Canada finds Apple’s carrier deals don’t hurt competition

France may think Apple is up to no good with its carrier deals for the iPhone, but you won’t hear similar gripes from Canada. The country’s Competition Bureau has determined that there isn’t “sufficient evidence” to show that Apple had illegally strong-armed carriers into deals that gave it preferred treatment. While there’s no question that the iPhone is a “must-have” for carriers, the regulator says, the terms only have a minor effect at most — there’s plenty of competition, and ditching Apple’s agreements wouldn’t significantly change the playing field.

The investigation started in 2014 after the Bureau received info hinting that Apple was placing a heavy burden on providers. As in other countries, there were concerns that carriers had to buy a minimum number of iPhones, agree to up-front retail subsidies and give Apple a “most favored nation” clause that prevented rivals from getting better treatment. What evidence exists suggests that carriers could easily “mitigate” these terms, according to the decision.

From first-hand experience, the findings appear to hold up. The Canadian market is big on the iPhone, but you’re just as likely to see carriers push the latest Samsung phone or the Google Pixel line. You’ll frequently see other flagship devices get more prominent treatment, or discounts that aren’t offered for Apple’s handsets. While this doesn’t rule out the possibility of overly strict deals, it’s clear that there’s no international consensus on Apple’s competitive stance — it largely depends on individual markets.

Via: AppleInsider

Source: Competition Bureau

Engadget RSS Feed

Don’t believe the ‘Pokémon Go’ privacy hype

When the Pokémon Go obsession reached full saturation this week, privacy-concern whispers became full-blown hysterical shrieks when a researcher’s blog post accused the game’s maker of taking over its users’ Google accounts. As it turned out, the app’s iPhone permissions were just poorly implemented, and fixed immediately.

Unfortunately that didn’t stop the privacy and security hysteria machine. All week long, headlines made a mountain out of a molehill, scaring some people into uninstalling the app altogether.

Pokémon Go, a phone game released by Niantic Labs and Nintendo, has been an astonishing success. The game is basically a GPS-guided treasure hunt using a smartphone camera. It sends people out into the world around them, gets them interacting with others, and has brought the U.S. some much-needed distraction and smiles.

The stories emerging through social media might be more entertaining than playing the game itself. Pokémon have been “caught” at gay bars and churches, people have been shooed out of police stations and courthouses trying to catch the little beasts. Someone found a dead body, people have been robbed, and some police departments have even been forced to issue safety guidelines. On the plus side, there are some mental health benefits. Meanwhile, Pokémon Go has added nearly $ 11 billion to the value of Nintendo since its release.

Naturally, a few hackers became interested in what was going on under the app’s hood. But before anyone had a chance to publish detailed findings, researcher Adam Reeve rushed to make a post that set off a chain reaction of hysteria.

Reeve wrote that if you signed into Pokémon Go with Google, the app was given full permission to access your Google account. He claimed that the company could read your Gmail, see your Google search and Maps history, access your private photos, delete things in Google Drive, and more.

He also indicated that it wasn’t possible to sign in alternately, by creating a Pokémon account, and sort of made it sound like something suspicious was going on. News outlets rushed to write hyperbolic headlines without bothering to note that this was only happening on iPhones.

That’s how we ended up with hysterical, misleading headlines like, “Pokémon Go is a major security risk for your entire Google account.” And it’s why we had people screaming white frothy rage on social media that Niantic was backdooring user accounts. It’s also how we ended up with Sen. Al Franken sending a letter to Niantic demanding answers about Pokémon Go‘s privacy practices.

To their credit, Gizmodo contacted Adam Reeve, who then backtracked on his claims, saying he wasn’t “100 percent sure” his blog post was actually true. He also admitted that he didn’t test any of the claims in his post.

In fact, it turned out that Pokémon Go was never able to read people’s Gmail or any of the really scary things that Reeve and some trigger-happy media outlets claimed. Dan Guido, CEO of security company Trail of Bits, did the deep-dive analysis that was needed before any digital ink was spilled in histrionic headlines.

Guido not only cast serious doubt on Reeve’s claims, he talked to Google tech support. Imagine that! They told him the “full account access” everyone was freaking out about doesn’t mean a third party (in this case, Niantic, Nintendo, or Pokémon) can read or send email, access your files or anything else being claimed.

It did mean that Niantic could read so-called biographical information, like an email address and phone number. What Trail of Bits also discovered was that Pokémon Go‘s Google authorization process was using the wrong permission “token.” Their post linked to another researcher who said, “I believe this is a mistake on Google and Niantic’s part and isn’t being used maliciously in the way that was originally suggested.”

Before the Trail of Bits post was even published, Niantic had reacted. The company put out a press release explaining that there had been a permissions snafu with the social login process, and they fixed the internal mistake in record time. Their statement said:

“We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user’s Google account. … Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon Go‘s permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves.”

Further, it turned out the mystery about Pokémon’s account signup process being suspiciously unavailable at the time of Reeve’s post wasn’t a conspiracy after all. To the surprise of no one, Pokémon’s servers were getting hammered by all the new traffic.

It’s quite interesting to see so many people wig out about an app’s overreach of permissions. Which is, incidentally, a big deal. And it’s about time.

But it’s really frustrating to watch the outrage flames get fanned and senators spring into action over something that feels more like crying wolf when there are flashlight apps that dubiously “need” to know where you are or must have access to write arbitrary code to your phone. Or, how about a little outrage and action over our recent discovery that popular running app Runkeeper records your location after you’ve turned the app off? (Runkeeper is in trouble for this in Europe but not here.) Better yet, how about a senator demand answers from Facebook over tracking user locations without consent and matching it with strangers’ locations? Because we sure as hell don’t know when Facebook did that, or to whom (or for how long) the company did that. Nor can we can trust that they’ve actually stopped doing this or won’t do it again in the future.

So this week, everyone we know basically joined a geocaching cult. We already knew that no one reads or understands the terms they agree to for apps and websites, even if they demand giving up your first-born child as payment. We learned that setting up social login permissions is actually really fussy and difficult to do right. And everyone learned that signing in with your Google or Facebook account means putting some kind of access to your personal stuff in someone else’s hands. Which, by the way, is why I recommend never, ever in a million years signing in to any app or website in this manner. Seriously, if you do that, just stop locking your front door and get it over with.

If only the entire internet, security’s brighter minds and our elected representatives would level this amount of scrutiny at all apps.

But as one forum commenter wisely explained, “iOS users using Google Account sign-up affected by Pokémon Go permissions bug, Android unaffected” just doesn’t make a sexy headline.

Engadget RSS Feed