Archive for October 15, 2021

Friday, October 15, 2021

Apple Refuses App Store Changes for South Korea

Mike Wuerthele (also John Gruber):

The Korea Communications Commission (KCC) is in charge of enforcing compliance with the new App Store payment law. While Google says that it plans to comply in full with the law, including the adoption of third-party payment systems, Apple appears to be resisting it, saying that there is nothing that it needs to change.

Reuters:

The law went into effect last month but Apple had told the South Korean government that it was already complying and did not need to change its app store policy, a Korea Communications Commission (KCC) official in charge of the matter told Reuters.

“This goes against the purpose of the amended law,” the official said, requesting anonymity as the KCC was still in talks with Apple on compliance.

This reminds me of Apple “clarifying” the rules in the Cameron v. Apple Settlement, except that here there seems to be even less basis for the position that they’re already complying.

Previously:

Update (2021-10-19): Geoff Keating:

I suspect what’s going on is the law says something like “must allow a choice of payment providers” and Apple says “we have Visa and PayPal”. The law cannot say “Apple must allow all apps on its platform for free” because that’s expropriation and there are treaties against it.

Update (2021-11-16): Hartley Charlton:

Apple is not doing enough to comply with South Korean legislation that forbids app store operators from forcing developers to use their payment systems, according to lawmaker Jo Seoung-lae, Reuters reports.

[…]

It is as yet unclear how platform operators will be sanctioned if the regulations are breached, but according to a draft seen by Reuters, it could involve fines of up to two percent of revenue.

The initial details of what Apple will need to do to meet its new obligations in South Korea are expected to be made public by the Korea Communications Commission (KCC) tomorrow, ahead of them coming into full effect by March 2022.

The Risks of Client-Side Scanning

Ben Lovejoy:

The British government has expressed support for Apple’s now-delayed CSAM scanning plans, and says that it wants the ability to scan encrypted messages for CSAM, even where end-to-end encryption is used.

Tim Hardwick:

More than a dozen prominent cybersecurity experts hit out at Apple on Thursday for relying on “dangerous technology” in its controversial plan to detect child sexual abuse images on iPhones (via The New York Times).

The damning criticism came in a new 46-page study by researchers that looked at plans by Apple and the European Union to monitor people’s phones for illicit material, and called the efforts ineffective and dangerous strategies that would embolden government surveillance.

Hal Abelson et al. (PDF):

Some in industry and government now advocate a new technology to access targeted data: client-side scanning (CSS). Instead of weakening encryption or providing law enforcement with backdoor keys to decrypt communications, CSS would enable on-device analysis of data in the clear. If targeted information were detected, its existence and, potentially, its source, would be revealed to the agencies; otherwise, little or no information would leave the client device. Its proponents claim that CSS is a solution to the encryption versus public safety debate: it offers privacy -- in the sense of unimpeded end-to-end encryption -- and the ability to successfully investigate serious crime. In this report, we argue that CSS neither guarantees efficacious crime prevention nor prevents surveillance. Indeed, the effect is the opposite. CSS by its nature creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic. There are multiple ways in which client-side scanning can fail, can be evaded, and can be abused.

Bruce Schneier:

It’s not a cryptographic backdoor, but it’s still a backdoor — and brings with it all the insecurities of a backdoor.

[…]

We had been working on the paper well before Apple’s announcement. And while we do talk about Apple’s system, our focus is really on the idea in general.

Ross Anderson:

We did not set out to praise Apple’s proposal, but we ended up concluding that it was probably about the best that could be done. Even so, it did not come close to providing a system that a rational person might consider trustworthy.

Even if the engineering on the phone were perfect, a scanner brings within the user’s trust perimeter all those involved in targeting it – in deciding which photos go on the naughty list, or how to train any machine-learning models that riffle through your texts or watch your videos. Even if it starts out trained on images of child abuse that all agree are illegal, it’s easy for both insiders and outsiders to manipulate images to create both false negatives and false positives. The more we look at the detail, the less attractive such a system becomes. The measures required to limit the obvious abuses so constrain the design space that you end up with something that could not be very effective as a policing tool; and if the European institutions were to mandate its use – and there have already been some legislative skirmishes – they would open up their citizens to quite a range of avoidable harms.

Previously:

Apple’s Threat Analysis of Sideloading

Apple (PDF, via Hacker News, MacRumors, Slashdot):

iPhone is a highly personal device where users store some of their most sensitive and personal information. This means that maintaining security and privacy on the iOS ecosystem is of critical importance to users. However, some are demanding that Apple support the distribution of apps outside of the App Store, through direct downloads or third-party app stores, a process also referred to as “sideloading.” Supporting sideloading through direct downloads and third-party app stores would cripple the privacy and security protections that have made iPhone so secure, and expose users to serious security risks.

Siguza:

31 pages of fearmongering?

Damn, Apple must actually be scared!

Tim Sweeney:

If automated software analysis or human review were essential for security, iOS could support or even require it for competing stores. Mac notarization shows it’s feasible. Nothing about security requires an Apple monopoly on distribution.

Furthermore, competing stores could do a much better job than Apple of ensuring quality software, going above and beyond Apple’s modest standards for human review - typically a 6 to 12 minute process staffed by only several hundred employees worldwide, most of them not engineers.

Look at the amazing job that Sony, Microsoft, and Nintendo do of quality assurance on console. It’s so good that a sub-par game release is almost a once-in-a-decade news story. If Apple faced competing stores, those companies plus Valve, Epic, and others could step up.

Michael Love:

I don’t think alternate stores make any sense without sideloading; if it’s important sideloaded apps by reviewed by sb you can have a bunch of 3rd party Notarization Authorities or whatever, but the binary should be coming from my server.

Alternate app stores add competition - which is certainly good - but don’t fundamentally change the app distribution model; direct sideloading does because it lets installation happen at the point of discovery, and discovery can happen anywhere; can install an app from a tweet.

Mike Wuerthele:

Thieves have used a combination of social media, dating apps, cryptocurrency, and abuse of Apple's Enterprise Developer program to steal at least $1.4 million from unsuspecting victims.

[…]

After gaining the trust of the victim through the dating apps, scammers start discussing cryptocurrency investments. They are then directed to a website that looks like the Apple App Store, and then told to download a Mobile Device Management profile, giving control of a number of features, and the ability to use signed apps made by the fraudsters.

Previously:

Old Apple Human Interface Guidelines

Andy Matuschak:

Why are there no “standard texts” on designing software interfaces? (or tell me I’m wrong?)

If you want to learn to build software, there are excellent and complete texts on the subject. It’s not just a tech-vs-art thing: there are standard texts on type, drawing, color, etc.

Andy Matuschak:

[S]everal people mentioned the original 1987 Apple Human Interface Guidelines, which I’d not read. It’s not a comprehensive primer on interface design, but it is an extraordinary read—a huge amount of detail on why things are as they are. And a great bibliography!

Andy Matuschak:

Oh my gosh, and there’s a (pre-release) 1985 HIG that’s quite different. It includes e.g. case studies (useful!), and an extended discussion of Jung’s theories of intuition and how they should influence your designs (!!)

There’s a 1995 version here. I like Tog on Interface.

Previously: