7 iOS Message apps you should try right now

Don't worry, it's not all Mario stickers. Here's a look at some fun and practical Message apps.

Don't look now, but Messages just became the hub of your iPhone. Thanks to changes in iOS 10, you can now use the app to send money, play games, trade stickers, find and discuss dining and entertainment, manage travel and much more.

Oh, yeah: It still does messaging, too.

Make no mistake, many apps for Messages are kind of pointless. Personally, I don't see any reason to clutter up a conversation with, say, a game of Words with Friends -- not when there's already a perfectly good app you're already using.

But there are some decidedly fun and practical apps you'll definitely want to check out. Here are seven of my favorites so far -- all of them freebies.

1. Chatterbird

Messages now lets you doodle and send animations -- but where are the sound effects? Right here inChatterbird, which lets you choose from a variety of cutesy sounds (farts and all). Just tap one to hear it, or long-tap to add it to your outgoing message.

You can also tap a red "record" button to capture audio of yourself, then apply various filters -- think Instagram for your voice -- such as robot, Darth Vader, background sound effects (jungle noises, anyone?) and so on. If nothing else, it's a great way to annoy your friends.

2. Circle Pay and Venmo

"You owe me $10 for lunch."

You just paid DaveJ $10.

That's about how long it takes to send someone money using Messages and a peer-to-peer payment app such as Circle Pay or Venmo. Like their standalone counterparts, these apps let you swap money with just a few taps -- no fees, no hassles. Circle Pay is particularly nice in that it allows you to add a debit or credit card to your account just by snapping a photo of it. It also supports international payments, allowing you to send money in not just dollars, but also euros and pounds. (It works with Bitcoin, too.)

3. Do With Me

A shared to-do list can be a powerful thing. It might be household chores for your family, a grocery list you share with your spouse, or even a batch of assignments for your employees or coworkers. Whatever the case, Do With Me makes it easy to set up and share those kinds of lists.

I suspect this is something better-suited to short and/or last-minute items, such as "things to grab at the store on the way home from work" or "final party-prep tasks." Lists likely to take days or longer to complete should probably hang in another app. But for the quick-and-dirty stuff, Do With Me does the job.

4. Doodle and I'm In

Do With Me handles the to-do lists; apps such as Doodle and I'm In handle the scheduling. Specifically, they make it much easier to pin down a date with a group of people. You know the kind: "Are you free on the 27th? What about the 29th?" That kind of thing is virtually impossible via group text (or email, for that matter), which is where Doodle and I'm In come in.

All you do is set up an event, select two or more viable dates, then send the message to the participants. Everyone taps to indicate their availability and, presto, consensus is achieved. Use this to plan your next date, group hang, business meeting or whatever. This is arguably the best reason yet to have apps in Messages.

5. iTranslate

Hola, amigo! Now you can converse with anyone anywhere, even if they speak a different language. With iTranslate, you simply choose your preferred language (from Afrikaans to Zulu, with dozens of options in between), type your message as usual, then tap the green arrow.

The translation will appear in a Messages bubble, where you can add a comment or tap the blue arrow to send it. Language barrier: crushed!

Interestingly, this capability already existed in the form of third-party keyboards, such as Translate Keyboard Pro, but this app version not only bypasses the hassle of switching keyboards, it also offers one important advantage: support for voice recognition.

6. JibJab

Put your face on an animated snow angel. A dancing roller-skater. A strawberry jumping atop a stack of pancakes.

Yep, that's JibJab, which has been doing these kinds of face-transplants for as long as I can remember. Except now you can embed these frequently hilarious (and occasionally disturbing) animations in your messages.

7. Truth Truth Lie

Utterly pointless -- and utterly hilarious -- Truth Truth Lie is the Messages version of the classic party game Two Lies and a Truth. Except here the numbers are inverted.

You record three short videos of yourself. The first two are truths; the third is a lie. The app sends that video to your friend, who must guess which one is a lie. It's stupid fun that's especially great with new (or drunk) acquaintances. Just be forewarned that you're sending data-hungry video, so TTL is best played when you're connected to Wi-Fi.

Nearly 6,000 online sellers are hit by malware that steals credit card numbers

The problem underscores the importance of keeping e-commerce software up to date, a security expert says.

Malware that captures credit card numbers as customers enter them online—the internet equivalent of skimming devices used to steal credit card numbers at self-serve gasoline pumps and retail stores­—is a widespread problem, according to Dutch researcher Willem de Groot, co-founder and head of security at Amsterdam-based hosting and e-commerce platform provider byte.

Hackers had, as of earlier this month, gained access to the source code of 5,925 websites and inserted malware that captures newly entered credit card information and sends it to another server, according to an analysis by de Groot. The websites include many e-retailers worldwide, along with government sites and others that accept credit card payments.

In a blog post updated Oct. 17, de Groot writes that 841 of those store sites had been fixed as of that date, though it is possible that other sites continue to be infected. He posted an up-to-date list of compromised online stores here. His analysis of the malware is available here.

“It’s a pretty clever attack,” says Ryan O’Leary, vice president, threat research center and technical support for WhiteHat Security Inc. in Santa Clara, Calif. Unlike a large data breach, he says, the “card-skimming” malware does not create a surge in online traffic that might tip off a website owner; it could exist on a website for a long time without being noticed.

But how does it get there in the first place? O’Leary says there are two probable avenues of attack, each of which could be closed off if website owners were more vigilant.

The easiest way into a website’s source code, he says, is via bad administrative passwords—those that are easily guessable (“password,” for example, is a bad password, as is the street number of a company’s headquarters), or are obtained in some other way. In some cases the passwords that administrators use on unrelated websites—such as those for banks or retailers they do business with as customers—are the same passwords they use at work, O’Leary says. So, if an administrator’s personal passwords are compromised in a breach of another website, the business could have a problem.

Another way hackers get into a retailer’s code, O’Leary says, is by exploiting known vulnerabilities in open-source or other website software platforms—such as Magento—that are widely used by businesses that sell online. With open-source programs, the source code is freely available to anyone to access, modify and improve. After a software provider learns about vulnerabilities, it usually offers patches and updates fairly quickly, he says. Whether businesses s apply those patches and updates is another matter. Hackers look for websites using out-of-date software and then enter via doors left open by the site administrators.

“Patch software, that’s my No. 1 piece of advice,” O’Leary says.

But patches and updates alone won’t keep an e-commerce site safe, even with good administrator passwords, O’Leary says. E-commerce sites also need to use tools designed to look for vulnerabilities, including those that web developers inadvertently program into the sites they build. WhiteHat sells a yearly service to identify such vulnerabilities, but O’Leary says free tools like Burp Suite also can be helpful for e-retailers.

According to a recent study from WhiteHat, 50% of all retail sites have at least one serious vulnerability at all times and the average retail site has 13 serious vulnerabilities and 23 total vulnerabilities at any given time. The average retailer takes 205 days to fix a website vulnerability, according to the report.

This is troubling because the goal of e-retailers should be to keep hackers from getting into a site’s code in the first place, not finding and purging malware once it’s present, O’Leary says. That is a challenge, he says, because web developers tend to focus on making a website work properly and might overlook all the ways a site’s functionality could be misused. For example, O’Leary has encountered online banking software that allowed users to send negative amounts of money to someone else’s account—thus, sending cash the other way, to the malicious user’s account.

O’Leary says he cannot corroborate the number of websites hit by the malware discovered by de Groot, but he has no reason to doubt de Groot’s research or the size of the problem.

“Malware like this can spread very quickly,” O’Leary says.      

Among the websites hit by the credit card capturing software was that of theNational Republican Senatorial Committee (NRSC), a Republican Party organization dedicated to helping Republicans get elected to the U.S. Senate. The NRSC collects credit card numbers when it receives online donations or sells merchandise, such as T-shirts, stickers and signs. According to de Groot’s blog and a story on the website Krebs on Security, the malware—apparently the work of Russian hackers—infected the NRSC’s website from March 16 until Oct. 5. To show how the malware works, de Groot posted a video on Vimeo, using the NRSC website as an example.

An NRSC spokeswoman would not disclose how long the malware was present on the website or how many credit cards were compromised but said the impact was small.

“The vendor who operates our online store discovered an issue weeks ago that affected an extremely small number of supporters,” the NRSC spokeswoman said. “The problem was fixed immediately and we contacted those who were affected.”

In an Oct. 11 blog post, de Groot writes that the first case of online “skimming” was reported in November 2015 and, at that time, a scan of 255,000 online stores globally and found 3,501 websites were compromised with malware to capture credit card numbers. The problem became worse, growing to 5,925 sites by October, in part because the malicious code is so hard to detect. The online credit card-number capturing can go undetected for months and, in hundreds of cases, it has, according to de Groot. On his blog, he says 754 stores infected by the malware in 2015 were still compromised as of Oct. 11

These 10 widgets belong on your iPhone's lock screen

Get your must-have widgets here.

With iOS 10, Apple redesigned the lock screen and got rid of the slide-to-unlock gesture. Now, instead of unlocking your phone, swiping right takes you to the Today view where you can glance at and interact with widgets. You can also access these same widgets on an unlocked phone by swiping right on your home screen, but they are most useful for performing quick checks and actions without unlocking your phone.

Along with many of Apple's stock apps, third-party apps are allowed widgets on the lock screen. Options abound; I tried many. After roughly a month with iOS 10, here are the 10 widgets that currently occupy a spot on my iPhone.

1. Launcher

The Launcher widget provides the quickest way for me to call home, text my wife, FaceTime David Lee Roth and view Instagram. The free version of Launcher lets you program up to seven actions, from launching apps to calling or texting or FaceTiming specific contacts.

2. Fantastical 2

Fantastical 2 is a superior calendar to Apple's stock calendar app, and its widget is superior to the stock calendar app's widget. The Fantastical 2 widget shows you how many minutes remain until your next calendar appointment, and when you tap to expand the widget, it displays the current month where you can view any day's appointments. It also integrates reminders from the stock Reminders app if you want to combine your calendaring and tasks.

3. Todoist

I like to keep my calendar and reminders separate. The stock Reminders app has a lock-screen widget, but it shows only reminders set to remind you at a certain time; items without alarms set do not show up. The Todoist widget shows you all of your reminders for the current day. You can mark items as complete and add new tasks with the widget.

4. BeWeather

The stock Weather app's widget shows the current conditions along with the expected high and low temperatures for the day, while the expanded view shows the hourly forecast for the next few hours. That's more than the surprisingly lackluster widget for Storm, which had been my go-to weather app. I want more from my weather widget and turned to BeWeather because its widget lets you customize the information it displays, including current conditions, hourly forecast, daily forecast and text forecast.

5. Shazam

Shazam remains my all-time favorite iOS app. If you told me 20 years ago that such a thing existed -- that my cell phone would magically tell me the name and artist of any song I hear -- I would flipped my phone shut and quickly walked away from such an insane-sounding person. With the Shazam widget, I can quickly get it to start listening and tell me what it is I'm listening to before the song ends.

6. Batteries

I use the sadly discontinued Jawbone Jambox Bluetooth speaker to listen to music in my home. My kids use it, too, so the speaker moves around my house and is rarely plugged in. Half the time, I don't know where it is. And I never know how much battery life it has left, which is why I love the stock Batteries widget that shows me how much juice my Jambox has left. It also shows me the battery life remaining on my Apple Watch. And the widget smartly disappears when my Bluetooth devices are off or out of range.

7. ESPN

My wife jokes that I can turn on the TV, turn on any game of any sport and have some sort of vested interest. And I don't bet on sports! The ESPN widget gives me quick access to the scores (or the time and spread of their next game when they aren't playing) of the favorite teams I selected in the ESPN app along with any notable games of the day.

Screenshot by Matt Elliott/CNET

8. Timeglass

When I'm not blogging or watching sports, I can be found in the kitchen. I like to cook, and theTimeglass widget lets me monitor multiple timers so I can keep track of what's in the oven, what's on the stove and what I have outside on the Weber grill. The free app gives you up to three timers, which is the maximum number of timers I need on any given night.

9. Dropbox 

The Dropbox app received a recent update that improved its widget. Now, in addition to showing the four most recently added files, the widget has three helpful buttons: Scan Document, Upload Photo and Create File. I don't think I've touched the Dropbox app itself since the widget added these buttons, and I use Dropbox daily to shuttle files around.

10. DataMan

I keep DataMan at the bottom of my widgets to keep an eye at the end of my billing cycle where I stand toward my monthly 4GB data limit.

How to get the fastest speed from public Wi-Fi when you travel

There's nothing you can do to make a public Wi-Fi network faster, but here's a way you can make sure to get the best speed out of it.

Don't move when you are on public Wi-Fi.

When you're traveling, chances are you will use public Wi-Fi at the airport. Here's a quick tip to get the fastest speed: Don't move around.

That's right, this might sound irrelevant but it's not. The vast majority of airports have a large Wi-Fi network, called a mesh network, composed of many access ​points. Think of them as little Wi-Fi satellites that carry a portion of the airport's router's signal. When you first connect to Wi-Fi at the airport, you'll likely connect to the access point that gives out the best signal at your current location. If you walk into a new area, farther away from the access point you're connected to, your device won't necessarily switch you to a new, closer access point. This translates to slow speed and even disconnection.

So, when you have to move from one place to another, even just a few feet apart, if you feel your internet experience has clearly slowed down, it's best to re-establish your connection. It's easy: Just turn on airplane mode on your device for a few seconds, then turn it off. Your device will now look for the best access point based on your current location. And then, again, stop moving around when you don't need to.

YouTube is breaking into pay TV, starting with Dish

 Dish is the first US pay-TV company letting customers search and play anything from YouTube on its set-top box, the souped-up DVR Hopper 3.

Dish HopperSarah Tew/CNET

Dish debuted the YouTube app on its Hopper 3 DVR late Thursday, becoming the first pay-TV company to enable videos from the massive site to play through its set-top box alongside traditional TV.

Practically speaking, this means Dish customers can search, browse and play YouTube videos without switching inputs and devices.

But symbolically, the move puts YouTube's content on a level playing field with "real TV." Google's YouTube, by far the most-popular video site on the internet, has helped give rise to new categories of video entertainment, such as gaming, vlogs and digital stars so closely linked to the platform that they're known as YouTubers. The company's foundation as a user-upload site had led some to dismiss its stars and viral clips as low-quality entertainment versus "premium" TV programming. In other words, YouTube is empty-calorie snacking compared with the full-fledged meals of real TV.

With YouTube now at greater parity with regular television programming on Dish's box, pay-TV customers can decide for the first time if YouTube is actually "premium" for them, too.

The YouTube app was included in the satellite TV company's latest software update pushed to Hopper 3 set-top boxes on Thursday night. YouTube joins other apps on Hopper such as Netflix, Pandora and Vevo.

How to change your DNS and (maybe) get the internet back.

Is Twitter down? Maybe it's actually still there -- get it back with this one quick trick.

Sometimes, when your favorite websites go "down," they're actually still right there. You just can't see them, because your computer doesn't know how to get there.

What if you could give your PC some better driving directions right now, in just a minute or two tops?

To do that, you just need to change your DNS server.

What's a DNS server?

"CNET.com" is just the street address of this website. To figure out the "driving directions," if you will, your computer contacts a special server (called DNS, for Domain Name System) to figure out the route. It tells your web browser that "CNET.com" actually means "203.36.226.2". That number, known as an IP address, is a far better description of where CNET actually lives.

But if your DNS server goes down, you might have some trouble. Switch to another public DNS server to resolve those issues.

How to change your DNS in Windows.

How do I change my DNS on Windows?

• Hit Start and type Network and Sharing Center (or right-click on your Wi-Fi icon and click it there).
• Click on Change Adapter Settings (on the left).
• Right-click on your active network connection, then hit Properties.
• Left-click on Internet Protocol Version 4 (TCP/IPv4) and hit Properties. (If you use IPv6, change that one also/instead.)
• Click on "Use the following DNS server addresses:" and type in one of the following public DNS server addresses:

208.67.220.220 or 208.67.222.222 = OpenDNS

8.8.8.8 or 8.8.4.4 = GoogleDNS

84.200.69.80 or 84.200.70.40 = DNS.Watch

64.6.64.6 or 64.6.65.6 = VeriSign Public DNS

Note that you may need to try more than one to get your sites working. OpenDNS helped us around this recent Twitter and Netflix outage, but GoogleDNS didn't.

How do I change DNS on Mac?

1. System Preferences
2. Network
3. Click the DNS tab
4. Click the little + sign at the lower left to add a new DNS server
5. Type in the numbers of a public DNS server (see four suggestions in the Windows section above)
6. Click OK
7. Click Apply

How to change your DNS on a recent Mac OS X machine.

8 tips for using the Google Pixel's camera

Before you can begin taking stellar photos with your new Google Pixel, you need to learn a thing or two about the camera app itself.

For those who've used Google's Camera app previously, you'll feel right at home with a few minor tweaks. Those coming from a competing Android handset or an iPhone, you'll get the hang of it in no time.

Here are eight tips to help you get the most out of the Google Pixel's camera:

Quickly open the camera from anywhere

Samsung uses a double-press of the home button as a camera shortcut. Starting with iOS 10, Apple uses a quick swipe to the left on the home screen to launch the camera.

With the Pixel, Google uses the lock/power button. This feature first launched with the 2015 crop of Nexus devices, and it's a welcomed carryover to the Pixel line.

Double-press the power button and the camera app will open, regardless if the phone is locked or if you're composing an email.

Double-twist your wrist

Screenshot by Jason Cipriani/CNET

When taking a photo you can switch between the rear and front camera by tapping on a button to the left of the shutter release, or use a fancy new Moves gesture.

Using the same motion as turning a door handle, twist your wrist two times when in the camera app and the phone will switch between cameras. Twist again to go back to the previous camera.

The new feature is enabled by default in the Moves section of the Settings app, where you can view an animated tutorial detailing how to use it, or if you'd prefer, turn it off.

Shooting modes are kind of hidden

Screenshot by Jason Cipriani/CNET

For iOS users who are accustomed to various shooting modes being visible, switching between modes may be a bit confusing on the Pixel.

The trick? Swipe in from the left-edge of the display to slide out a list of modes and the Settings button.

Currently, the list of shooting modes include: Slow Motion, Panorama, Photo Sphere and Lens Blur.

Give the volume button a job

Screenshot by Jason Cipriani/CNET

Out of the box, the volume button will act as a shutter release when using the camera app. However, you can go into the Camera settings and set it to control zoom, or remove any camera-related tasks from the button.

Change picture, video quality

Customize the picture and video quality your Pixel captures by opening the Camera settings, and switching to your preferred resolution.

For whatever reason, Google is shipping the Pixel with 4K disabled by default. With free unlimited storage at full quality, there's no reason to have 4K turned off.

Disable video stabilization

As long as you aren't panning around when recording video with stabilization turned on, the feature is really impressive. However, if you're walking around or moving the phone quite a bit, stabilization causes the video to jump around a lot. For some, it's acceptable. For others, it's annoying.

You can turn off Video Stabilization in the Camera's settings.

To auto-create a GIF or not, that is the question

When you press and hold on the camera's shutter button, it rapidly captures photos one after another.

Because Google Photos is awesome and likes to combine burst photo sessions into an animated image, the Pixel's camera app naturally does the same.

But if you hate seeing your photos come to life, you can disable the feature in the Camera's settings.

App shortcut

Screenshot by Jason Cipriani/CNET

Don't forget you can long-press on the camera app's icon to bring up shortcuts to taking a selfie or recording a video without interacting with the app itself.

Obama to sign cybersecurity bill as privacy advocates fume

Washington (CNN)President Barack Obama is set to sign the most substantial piece of cyber security legislation in years, after an intense sprint of 24/7 negotiations managed to get the bill ready in time to be attached to the government spending measure the House and Senate approved Friday.

But privacy advocates say those midnight, closed-door negotiations have walked back hard-won protections.

Known by the buzzword of "information sharing," the bill is designed to give companies legal cover to share data about cyberattacks with each other and with the government. The legislation would protect those companies from being sued for sharing that information, for example from antitrust claims.

The premise for the bill, which has been heavily lobbied for by the Chamber of Commerce and financial services sector, is that cyber attackers use the same techniques and tactics repeatedly on a wide range of targets. Allowing those organizations to communicate what they see and how they block it with each other, then, would give companies defending their computer networks an upper hand against hacks.

But while companies claim that they are unable to share information now for fear of lawsuits, the bill has been staunchly opposed by privacy and civil liberties groups who say it is merely an expansion of surveillance and curtailing of consumers' privacy rights.

And those groups say the blame lies at the White House for letting the measure go forward.

"I think they completely bent over, they went a 180 on their previous positions, and it's really disappointing," said Robyn Greene, policy counsel at New America's Open Technology Institute. "I think after Sony [was hacked by the North Koreans] they got to a point that they were sick of trying and decided they would rather get something done rather than do something right."

One major complaint: the cyber information shared would go to federal agencies including the Defense Department and NSA, and the "purposes" allowed under the bill for the government to spread the data have been criticized as far too broad.

Obama plans to sign the omnibus bill when it reaches his desk, and the White House praised the cyber component.

"We are pleased that the omnibus includes cybersecurity information sharing legislation," a senior administration official told CNN. "The President has long called on Congress to pass cybersecurity information sharing legislation that will help the private sector and government share more cyber threat information by providing for targeted liability protections while carefully safeguarding privacy, confidentiality, and civil liberties."

Security debate

The measure has been under development for several years. It faltered in the Senate in 2014, never reaching the floor for a vote, but the House passed two versions of the legislation in April and the Senate followed suit with its own take in October. All that was left was reconciling the bills' differences with White House input and getting both chambers to approve the new legislation to send to Obama. The omnibus provided the opportunity to move ahead.

The bill comes amid a heightened attention on cybersecurity nationally and in the presidential race. Republican candidates regularly criticize the administration for allowing other nation states, like China, to engage in broad hacking of American companies and the government itself.

An unrelated debate about encryption software, which law enforcement officials say terrorists are increasingly using to communicate, has also been heating up. While this bill does not in any way address encryption, its moment in the spotlight comes as hawks are calling for greater U.S. defenses and offensive capabilities in cyberspace.

Privacy advocates worry

Privacy advocates say the new legislation than any version of the bill seen previously.

Complaints about the bill center around what is actually shared by companies. Groups argue that the definition of what is pertinent to cybersecurity is too broad, and the burden on companies to scrub personally identifiable information from that data is too lax. The final version of the bill compels entities to remove information they "know" is extraneous personal information; some earlier versions used "reasonably believe" instead, putting more burden on companies.

The bill's fiercest critic, Sen. Ron Wyden, D-Oregon, has said he is not opposed to cybersecurity improvements, but the bill would sacrifice privacy for not enough gain.

"This 'cybersecurity' bill was a bad bill when it passed the Senate and it is an even worse bill today. Americans deserve policies that protect both their security and their liberty. This bill fails on both counts," Wyden said in a statement.

"I think this is very much on President Obama's shoulders," said Evan Greer, campaign director at Fight for the Future, an open Internet advocacy group. "His administration threatened to veto a very similar piece of legislation in 2013, and since then they've done a real about-face on this and are now cheerleading for a bill that's the worst we've seen yet."

Supporters and authors of the bill say the privacy groups are crying wolf in bad faith -- saying that this version of the bill is the best one yet and that it addresses a very real concern. Aside from the White House, the bill has the support of prominent Democrats in both chambers, including Senate Intelligence Committee ranking member Dianne Feinstein and House Intelligence Committee ranking member Adam Schiff.

Hill staffers familiar with negotiations also deny that anyone was excluded from negotiations, but said the time came for a close circle to get things done.

"This has been a bill that's been around for what, five years? And it had the most input of everything, but at the end of the day, people have to sit down and hammer out the text, and that's what happened over the last couple weeks," said one senior Democratic congressional staffer involved in the negotiations.

The staffer acknowledged the bill isn't the most pro-privacy version of the legislation put forward, but said it was the most pro-privacy version that could pass Congress.

"At the end of the day, we had to get this bill done," the staffer said.

iPhone 7 storage tests show higher-end models are significantly faster than the 32GB version

If the advent of SSDs over the past eight years has taught us anything, it’s that storage performance matters. One of the best ways to breathe new life into an old rig is to drop an SSD in it. This truism holds true for phones as well, and we’ve seen multiple vendors make strides over the last few years to improve read and write speeds. New data on Apple’s iPhone 7 suggests that Apple cut some corners in this department.

I haven’t seen this covered before, and a quick check of various sites suggests why — the vast majority of iPhone reviews have been conducted on models with 128-256GB of storage, not the 32GB variant. Now, it’s a well-known fact that larger SSDs tend to also be faster SSDs, but we haven’t seen this tested much in smartphones. According to Unbox Therapy’s Lew Hilsenteger, there’s an up to 8x speed difference between the 32GB and 256GB Apple iPhone 7 in speed tests.

Now, this is a fairly ugly showing for the iPhone 7 32GB, but dedicated storage tests aren’t always the best way to check how fast a device really is. Much like RAM bandwidth tests, storage benchmarks don’t necessarily cleanly correspond to how fast a device is in the real world — a large difference in sequential read/write speeds might only translate to a small impact on boot time or even application load times. Desktop applications tend to be more latency sensitive than bandwidth sensitive in any case. That’s what makes Hilsenteger’s follow-up test interesting (the full video is embedded below, jump to 2:38 for the relevant portion).

Both iPhones appear to be hooked to the same USB port and Hilsenteger performs the same action on each — he syncs a 4.2GB copy of Star Wars: A New Hope to both iPhones and measures how long it took to do it. The iPhone 7 256GB finishes the copy in 2 minutes, 34 seconds. The iPhone 7 32GB needs 3 minutes, 40 seconds for the same job. That means it takes the iPhone 7 32GB about 1.43x as long to copy a 4.2GB file as the iPhone 7 256GB — and that’s not a trivial difference.

GSMArena actually hit this topic in early October, but the report doesn’t seem to have made much of a splash. According to their results, read speeds between the 32GB and 128GB models of iPhone 7 are nearly identical, but the write performance was similarly low. Their file copy tests also showed a much larger gap between the iPhone 7 128GB and the iPhone 7 32GB, though I’m not sure why (in their tests, the iPhone 7 32GB was nearly 3x slower, though the copy only took 52 seconds).

Why larger SSDs are faster SSDs

We can hazard a pretty good guess as to why Apple’s iPhone 7 32GB is so much slower than the other variants, though its not one 32GB owners will like very much. Here’s a generic SSD block diagram to explain the problem:

Note that each pair of NAND chips is connected to a channel. These channels are accessed in parallel — the more channels a device supports, the more parallel it is, and the more parallel it is (broadly speaking), the faster it is. But — and this is key — the more NAND chips you have inside a device, the more expensive it is. Imagine, for a moment, that Apple only sold a 32GB and a 256GB iPhone 7, and that both devices followed the pattern in the image above.

If Apple wanted its 32GB and 256GB devices to have identical performance, it would use an array of 16x2GB chips for the 32GB iPhone and 16x16GB chips for the 256GB iPhone. Since it has to pay for each and every chip, however, that’s not an appealing solution. Alternatively, Apple could buy 2x16GB chips for the iPhone 7 32GB and 16x16GB chips for the iPhone 7 256GB. Since the lower-end phone only has 1-2 channels, its storage will be much slower than the 256GB chip with all eight channels populated — but it’ll also save Apple more money than buying the smaller ICs.

There’s probably a practical aspect to this as well. Apple is betting it can get away with slower transfer times on the less expensive hardware because owners with just 32GB of space aren’t going to spend very much time copying data back and forth anyway. And given that file copy times still seem to be on-par with the iPhone 6s (according to GSMArena), the company probably thought most people wouldn’t notice. Still, it’s a bit shady of Apple to sabotage write performance just to pocket a few extra dollars. The company may have finally moved off its 16GB capacity, but it’s still going to gouge you if you want decent write performance.