Archive for May 31, 2018

Thursday, May 31, 2018

Encrypting for Apple’s Secure Enclave

David Schuetz (tweet):

Encryption, once you have a safe and well-implemented algorithm, is all about the keys. Lose control of your keys, and it’s “Game over, man!” What if we could put our keys somewhere completely out of reach, where even their owner can’t get to them? Yibikeys and HSMs can provide that security, but they’re external devices.


One feature added in iOS 9, and macOS 10.13, is the ability to store keys and perform cryptography entirely within the Secure Enclave. The application asks the SE to create a public/private keypair. The SE returns the public key (which should then be stored somewhere safe), but it holds onto the private key. Then it can ask “Here, sign this message” and the SE will grab the private key, sign the message, and return the result. Or “Here, decrypt this,” and it’ll decrypt the message using the private key, and return the plaintext. The application itself never has direct access to the private key, so the key should be very secure.


So why is all this cool? Because we can be confident that nobody can read our data without our device.

iOS 11.4 and Messages in iCloud


Almost a year after they were first announced, Apple has finally shipped AirPlay 2 and Messages in iCloud[…]


Frankly, we think it’s shameful that Apple is effectively charging for message sync features that have been free on every other Internet messaging client in history. But, unlike most messaging clients, iMessage is end-to-end encrypted, and that’s still true even if you use Messages in iCloud.

However, I don’t think it’s documented yet whether turning syncing on gives Apple the keys.

Ashraf Eassa:

Messages in iCloud is a brilliant way to convince people to buy more iCloud storage. Those chat logs can get absolutely huge.

Juli Clover:

First and foremost, the update addresses the “Black Dot” unicode bug that could crash apps on iOS devices with a specific character sequence involving certain emojis. Following the release of iOS 11.4, this particular sequence of characters will no longer cause apps like Messages to crash.

Apple says the update also successfully fixes an issue that caused iMessages to appear out of order on some devices, a frustrating bug that’s been around for quite some time and has been the subject of many complaints.

Steve Troughton-Smith:

Now that iMessage in iCloud is here, it’s become essential to remap my ‘Delete Conversation’ menu item in macOS as it’s way too easy to accidentally ⌘-delete and watch an important or sentimental thread be wiped from all your devices. Hopefully won’t accidentally trigger now…

Russell Ivanovic:

When a device supports Airplay 2 you get a little checkbox next to it in the route picker. Fun fact you can play to both Apple TV and HomePod at the same time now.

Previously: iOS 11.3, “Black Dot” Unicode Bug, Messages on iCloud in iOS 11.3 Beta.

Update (2018-06-01): Steve Troughton-Smith:

Clearly this feature was totally ready to roll out and not in any way influenced by it being 51 weeks since its announcement. They are so confident in it it has no onboarding experience, a hidden enable toggle, and it’s disabled by default

Steve Troughton-Smith:

Oh neat, iMessage in iCloud has a size breakdown of each of your message threads. My average thread with any frequent contact is ~2GB, and my Messages are 32GB in total. That’s 32GB less storage space I now need on iOS devices, assuming cache eviction works as intended

Benjamin Mayo:

The byte sizes for Messages in iCloud is very wonky. My ‘Conversations’ total says Zero KB, but then I tap through and each thread is some number of MBs. Yet, the iCloud Storage screen says Messages is using several gigabytes.

Benjamin Mayo:

I will say this. For as wrong as the storage stats screens are, the actual Messages syncing has worked flawlessly for me. AirPlay 2 is similarly robust, and I’ve really been trying to trick that one.

Ryan Jones:

Just sad. Pathetic really.

Nick Heer:

Same here. Bizarre.

John Gruber:

Beat this:

Damien Petrilli:

Some wonders why Apple didn’t activated iMessage in the cloud by default.

I think the reason is simple: Apple got the numbers of ppl lacking storage on iCloud and its prob not small.

Would be a pretty bad PR if users stopped receiving messages because of that.

Josh Centers:

I warned that Messages in iCloud counts against your storage quota, but @bdougherty pointed out that it can actually save you space if you use iCloud backup. My testing confirmed and I’ve updated the article to reflect that.


Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, a copy of the key protecting your Messages is included in your backup. This ensures you can recover your Messages if you’ve lost access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and it is not stored by Apple.

In other words, turning on Messages in the iCloud makes iMessage less secure. Apple can read your messages unless you are not using iCloud Backup. [Update: I think Nat is right that there is not really a difference in security because iCloud Backup already made the messages available to Apple.]

Update (2018-06-03): Michael Yacavone:

There is no doubt that for me iMessage on iOS 11.4 is far worse than on 11.3. Example: Reading my iPad, phone beeps, respond there, two minutes later still not showing on iPad. Never happened on 11.3.

Update (2018-06-12): Noel Cornell:

It’s sadly as amazing as it disappointing how badly “Messages in Cloud” works after all this wait. Possibly one of my most wanted features for years. Now it’s here and it still just doesn’t work very well. Avatars sliding around the left side bar for minutes at a time.

Update (2018-07-11): Juli Clover:

The macOS High Sierra 10.13.6 update is minor in scale, focusing on bug fixes and security improvements. No major feature changes were discovered during the beta testing process, but Apple’s release notes say it adds AirPlay 2 multi-room support for iTunes with the accompanying iTunes 12.8 update.

Update (2018-07-31): Noel Cornell:

What did “Messages in Cloud” resolve exactly? Still after a vacation I get tons of messages appearing out of order, bad read/unread states, errors about unsent messages.

WWDC 1997 Videos and Other History

Brendan Shanks:

If you liked the slides, you’ll find the videos fascinating. In particular, the overview/strategy speakers take pains to emphasize what has changed since the year before: developing rather than abandoning the Mac OS, promising to ship regular incremental improvements, and moving ahead with a next-generation OS (Rhapsody) built on shipping, proven technology.

Riccardo Mori:

Thirty years of Mac ads - 1984-2014. (Love the early ones!)

Jason Kottke:

This 1985 catalog for engineers contains hundreds and hundreds of tech logos from the 70s and 80s. They are glorious.

Previously: Preparing for WWDC 2017.

Apple Hasn’t Blocked Telegram App, But Won’t Allow Updates

Juli Clover:

The Russian government has asked Apple to help it block Telegram, the secure messaging app that’s highly popular in the country, reports WCCFTech.

A Russian court in April ordered carriers and internet providers in the country to block Telegram back in April, after Telegram refused to provide Russia with backdoor access to user messages.

Mitchel Broussard:

As this unfolds, Telegram CEO Pavel Durov posted an update for users early this morning in an effort to explain why some features “don’t work correctly under iOS 11.4" (via ArsTechnica).

According to Durov, Apple has been “preventing” the Telegram iOS app from updating on a global scale, dating back to when Russia banned the app in April. Durov says that his company chose to do the “only possible thing” and refused to provide Russia with decryption keys to access user messages, “preserving the right of our users privacy in a troubled country.”

Apple wouldn’t have to be in the middle here if it let customers download apps directly from the developer.

Previously: Apple Removes LinkedIn App From Russian App Store, Apple Pulls VPN Apps From China App Store, Apple Removes New York Times Apps From Chinese App Store.

Update (2018-05-31): See also: Hacker News.

Update (2018-06-02): Juli Clover:

Telegram today received its first update in two months after an App Store update lockout caused by a dispute with the Russian government and Apple.


Amid this dispute, Apple was apparently refusing all Telegram app updates dating back to mid-April. This situation caused certain Telegram features, like stickers, to break with the launch of iOS 11.4, and it prevented Telegram from complying with new GDPR rules in the European Union.

Valve’s Steam Link App Rejected From the App Store

Valve (Hacker News):

Valve press statement on the Steam Link app for iOS being rejected by Apple.

Brian Crecente:

Valve’s Steam Link app, which allows Steam users to stream their library of PC video games to a smartphone where they can play them while at home, has been rejected from iTunes by Apple, effectively blocking its release on iOS, according to Valve.

Juli Clover:

The Steam Link app for iOS, which was announced on May 9, is designed to allow Steam users to play their Steam games on an iPhone, iPad, or Apple TV using either a 5GHz WiFi network or a wired Ethernet connection to a host PC or Mac.

John Gruber:

There are two parts to this story, both of which make Apple look bad. First, Steam Link is more or less equivalent to a VNC client. It doesn’t stream games from Valve’s servers — it streams them from a Mac or PC on your local network. As Ars points out, there are plenty of other VNC/remote desktop apps in the App Store.

Nick Heer:

As with many controversial App Store rejections, this one comes as a result of poor communication: Apple apparently allowed the app, which meant Valve could announce it, and then rejected it for unclear reasons.

Phil Schiller:

We would love for Valve’s games and services to be on iOS and AppleTV. Unfortunately, the review team found that Valve’s Steam iOS app, as currently submitted, violates a number of guidelines around user generated content, in-app purchases, content codes, etc.

We’ve discussed these issues with Valve and will continue to work with them to help bring the Steam experience to iOS and AppleTV in a way that complies with the store’s guidelines.

Neither side seems to be talking about what those alleged violations are.

Update (2018-06-02): See also: The Talk Show, Steve Troughton-Smith.