在「iPhone 的電池與效能」這篇提到了 iPhone 換電池可以恢復效能，結果 Geekbench (也就是原來在 Reddit 上抱怨的人用的測速軟體) 的 John Poole 從 Geekbench 的回報資料庫裡分析了資料，發現了特別的現象後寫下這篇文章 (於是後來引發一連串報導，以及 Apple 的 PR 事件)：「iPhone Performance and Battery Age」。
他先拿 iPhone 6S 分析，這看起來就不太妙：
再拿 iPhone 7 的資料分析，就更確定不妙：
可以看到 iOS 的 10.2.1 與 11.2.0 有奇怪的效能集中區。
然後最新的發展就不太意外了，開始要打架了：「Days after iPhone battery fiasco, lawsuits against Apple begin to mount」。
My iPhone 6S has been very slow these past few weeks, and even after updating multiple times, it was still slow. Couldn’t figure out why, but just thought that iOS 11 was still awful to me. Then I used my brother’s iPhone 6 Plus and his was... faster than mine? This is when I knew something was wrong. So, I did some research, and decided to replace my battery.
Regulators in South Korea summoned Google (GOOGL, Tech30) representatives this week to question them about a report that claimed the company was collecting data from Android devices even when location services were disabled.
U.K. data protection officials are also looking into the matter.
這次的事情是 microG 的人 fork 了 LineageOS 專案，因為 LineageOS 專案拒絕 microG 的 signature spoofing patch：
Why do we need a custom build of LineageOS to have microG? Can't I install microG on the official LineageOS?
MicroG requires a patch called "signature spoofing", which allows the microG's apps to spoof themselves as Google Apps. LineageOS' developers refused (multiple times) to include the patch, forcing us to fork their project.
Wait, on their FAQ page I see that they don't want to include the patch for security reasons. Is this ROM unsafe?
No. LineageOS' developers hide behind the "security reasons" shield, but in reality they don't care enough about the freedom of their users to risk to upset Google by giving them an alternative to the Play Services.
The signature spoofing could be an unsafe feature only if the user blindly gives any permission to any app, as this permission can't be obtained automatically by the apps.
Moreover, to further strengthen the security of our ROM, we modified the signature spoofing permission so that only system privileged apps can obtain it, and no security threat is posed to our users.
於是就 fork 了新的專案... 就觀察看看吧。
Guess what else was released in May 2015? RFC 7540, otherwise known as HTTP/2. In retrospect this seems highly poetic, as HTTP/2 kinda makes the compound document aspect of JSON-API a little bit pointless, and compound documents to me go hand in hand with what JSON-API is as a standard.
前陣子的報料，美國的電信商提供 API 給第三方，讓第三方可以用 IP address 查出你的真實身份：「Want to see something crazy? Open this link on your phone with WiFi turned off.」，像是這樣：
These services are using your mobile phone’s IP address to look up your phone number, your billing information and possibly your phone’s current location as provided by cell phone towers (no GPS or phone location services required).
目前所有的網站都已經被下架了，但可以從當時的截圖看到有多少資訊。AT&T 的新聞稿在「AT&T Helps Businesses Improve Mobile Transaction Security with New Mobile Identity API Toolkit」，新聞稿沒被下掉我猜可能是因為上市公司受法令限制的關係？
But what these services show us is even more alarming: US telcos appear to be selling direct, non-anonymized, real-time access to consumer telephone data to third party services — not just federal law enforcement officials — who are then selling access to that data.
而且作者在 GitHub 上看到有程式碼針對韓國電信商提供的 API 呼叫，所以韓國也有類似服務：
I found what looks like a third-party API implementation for a Korean Danal API on GitHub. The author wrote the code for South Korean telcos, so there may be differences with US carriers. The query parameters in the HTTP requests are similar to what I remember seeing in the Danal demo. It’s unclear from my reading of the code whether or not this API requires operation inside of e.g. a Danal Inc. hosted-iframe for identity confirmation. The diagram on page 4 of this documentation describing the Korean “Danal Pay” service appears to show the client interacting with the customer’s servers only.