All Articles by Nick Arnott

It's been almost a year since Apple re-launched TestFlight.

Apple had acquired TestFlight in 2014, and the much-anticipated announcement at WWDC gave many in the industry hope that TestFlight would spell the end for the numerous headaches associated with development builds and beta distributions. So where does TestFlight stand a year later? Has it lived up to these hopes?

There are once again some needlessly scary security articles going around, this time concerning malware dubbed "WireLurker". WireLurker hides inside pirated apps and tries to get people to install it on the Mac so it can transfer data to and from the iPhone or iPad over USB. it's important to point out almost no one reading this is in any danger from WireLurker, and anyone who is can easily avoid it. When reached for comment, Apple said:

Over the last few days, CVS and Rite Aid have disabled NFC technology at their retail outlets to prevent customers from using Apple Pay. It's been reported that this is due to an existing deal in place with a system called CurrentC, which involves the use of an app, QR codes, your bank account, and their servers. Walmart recently explained MCX's — the consortium behind CurrentC — position to Business Insider as follows:

Software is buggy. Humans write and test software and humans are imperfect; as a result, so is software. This is the reality of software and should come as a surprise to nobody. What can be surprising are the kind of bugs we actually see make their way out into the wild. We've seen two very prominent examples this week. The first was the release of iOS 8.0.1 on Wednesday which broke cellular service and Touch ID for iPhone 6 and iPhone 6 Plus users. The very same day we saw a huge bug in bash publicly disclosed; a vulnerability leaving millions and millions of personal computers, servers, embedded systems, and who knows how many other types of Internet-connected devices open to attack. And for most people, it's baffling how bugs like this could ever find their way into the world. Aren't developers supposed to be smart? The bash bug may be obscure enough that many end-users don't understand it, but what about iOS 8.0.1? How could such a big piece of software ship with such a glaring bug that broke such critical pieces of functionality?

Yesterday Apple announced Apple Pay, a payment mechanism that will be available on the iPhone 6, iPhone 6 Plus, and Apple Watch. While the convenience of such a feature is tempting, how do we know if we can trust it? To answer this, let's take a look at what we know about Apple Pay's security so far.

Every day our iPhones and iPads become a little more integrated in our lives. Every day they learn a little more about us and become more capable than they were before. And every day many of us make a choice to hand over more information about ourselves in exchange for features and convenience. One such piece of information is our location. There's a seemingly endless list of apps that may want to track your location for a variety reasons. From mapping your bike rides to recommending nearby restaurants, many of us grant apps permission to access our location every day. As more apps request and make use of this type of sensitive information, it becomes increasingly important for users to have more granular control over which apps access what information and when. With iOS 8, we will see some noteworthy changes to location permissions intended to provide more transparency, and give users more control.

Yesterday Apple released updates for iOS 6, iOS 7, and Apple TV to squash a security bug that affected SSL/TLS connections. Often times, security patches can fix obscure bugs that could only occur under the strangest of circumstances, and they get rolled in to larger updates that address many other issues. However, this fix warranted its own updates, both for iOS 7 and for iOS 6. So what kind of bug calls for such a response? Fortunately for those of us curious enough to wonder, Adam Langley has the answer.

Earlier this week, security researcher Daniel Wood disclosed his findings on Starbucks' insecure handling of sensitive user information in their iPhone app. The sensitive information discovered includes usernames, passwords, emails, addresses, location data, and OAuth keys. While Wood's findings are valid, the interpretations of his findings have been inaccurate and exaggerated.

The Internet has been buzzing about Coin, a credit card replacement announced last Thursday. Currently taking pre-orders, and planning to launch Summer 2014, Coin is a credit card-sized device which is capable of storing and behaving as pretty much any card with a magnetic strip: credit cards, gift cards, membership cards, etc. Coin allows you to select which card you want to use, and when you or a merchant swipe your credit card, the information for the appropriate card can be read from Coin. Replacing every card in your wallet with a single, card-sized device is exciting to think about, but obviously a product like this raises a lot of questions.