As new European tech regulations are set to take effect in the coming weeks, Apple is preparing for a future where it will be required to allow users to download apps from sources outside of its App Store. The company hasn’t shared details about how the process, called sideloading, will work, but it seems it may not allow developers to circumvent the company’s fees and app review rules after all.

The Wall Street Journal reports that the App Store owner “plans to collect fees from developers that offer downloads outside of the App Store” and that it will require some kind of review for downloads that don’t go through its storefront. Sideloading would only be offered to iOS users in the European Union in order to comply with the bloc’s Digital Markets Act.

While the report notes Apple’s plan hasn’t been finalized, the strategy would be in line with another significant change the company just made to its US App Store policies. Last week, the company officially changed its rules for US developers to enable in-app purchases that bypass the App Store’s billing system.

However, the new rules, which came after a lengthy court battle with Fortnite developer Epic Games, stipulate that developers must still pay a hefty 27 percent commission on purchases made outside of the App Store (some smaller developers will only be charged 12 percent). The new rules also give Apple the right to audit developers’ records to ensure compliance. That’s already led to much criticism from Epic, Spotify and other developers who have long been critical of the App Store’s restrictive rules and fees.

If Apple were to charge developers for sideloading, that could lead to similar criticism from app makers. The Digital Markets Act is set to go into effect March 7, and even though Apple has yet to share its plan to comply with the regulation, companies that have previously butted heads with Cupertino over its rules are already preparing. Spotify, a longtime opponent of the App Store’s commission, just previewed what the European version of its app will look like once users can pay for subscriptions and audiobooks inside of its app.

The Wall Street Journal also reports that Meta, another vocal Apple critic, is working on its own project that would allow it to distribute developers’ apps via Facebook ads. The effort, reportedly called “Project Neon” internally, could allow the Facebook owner to compete with the App Store more directly, at least in Europe.

The Securities and Exchange Commission has provided more details about how its official X account was compromised earlier this month. In a statement, the regulator confirmed that it had been the victim of a SIM swapping attack and that its X account was not secured with multi-factor authentication (MFA) at the time it was accessed.

“The SEC determined that the unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent 'SIM swap' attack," it said, referring to a common scam in which attackers persuade customer service representatives to transfer phone numbers to new devices. “Once in control of the phone number, the unauthorized party reset the password for the @SECGov account.”

The hack of its X account, which was taken over in order to falsely claim that bitcoin ETFs had been approved, has raised questions about SEC’s security practices. Government-run social media accounts are typically required to have MFA enabled. The fact that one as high-profile and with potentially market-moving abilities like @SECGiv would not be using the extra layer of security has already prompted questions from Congress.

In its statement, the SEC said that it asked X’s support staff to disable MFA last July following “issues” with its account access. “Once access was reestablished, MFA remained disabled until staff reenabled it after the account was compromised on January 9,” it said. “MFA currently is enabled for all SEC social media accounts that offer it.”

While the lack of MFA likely made it much easier to take over the SEC’s account, there are still numerous questions about the exploit, including how those responsible knew which phone was associated with the X account, how the unnamed telecom carrier fell for the scam and, of course, who was behind it. The regulator said it’s investigating these questions, along with the Department of Justice, FBI, Homeland Security and its own Inspector General.

A hacking group linked to a Russian intelligence agency accessed the emails of several senior Microsoft executives and other employees, the company disclosed Friday.

Microsoft said it detected the attack on January 12, and has determined that a hacking group known as Midnight Blizzard or Nobelium is responsible. That’s the same group behind the 2020 SolarWinds cyberattack. Microsoft and US cybersecurity officials have said Nobelium is part of Russia’s Foreign Intelligence Service (SVR).

“Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” the company wrote in a blog post.

The company didn’t identify which members of its “senior leadership” were targeted, but said its initial investigation suggests the group was looking for information related to itself. Company officials so far have no evidence that “customer environments, production systems, source code, or AI systems,” were accessed.

Though the company says the attack “was not the result of a vulnerability in Microsoft products or services,” it is taking steps to “immediately” improve the security of “Microsoft-owned legacy systems and internal business processes.” The changes “will likely cause some level of disruption,” it added.

Meta is reorganizing its AI teams as it joins the growing ranks of companies trying to create artificial general intelligence, or AGI. Mark Zuckerberg, who has been increasingly focused on the company’s AI research, said the change would help the company “accelerate” its research and, eventually, improve the metaverse.

Meta currently has two teams pursuing AI research: the Fundamental AI Research (FAIR) team, started in 2013, and a team solely focused on generative AI experiences for users of its apps. With the change, Zuckerberg said, the company would bring the two “closer together” as it looks to expand both groups. Meta’s CEO didn’t say how many workers it might add to its AI efforts, but the expansion is notable considering the company has shed more than 20,000 jobs since 2022.

In a video posted to Threads, Zuckerberg said the changes would “support our long-term goals of building general intelligence, open sourcing it responsibly, and making it available and useful to everyone in all of our daily lives.” The change is also the latest way that Zuckerberg is trying to position Meta as a leading AI company in an increasingly crowded field of buzzy generative AI companies and projects.

Creating AGI, a type of AI often compared to human-level intelligence, has become a particular fascination for many of these companies, including Elon Musk’s x.ai, OpenAI and Google. Now, Zuckerberg is throwing Meta’s vast resources at the effort. “We're building a massive amount of infrastructure,” Zuckerberg wrote. “At the end of this year, we'll have ~350k Nvidia H100s — and overall ~600k H100s H100 equivalents of compute if you include other GPUs.”

At the same time, Zuckerberg made it clear he has no plans on giving up on the metaverse, which he says will also benefit from AI advancements. “The two major parts of our vision — AI and the metaverse — are connected,” he wrote.

Linking the company’s AI work to the metaverse isn’t a new strategy for Zuckerberg, who spent much of last year’s Connect event hyping generative AI. Still, it could be a risky one. Zuckerberg’s metaverse is still not widely understood, or especially popular. But Zuckerberg seems to think that may change as the company improves its smart glasses and the AI embedded in them. “By the end of the decade, I think lots of people will talk to AIs frequently throughout the day using smart glasses like what we're building with Ray Ban Meta,” he said.

TikTok has shared more about its plans to fight misinformation ahead of the 2024 presidential election. And, like many of its social media peers, the company’s 2024 efforts will closely resemble what it’s done in the past.

To start, the company is introducing its in-app election guide, which will point users to information about voting, including how to register and how to vote by mail. While the election guide will look similar to years past, the company is introducing it earlier than it has in past elections (its election resources for 2020 and 2022 debuted much closer to their respective contests than this year’s, which comes just as the presidential primaries are getting underway).

TikTok’s approach to misinformation in 2024 hasn’t changed much since 2022. The company will continue to bar political ads, including those that come via creators’ branded content. It will also keep working with fact-checking organizations, which help determine whether content is eligible for recommendations or warrants an “unverified” label. The company says it will “expand media literacy resources to these labels” later this year, which could make the notices more useful to users who encounter them, though it’s unclear what that will look like just yet.

TikTok’s plan for 2024 comes as experts warn that the rise of generative AI could fuel a new wave of viral election misinformation. On its part, TikTok acknowledges that generative AI has created “new challenges” for the social media industry, but stopped short of offering any new policies to address it. Instead, the company says it will keep enforcing its existing rules, which prohibit “misleading” AI-generated content and require creators to disclose when videos use “realistic” AI-generated content.

“As the technology evolves in 2024, we'll continue to improve our policies and detection while partnering with experts on media literacy content that helps our community navigate AI responsibly,” the company wrote in a blog post.

When it comes to disinformation and coordinated efforts to manipulate its platform, TikTok is making a notable change. The company says it plans to release detailed reports on covert influence campaigns ahead of the 2024 contest It already discloses some information about influence campaigns it uncovers in its quarterly transparency reports, but the disclosures are typically short on details. That should change this year, according to TikTok, which says it will begin releasing “dedicated covert influence operations reports” later this year.

Sheryl Sandberg is leaving Meta’s board of directors after 12 years, ending her last official role with the company. In a post on Facebook, she said that “this feels like the right time to step away” and that she would continue to advise the company.

Sandberg spent 14 years as Meta’s COO and Mark Zuckerberg’s top lieutenant and 12 years on the company’s board. Her role as board member will officially end in May. “After I left my role as COO, I remained on the board to help ensure a successful transition,” she wrote. “Under Mark's leadership, Javi Olivan, Justin Osofsky, Nicola Mendelsohn, and their teams have proven beyond a doubt that the Meta business is strong and well-positioned for the future, so this feels like the right time to step away.”

Meta hasn’t commented on who may take over the board seat. During her time with Meta, Sandberg was known for leading the company’s multibillion-dollar ad business. According to Axios, revenue grew 43,000% during her tenure. But her status within the company had changed in recent years as Zuckerberg embraced the metaverse, which doesn’t currently have a clear path for an advertising business.

“Your dedication and guidance have been instrumental in driving our success and I am grateful for your unwavering commitment to me and Meta over the years,” Zuckerberg wrote on Facebook. “I look forward to this next chapter together!”

Apple is relaxing a key App Store rule that has long been a source of frustration to developers. The iPhone maker will allow U.S. developers to link to outside websites for in-app purchases, according to the company’s updated developer guidelines.

The change comes shortly after the United States Supreme Court rejected an appeal to reconsider a lower court ruling requiring Apple to allow developers to direct customers to alternative payment methods. The change only applies to iOS and iPadOS apps in the U.S. app stores and developers are still required to pay a commission for in-app purchases not made via the App Store.

It seems that Apple will continue to maintain tight control over payments, even under the new rules. According to a support page, developers will need approval from Apple before they can take advantage of the new rule, and app makers will only be permitted to notify users about alternative payment methods in specific ways. For example, the company’s guidelines to developers stipulate that links can only be shown in an app one time, and only in “a single, dedicated location.” App makers are also prohibited from using in-app pop-ups or mentioning outside payments in their App Store listing.

The company is also officially requiring developers to pay it a commission for purchases made outside of its App Store. The commission is set at 12 percent for developers who are part of its small business program, and 27 percent for larger developers. But, as 9to5Mac points out, the company may have some trouble enforcing those terms. In court documents, the company argued that it would be “exceedingly difficult and, in many cases, impossible” to collect the fees.

Still, the change is a significant concession for Apple, which has long been criticized for developers for App Store rules sometimes viewed as draconian and arbitrary. The company’s rule barring developers from communicating with users about alternative (and often cheaper) payment methods was a central aspect of the Epic v. Apple trial in 2021. The company had previously loosened some of these rules following the trial and a subsequent class-action lawsuit from developers.

Developing...

Artifact, the buzzy news app from Instagram co-founders Kevin Systrom and Mike Krieger, is shutting down less than a year after its launch. In a note on Medium, Systrom said the app’s “core news reading” features would be online through the end of February, but that it would remove commenting and posting abilities immediately.

Besides its famous founding team, the app was known for AI-centric features as well as Reddit-like commenting and posting abilities. The app had won praise from journalists who appreciated reporter-friendly features like dedicated author pages and had been featured prominently in Apple and Google’s app stores.

But after a year of work, it seems Systrom and Krieger encountered many of the same struggles as founders of buzzy news apps before them. “We have built something that a core group of users love, but we have concluded that the market opportunity isn’t big enough to warrant continued investment in this way,” Systrom wrote.

While he didn’t say what he might do next, Systrom’s note hinted that he may at some point take on a new AI-focused project. “I am personally excited to continue building new things, though only time will tell what that might be,” he wrote. “We live in an exciting time where artificial intelligence is changing just about everything we touch, and the opportunities for new ideas seem limitless.”

In the meantime, Artifact fans have a few more weeks to keep checking headlines before the app goes offline for good.

Another lawmaker is pushing the Securities and Exchange Commission for more information about its security practices following the hack of its verified account on X. In a new letter to the agency’s Inspector general, Senator Ron Wyden, called for an investigation into “the SEC’s apparent failure to follow cybersecurity best practices.”

The letter, which was first reported by Axios, comes days after the SEC’s official X account was taken over in order to post a tweet claiming that spot bitcoin ETFs had been approved by the regulator. The rogue post temporarily juiced the price of bitcoin and forced SEC chair Gary Gensler to chime in from his X account that the approval had not, in fact, happened. (The SEC did approve 11 spot bitcoin ETFs a day later, with Gensler saying in a statement that “bitcoin is primarily a speculative, volatile asset that’s also used for illicit activity.”)

The incident has raised a number of questions about the SEC’s security practices after officials at X said the financial regulator had not been using multi-factor authentication to secure its account. In the letter, Wyden, who chairs the Senate’s finance committee, said it would be "inexcusable" for the agency to not use additional layers of security to lock down its social media accounts.

“Given the obvious potential for market manipulation, if X’s statement is correct, the SEC’s social media accounts should have been secured using industry best practices,” Wyden wrote. “Not only should the agency have enabled MFA, but it should have secured its accounts with phishing-resistant hardware tokens, commonly known as security keys, which are the gold standard for account cybersecurity. The SEC’s failure to follow cybersecurity best practices is inexcusable, particularly given the agency’s new requirements for cybersecurity disclosure”

Wyden isn’t the only lawmaker who has pushed the SEC for more details about the hack. Senators J. D. Vance and Thom Tillis sent a letter of their own, addressed to Gensler, immediately following the incident. They asked for a briefing about the agency’s security policies and investigation into the hack by January 23.

The SEC didn’t immediately respond to a request for comment. The agency said in an earlier statement that it was working with the FBI and the Inspector General to investigate the matter.

The Securities and Exchange Commission has approved the applications of 11 spot bitcoin ETFs in a highly anticipated decision that will make it much easier for people to dabble in cryptocurrency investing without directly buying and holding bitcoin. The approval comes one day after a hacker temporarily took over the SEC’s X account and posted a rogue tweet saying that bitcoin ETFs had been approved by the regulator.

The approval is a significant milestone for crypto investors, who for years have tried to win SEC approval for the investment funds that hold bitcoin. With the approval, 11 such funds will be listed on public stock exchanges.

United States financial regulators have long been wary of bitcoin and other cryptocurrencies and in a statement, SEC Chair Gary Gensler wasn’t exactly effusive about the merits of bitcoin. “Bitcoin is primarily a speculative, volatile asset that’s also used for illicit activity including ransomware, money laundering, sanction evasion, and terrorist financing,” he wrote.

“While we approved the listing and trading of certain spot bitcoin ETP shares today, we did not approve or endorse bitcoin. Investors should remain cautious about the myriad risks associated with bitcoin and products whose value is tied to crypto.”

Gensler may have more reasons than usual to be circumspect. On Tuesday, one day before the SEC’s decision on bitcoin ETFs was due, the SEC’s official X account was hacked. The attackers posted a rogue tweet claiming the funds had been approved, causing a temporary spike in the price of bitcoin. The SEC has said it’s working with the FBI and Inspector General to investigate the matter.