Monday, July 31, 2017

Apple Pulls VPN Apps From China App Store


We received notification from Apple today, July 29, 2017, at roughly 04:00 GMT, that the ExpressVPN iOS app was removed from the China App Store. Our preliminary research indicates that all major VPN apps for iOS have been removed.


Users in China can continue to stay connected to the open internet with ExpressVPN’s apps for Windows, Mac, Android, and other platforms.

Paul Mozur (Hacker News, MacRumors):

China appears to have received help on Saturday from an unlikely source in its fight against tools that help users evade its Great Firewall of internet censorship: Apple.

Software made by foreign companies to help users skirt the country’s system of internet filters has vanished from Apple’s app store on the mainland.


In response, Apple has made a number of moves to ensure that it stays on Beijing’s good side. Last year, the company complied with what it said was a request from the Chinese authorities to remove from its China app store news apps created by The New York Times.

As I said then, this is a weakness of centralizing distribution in the App Store. If iOS supported sideloading apps, it would be possible for users to download a VPN or NYT app from a third party. You can still get Android VPN apps. But because Apple has inserted itself as the gatekeeper, the platform is vulnerable to restrictions like this.

It’s also interesting to see where Apple draws the line here. It apparently would not give user data to the Chinese government. But it is willing to remove security features that prevent the government from itself collecting data.

See also: Tim Culpan (via John Gruber).

Update (2017-07-31): Another angle to this story is that it is technically possible to use a VPN on iOS without an app. But apps make both setup and billing much easier, and presumably they offer other advantages as well.

John Gruber (tweet):

The thing I keep thinking about is that iMessage and FaceTime are among the few protocols available inside China with end-to-end encryption. The Chinese just started blocking WhatsApp a few weeks ago. I don’t know why they allow iMessage and FaceTime to continue working, but they do, and both of those protocols are designed from the ground up to only work using end-to-end encryption. There is no “off switch” for iMessage encryption that Apple can flip inside China.

In theory, though, China could ask Apple to distribute extra encryption keys, via the data center run by the government-owned company.

To me, the more interesting question isn’t whether Apple should be selling its products in China, but rather whether Apple should continue to make the App Store the only way to install apps on iOS devices. […] The App Store was envisioned as a means for Apple to maintain strict control over the software running on iOS devices. But in a totalitarian state like China (or perhaps Russia, next), it becomes a source of control for the totalitarian regime.

Update (2017-08-02): Tim Cook:

Today, there’s still hundreds of VPN apps on the App Store, including hundreds by developers that are outside of China, so there continues to be VPN apps available. We would obviously rather not remove the apps, but like we do in other countries, we follow the law wherever we do business. We strongly believe that participating in markets and bringing benefits to customers is in the best interest of the folks there, and in other countries as well. We believe in engaging with governments, even when we disagree. In this particular case, back to commenting on this one, we hope that over time, the restrictions we’re seeing will be loosened, because innovation requires freedom to collaborate and communicate, and I know that is a major focus there. That’s sort of what we’re seeing from that point of view. Some folks have tried to link it to the US situation last year — they’re very different. In the case of the US, the law in the US supported us. It was very clear. In the case of China, the law is also very clear there, and like we would if the US changed the law here, we would have to abide by it in both cases. That doesn’t mean we don’t state our point of view, in the appropriate way — we always do that.

I’m not quite sure what he’s trying to say in the first sentence. Is he just reassuring people that the Chinese law doesn’t affect App Stores in other countries?

Nick Heer:

But where is Apple’s line? If China were to require all messaging services to be unencrypted, or prevent cloud data services from being encrypted, or implement an even stricter version of their already-aggressive cyber “sovereignty” law — would any of these situations encourage Apple begin to fight back?

Brian Hall:

At minimum, Tim Cook personally state his opposition to this on Twitter, as he has so many political issues in the US.

Apple will publicly speak out (on Twitter) on US policies it disagrees with. And threaten to move money out of ‘bad’ US locales.

Bob Burrough:

Don’t forget that Apple’s products are assembled in China. Getting in a fight with Beijing would be a huge unforced error.

My only concern is he’s trying to take credit for a moral stance when there simply is no moral stance.

7 Comments RSS · Twitter

Worth pointing out that this happened on the same day that TestFlight increases the number of beta testers from 2k to 10k. If someone open sources an iOS VPN app, you've now got 10k people that can sideload an app via the efforts of a single person with an apple developer account.

Obviously this is a loophole and not meant as a mainstream solution, but past solutions to getting around the great firewall (including VPN itself) have also been only for the technically informed and connected - often foreigners working in China. Basically it lets the technical elite a way around the firewall to keep business running.

Personally I think it's unlikely these two bits of news are connected (upping testflight is likely about iOS 11), but still it may have a positive effect until it, too, is clamped down on.

I don't get why there isn't more of a push amongst Apple's own customers to allow sideloading. The fact that I can't do this on iOS is the main reason why I can't even consider switching back to an iPhone.

Do the kinds of people who would usually complain about this (i.e. nerds) and who actually need this feature just jailbreak their phones?

@Lukas I don’t know. It’s probably my biggest complaint about iOS. I really want sideloading, but I don’t think I actually need it, and I don’t jailbreak my phone.

"I really want sideloading, but I don’t think I actually need it, and I don’t jailbreak my phone."

I was under the impression that Apple had pretty much made jailbreaking impossible, even if you wanted/needed it, but I haven't been following closely enough to know that for anything close to fact.

[…] Apple Pulls VPN Apps From China App Store, Apple Removes New York Times Apps From Chinese App […]

[…] Previously: Apple Pulls VPN Apps From China App Store. […]

[…] Apple Removes LinkedIn App From Russian App Store, Apple Pulls VPN Apps From China App Store, Apple Removes New York Times Apps From Chinese App […]

Leave a Comment