AppleInsider · Kasper's Automated Slave

Despite evidence that Apple has worked with Spotify and other competitors, Apple appears to expect that the European Commission will rule against the company based on the music competition probe.

Spotify

The European Commission has been investigating Apple and how it handles competing developers like Spotify. The probe could result in a 500 million euro fine and additional regulation on how Apple handles business with its products and the App Store.

According to information provided to AppleInsider by Apple, the company is concerned that the European Commission (EC) will rule in Spotify's favor and give it even greater control of the streaming market. After a decade of investigations, Apple claims the EC has failed to find anything proving Apple has caused consumer harm or anti-competitive behavior.

Spotify pays Apple zero commission thanks to its reader app status and has access to many Apple technologies for the price of a $100 per year developer fee. Its apps work with thousands of Apple-provided APIs over 60 frameworks.

Despite that, Spotify wants even more control on iOS to increase its profits even more. The latest attempt for Spotify to get a favorable EC ruling relies on targeting Apple's anti-circumvention rules.

Apple provided a statement to AppleInsider on the matter:

"We're happy to support the success of all developers -- including Spotify, which is the largest music streaming app in the world. Spotify pays Apple nothing for the services that have helped them build, update, and share their app with Apple users in 160 countries spanning the globe. Fundamentally, their complaint is about trying to get limitless access to all of Apple's tools without paying anything for the value Apple provides."

The push from Spotify since 2013 is unprecedented, having met with the EC at least 65 times. Its arguments paint itself as an underdog, but the numbers show otherwise.

Apple Music occupies only 11% of the streaming market in the EU, while Spotify dominates at 56%. Apple is the fourth most popular streamer after Spotify, Amazon Music, and YouTube Music.

Apple believes there isn't any evidence of anti-competitive behavior or consumer harm. Consumers have plenty of choices, and the streaming market is thriving.

Another argument that's being made is that customers don't know how to subscribe to music services outside of an app. This argument doesn't seem to hold any weight as Spotify grew over the past decade, even before Apple introduced new App Store rules.

Spotify can directly email customers with offers for premium plans and does so. The company so far hasn't taken advantage of the in-app link to external subscriptions, but it is considered a reader app, so account creation and subscription can take place outside of the iPhone app.

No judgment from the EC has been made yet, but clearly, Apple expects a ruling in Spotify's favor. What this means for Apple's existing business model remains in question.



Read on AppleInsider

Apple is overhauling the cryptographic security of iMessage by introducing a new messaging protocol to thwart advanced computing that has yet to become a feasible threat, and probably won't for years.

iMessage on an iPhone

Apple already includes end-to-end encryption in its secure iMessage platform. But while elements such as Contact Key Verification can help keep users secure from current-generation computing threats, it could have a hard time taking on quantum computing.

To thwart quantum computers when they eventually become more commonly used, Apple is not waiting until they arrive to bolster its security.

As described in an Apple Security Research Blog post on Wednesday, Apple wants to protect communications that are occurring now from the future threat by introducing a new cryptographic protocol to iMessage called PQ3.

Harvest Now, Decrypt Later

Encryption relies on mathematical problems and algorithms to maintain security, with more complex models offering more security simply by the nature of how encryption is broken. If a bad actor cannot get the key to break the encryption, they instead have to rely on brute-forcing every potential combination of keys to defeat the algorithm.

For current computers, it's a time and resource-intensive task to crunch through every single possibility until the right one is discovered. However, quantum computers have the potential to do the same calculations quickly, breaking encryption.

However, quantum computing is still not available since it is still being worked on, and isn't commercially viable to roll out to a wider audience For the moment, quantum computing isn't an issue, but at some point in the future, it could be.

Banking on the probability that quantum computing will become more widespread in the future, bad actors are still holding onto encrypted data they can't access now, in the belief they can decrypt the data down the road. It is an attack scenario referred to as Harvest Now, Decrypt Later, and one that relies more on cheap storage than the expense of trying to break security by brute force.

Harvest Now, Decrypt Later does theoretically mean that all currently encrypted communications is at risk from future exposure by someone wholesale collecting communications, on the expectation that it will be easier to do with quantum computing.

Post-quantum cryptography

To try and minimize the risks from the use of quantum computing, cryptographers have worked on post-quantum cryptography (PQC). This consists of new public key algorithms that are becoming the basis of quantum-secure protocols, namely protocols that can be used by current non-quantum computers, but that are still secure when put against quantum computers.

Apple describes the state of quantum cryptography in messaging applications in a tiered approach, increasing with the level number. Level 0 and Level 1 are deemed Classical Cryptography without quantum security, while Level 2 and later are categorized as using PQC.

Apple's classification of quantum-security cryptography in messaging platforms

Level 0 is for messaging systems without any use of quantum security, nor do they use end-to-end encryption by default. This includes Skype, QQ, Telegram, and WeChat.

Level 1 is still not classed as quantum-secure, but it does include end-to-end encryption by default. Services using this include Line, Viber, WhatsApp, and the previous version of iMessage.

Moving to PQC levels, Signal is the first and only large-scale messaging app to be classed as Level 2, with its support for the Post-Quantum Extended Diffie-Hellman (PQXDH) key agreement protocol. This basically uses public keys for two parties to mutually authenticate each other at the start of a conversation.

However, even Level 2 has its issues, according to Apple, since it only provides quantum security if the conversation key isn't compromised. An attacker can potentially have the means to compromise encryption keys, providing access to the encrypted conversations until the keys are changed.

By regularly changing the keys, this places a limit on how much of a conversation an attacker could see if a key is compromised. This is the case both for acquired key access and for quantum processing attempts.

With this line of thinking, Apple says that apps should try to achieve Level 3 security, when PQC is used in securing the initial establishment of keys for communications as well as the ongoing message exchange. Level 3 should also include the ability to automatically restore cryptographic security, even if a key is compromised.

iMessage and PQ3

Apple's announcement is that it has come up with a new cryptographic protocol it calls PQ3 that will be incorporated into iMessage. The change offers "the strongest protection against quantum attacks," with iMessage becoming the first and only to support Level 3 security.

The rollout of PQ3 to iMessage will start with the public releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4, and has already been incorporated into developer previews and beta releases. Existing iMessage conversations between devices that can support PQ3 will be automatically changing over to the new protocol.

Apple adds that, as it "gains operational experience with PQ3 at the massive global scale of iMessage," PQ3 will replace existing cryptographic protocols within all supported conversations by the end of 2024.

There were a number of requirements needed by Apple for PQ3 to work properly. This included introducing post-quantum cryptography from the start of a conversation, as well as limiting how much of a conversation could be decrypted with a single compromised key.

It also had to use a hybrid design that combines post-quantum algorithms with current Elliptic Curve algorithms so that PQ3 cannot be less safe than current-gen protocols. There's also a need to amortize the message size, reducing the overhead of additional security.

Lastly, it needs to use formal verification methods that can "provide strong security assurances for the new protocol," Apple writes.

On this last point, Apple has already gone to great lengths to formally verify PQ3's effectiveness, including an extensive review from multi-disciplinary teams in Apple's Security Engineering and Architecture, as well as foremost experts in cryptography.

A team led by Professor David Basin, the head of the Information Security Group at ETH Zurich, as well as Professor Douglas Stebila of the University of Waterloo, have researched post-quantum security for internet protocols. Each used different mathematical approaches to demonstrate PQ3 will remain secure so long as the underlying cryptographic algorithms hold up.

Apple also brought in a leading third-party security consultancy to independently assess PQ3's source code, and found no security issues.

How PQ3 works

PQ3 uses a new post-quantum encryption key in the public keys the devices generate locally, which are sent to Apple's servers for iMessage registration. This process lets sender devices get the receiver's public keys and to generate post-quantum encryption keys from the very first message and initial key establishment, even if the recipient is offline.

A "periodic post-quantum rekeying mechanism" is also included within conversations, which can self-heal the security from key compromises. New keys sent with conversations are used to create fresh encryption keys, which cannot be computed by analysis of previous keys, further maintaining security.

Attackers would also have to beat the hybrid design that combines both the Elliptic Curve and post-quantum elements for initial key establishment and for rekeying.

The rekeying process involves the transmission of new public key material in-band with encrypted devices that devices are exchanging with each other. New public keys based on Elliptic Curve Diffie-Hellman (ECDH) are transmitted in line with responses.

Since the post-quantum key is much larger than current existing protocols, Apple minimizes the impact of the size by making the rekeying process happen periodically, instead of every message.

The condition of whether to rekey and transmit is one that tries to balance the size of messages in a conversation, the experience of users with limited connectivity, and the need to maintain infrastructure performance. Apple adds that, if it's needed in the future, software updates could increase the rekeying frequency, while keeping the system backward-compatible with all PQ3-supporting hardware.

After implementing PQ3, iMessage will continue to use classic cryptographic algorithms to authenticate senders and verify the Contact Key Verification account key, as it says the mechanisms are not able to be attacked retroactively by future quantum computers.

To insert itself into the middle of an iMessage conversation, an attacker would need a quantum computer that could break an authentication key before or at the time the communication takes place. Apple claims this thwarts Harvest Now, Decrypt Later scenarios since it requires a quantum computer capable of performing the attack at the time of the communication itself.

Apple believes the capability to attack the new protocol is "many years away," but its security team insists it will continue to assess the needs of post-quantum authentication to defeat future attacks.



Read on AppleInsider

A cinephile has discovered that Apple Vision Pro will show Panavision 70 movies in their correct and very wide screen aspect ratio.

Watching a widescreen movie on Apple Vision Pro

Apple has emphasized how immersive Apple Vision Pro is for entertainment, but the firm's typical attention to detail means it's reportedly gone further than other with movies. When watched through the headset, even films shot in the 70mm Panavision format will be shown as they were meant to be seen in the theater.

"I have The Hateful Eight in my apple library, bought it some time ago because it has great extras," writes a movie buff on Reddit. "As you may know, Tarantino shot it on actual film using 70mm Panavision. I saw it in when it first came out in a theater and it was presented as it was meant to -- in Panavision... [but] you can't see it like that anywhere unless you're in a theater that's properly outfitted."

"Until now," continues Reddit user NeoYossarian. "I went to view it using VisionPro, put it in Cinema mode, and IT WAS IN THE ORIGINAL ASPECT RATIO!!"

"I was watching a full screen 70mm film in my living room, exactly as it was meant to be seen," says the user. "Apple deserves HUGE congratulations for this... I almost wept."

How the aspect ratio is vital

Movies went widescreen decades ago, specifically to counter the then-rising threat of small screen television. One of the absolute widest of widescreen technologies, was Panavision -- often called Ultra Panavision 70 --which needed special lenses.

These anamorphic lenses were fitted to the cameras shooting the movie, and these then compressed the image being filmed. Movie theaters then had anamorphic lenses on their projectors, to take the compressed images and show them as they were intended.

If it were originally an attempt to show movie theaters were more immersive than small TV screens, it later became a stylistic choice for directors such as Quentin Tarantino. He shot The Hateful Eight in the format, and also produced a special theater release of it in this form, before the official debut in 2015.

The next year, director Gareth Edwards and cinematographer Greig Fraser shot the Star Wars movie, Rogue One in a digital version of Ultra Panavision 70. But long before then, back in the late 1950s and early 1960s, Ben Hur was shot this way, as was Mutiny on the Bounty, and It's a Mad, Mad, Mad, Mad World.

A film's aspect ratio can't be changed in Apple Vision Pro, but the screen can be dragged to make it bigger and more cinema-like

Stylistic choice of format

This format allowed filmmakers to shoot and then later to screen movie images that were in the ratio of 2.76:1. That compares to the more common 16:9.

Now that TV sets are typically 16:9, films that are wider than that are shown with black borders at top and bottom. The technique is called letterboxing and does resemble looking through a door's letterbox at the film.

Not in Apple Vision Pro, though. Since there is no screen to display the film on per se, since it can take up the width it needs, Apple supports the Panavision 70 ratio.

In retrospect, it's obvious that the Apple Vision Pro should have the capability to show such a widescreen movie since there are no constraints to the size of the image it displays. But since Panavison version of the film has to be sourced, it's an example of Apple recognizing a difference and sweating the details to get film fans the right ratio.

Separately, it's been reported that Apple Vision Pro has 50 times the resolution of an iPhone 15. No wonder the Reddit user was so pleased.



Read on AppleInsider

Apple's decision to introduce RCS support to iMessage sometime in 2024 wasn't caused by pressure from Europe, according to a new report, but instead China may have had more to do with the move.

RCS support will be added to the iPhone sometime in 2024

In November, after years of pressure from Google, Apple agreed it would introduce support for the somewhat flawed RCS messaging standard in iMessage. At the time, Apple said it would arrive during 2024 at some point.

But while it was thought by some that the European Union had something to do with it, one report believes it could've been political pressure from China that caused Apple's change of heart.

John Gruber's Daring Fireball first refers to the European Commission's decision that Apple didn't qualify as a "gatekeeper" to be affected by the inbound Digital Markets Act. The decision means that Europe wasn't going to force Apple into allowing third-party apps to use iMessage services.

He refers to reports in November about Apple's decision somehow being influenced by Europe as making "zero sense," other than seemingly revealing a belief in some of government regulation being better than relying on market forces.

Gruber adds that there were EU leaks from September that iMessage wasn't to be considered a gatekeeper, before Apple's November RCS confirmation. This meant the Europe claims "made no sense timing-wise."

The lack of a direct mention of RCS in DMA is also a factor. The act does mention messaging platform interoperability but as RCS isn't an interoperability protocol and lacks encryption as a messaging platform, it's not much better than SMS itself.

There's also discussion about the assumption of the Commission forcing Apple's hand being "lazy thinking" according to Gruber, despite years of Apple's reluctance to support RCS.

Apple's use of both phone numbers and emails to allow users to use iMessage also stands out compared to other platforms, especially when mixing with carrier-based SMS services. The use of emails as a primary unique identifier for iMessage alongside phone numbers means you can use it without a phone number at all.

The SMS support in the Messages app is more Apple magic than something permeating all of its hardeare, as the SMS itself is still sent and received through an iPhone, and Apple merely handles inter-device synchronization. The Mac is not capable of handling SMS on its own without the iPhone as a conduit.

SMS requires the iPhone to work, and RCS does too, but iMessage does not, Gruber adds. Even if iMessage was deemed a gatekeeper platform, the addition of RCS wouldn't have mattered for DMA compliance since the messages app is a multi-platform app: iMessage and SMS.

China is requiring RCS

To answer why Apple changed its stance on RCS, Gruber cannot say with certainty, but after months of online whispers, he declares Apple's hand "was effectively forced" by China.

Gruber points out that Chinese carriers have supported RCS for years, to the level that the Chinese government started in 2023 to codify into law that new 5G devices would require RCS support to be certified in the country.

Highlighting the country's issues with surveillance and privacy, Gruber believes the Chinese government doesn't care about RCS lacking encryption.

He underlines the claims, insisting "iOS support for RCS is all about China."

Though Apple is thought to prefer to ignore RCS so it doesn't have to deal with new non-E2EE protocols or new carrier-controlled protocols, the control of China's government comes into play and forces changes, the report concludes.



Read on AppleInsider

If you need glasses or contacts, there's a solid chance you'll need optical inserts to use Apple Vision Pro. Here's what you need to know about these magnetic lenses.

Apple Vision Pro ZEISS optical inserts

Apple Vision Pro is designed to fit the user's face exactly. That means you won't be able to use glasses, and because of how eye-tracking works, hard contacts aren't an option either.

You won't need optical inserts if you can see fine with single-vision soft contacts. That means everyone else, those with glasses, readers, or other forms of vision correction, will need the inserts.

Apple Vision Pro ZEISS optical inserts design

Apple isn't the only company that offers some kind of inserts for vision correction in their headset. However, some companies avoid the need by building the headset with space for glasses, like PSVR 2.

The optical inserts for Apple Vision Pro are small oblong lenses surrounded by a metal frame. One side is magnetic, so it slots exactly into the headset in the correct direction.

The top of the lens has a white line to indicate which side faces up. The outer edge facing the user's nose has an "L" or "R" to show which side it belongs in.

Optical inserts by ZEISS

The magnetic strength of the lenses is enough that they won't pop out during use, no matter how much you move your head. After one mild drop to a thankfully carpeted surface, we've noticed that the lenses can pop out with enough force.

No, nothing was damaged in this drop, not even a scratch.

ZEISS is known for making high-quality camera lenses but has also made prescription inserts for different applications. The clarity of the glass lends to the high price.

Using Apple Vision Pro optical inserts

Depending on your prescription strength, you may find using Apple Vision Pro without inserts is possible. The focal distance is slightly over a meter, but it's not the same as seeing an object in real life.

Looking through multiple layers of glass can create artifacts and glare

We've noticed that while things are legible without the inserts, the difference with the inserts is night and day. The text is much sharper, and everything appears in much better focus.

There is some downside to having optical inserts, so utilize soft contacts when possible. Adding another layer of glass to the displays means introducing more possibilities for reflections and glare.

Reflections and glare are inherent to Apple Vision Pro and will occur in high-contrast areas like bright scenes of a movie playing in a dark theater. Optical inserts amplify this effect slightly, but not in a way that makes the device unusable -- it's just an effect worth noting.

Anyone who's used a headset like PSVR 2 or Meta Quest will know that it seems as if you're constantly cleaning the lenses. That hasn't been our experience with the optical inserts.

After hours of use over multiple weeks, we've had to clean the lenses only a few times. That's mostly due to handling them when removing them for others to test Apple Vision Pro.

Apple has seemingly opted for high-end glass with a coating that keeps the lenses clean -- another example of why the lenses are priced so high.

Limitations to Apple Vision Pro ZEISS optical inserts

Eyesight correction is a very nuanced problem to tackle. Several issues people can have with their eyesight make prescriptions complex or difficult to fill.

Apple Vision Pro isn't for everyone, not yet

To make things more challenging, Apple Vision Pro has to adjust its eye tracking and software based on paired prescriptions. Some things are just outside of the spectrum that software can cover, at least with the current hardware and visionOS version.

We cannot provide a magical value to tell you if you're ineligible for Apple Vision Pro prescriptions. ZEISS has a tool to insert values to check if a prescription can be filled with the optical inserts.

If one of your values is outside the range, it will be flagged. However, that's not the end of your opportunity to own and use Apple Vision Pro.

Save this information and speak to your optometrist about adjusting values to correct your vision while meeting the requirements. If that isn't possible and soft contacts or LASIK are out of the question, you may have to wait for new hardware or software to try again.

There are accessibility features for Apple Vision Pro that will help with things like monovision, a drooping eyelid, lazy eye, and other conditions. For example, users can make eye tracking rely on only one eye instead of two.

Anyone who experiences blurriness or eye strain while using Apple Vision Pro should speak to their eye care provider for an updated prescription. This applies to users relying on reader lenses, too.

Ordering Apple Vision Pro ZEISS optical inserts

If you've decided to order Apple Vision Pro, it's a straightforward process that can be completed from the Apple Store app or Apple's website. To complete the order, you'll need to know if you need readers or prescription lenses.

Optical inserts make using Apple Vision Pro without glasses possible

To order reader inserts, Apple will need to know the correction strength. They come in three strengths:

• +0.75 to +1.25D


• +1.50 to +1.75D


• +2.00 to +2.75D

Those that use readers with correction above +2.75D can try inserts within the +2.00 to +2.75 range. Otherwise, they'll need to speak to their eye care provider.

Ordering prescription strength inserts has a few more requirements, but this portion of the order is completed after Apple Vision Pro is ordered online.

You'll need a prescription with:

• Your distance correction needs and/or your near correction needs, indicated separately but on the same prescription sheet. This is known as the full manifest refraction by eye care providers.


• An expiration date (that's not expired).


• Your full name, and your prescriber's license number and signature.


• Your eye exam or issue date.

Contact lens prescriptions aren't accepted. The prescription shouldn't contain intermediate distance, task distance, or computer distance.

ZEISS optical inserts can't be made with prism values.

Reader inserts are $99. Prescription inserts are $149. Apple Vision Pro starts at $3,499.



Read on AppleInsider