Apple to fix FaceTime bug that allows eavesdropping
By MATT O’BRIEN and CARLO PIOVANO
Wednesday, January 30
Apple has disabled a group-chat function in FaceTime after users said a software bug could let callers activate another person’s microphone remotely.
With the bug, a FaceTime user calling another iPhone, iPad or Mac computer could hear audio — even if the receiver did not accept the call. The bug is triggered when callers add themselves to the same call to launch a group chat. That makes FaceTime think the receiver had accepted the chat.
The bug, demonstrated through videos online, comes as an embarrassment for a company that is trying to distinguish itself by stressing its commitment to users’ privacy.
“This is a big hit to their brand,” said Dave Kennedy, CEO of Ohio-based security firm TrustedSec. “There’s been a long period of time people could have used that to eavesdrop. These things definitely should be caught prior to ever being released.”
There is no longer a danger from this particular bug as Apple disabled group chats, while regular, one-on-one FaceTime remains available.
NBC News and The Wall Street Journal reported Tuesday that the family of a 14-year-old high school student in Tucson, Arizona, tried to inform Apple about the bug more than a week before it became widely known to the public. The boy, Grant Thompson, said he discovered it by accident while calling friends to play the game “Fortnite.”
It’s hard to know if anyone exploited the bug maliciously, said Erka Koivunen, chief information security officer for Finnish company F-Secure. He said it would have been hard to use the bug to spy on someone, as the phone would ring first — and it’s easy to identify who called.
Apple said Tuesday that a fix will come in a software update later this week. Apple declined to say when it learned about the problem. The company also wouldn’t say if it has logs that could show if anyone took advantage of the bug before it became publicly known this week.
Kennedy commended Apple’s quick response this week following reports of the bug by tech blogs. He predicted the reputational dent could soon be forgotten if it doesn’t become part of a pattern.
“All bugs are obvious in retrospect,” said Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation. “The truth is bugs are subtle, code is complicated and sometimes things get through.”
Galperin said Apple should develop a better process for fielding reports about potential security flaws. She said the 14-year-old’s discovery of the problem “just tells us a lot about reporting security bugs depends on knowing the right person.”
Apple had introduced the 32-person video conferencing feature in October for iPhones, iPads and Macs. Regular FaceTime calls aren’t affected unless the caller turns it into a group chat.
Word of the bug came as Apple reported that profit for the last three months of 2018 dipped slightly to $20 billion while revenue fell 5 percent from the prior year to $84 billion. Earlier this month, Apple said that demand for iPhones was waning and that its earnings for the final quarter of 2018 would be below its own forecasts — a rare downgrade from the company.
Apple busts Facebook for distributing data-sucking app
By BARBARA ORTUTAY and FRANK BAJAK
AP Technology Writers
Thursday, January 31
NEW YORK (AP) — Apple says Facebook can no longer distribute an app that paid users, including teenagers, to extensively track their phone and web use.
In doing so, Apple closed off Facebook’s efforts to sidestep Apple’s app store and its tighter rules on privacy.
The tech blog TechCrunch reported late Tuesday that Facebook paid people about $20 a month to install and use the Facebook Research app. While Facebook says this was done with permission, the company has a history of defining “permission” loosely and obscuring what data it collects.
“I don’t think they make it very clear to users precisely what level of access they were granting when they gave permission,” mobile app security researcher Will Strafach said Wednesday. “There is simply no way the users understood this.”
He said Facebook’s claim that users understood the scope of data collection was “muddying the waters.”
Facebook says fewer than 5 percent of the app’s users were teens and they had parental permission. Nonetheless, the revelation is yet another blemish on Facebook’s track record on privacy and could invite further regulatory scrutiny.
And it comes less than a week after court documents revealed that Facebook allowed children to rack up huge bills on digital games and that it had rejected recommendations for addressing it for fear of hurting revenue growth.
For now, the app appears to be available for Android phones, though not through Google’s main app store. Google had no comment Wednesday.
Apple said Facebook was distributing Facebook Research through an internal-distribution mechanism meant for company employees, not outsiders. Apple has revoked that capability.
TechCrunch reported separately Wednesday that Google was using the same privileged access to Apple’s mobile operating system for a market-research app, Screenwise Meter. Asked about it by The Associated Press, Google said it had disabled the app on Apple devices and apologized for its “mistake.”
The company said Google had always been “upfront with users” about how it used data collected by the app, which offered users points that could be accrued for gift cards. In contrast to the Facebook Research app, Google said its Screenwise Meter app never asked users to let the company circumvent network encryption, meaning it is far less intrusive.
Facebook is still permitted to distribute apps through Apple’s app store, though such apps are reviewed by Apple ahead of time. And Apple’s move Wednesday restricts Facebook’s ability to test those apps — including core apps such as Facebook and Instagram — before they are released through the app store.
Facebook previously pulled an app called Onavo Protect from Apple’s app store because of its stricter requirements. But Strafach, who dismantled the Facebook Research app on TechCrunch’s behalf, told the AP that it was mostly Onavo repackaged and rebranded, as the two apps shared about 98 percent of their code.
As of Wednesday, a disclosure form on Betabound, one of the services that distributed Facebook Research, informed prospective users that by installing Facebook Research, they are letting Facebook collect a range of data. This includes information on apps users have installed, when they use them and what they do on them. Information is also collected on how other people interact with users and their content within those apps, according to the disclosure.
Betabound warned that Facebook may collect information even when an app or web browser uses encryption.
Strafach said emails, social media activities, private messages and just about anything else could be intercepted. He said the only data absolutely safe from snooping are from services, such as Signal and Apple’s iMessages, that fully encrypt messages prior to transmission, a method known as end-to-end encryption.
Strafach, who is CEO of Guardian Mobile Firewall, said he was aghast to discover Facebook caught red-handed violating Apple’s trust.
He said such traffic-capturing tools are only supposed to be for trusted partners to use internally. Instead, he said Facebook was scooping up all incoming and outgoing data traffic from unwitting members of the public — in an app geared toward teenagers.
“This is very flagrantly not allowed,” Strafach said. “It’s mind-blowing how defiant Facebook was acting.”
Bajak reported from Lima, Peru. Associated Press Writer Kelvin Chan in London contributed to this story.
Facebook at 15: It’s not all bad, but now it must be good
January 31, 2019
Author: Bhaskar Chakravorti, Dean of Global Business, The Fletcher School, Tufts University
Disclosure statement: Bhaskar Chakravorti has founded and directs the Institute for Business in the Global Context at Fletcher/Tufts that has received funding from Mastercard, Microsoft, the Gates Foundation and the Onassis Foundation. He is a Non-Resident Senior Fellow at Brookings India and a Senior Advisor on Digital Inclusion at the Mastercard Center for Inclusive Growth.
Partners: Tufts University provides funding as a founding partner of The Conversation US.
It is almost too easy to bash Facebook these days. Nearly a third of Americans feel the country’s most popular social media platform is bad for society. As the company approaches its 15th birthday, Americans rate its social benefit as better than Marlboro cigarettes, but worse than McDonald’s.
Yet as a scholar of digital technologies and their effects on society – and even though I am not on Facebook – I worry that public perception has become overly critical of Facebook. It’s true that the company has been behaving like many 15-year-old adolescents, acting irresponsibly and selfishly, and making endless promises to do better, at least until the next mess is uncovered. However, as talk grows of fines and regulations, it’s worth remembering there is such a thing as overregulation, which would respond to the urgency and charged political climate of the current moment but hurt the public interest in the long run.
Official action to rein in Facebook’s power should reflect on the bad and ugly things the company has done and allowed to happen. But the debate shouldn’t forget some things about Facebook that would qualify as “great,” which may have been missed in the avalanche of negative sentiment toward the company and its leaders.
The bad stuff
The individual and social harms due to Facebook are many, including contributing to concentration in the online advertising market, with negative impact on productivity and wage growth, distracting students and potentially causing users mental distress and giving rise to symptoms akin to substance abuse.
The bottom line is clear: Spending too much time on Facebook may be bad for you.
Things get ugly
All technology companies have been experiencing some heightened skepticism. However, more Americans felt negatively toward Facebook than those who felt similarly about Amazon, Google, Microsoft and Apple combined, according to a 2017 poll. Facebook’s place in the public perception has only deteriorated since then.
The company’s violations of user trust are legion, including ignoring its own privacy policies, sharing data without permission, tricking children into spending their parents’ money, allowing disinformation campaigns that affect elections in the U.S. and elsewhere, and – perhaps worst of all – magnifying propaganda that has sparked violence around the world.
In the U.S., the company’s services have allowed bias and discrimination to take root. In early 2018, the National Fair Housing Alliance and affiliated groups sued Facebook, alleging that its advertising platform let landlords and real-estate brokers discriminate against women, disabled veterans and single mothers, among other groups. The company’s own civil-rights audit found it contributed to voter suppression and targeted manipulative advertising to impressionable groups. That report came on the heels of two comprehensive reports compiled for the U.S. Senate detailing how Russian government agents used Facebook and other social media sites to influence Americans’ thinking.
The company’s rap sheet is long and growing. Its repeated assurances that it will fix the problems are now roundly assumed to be empty promises.
But wait, there is great stuff, too
With this much going wrong, it is easy to forget that the company has shown great technological and business sophistication in connecting people like never before. Facebook combined innovative social-networking ideas from others and bought up potential competitors like Instagram and WhatsApp. This itself constitutes an innovation in creating a connectivity platform like no other.
In terms of contribution to the economy, the company is right – if a tad self-serving – to note that it has helped small businesses reach new customers and build relationships with both existing and prospective clients. The value of those connections is unclear – a single “like” could be worth anywhere between nothing and US$214.81, depending on the type of business and what it’s looking for Facebook users to do. An independent study from the U.S. Bureau of Economic Analysis found that from 2005 to 2015, U.S. gross domestic product grew one-tenth of 1 percent faster than it would have if Facebook hadn’t existed.
In terms of how connectivity helps advance other innovations, Facebook is a key contributor to leading-edge open-source coding projects in a range of applications, such as machine learning, gaming, 3D printing, home automation, scientific programming and data analysis, among others. The company has also leveraged its huge network of users to help authorities, communities and families respond efficiently to natural and human-caused disasters.
Particular groups of Facebook users may also see distinct benefits from being connected. Elderly people may get a cognitive boost; people who seek a self-esteem boost from viewing their own profiles, shy people, people with diabetes and people on the autism spectrum have all felt more support and improved well-being from using the site.
Can Facebook turn great to good?
As Facebook turns 15, the company faces a critical set of challenges. U.S. officials will be scrutinizing its activities and seeking ways to curb its power in society. Regulating Facebook itself will not be easy, and will generate endless debate. The company will also have to contend with covert online agents seeking to undermine democracy by using Facebook to influence elections in India, Europe, Nigeria and Poland, among other places – not to mention the 2020 U.S. presidential election.
The company’s management will have to take bold steps, not only to defend Facebook’s positive features, but to eliminate – or at least reduce – the harm the company’s products and services do to people and society. Most companies aspire to go from “good to great”; Facebook’s challenge at 15 is a bit more complicated: It must convince a skeptical public and regulators chomping at the bit that it can mitigate the effects of its bad and the ugly sides – and go from being great to being a force for good in the world.
Facebook is a persuasion platform that’s changing the advertising rulebook
January 31, 2019
Author: Saleem Alhabash, Associate Professor of Advertising + Public Relations, Michigan State University
Disclosure statement: Saleem Alhabash receives funding from the National Science Foundation, U.S. Department of Justice, and the Doner agency (Detroit).
Partners: Michigan State University provides funding as a founding partner of The Conversation US.
Facebook – the social network that started in a Harvard dorm room 15 years ago – has evolved into a media and advertising giant. It’s helped create a new age of precise consumer insights. With over 2 billion users worldwide, Facebook can offer granular data about each and every one of them to advertisers – not just demographics but the very narrowly defined interests, conversations and interactions they have on the platform. Advertisers try to leverage all that information into online purchases by directly targeting consumers with messages meant to stand out as they scroll through a newsfeed.
As a media and advertising psychology scholar, I’ve been researching Facebook and its effects on persuasion for the past 12 years. Long gone are the days of brands offering consumers meticulously crafted messages with mass appeal that provide strong arguments or important cues to get them to change their attitudes and behaviors.
Facebook has driven an ongoing digital revolution within the advertising industry, redefining the persuasive process advertisers have traditionally known. Now people communicate differently on and because of Facebook and other social media services. And their buying behaviors have changed too.
Facebook’s not so social anymore
My collaborative research suggests that people’s motivations for using Facebook have shifted over the years. People used to visit for online socialization and interpersonal communication. But now their reasons are more passive, having to do with the desire to be entertained and the simple fact that checking Facebook is convenient.
Facebook users, for the most part, have moved from being hyperactive – endlessly posting about the ins and outs and ups and downs of their lives – to being, simply put, habitual lurkers.
There are two reasons. First, Facebook has reinvented itself repeatedly over the past 15 years with updates to its look and feel as well as functionality.
Second, users’ perceptions of Facebook have changed. The size of a typical “friends” network has increased immensely. For many, the Facebook experience has shifted from simulating a high school reunion with a few handfuls of invitees to an outdoor rock concert with a huge audience.
The connection with one’s strong ties – your close friends – still remains. But people are gravitating toward using Facebook to see what’s out there, grab a smile or a laugh and then move on with their lives. Sure, there’s always the political rants, that obscene post by a college friend or other messages that make your eyes roll – but for the most part, people use Facebook because it entertains them and it’s part of their daily ritual. Research suggests this pattern holds in the United States and other countries, such as Taiwan.
A few years ago, some graduate students and I brought college student volunteers into our lab. We asked them to use Facebook while we recorded where their eyes traveled on the screen and how they responded psychophysiologically in terms of their heart rate, skin conductance level and facial electromyography muscle activation. Researchers have long associated these biological measures with psychological processes that could indicate attention, emotional arousal and what psychologists call emotional valence – that is, pleasant versus unpleasant emotions.
We were trying to understand the psychophysiological responses that precede specific behaviors on Facebook, such as pressing the “like” button as well as sharing or commenting on someone else’s post. These behaviors have emerged over the years as indicators of online advertising and marketing effectiveness. Traditional advertising concepts like return on investment have been replaced by return on engagement.
We found that prior to pressing the “like” button, participants exhibited a particular pattern of heart rate activation and skin conductance level – the same one that characterizes an orienting response. This is a brief, automatic “What is it?” reaction to an external stimulus or a change in the environment. It’s the same response you have, without much conscious effort, when someone enters the room or calls your name. It makes perfect sense that pressing “like” would have similar characteristics. Who, when scrolling through an endless newsfeed, pauses to think long and hard about whether to “like”? Very few!
The fact that people press the “like” button in this automatic mode is significant for multiple reasons. First, the nature of the Facebook environment offers multiple bits of information at any particular moment, all competing for your attention. Specific bits that do catch your attention may be lucky enough to be rewarded with a behavior – a “like” or a “share.”
And from an advertising perspective, these automatic behaviors are important. Other studies my colleagues and I conducted found that expressing intentions to like, share and comment on something were strong positive predictors of participants’ readiness to enact relevant behaviors offline. It makes sense: if you “like” a bunch of woolen socks online, maybe you’re getting closer to investing in some new warm gear.
Targeted ads push you to act
The way people interact with Facebook is changing how they can be persuaded to think about or do a particular thing.
With tons of information presented at the same time, your brain is forced to decide quickly what’s relevant or interesting. Facebook and other social media services take advantage of this – pushing you to slip easily from thought to behavior. It emphasizes your impulses and decreases the opportunities for you to think more thoroughly about your perceptions, attitudes and decisions.
Think about seeing a product on Facebook, “liking” or “sharing” it, then immediately clicking the ad to place the product in a shopping cart on Amazon. Just like that, within a few seconds, you’ve moved from noticing a product and indicating an attitude online to that same product being purchased and marked for shipping to your doorstep.
This is a vastly different process from seeing an ad on TV, then having to get into your car or take the bus to travel to the brick-and-mortar store, picking the advertised product from the pile, holding it in your hands and taking it to the register for purchase.
Of course not every single exposure to an ad on Facebook and other social media ends up with a conversion to purchase. There is a lot that does not end up in the shopping cart.
But having the infrastructure to facilitate these types of impulsive behaviors has ramifications for other areas of persuasion. Take alcohol use and overuse as an example. How does this thought-behavior connection pan out when someone with a high risk of alcohol abuse sees a message from a friend or a marketer on Friday night promoting drinking? Or when a college student sees his friends posing with green beer mugs on St. Patrick’s Day on Facebook? Would that prompt him to get that nth drink that would raise his blood alcohol concentration level to a risky one? Our research on the effects of branded alcohol posts suggests this is plausible.
Changing consumer habits combined with companies’ abilities to target them with personalized messages streamed to their mobile devices mean advertisers and marketers are in a new environment. People mindlessly scroll, clicking automatically. Messages come at people nonstop, trying to convert them into consumers by exploiting those habits. And even at times when that conversion likelihood is low, brands can just try again, and again, and again and again.