iOS is telling on developers

The Big Story

What Garmin's ransomware attack should teach everyone

What's happening to Garmin right now should scare you and everyone else in the tech industry. The company shut down a number of its services on Thursday due to what's been reported as a ransomware attack. It hit darn near everything:

• Garmin said its Garmin Connect service was down, which meant most people's Garmin data couldn't go anywhere. Garmin's website went down too, as did its call centers and other customer-support systems, and, according to ZDNet, factories in Taiwan. Even the page explaining the outage … was down.
• The ransomware in play, BleepingComputer said, is called WastedLocker (MalwareBytes has a good explainer on the subject), and the hackers may be demanding as much as $10 million to release the data.
• "Whatever, pay them!" you might be saying. Not that simple: The Treasury Department sanctioned the group reportedly behind the hack, known as Evil Corp, last year in an effort to stop its Dridex ransomware. It also said Maksim Yakubets, the leader of Evil Corp, has ties to the Russian government. So Garmin can't exactly write them a check.

Before you say Garmin should have been more prepared, or had it coming, I'd look into your own IT systems. There are a few lessons to be learned here, for Garmin and for your company.

• First: Make sure you have a worst-case-scenario plan, which likely involves offline backups of essential systems.
• Second: Tell your customers what's going on! Over the weekend, Garmin's social media accounts (which are, remember, basically the only way to reach the company now) have been filled with users and partners desperate for an update. And all Garmin's done is direct them to a webpage that isn't working.
• And third: If you rely on partners, make backup plans. After Garmin went down, Strava's uploads took a hit, so the company shared a bunch of workarounds for people wanting to upload their data. But Strava is still scrambling to make sure users' challenges and maps don't get messed up, all of which it did through Garmin.

One way or another, we're going to learn a lot more this week. Garmin reports earnings on Wednesday, and I'm going to bet this is the primary topic of conversation on the investor call.

In related news: Dave, the banking app, also confirmed a huge breach this weekend, after data from more than 7 million people ended up on a hacker forum.

Apple

iOS 14 apps are spilling developer secrets

Who knew a beta version of iOS could be such a fun tattletale? Over the last few months, iOS 14, which has a bunch of features designed to be more transparent about when apps are using cameras or microphones or clipboard data, has made a lot of app developers look pretty shady.

• This weekend's culprit: Instagram, which users noticed was turning the camera and microphone on while users were just browsing. Instagram called it a bug … but that's what they all say. It also said it's fixing it, which is also what they all say.

If ever you're going to test your app thoroughly on a new version of iOS, this is the time. And if you're going to keep tripping up those indicators, I'd start working on really detailed, really convincing release notes.

Now that Apple does public betas, and those public betas appear to be more usable and more popular than ever, developers might also need to think about speeding up their processes. People don't just get the new versions of iOS in September anymore. The most sophisticated users get it months earlier and likely won't accept the "it's just a bug" explanation for very long.

Twitter

A Presidential proclamation: Careful what you retweet

President Trump's (otherwise relatively boring) interview last week with Barstool Sports CEO Dave Portnoy brought a somewhat unprecedented look into how @realdonaldtrump thinks about Twitter. Here are a few excerpts:

• On what happens to the account when he leaves office: "Well it's mine, and I don't know that I'll ever use it again, but it certainly was good."
• On whether he regrets his tweets: "Often. Too often. It used to be in the old days before this, you'd write a letter and you'd say, 'This letter is really bad,' you put it on your desk, and then you go back tomorrow and you say, 'Oh, I'm glad I didn't send it.' But we don't do that with Twitter."
• On getting into trouble with the RT button: "You know what I find? It's not the tweets, it's the retweets that get you in trouble … you see something that looks good, and you don't investigate it, you don't look at what's on the helmet."

Trump spent the weekend tweeting and retweeting all sorts of stuff, proving as always that even though we know tweeting is usually a bad idea, none of us seem able to stop. Even when Twitter starts putting labels on the stuff we say.

A MESSAGE FROM HEY

Email's overwhelming, but it doesn't have to be. Introducing HEY — a radical refresh of email. Screen your emails like you screen your calls, block spy pixel tracking, merge threads together, newsfeed-style reading, and much more. Try it today atHEY.com.

People Are Talking

Elon Musk said Facebook's leaders aren't handling themselves well in the public eye … which is really something, coming from Elon Musk:

• "I'm, like, not pro-Facebook. I don't have a Facebook page. SpaceX and Tesla deleted their Facebook pages. SpaceX and Tesla do have an Instagram but I think it's relatively harmless. So I think Zuckerberg and Sheryl Sandberg still have a lot of work to do to restore public trust in Facebook itself."

You need to make your employees take vacation this summer, even if they're just staying home, Chegg's Heather Hatlo Porter said:

• "The management team's hope is that they're actually disconnecting. I really push my team not to work."

Alex Stamos, the former Facebook CTO, said the TikTok-China situation should not be wasted:

• "This is a chance to come up with a thoughtful model of how to regulate companies that operate in both the U.S. and China, no matter their ownership."
• This, by the way, started a really interesting conversation on Twitter, including Keith Rabois' argument that "there is no reason to allow China apps in the U.S. until they allow unfettered access to U.S. companies."

Much of the staff at Zuckerberg San Francisco General Hospital is less than thrilled with its namesake. Dr. Robert Brody summed it up:

• "Looking into a future desperate for institutional funding, our leaders are unlikely to support any effort to change the official name back to San Francisco General Hospital. But that doesn't mean we, who work here, have to use the Z name or letter."

Coming Up This Week

The big-tech CEO antitrust hearing is scheduled for noon ET on Wednesday. There's going to be … lots to talk about.

Protocol's digital transformation meetup is on Wednesday at noon ET. Executives from New Balance, WW and Honeywell will be there, and you can still RSVP!

Earnings season continues: Amazon, Google, Apple, eBay, Facebook, Qualcomm, Spotify, Shopify, Pinterest, EA, PayPal and a bunch of others all report this week.

In Other News

• Qualtrics is going public, for real this time, two years after SAP bought it for $8 billion. The move looks a bit like a rebuke of the acquisition, actually: Some investors said at the time SAP overpaid for the company, and most of its high-level defenders are gone now. It gives SAP some focus back, but keeps Qualtrics' fast-growing business on its bottom line and earnings reports.
• Amazon, Google and Wish were all found to be selling neo-Nazi, KKK and Boogaloo-related merchandise. All removed the listings when the BBC asked about them, but they're all clearly struggling to keep up with the illicit sales.
• This is a good read from The New York Times about how the culture within Everlane has changed in recent months, as management and employees have become more at odds. Lots of lessons for tech companies trying to keep like-a-family cultures going.
• More than half of state and local election administrators had "only rudimentary or non-standard technologies to prevent themselves from phishing," a security firm found. Some places are even using software long believed to be targeted by Russia.
• Apple's giving employees up to four hours of PTO to vote this November. That includes retail employees and hourly workers, and is increasingly becoming commonplace in tech companies.

One More Thing

I have a newsletter joke but it got stuck in my spam filter

There aren't many good viral-joke memes on Twitter, but this one was good. I found it through Aaron Levie, who tweeted, "I have a bitcoin joke, but I can't use it anywhere." The "I have a joke, but" meme became one of the more fun things on the internet over the weekend, but my favorite came from Fast CEO Domm Holland: "I have a startup joke, but you have to sign up to the waiting list." Twitter: perfect for dad jokes since 2006.

A MESSAGE FROM HEY

Email's overwhelming, but it doesn't have to be. Introducing HEY — a radical refresh of email. Screen your emails like you screen your calls, block spy pixel tracking, merge threads together, newsfeed-style reading, and much more. Try it today at HEY.com.