On a Sunday night in September, Ashley Estrada was at a friend’s home in Los Angeles when she received a strange notification on her iPhone: “AirTag Detected Near You.”
An AirTag is a 1.26-inch disc with location-tracking capabilities that Apple started selling earlier this year as a way “to keep track of your stuff.” Ms. Estrada, 24, didn’t own one, nor did the friends she was with. The notification on her phone said the AirTag had first been spotted with her four hours earlier. A map of the AirTag’s history showed the zigzag path Ms. Estrada had driven across the city while running errands.
“I felt so violated,” she said. “I just felt like, who’s tracking me? What was their intent with me? It was scary.”
posted on TikTok, Reddit and Twitter about finding AirTags on their cars and in their belongings. There is growing concern that the devices may be abetting a new form of stalking, which privacy groups predicted could happen when Apple introduced the devices in April.
warned its community of the tracking potential of the devices after an AirTag was found on a car bumper. Apple complied with a subpoena for information about the AirTag in the case, which may lead to charges, West Seneca police said.
And in Canada, a local police department said that it had investigated five incidents of thieves placing AirTags on “high-end vehicles so they can later locate and steal them.”
Researchers now believe AirTags, which are equipped with Bluetooth technology, could be revealing a more widespread problem of tech-enabled tracking. They emit a digital signal that can be detected by devices running Apple’s mobile operating system. Those devices then report where an AirTag has last been seen. Unlike similar tracking products from competitors such as Tile, Apple added features to prevent abuse, including notifications like the one Ms. Estrada received and automatic beeping. (Tile plans to release a feature to prevent the tracking of people next year, a spokeswoman for that company said.)
“Apple automatically turned every iOS device into part of the network that AirTags use to report the location of an AirTag,” Ms. Galperin said. “The network that Apple has access to is larger and more powerful than that used by the other trackers. It’s more powerful for tracking and more dangerous for stalking.”
Apple does not disclose sales figures, but the tiny $29 AirTags have proved popular, selling out consistently since their unveiling.
An Apple spokesman, Alex Kirschner, said in a statement that the company takes customer safety “very seriously” and is “committed to AirTag’s privacy and security.” He said the small devices have features that inform users if an unknown AirTag might be with them and that deter bad actors from using an AirTag for nefarious purposes.
“If users ever feel their safety is at risk, they are encouraged to contact local law enforcement who can work with Apple to provide any available information about the unknown AirTag,” Mr. Kirschner said.
Police could ask Apple to provide information about the owner of the AirTag, potentially identifying the culprit. But some of the people who spoke with The Times were unable to find the associated AirTags they were notified of and said the police do not always take reports of the notifications on their phones seriously.
After a Friday night out with her boyfriend this month, Erika Torres, a graduate music student in New Orleans, was notified by her iPhone that an “unknown accessory” had been detected near her over a two-hour period, moving with her from a bar to her home.
other devices could set off the alert, including AirPods. When Ms. Torres posted a video about her experience to YouTube, a dozen people commented about it happening to them. “The number of reports makes me think there must be some sort of glitch that is causing all these people to experience this,” Ms. Torres said. “I hope they’re not all being stalked.”
posted a video of her ordeal on TikTok, which went viral.
“Apple probably released this product with the intent to do good, but this shows that the technology can be used for good and bad purposes,” Ms. Estrada said.
Ms. Estrada said she was told by a Los Angeles police dispatcher that her situation was a nonemergency and that if she wanted to file a report she’d have to bring the device with her to the station in the morning. She didn’t want to wait and disposed of it after taking several photos.
A spokesperson for the Los Angeles police told The Times that the department had not heard of cases in which an AirTag had been used to track a person or a vehicle. But Ms. Estrada said that after she posted her TikTok video, an Apple employee, acting on their own, contacted her. The employee was able to connect the AirTag to a woman whose address was in Central Los Angeles.
Another woman was notified by her iPhone that she was being tracked by an “unknown accessory” after leaving her gym in November. When she got home, she called the police.
pushed an update to AirTags to cause them to start beeping within a day of being away from their linked devices, down from three days. Still, “they don’t beep very loudly,” Ms. Galperin said.
A person who doesn’t own an iPhone might have a harder time detecting an unwanted AirTag. AirTags aren’t compatible with Android smartphones. Earlier this month, Apple released an Android app that can scan for AirTags — but you have to be vigilant enough to download it and proactively use it.
Apple declined to say if it was working with Google on technology that would allow Android phones to automatically detect its trackers.
People who said they have been tracked have called Apple’s safeguards insufficient. Ms. Estrada said she was notified four hours after her phone first noticed the rogue gadget. Others said it took days before they were made aware of an unknown AirTag. According to Apple, the timing of the alerts can vary depending on the iPhone’s operating system and location settings.
The devices’ inconsistencies have caused confusion for people who weren’t necessarily being tracked nefariously. Mary Ford, a 17-year-old high school student from Cary, N.C., received a notification in late October that she was being tracked by an unknown AirTag after driving to an appointment. She panicked as she searched her car.
Ms. Ford only realized it wasn’t a threat when her mother revealed she had put the tracker in the vehicle about two weeks earlier to follow her daughter’s whereabouts.
“I was nervous about Mary being out and not being able to find her,” said her mother, Wendy Ford. She said she hadn’t intended to keep the knowledge of the AirTag from her daughter, “but if I knew she would have been notified, I probably would have told her.”
Jahna Maramba rented a vehicle from the car-sharing service Turo last month in Los Angeles, then received a notification about an unknown AirTag near her on a Saturday night with her girlfriends.
She took the vehicle to her friend’s parking garage where she searched the outside of the car for an hour before its owner notified her that he had placed the device inside the vehicle. Ms. Maramba had been driving the car for two days.
A spokesperson for Turo said in a statement that the company has no control over the technology car owners use on the vehicles they rent out.
“Imagine finding out via a notification that you’re being tracked,” Ms. Maramba said. “And you can’t do anything about it.”
The floor of the New York Stock Exchange (NYSE) is seen after the close of trading in New York, U.S., March 18, 2020. REUTERS/Lucas Jackson
Register now for FREE unlimited access to reuters.com
NEW YORK, Nov 26 (Reuters) – COVID-19 has resurfaced as a worry for investors and a potential driver of big market moves after a new variant triggered alarm, long after the threat had receded in Wall Street’s eyes.
Worries about a new strain of the virus, named Omicron and classified by the World Health Organization as a variant of concern, slammed markets worldwide and dealt the S&P 500 index its biggest one-day percentage loss in nine months. The moves came a day after the U.S. Thanksgiving holiday when thin volume likely exacerbated the moves.
With little known about the new variant, longer term implications for U.S. assets were unclear. At least, investors said signs that the new strain is spreading and questions over its resistance to vaccines could weigh on the so-called reopening trade that has lifted markets at various times this year.
Register now for FREE unlimited access to reuters.com
The new strain may also complicate the outlook for how aggressively the Federal Reserve normalizes monetary policy to fight inflation.
“Markets were celebrating the end of the pandemic. Slam. It isn’t over,” said David Kotok, chairman and chief investment officer at Cumberland Advisors. “All policy issues, meaning monetary policy, business trajectories, GDP growth estimates, leisure and hospitality recovery, the list goes on, are on hold.”
The S&P 500 fell by a third as pandemic fears mushroomed in early 2020, but has more than doubled in value since then, though the pandemic’s ebb and flow has driven sometimes-violent rotations in the types of stocks investors favor. The index is up more than 22% this year.
Before Friday, broader vaccine availability and advances in treatments made markets potentially less sensitive to COVID-19. The virus had dropped to a distant fifth in a list of so-called “tail risks” to the market in a recent survey of fund managers by BofA Global Research, with inflation and central bank hikes taking the top spots.
On Friday, however, technology and growth stocks that had prospered during last year’s so-called stay-at-home trade soared, including Zoom Communications (ZM.O), Netflix Inc (NFLX.O) and Peloton (PTON.O).
At the same time, stocks that had rallied this year on bets of economic reopening may suffer if virus fears grow. Energy, financials and other economically sensitive stocks tumbled on Friday, as did those of many travel-related companies such as airlines and hotels.
The new Omicron coronavirus variant spread further around the world on Sunday, with 13 cases found in the Netherlands and two each in Denmark and Australia, even as more countries tried to seal themselves off by imposing travel restrictions.
First discovered in South Africa, the new variant has now also been detected in Britain, Germany, Italy, the Netherlands, Denmark, Belgium, Botswana, Israel, Australia and Hong Kong. read more
Friday’s swings also sent the Cboe Volatility Index (.VIX), known as Wall Street’s fear gauge, soaring and options investors scrambling to hedge their portfolios against further market swings. read more
Andrew Thrasher, portfolio manager for The Financial Enhancement Group, had been concerned that recent gains in a handful of technology stocks with large weightings in the S&P 500, including Apple Inc (AAPL.O), Amazon.com Inc (AMZN.O), Microsoft Corp (MSFT.O), were masking weakness in the broader market.
“This set the kindling for sellers to push markets lower and the latest COVID news appears to have stoked that bearish flame,” he said.
Some investors said the latest COVID-19 related weakness could be a chance to buy stocks at comparatively lower levels, expecting the market to continue rapidly recovering from dips, a pattern that has marked its march to record highs this year.
“We’ve had numerous days when economic optimism collapses. Each of these optimism collapses were a good buying opportunity,” wrote Bill Smead, founder of Smead Capital Management, in a note to investors. Among the stocks he recommended were Occidental Petroleum (OXY.N) and Macerich Co (MAC.N), down 7.2% and 5.2% respectively on Friday.
One of several wild cards is whether virus-driven economic uncertainty will slow the Federal Reserve’s plans to normalize monetary policy, just as it has started unwinding its $120 billion a month bond buying program.
Futures on the U.S. federal funds rate, which track short-term interest rate expectations, on Friday showed investors rolling back their view of a sooner-than-expected rate increase.
Investors will be watching Fed Chair Jerome Powell and U.S. Treasury Secretary Janet Yellen’s appearance before Congress to discuss the government’s COVID response on Nov. 30 as well as U.S. employment numbers, due out next Friday.
Investors held out hope that markets could stabilize. Jack Ablin, chief investment officer at Cresset Capital Management, said moves may have been exaggerated by lack of liquidity on Friday, with many participants out for the Thanksgiving holiday.
“My first reaction is anything we are going to see today is overdone,” Ablin said.
Register now for FREE unlimited access to reuters.com
Reporting by Saqib Iqbal Ahmed; Additional reporting by Chuck Mikolajczak, Megan Davies and Lewis Krauskopf; Writing by Ira Iosebashvili; Editing by Megan Davies, Richard Chang and Alexander Smith
Our Standards: The Thomson Reuters Trust Principles.
The Israeli government, which approves any sale of NSO’s software to foreign governments and considers the software a critical foreign policy tool, is lobbying the United States to remove the ban on NSO’s behalf. NSO has said it would fight the ban, but the executive set to take over NSO Group quit after the business was blacklisted, the company said.
One week after the federal ban, the United States Court of Appeals for the Ninth Circuit rejected NSO’s motion to dismiss Facebook’s lawsuit. The Israeli firm had argued that it “could claim foreign sovereign immunity.” A 3-to-0 decision by the court rejected NSO’s argument and allowed Facebook’s lawsuit to proceed.
Let Us Help You Protect Your Digital Life
Those developments helped pave the way for Apple’s lawsuit against NSO on Tuesday. Apple first found itself in NSO’s cross hairs in 2016, when researchers at Citizen Lab, a research institute of the Munk School of Global Affairs at the University of Toronto, and Lookout, the San Francisco mobile security company now owned by BlackBerry, discovered that NSO’s Pegasus spyware was taking advantage of three security vulnerabilities in Apple products to spy on dissidents, activists and journalists.
And the company is at risk of default, Moody’s, the ratings agency, warned. Moody’s downgraded NSO by two levels, eight levels below investment grade, citing its $500 million of debt and severe cash flow problems.
NSO’s spyware gave its government clients access to the full contents of a target’s phone, allowing agents to read a target’s text messages and emails, record phone calls, capture sounds and footage off their cameras, and trace the person’s whereabouts.
Internal NSO documents, leaked to The New York Times in 2016, showed that the company charged government agencies $650,000 to spy on 10 iPhone users — along with a half-million-dollar setup fee. Government agencies in the United Arab Emirates and Mexico were among NSO’s early customers, the documents showed.
Those revelations led to the discovery of NSO’s spyware on the phones of human rights activists in the Emirates and journalists, activists and human rights lawyers in Mexico — even their teenage children living in the United States.
On a recent episode of his podcast, Rick Wiles, a pastor and self-described “citizen reporter,” endorsed a conspiracy theory: that Covid-19 vaccines were the product of a “global coup d’état by the most evil cabal of people in the history of mankind.”
“It’s an egg that hatches into a synthetic parasite and grows inside your body,” Mr. Wiles said on his Oct. 13 episode. “This is like a sci-fi nightmare, and it’s happening in front of us.”
Mr. Wiles belongs to a group of hosts who have made false or misleading statements about Covid-19 and effective treatments for it. Like many of them, he has access to much of his listening audience because his show appears on a platform provided by a large media corporation.
Mr. Wiles’s podcast is available through iHeart Media, an audio company based in San Antonio that says it reaches nine out of 10 Americans each month. Spotify and Apple are other major companies that provide significant audio platforms for hosts who have shared similar views with their listeners about Covid-19 and vaccination efforts, or have had guests on their shows who promoted such notions.
protect people against the coronavirus for long periods and have significantly reduced the spread of Covid-19. As the global death toll related to Covid-19 exceeds five million — and at a time when more than 40 percent of Americans are not fully vaccinated — iHeart, Spotify, Apple and many smaller audio companies have done little to rein in what radio hosts and podcasters say about the virus and vaccination efforts.
“There’s really no curb on it,” said Jason Loviglio, an associate professor of media and communication studies at the University of Maryland, Baltimore County. “There’s no real mechanism to push back, other than advertisers boycotting and corporate executives saying we need a culture change.”
Audio industry executives appear less likely than their counterparts in social media to try to check dangerous speech. TruNews, a conservative Christian media outlet founded by Mr. Wiles, who used the phrase “Jew coup” to describe efforts to impeach former President Donald J. Trump, has been banned by YouTube. His podcast remains available on iHeart.
Asked about his false statements concerning Covid-19 vaccines, Mr. Wiles described pandemic mitigation efforts as “global communism.” “If the Needle Nazis win, freedom is over for generations, maybe forever,” he said in an email.
The reach of radio shows and podcasts is great, especially among young people: A recent survey from the National Research Group, a consulting firm, found that 60 percent of listeners under 40 get their news primarily through audio, a type of media they say they trust more than print or video.
unfounded claim that “45,000 people have died from taking the vaccine.” In his final Twitter post, on July 30, Mr. Bernier accused the government of “acting like Nazis” for encouraging Covid-19 vaccines.
Jimmy DeYoung Sr., whose program was available on iHeart, Apple and Spotify, died of Covid-19 complications after making his show a venue for false or misleading statements about vaccines. One of his frequent guests was Sam Rohrer, a former Pennsylvania state representative who likened the promotion of Covid-19 vaccines to Nazi tactics and made a sweeping false statement. “This is not a vaccine, by definition,” Mr. Rohrer said on an April episode. “It is a permanent altering of my immune system, which God created to handle the kinds of things that are coming that way.” Mr. DeYoung thanked his guest for his “insight.” Mr. DeYoung died four months later.
has said his research has been “misinterpreted” by anti-vaccine activists. He added that Covid-19 vaccines have been found to reduce transmissions substantially, whereas chickens inoculated with the Marek’s disease vaccine were still able to transmit the disease. Mr. Sexton did not reply to a request for comment.
more than 600 podcasts and operates a vast online archive of audio programs — has rules for the podcasters on its platform prohibiting them from making statements that incite hate, promote Nazi propaganda or are defamatory. It would not say whether it has a policy concerning false statements on Covid-19 or vaccination efforts.
Apple’s content guidelines for podcasts prohibit “content that may lead to harmful or dangerous outcomes, or content that is obscene or gratuitous.” Apple did not reply to requests for comment for this article.
Spotify, which says its podcast platform has 299 million monthly listeners, prohibits hate speech in its guidelines. In a response to inquiries, the company said in a written statement that it also prohibits content “that promotes dangerous false or dangerous deceptive content about Covid-19, which may cause offline harm and/or pose a direct threat to public health.” The company added that it had removed content that violated its policies. But the episode with Mr. DeYoung’s conversation with Mr. Rohrer was still available via Spotify.
Dawn Ostroff, Spotify’s content and advertising business officer, said at a conference last month that the company was making “very aggressive moves” to invest more in content moderation. “There’s a difference between the content that we make and the content that we license and the content that’s on the platform,” she said, “but our policies are the same no matter what type of content is on our platform. We will not allow any content that infringes or that in any way is inaccurate.”
The audio industry has not drawn the same scrutiny as large social media companies, whose executives have been questioned in congressional hearings about the platforms’ role in spreading false or misleading information.
The social media giants have made efforts over the last year to stop the flow of false reports related to the pandemic. In September, YouTube said it was banning the accounts of several prominent anti-vaccine activists. It also removes or de-emphasizes content it deems to be misinformation or close to it. Late last year, Twitter announced that it would remove posts and ads with false claims about coronavirus vaccines. Facebook followed suit in February, saying it would remove false claims about vaccines generally.
now there’s podcasting.”
The Federal Communications Commission, which grants licenses to companies using the public airwaves, has oversight over radio operators, but not podcasts or online audio, which do not make use of the public airwaves.
The F.C.C. is barred from violating American citizens’ right to free speech. When it takes action against a media company over programming, it is typically in response to complaints about content considered obscene or indecent, as when it fined a Virginia television station in 2015 for a newscast that included a segment on a pornographic film star.
In a statement, an F.C.C. spokesman said the agency “reviews all complaints and determines what is actionable under the Constitution and the law.” It added that the main responsibility for what goes on the air lies with radio station owners, saying that “broadcast licensees have a duty to act in the public interest.”
The world of talk radio and podcasting is huge, and anti-vaccine sentiment is a small part of it. iHeart offers an educational podcast series about Covid-19 vaccines, and Spotify created a hub for podcasts about Covid-19 from news outlets including ABC and Bloomberg.
on the air this year, describing his decision to get vaccinated and encouraging his listeners to do the same.
Recently, he expressed his eagerness to get a booster shot and mentioned that he had picked up a new nickname: “The Vaxxinator.”
Fighting stalkerware is tough. You may not suspect it’s there. Even if you did, it can be difficult to detect since antivirus software only recently began flagging these apps as malicious.
Here’s a guide to how stalkerware works, what to look out for and what to do about it.
The Different Types of Stalkerware
Surveillance software has proliferated on computers for decades, but more recently spyware makers have shifted their focus to mobile devices. Because mobile devices have access to more intimate data, including photos, real-time location, phone conversations and messages, the apps became known as stalkerware.
Various stalkerware apps collect different types of information. Some record phone calls, some log keystrokes, and others track location or upload a person’s photos to a remote server. But they all generally work the same way: An abuser with access to a victim’s device installs the app on the phone and disguises the software as an ordinary piece of software, like a calendar app.
From there, the app lurks in the background, and later, the abuser retrieves the data. Sometimes, the information gets sent to the abuser’s email address or it can be downloaded from a website. In other scenarios, abusers who know their partner’s passcode can simply unlock the device to open the stalkerware and review the recorded data.
So what to do? The Coalition Against Stalkerware, which was founded by Ms. Galperin and other groups, and many security firms offered these tips:
Look for unusual behavior on your device, like a rapidly draining battery. That could be a giveaway that a stalker app has been constantly running in the background.
Scan your device. Some apps, like MalwareBytes, Certo, NortonLifeLock and Lookout, can detect stalkerware. But to be thorough, take a close look at your apps to see if anything is unfamiliar or suspicious. If you find a piece of stalkerware, pause before you delete it: It may be useful evidence if you decide to report the abuse to law enforcement.
Seek help. In addition to reporting stalking behavior to law enforcement, you can seek advice from resources like the National Domestic Violence Hotline or the Safety Net Project hosted by the National Network to End Domestic Violence.
Audit your online accounts to see which apps and devices are hooked into them. On Twitter, for example, you can click on the “security and account access” button inside the settings menu to see which devices and apps have access to your account. Log out of anything that looks shady.
Change your passwords and passcode. It’s always safer to change passwords for important online accounts and avoid reusing passwords across sites. Try creating long, complex passwords for each account. Similarly, make sure your passcode is difficult for someone to guess.
Enable two-factor authentication. For any online account that offers it, use two-factor authentication, which basically requires two forms of verification of your identity before letting you log into an account. Say you enter your user name and password for your Facebook account. That’s Step 1. Facebook then asks you to punch in a temporary code generated by an authentication app. That’s Step 2. With this protection, even if an abuser figures out your password using a piece of stalkerware, he or she still can’t log in without that code.
On iPhones, check your settings. A new stalker app, WebWatcher, uses a computer to wirelessly download a backup copy of a victim’s iPhone data, according to Certo, a mobile security firm. To defend yourself, open the Settings app and look at the General menu to see if “iTunes Wi-Fi Sync” is turned on. Disabling this will prevent WebWatcher from copying your data.
Apple said this was not considered an iPhone vulnerability because it required an attacker to be on the same Wi-Fi network and have physical access to a victim’s unlocked iPhone.
Start fresh. Buying a new phone or erasing all the data from your phone to begin anew is the most effective way to rid a device of stalkerware.
Update your software. Apple and Google regularly issue software updates that include security fixes, which can remove stalkerware. Make sure you’re running the latest software.
In the end, there’s no true way to defeat stalkerware. Kevin Roundy, NortonLifeLock’s lead researcher, said he had reported more than 800 pieces of stalkerware inside the Android app store. Google removed the apps and updated its policy in October to forbid developers to offer stalkerware.
But more have emerged to take their place.
“There are definitely a lot of very dangerous, alarming possibilities,” Mr. Roundy said. “It’s going to continue to be a concern.”
“The internet is answering a question that it’s been wrestling with for decades, which is: How is the internet going to pay for itself?” he said.
The fallout may hurt brands that relied on targeted ads to get people to buy their goods. It may also initially hurt tech giants like Facebook — but not for long. Instead, businesses that can no longer track people but still need to advertise are likely to spend more with the largest tech platforms, which still have the most data on consumers.
David Cohen, chief executive of the Interactive Advertising Bureau, a trade group, said the changes would continue to “drive money and attention to Google, Facebook, Twitter.”
The shifts are complicated by Google’s and Apple’s opposing views on how much ad tracking should be dialed back. Apple wants its customers, who pay a premium for its iPhones, to have the right to block tracking entirely. But Google executives have suggested that Apple has turned privacy into a privilege for those who can afford its products.
For many people, that means the internet may start looking different depending on the products they use. On Apple gadgets, ads may be only somewhat relevant to a person’s interests, compared with highly targeted promotions inside Google’s web. Website creators may eventually choose sides, so some sites that work well in Google’s browser might not even load in Apple’s browser, said Brendan Eich, a founder of Brave, the private web browser.
“It will be a tale of two internets,” he said.
Businesses that do not keep up with the changes risk getting run over. Increasingly, media publishers and even apps that show the weather are charging subscription fees, in the same way that Netflix levies a monthly fee for video streaming. Some e-commerce sites are considering raising product prices to keep their revenues up.
Consider Seven Sisters Scones, a mail-order pastry shop in Johns Creek, Ga., which relies on Facebook ads to promote its items. Nate Martin, who leads the bakery’s digital marketing, said that after Apple blocked some ad tracking, its digital marketing campaigns on Facebook became less effective. Because Facebook could no longer get as much data on which customers like baked goods, it was harder for the store to find interested buyers online.
The consortium did not disclose how it had obtained the list, and it was unclear whether the list was aspirational or whether the people had actually been targeted with NSO spyware.
Let Us Help You Protect Your Digital Life
Among those listed were Azam Ahmed, who had been the Mexico City bureau chief for The Times and who has reported widely on corruption, violence and surveillance in Latin America, including on NSO itself; and Ben Hubbard, The Times’s bureau chief in Beirut, Lebanon, who has investigated rights abuses and corruption in Saudi Arabia and wrote a recent biography of the Saudi crown prince, Mohammed bin Salman.
It also included 14 heads of state, including President Emmanuel Macron of France, President Cyril Ramaphosa of South Africa, Prime Minister Mostafa Madbouly of Egypt, Prime Minister Imran Khan of Pakistan, Saad-Eddine El Othmani, who until recently was the prime minister of Morocco, and Charles Michel, the head of the European Council.
Shalev Hulio, a co-founder of NSO Group, vehemently denied the list’s accuracy, telling The Times, “This is like opening up the white pages, choosing 50,000 numbers and drawing some conclusion from it.”
This year marks a record for the discovery of so-called zero days, secret software flaws like the one that NSO used to install its spyware. This year, Chinese hackers were caught using zero days in Microsoft Exchange to steal emails and plant ransomware. In July, ransomware criminals used a zero day in software sold by the tech company Kaseya to bring down the networks of some 1,000 companies.
For years, the spyware industry has been a black box. Sales of spyware are locked up in nondisclosure agreements and are frequently rolled into classified programs, with limited, if any, oversight.
NSO’s clients previously infected their targets using text messages that cajoled victims into clicking on links. Those links made it possible for journalists and researchers at organizations like Citizen Lab to investigate the possible presence of spyware. But NSO’s new zero-click method makes the discovery of spyware by journalists and cybersecurity researchers much harder.
Apple is widely expected to ask a judge to keep the order from going into effect. Either company could also appeal to the U.S. Court of Appeals for the Ninth Circuit. In that court, a three-judge panel could review the decision, a process that could take a year or more. After a ruling there, Apple or Epic could appeal to the Supreme Court.
The ruling allows both sides to claim a partial victory. Apple now has a court ruling that says it does not run a monopoly in an important digital marketplace, which undercuts its opponents’ efforts to claim that it violates antitrust laws. But Epic’s lawsuit could also force Apple to crack open its airtight iPhone software to create an avenue for developers to avoid its commission.
Apple’s shares fell nearly 3 percent on the Nasdaq exchange after the ruling was announced.
“Today the court has affirmed what we’ve known all along: The App Store is not in violation of antitrust law,” Apple said in a statement. “As the court recognized, ‘Success is not illegal.’ Apple faces rigorous competition in every segment in which we do business, and we believe customers and developers choose us because our products and services are the best in the world.”
The ruling did uphold many of the principles of Apple’s App Store business, including that it can prohibit third-party iPhone app marketplaces and can continue to charge a 30 percent commission on many transactions. Epic had challenged those practices.
“It puts an economic question mark around the App Store, but at the same time, it affirms the principles” of the business, said Adam Kovacevich, a former Google lobbyist who now runs a tech-policy group that is in part sponsored by Apple.
Tim Sweeney, Epic’s chief executive, said on Twitter that he was not satisfied with the ruling because it did not go far enough in allowing companies to complete in-app transactions with their own payment systems, versus having to direct customers to outside websites. He said Fortnite would not return to the App Store until such rules were in place.
“Today’s ruling isn’t a win for developers or for consumers,” he said. “We will fight on.”
Mr. Rubin, the antitrust lawyer, said that Apple would feel relieved to dodge being labeled a monopoly, but that the judge’s verdict would most likely do little to strengthen its standing in other investigations because antitrust lawsuits can vary. He said Apple might also have to consider lowering its commission now that it will be easier for developers to send customers elsewhere to make purchases.
WASHINGTON — For months, Apple and Google have been fighting a bill in the South Korean legislature that they say could imperil their lucrative app store businesses. The companies have appealed directly to South Korean lawmakers, government officials and the public to try to block the legislation, which is expected to face a crucial vote this week.
The companies have also turned to an unlikely ally, one that is also trying to quash their power: the United States government. A group funded by the companies has urged trade officials in Washington to push back on the legislation, arguing that targeting American firms could violate a joint trade agreement.
The South Korean legislation would be the first law in the world to require companies that operate app stores to let users in Korea pay for in-app purchases using a variety of payment systems. It would also prohibit blocking developers from listing their products on other app stores.
How the White House responds to this proposal poses an early test for the Biden administration: Will it defend tech companies facing antitrust scrutiny abroad while it applies that same scrutiny to the companies at home?
executive order to spur competition in the industry, and his top two antitrust appointees have long been vocal critics of the companies.
The approach the White House chooses may have widespread implications for the industry, and for the shape of the internet around the world. A growing number of countries are pursuing stricter regulations on Google, Apple, Facebook and Amazon, fragmenting the rules of the global internet.
American officials have echoed some of the industry’s complaints about the proposal, saying in a March report it appeared to target American companies. But trade officials have yet to take a formal position on it, said Adam Hodge, a spokesman for the United States Trade Representative. He said officials were still considering how to balance the claim that the legislation discriminates against American companies with the belief among tech critics in South Korea and America that the legislation would level the playing field.
“We are engaging a range of stakeholders to gather facts as legislation is considered in Korea, recognizing the need to distinguish between discrimination against American companies and promoting competition,” Mr. Hodge said in a statement.
Apple said that it regularly dealt with the United States government on a range of topics. During those interactions it discussed the South Korean app store legislation with American officials, including at the U. S. Embassy in Seoul, the company said in a statement.
The company said the legislation would “put users who purchase digital goods from other sources at risk of fraud, undermine their privacy protections, make it difficult to manage their purchases” and endanger parental controls.
A Google spokeswoman, Julie Tarallo McAlister, said in a statement that Google was open to “exploring alternative approaches” but believed the legislation would harm consumers and software developers.
The proposal was approved by a committee in the Korean National Assembly last month, over the opposition of some in the Korean government. It could get a vote in the body’s judiciary committee as soon as this week. It would then require a vote from the full assembly and the signature of President Moon Jae-in to become law.
The proposal would have a major impact on Apple’s App Store and the Google Play Store.
The Google store accounted for 75 percent of global app downloads in the second quarter of 2021, according to App Annie, an analytics company. Apple’s marketplace accounted for 65 percent of consumer spending on in-app purchases or subscriptions.
One way software developers make money is by selling products directly in their apps, like Fortnite’s in-game currency or a subscription to The New York Times. Apple has insisted for years that developers sell those in-app products through the company’s own payment system, which takes up to a 30 percent cut of many sales. Last year, Google indicated it would follow suit by applying a 30 percent cut to more purchases than it had in the past. Developers say that the fees are far too steep.
After South Korean lawmakers proposed the app store bill last year, the Information Technology Industry Council, a Washington-based group that counts Apple and Google as members, urged the United States Trade Representative to include concerns about the legislation in an annual report highlighting “barriers” to foreign trade. The group said in October that the rules could violate a 2007 accord that says neither country can discriminate against firms with headquarters in the other.
Apple said that it was not unusual for an industry group to provide feedback to the trade representative. The company said the government had explicitly asked for comment on potentially discriminatory laws. In a statement, Naomi Wilson, the trade group’s vice president of policy for Asia, said that it encouraged “legislators to work with industry to re-examine the obligations for app markets set forth in the proposed measure to ensure they are not trade-restrictive and do not disproportionately affect” American companies.
When the trade representative’s report was published in March — just weeks after Mr. Biden’s nominee to the position was sworn in — it included a paragraph that echoed some of the tech group’s concerns. The report concluded that the South Korean law’s “requirement to permit users to use outside payment services appears to specifically target U.S. providers and threatens a standard U.S. business model.”
The American report did not say the law would violate the free trade agreement with South Korea. But in July, the managing director of a group called the Asia Internet Coalition, which lists Apple and Google as two of its members, pointed to the report when he told Korea’s trade minister that the law “could provoke trade tensions between the United States and South Korea.”
“The Biden administration has already signaled its concerns,” the director said in a written comment in July.
American diplomats in Seoul also raised questions about whether the legislation could cause trade tensions.
“Google said something like that, and a similar opinion was expressed by the U.S. Embassy in Korea,” said Jo Seoung Lae, a lawmaker who backs the legislation. He added that the embassy had been in touch with his staff throughout June and July. Park Sungjoong, another lawmaker, also said that the embassy had expressed trade concerns about the law.
Mr. Jo said that a Google representative had visited his office to express opposition to the proposal, and that Apple had also “provided their feedback” opposing the legislation.
Mr. Jo said that he had requested that the United States provide its official position, but he said he had not received one yet.
American trade officials sometimes defend companies even when they are criticized by others in the administration. While former President Donald J. Trump attacked a liability shield for social media platforms, known as Section 230, his trade representative wrote a similar provision into agreements with Canada, Mexico and Japan.
But Wendy Cutler, a former official who negotiated the trade agreement between South Korea and the United States, said that it would be difficult for America to argue that the Korean rules violate trade agreements when the same antitrust issues are being debated stateside.
“You don’t want to be calling out a country for potentially violating an obligation when at the same time your own government is questioning the practice,” said Ms. Cutler,now the vice president at the Asia Society Policy Institute. “It weakens the case substantially.”
South Korean and American app developers have run their own campaign for the new rules, arguing it would not trigger trade tensions.
In June, Mark Buse, the top lobbying executive at the dating app company Match Group and a former board member of a pro-regulation group called the Coalition for App Fairness, wrote to Mr. Jo, the Korean lawmaker, supporting the proposal. He said that the Biden administration knew about concerns around the tech giants, making trade tensions less likely.
Later that month, Mr. Buse attended a virtual conference about the app store legislation hosted by K-Internet, a trade group that represents major Korean internet companies like Naver, Google’s main search competitor in South Korea, and Kakao.
Mr. Buse, who traveled to Seoul this month to press the case for the legislation on behalf of the Coalition for App Fairness, made it clear that his employer considered it a high-stakes debate. He listed the many other countries where officials were concerned about Apple’s and Google’s practices.
“And all of this,” he said, “is following the leadership that the Korean assembly is showing.”
He did not respond, but days later Apple posted an internal video in which company executives doubled down on bringing workers back to the office. In the video, Dr. Sumbul Desai, who helps run Apple’s digital health division, encouraged workers to get vaccinated but stopped short of saying they would be required to, according to a transcript viewed by The Times.
The video didn’t sit well with some employees.
“OK, you want me to put my life on the line to come back to the office, which will also decrease my productivity, and you’re not giving me any logic on why I actually need to do that?” said Ashley Gjovik, a senior engineering program manager.
When the company delayed its return-to-office date on Monday, a group of employees drafted a new letter, proposing a one-year pilot program in which people could work from home full time if they chose to. The letter said an informal survey of more than 1,000 Apple employees found that roughly two-thirds would question their future at the company if they were required to return to the office.
In Los Angeles, Endeavor, the parent company of the William Morris Endeavor talent agency, reopened its Beverly Hills headquarters this month. But it decided to shut down again last week when the county reimposed its indoor mask mandate in the face of surging case counts. An Endeavor spokesman said the company had decided that enforcement would be too difficult and would hinder group meetings.
The employment website Indeed had been targeting Sept. 7 as the date when it would start bringing workers back on a hybrid basis. Now it has begun to reconsider those plans, the company’s senior vice president of human resources, Paul Wolfe, said, “because of the Delta variant.”
Some companies said the recent spike in cases had not yet affected their return-to-office planning. Facebook still intends to reopen at 50 percent capacity by early September. IBM plans to open its U.S. offices in early September, with fully vaccinated employees free to go without a mask, and Royal Dutch Shell, the gas company, has been gradually lifting restrictions in its Houston offices, prompting more of its workers to return.
Hewlett Packard Enterprise began allowing employees to return to its offices Monday, bolstered by a survey of its California employees that found 94 percent were fully vaccinated.