In response to increasing legislative pressure and growing concerns over child safety online, Apple has announced a suite of child protection tools aimed at giving parents and developers more control over children’s digital experiences. The move comes as multiple U.S. states push for app-store operators like Apple and Google to take on responsibility for age verification.
Legislative Pressure and Industry Debate
According to 9to5Mac, at least nine states, including Utah and South Carolina, have recently proposed legislation that would require app stores to verify users’ ages and obtain parental consent before minors can download certain apps. Currently, developers bear this responsibility, but major companies like Meta have advocated for shifting it to Apple and Google. Meta CEO Mark Zuckerberg has argued that centralized verification by app stores would be more effective than individual developers handling it.
Privacy and Security Considerations
While some critics see Meta’s stance as an attempt to avoid liability, 9to5Mac acknowledges that app stores may be better positioned to handle age verification securely. Apple and Google already possess user data such as credit card information and family-sharing settings, which could serve as reliable indicators of user age. Moreover, concentrating age verification at the app-store level could mitigate privacy risks associated with apps collecting birthdates directly.
Apple’s Child Protection Enhancements
Apple’s response to these developments includes a range of features designed to enhance child safety while preserving user privacy. According to MacRumors, Apple is implementing:
- A revised age rating system, adding more granular categories: 4+, 9+, 13+, 16+, and 18+ (previously 4+, 9+, 12+, and 17+).
- Improved parental controls for account setup, age confirmation, and content visibility on the App Store.
- Stricter developer requirements to disclose if their apps contain user-generated content, ads, or require age verification.
- A Declared Age Range API to help developers tailor content appropriately without collecting sensitive personal data like birthdates.
A Strategic Move to Avoid Regulation?
Apple’s efforts appear to be a proactive attempt to address concerns before stricter regulations are imposed. The company’s new Helping Protect Kids Online white paper details its approach, emphasizing privacy-preserving solutions that minimize data collection.
While Apple’s changes provide parents with more oversight, it remains to be seen whether lawmakers and companies like Meta will see this as sufficient—or continue pushing for broader regulatory intervention.
Cybercriminals Turn to Snail Mail for Scams and Extortion
Cybercriminals are going old-school, using physical mail as a new threat vector in two recent scams—one targeting Swiss citizens with malware-laden QR codes and another attempting to extort U.S. businesses through fake ransomware demands.
Swiss Residents Targeted by QR Code Malware
Last November, The Register reported that Swiss residents were receiving deceptive letters that appeared to come from the country’s Federal Office of Meteorology and Climatology. The letters urged recipients to scan a QR code to download a “Severe Weather Warning App“ for Android. However, instead of an official app, victims were tricked into installing a variant of the Coper trojan, a form of malware capable of:
- Keylogging and intercepting two-factor authentication codes
- Accessing banking apps to steal credentials and empty accounts
- Extracting sensitive personal data
Swiss authorities noted that the scam’s success relied partly on the credibility that physical mail lends to a message. Sending such letters cost scammers about $1.35 per piece, making the scam appear more legitimate.
Fake Ransomware Threats Sent via U.S. Mail
Now, a new scam has emerged in the U.S., where an unknown group is sending ransom demands through physical mail. As reported by The Register, these letters claim to be from a well-known ransomware gang, falsely asserting that the recipient’s network has been compromised. The demands include:
- A ransom between $250,000 and $350,000 to be paid in Bitcoin
- A QR code linking to a Bitcoin wallet
- A Tor link to a supposed data-leak site to add legitimacy
However, cybersecurity experts believe these extortion attempts are entirely fraudulent. Grayson North, a senior threat intelligence analyst at GuidePoint Security, stated that there is no evidence the scammers have breached any networks or stolen data.
Why Use Physical Mail?
The move to snail mail is an unusual tactic in the cybercrime world, but analysts suggest it might be an effective social engineering strategy. Unlike emails, which can be filtered or flagged as spam, a physical letter almost guarantees the recipient sees the message. According to North, some victims may perceive a mailed letter as more “serious” or “official” than an email scam.
However, the method also carries greater legal risks for scammers. Israel Torres, CTO of SecureMac, points out that using the U.S. Postal Service to send threats is a federal crime, making it more likely the FBI will get involved. So far, GuidePoint reports that no one has fallen for the scam—but the attempt highlights how scammers are constantly evolving their tactics.
