's plans and predicting revenue instability due to the upcoming changes, but the feature was released in iOS 14.5 back in April of 2021. Somewhat surprisingly, though, a new report from The Wall Street Journal claims that before this all went down, Facebook and Apple were working on a partnership and revenue-sharing agreement.

According to the Journal, Apple and Facebook were considering a a subscription service that would offer an ad-free version of the platform. And since Apple takes a cut of in-app purchases, including subscriptions, it could have been a very lucrative arrangement indeed.

Another arrangement that was discussed and ended up being a point of contention was Apple taking a cut of "boosted posts," which essentially amounts to paying to put a post in front of a larger audience. Facebook has long considered boosted posts part of its advertising portfolio; as the Journal notes, small businesses often use boosted posts to reach more people. The issue came down to Apple saying boosts should be considered in-app purchases, which would be subject to the 30 percent revenue cut that the company takes. Facebook, on the other hand, maintained that those were advertising products which aren't subject to Apple's cut.

Since rolling out its user-tracking changes in 2021, research firm Insider Intelligence claims that 37 percent of iPhone users have opted in to letting companies track their activity across apps. Since the change went into effect, Facebook (now Meta) has seen its revenue growth shrink significantly - and last quarter, Meta reported the first revenue decline in the company's history.

As these discussions reportedly took place between 2016 and 2018, we're a long way off from these talks. Apple is doing its best to position itself as a defender of privacy, and Meta... well, Meta is busy trying to make the Metaverse a thing. But for now at least, advertising is the only notable way Meta makes revenue, so the company will have to continue to adjust to a world in which iOS app tracking protection is a thing that most users take advantage of.

13 Aug 2022 5:00pm GMT

Security researcher reveal Zoom flaws that could've allowed attackers to take over your Mac

Zoom's automatic update option can help users ensure that they have the latest, safest version of the video conferencing software, which has had multiple privacy and security issues over the years. A Mac security researcher, however, has reported vulnerabilities he found in the tool that attackers could have exploited to gain full control of a victim's computer at this year's DefCon. According to Wired, Patrick Wardle presented two vulnerabilities during the conference. He found the first one in the app's signature check, which certifies the integrity of the update being installed and examines it to make sure that it's a new version of Zoom. In other words, it's in charge of blocking attackers from tricking the automatic update installer into downloading an older and more vulnerable version of the app.

Wardle discovered that attackers could bypass the signature check by naming their malware file a certain way. And once they're in, they could get root access and control the victim's Mac. The Verge says Wardle disclosed the bug to Zoom back in December 2021, but the fix it rolled out contained another bug. This second vulnerability could have given attackers a way to circumvent the safeguard Zoom set in place to make sure an update delivers the latest version of the app. Wardle reportedly found that it's possible to trick a tool that facilitates Zoom's update distribution into accepting an older version of the video conferencing software.

Zoom already fixed that flaw, as well, but Wardle found yet another vulnerability, which he has also presented at the conference. He discovered that there's a point in time between the auto-installer's verification of a software package and the actual installation process that allows an attacker to inject malicious code into the update. A downloaded package meant for installation can apparently retain its original read-write permissions allowing any user to modify it. That means even users without root access could swap its contents with malicious code and gain control of the target computer.

The company told The Verge that it's now working on a patch for the new vulnerability Wardle has disclosed. As Wired notes, though, attackers need to have existing access to a user's device to be able to exploit these flaws. Even if there's no immediate danger for most people, Zoom advises users to "keep up to date with the latest version" of the app whenever one comes out.

13 Aug 2022 3:30pm GMT