Meta’s iOS Interoperability Requests

I’ll take Apple's word over Meta's word 100 times out of 100.

@Total Apple, the company who told us that iOS couldn’t be an open platform because a bad app could take down Cingular’s West Coast network? And that sideloaded apps would break the security of the phone, even if they were sandboxed?

Of course, Meta doesn’t have a great record in general, but I don’t think it has a history of misleading statements on this particular topic.

There's no reason to trust either of them. Neither one is actually looking out for users.

> Apple says Meta is seeking low-level access that would break both user privacy and device security.
>
> Meta says Apple is using “privacy” as a bullshit excuse to avoid even reasonable interoperability.

I think the safe bet is that these are both correct.

This is data that Apple itself has chosen not to access in order to provide the strongest possible protection to users.

Wait, but Apple does actually have access to all of the data they listed. Apple already does all of those things already (tracking my phone calls and emails so the App Store can tell I'm human, phoning home every time I open an app, scanning every photo I take to identify everyone in it, etc), and I can't opt out of most of them.

@vintner Yeah, for the typical user, Apple in fact does have access to their messages, e-mails, photos, calendar, etc., because the data is stored on their servers and not E2EE. This doesn’t break user privacy because Apple “chooses” not to access the information (except when they do, e.g. because of law enforcement). But Meta making that same choice does break privacy.

“I would love for apps to be able to access my message history because right now Apple doesn’t let me back up or search my own messages.”

Not to mention being able to find large images and videos for those of us who choose not to pay Apple a strage tax to get more than a measly 5GB. Apple will happily tell us that Messages is using a GB, but give us no useful tools to see/remove just old images or videos that are the cause of it.

Apple’s has a track record in dark patterns of storing cloud data in ways that are inscrutable and just about force folks to pay for extra storage they shouldn’t really need.

Seamless integration of third party (read Sony) wireless headphones sounds nice.

”Of course, Meta doesn’t have a great record in general, but I don’t think it has a history of misleading statements on this particular topic.”

Are you kidding me?? There’s one company that lives on selling you hardware and there’s one company that lives on harvesting your private data. And if they can get that information without having to ask for it, the better. And you throw the what aboutism into the discussion.

@Jon Whataboutism is when you make a counter-accusation as a distraction. That’s not what I did here. Apple accused Facebook of X. Meta said that Apple is making bad argument Y. I provided specific examples of other times when Apple said Y and where it’s generally agreed that Apple was wrong/deceptive/insincere.

If you are concerned about X, why not investigate that? Is Apple correct that Facebook would be able to access all of the user’s passwords?

I’ve covered many of the Facebook scandals over the years. It’s complicated. I don’t think they actually want your private data; they want data that will help them show relevant ads and ensure that the impressions aren’t faked. They actually shipped true E2EE messaging before Apple, which they totally didn’t have to do.

I think it’s obvious that, if Apple made this information available, apps would have to ask for it, as they already have to ask for much less sensitive data.

Apple is increasingly not a hardware company, as it relies more on services and its own advertising and tracking.

Merry Christmas!

Quoth Michael Tsai:

the company who told us that iOS couldn’t be an open platform because a bad app could take down Cingular’s West Coast network?

I believe Jobs believed, or at least thought possible, that too much data being transferred over Cingular could have crashed their network.

I also believe that Jobs didn’t do an Elon Musk-style “every limitation quoted must have a singular engineer’s name attached to it whom I can grill for the particulars to see if this is merely cargo-culted industry best-known-practice or an actual physical limitation, and here’s the math showing why” baloney check on this particular claim from Cingular.

One of my neighbors said he noticed exactly when the iPhone came to Verizon because the call quality on his what-we-now-call-a-dumbphone dropped significantly.

And that sideloaded apps would break the security of the phone, even if they were sandboxed?

I believe sideloaded apps would break the sandbox at least some of the time. You think Apple’s sandboxing technology doesn’t have holes in it?

Quoth Michael Tsai, in a later post:

I don’t think [Meta] actually want your private data; they want data that will help them show relevant ads and ensure that the impressions aren’t faked.

The problem is that, AFAICT, there’s no such thing as “private but doesn’t help them fine-tune their ad-selection algorithms”. One of the reasons why Amazon nerfed their order-confirmation emails was because email scanners (like, say, all of Gmail) were getting useful data from everybody’s order confirmations.

While Zuck seems personally much less odious after picking up BJJ as a hobby, I’m still not a fan of any of his companies and I have zero desire to have the EU or whatever force Apple to hand over spying data to him to be sold to the highest bidder or force-handed-over to the “friendly” local national-security apparatus.

I’ll also offer one more reason why Apple doesn’t want to implement all this.

We all gripe about how Apple software is too buggy and is underbaked and so forth, and how there doesn’t seem to be much appetite to change the incentives to make that less of a problem, like letting engineers interact with bug reporters directly instead of playing Telephone through an intermediary. Or hiring engineers, regardless of what other preexisting company initiatives that might slow increasing their headcount.

If Apple is busy implementing all these DMA-mandated features, when are they going to have time to implement anything else? Considering the pace of operating-system development in Cupertino, implementing all this to the EU’s satisfaction is probably going to take all of their engineering output.

Considering that zero-day exploits can no-click hack your phone (NSO), it’s very reasonable to ink that a sideloaded app could do the same, but with far more people. Just say it’s a copy of Photoshop for your phone and people will install it.

Facebook is simply not trustworthy.

Also, iMessage, I believe, is E2E encrypted depending on the definition used at the time of its launch (in other words, far before Facebook did so), and for the current more/most strict definition, if you simply don’t back up to iCloud. And frankly, considering CSAM and things like that, a moderately high barrier to decrypting but still being able to do so, is actually just fine with me.

I don’t think that we want Facebook or Meta to lower that barrier, especially considering its incentives and business model.

@Nathan Merry Christmas to you as well!

I don’t really understand how “spokesperson thought claim was reasonable but didn’t check it” is a defense. And the built-in apps could use unlimited data, too.

Obviously, there are holes. And there’s a long history of jailbreaking without loading an app, just loading a URL in Apple’s browser. But in order for Cook’s statement to be meaningful, sideloading would have to present a significant new avenue of attack. I guess the idea is that there are bugs in the sandbox that apps could exploit, and Apple doesn’t know what they are or they would have fixed them, but App Review is going to spend a couple minutes to review an app with hundreds of MB of compiled code and preemptively block the ones that would get through the sandbox.

If most users cared about not helping the ad-selection algorithms, they would already not be using Facebook or Gmail. And, as I said, it’s not as if you’re going to install the Facebook app and iOS just grants it access to messages/e-mails/photos/passwords without asking.

I certainly agree that the EC dictating Apple’s software development priorities is not a good outcome. Many of us have been dismayed that Apple seemed to be trying so hard to invite regulation.

@Someone else You cited the Wikipedia etymology on this changing definition before, but if you look at their earlier definition, it says “communication is never decrypted during its transport,” which is much looser than what Apple initially claimed. Apple has always used the term in the sense of them not having access to the key, i.e. the newer definition. The issue is that Apple initially only applied the idea to a subset of their messaging system. I think the whole system is what matters, and in that respect iMessage is still not doing great because it only applies if you and everyone you communicate with opts out of backup or opts into ADP, whereas Facebook enables it by default.

It’s completely possible that Facebook is not trustworthy and these particular interop requests were reasonable. Personally, I wouldn’t give them access to my messages, but I would welcome the ability to give access to some other third-party utility that would let me access my own data.

"Facebook, Instagram, and WhatsApp could enable Meta to read on a user’s device all of their messages and emails, see every phone call they make or receive, track every app that they use, scan all of their photos, look at their files and calendar events, log all of their passwords, and more."

The issue here is that, apart from logging passwords, which seems like dubious claim, there are benign reasons for Meta (or many other companies) to do all of these things. I want apps to be able to do these things. I personally don't particularly want Facebook to be able to do them on my phone, but then, I solve that problem by just not installing Facebook.

I don't like the idea of putting privacy decisions in the hand of private for profit corporations (i.e. out of touch super rich asshats) instead of governments (i.e. us users).

@Nathan Oh for crying out loud, one Apple isn't the network carrier so Job's assertion was already odd. Not his responsibility to think of theoretical problems related to the mobile network. There was a process to get your devices certified for the market (aka unlocked) and another one as a branded Cingular device.

Two, he simply lied. Why are we debating this? He said an open platform could allow a rogue app to bring down the network, but Cingular already had smartphones with third party apps running on the network prior to the iPhone ever being announced, let alone shipping. So open platforms existed and network was fine, but his new closed platform was closed to protect the sanctity of same said network? This is called FUD. Notice he said Cingular, which means this whole discussion was pre iPhone shipping, since Cingular rebranded as AT&T by ship date. Jobs said his lie in protestation of the iPhone running third party apps at all!!! This was not even the jail breaking lie Apple later spread!!! Hasn't it run third party apps for roughly the last 16 years? Guess Jobs was full of shit. To put it bluntly.

Apple constantly lies and people eat up the lies, inexplicably. I don't trust Meta at all, like in such a way I refuse to use any of their products. Yet, Apple talking about security and privacy is always a precursor to limiting their customers and partners out of control of any aspect of an Apple device. This is about control, which directly allowed Apple to become a feudalistic rent seeker. Why would anyone defend the status quo? I used a Mac from roughly 1991 to roughly 2015 and I'd honestly rather be back in the dark days of the 1990s with Apple than now.

@Someone else
Just to clarify in case it wasn't clear, in the case of Michael's link about third party apps, Apple was against allowing any third party apps on the iPhone. Not even through an official app store. That's how deep Apple was lying at the iPhone product announcement. That was from 2007!!! Notice their opinion evolved as Apple got to collect 30% of everything on the platform? Suddenly carrier networks were completely safe!!! And it will evolve again if Apple can figure out a way to rent seek in new ways.

Not directed at anyone in particular, just a general note in such discussions, Michael Tsai is a long time to developer for Apple platforms, as far as I can tell, all his apps are solely for Apple platforms. He is hardly going to cast frivolous aspersions towards the company. I think it behooves us to listen to how many long time developers are not particularly happy with the platform.

In my own case, I was both a stock holder and a long time user and I abandoned both positions because of my own discomfort with the totalitarian dystopian vision of modern computing being bandied about. It's a reason I don't like silos of Facebook, Reddit, etc. as well. Open web, open platforms, open solutions are better most of the time. I know why companies are against this concept, but why are users?

Clint is right: the code that talks to the cell tower runs on a completely different processor from the "evil third party app". It can therefore (trivially) throttle the "evil third party app"'s access to the cell tower. So Steve Jobs was lying.

As to what Meta wants to do, that's easy. Like Kristoffer, I don't install their rubbish.

However, consider WePay. Having that is essential to life in China. Having it riffle through all one's stuff would be an issue. I expect similar nonsense in the West as they try to convince us that having our driving license, vaccination record, CBDC accounts on device is more "convenient" than carrying physical items. Then, we too, will have to install government supplied apps.

To see where that can go, AFAIK, the Chinese police can force Chinese citizens to install "anti-fraud" which check devices for "bad" behaviours (VPNs, etc) and presumably Apple made those easy to install as a condition of selling iPhones in the country.

@Michael, did apple ever share their definition of E2E encryption?

Here’s their press release from 2011 announcing iMessage and it’s not defined there, but perhaps it is elsewhere:
“iMessage in iOS 5 brings the functionality of iPhone messaging to all of your iOS devices ― iPhone, iPad and iPod touch. Built right into the Messages app, iMessage allows you to easily send text messages, photos, videos or contact information to a person or a group on other iOS 5 devices over Wi-Fi or 3G. iMessages are automatically pushed to all your iOS 5 devices, making it easy to maintain one conversation across your iPhone, iPad and iPod touch. iMessage also features delivery and read receipts, typing indication and secure end-to-end encryption.
https://www.apple.com/uk/newsroom/2011/06/06New-Version-of-iOS-Includes-Notification-Center-iMessage-Newsstand-Twitter-Integration-Among-200-New-Features/

iCloud Backup was announced at the same time.

Now, again, I think there should be a high but not impossible barrier to accessing private info to third parties. I think that we have a reasonable expectation of privacy from Apple, that they’ve tried to balance convenience with privacy (and those who are even more privacy conscientious have (and always had) options).

And of course, all communication partners must have good security. Weakest link, etc. Screenshots are easy to do. Way easier than exporting a database of chat messages.

Facebook has already shown that their concept of privacy is very different from laypeople’s (and what’s legal in some states) so we shouldn’t be trusting them, nor be in a rush to lower these privacy barriers for people who currently trust their iPhones.

If Apple is forced to grant access to chats, expect something similar to how Contacts are now shared (after having been abused by Facebook and others) — that is, a default to select which items to share and nothing else.

Finally, iMessages can be backed up locally using iMazing, etc. Should it be easier? Maybe. It should be easier to export from Notes :). And exporting Notes would be far more useful than exporting chats, IMO.

@Nathan_RETRO, is it a surprise that a company would tell you something isn’t desirable or too hard (and the reasons why) until they have a (profitable) solution for it? I don’t see why people are surprised at that.

Also, recall that apple licensed the name App Store from Salesforce, after Jobs gave them the idea for it in the first place. https://techcrunch.com/2020/01/02/the-story-of-why-marc-benioff-gifted-the-appstore-com-domain-to-steve-jobs/

Nostalgia for the computers of the 90s only goes so far. To be truthful, they sucked compared to modern smartphones. Want to connect to the internet? Fire up that modem.

As far as side-loaded apps: DDOS. And if the timing is correct (someone mentioned Cingular), Cingular was already taking a huge risk since no one knew how much full internet and web would work on a cell network for that many people. (The other huge risks were trusting apple, and staying out of the bloatware game / giving up control over phone app content… which, frankly, didn’t work out well for them as carriers are now commodities)

Being conservative WRT risks is a good thing, not bad.

@Someone else Yes, Apple has talked about E2EE in terms of them not being able to read the messages. iMazing only backs up the iMessages that are currently cached on the device, which is often a tiny fraction of the total. Regarding Jobs (and later Cook), the point isn’t that people are surprised. The point is that because they continually do this their protestations today should be taken skeptically.

@Michael, in the most charitable way of looking at Apple with respect to E2E, is that:
1. iMessage itself is E2E (including encrypted at rest),
2. and separately, iCloud Backup stores the keys for that encryption, but that’s a separate, optional (but default) feature.

Should Apple be very upfront about #2 for the privacy-minded? Yes? I guess?

The most important part is that Apple is not preemptively scanning our iMessages nor looking at their metadata (who is talking to who and when). This is very much not the case for Google email, Facebook Messenger (till recently). They do it with a warrant (and yes, only recently started requiring actual warrants as they were giving away data to cops without one until a few years back)

This E2E stuff WRT Apple is really kind of a nothingburger in comparison to actual privacy leakages, invasions, and fishing expeditions (Jan 6 rioters geofence search, for example) we’re all inured to from the other platforms that are many orders of magnitude larger.

@Someone else Yes, there is a charitable interpretation where what Apple said is technically true if read to only include #1. But the big picture is that they marketed it as if you use iMessage they can’t read your messages, and for the vast majority of customers that wasn’t true then and isn’t true now. The practical reality was the opposite of the plain reading of that they said. And, with a warrant, Apple will provide your data to governments, too. I don’t think it’s too much to ask that if they are going out of their way to make a claim that people come away with the correct impression. I agree that there are plenty of privacy problems to go around…

@Someone else
You still have the argument completely backwards. Cingular was not the one complaining about apps, Apple was the party complaining about apps. You are attributing why Cingular could be concerned to Apple's statement, but the statement was from Apple, not Cingular. It simply doesn't make sense. Also, yes we did know what web browsing and apps would do on the network because Blackberry, Symbian, PocketPC, Palm, etc were already on the network. Even feature phones had apps at the time. Heck, even some essentially "dumb phones" could use Java ME apps. I used Opera mini to browse the web on a really basic phone before the iPhone was even announced. And to clarify, not every app was network connected back then. Lot of games and productivity apps ran locally only.

As far as Apple hemming and hawing only to be okay with apps after claiming 30% of all commerce on their platform, this is precisely why Apple's claims are simply bullshit. They weren't technical problems, it was simply FUD to explain Apple's lack of a competitive feature on their platform. Again, pretty much all smart phones, many feature phones, and a healthy dose of dumb phones could run apps prior to the iPhone. The mobile networks were quite fine given this arrangement. 1.39 million total iPhones were sold in 2007, hardly enough to break the network. Cingular/AT&T had 63 million subscribers around that time to put that in perspective.

As far as using dial-up to get online in the 90s… well, yes, and it worked quite well because websites were smaller and more efficient. And boy howdy do I hate having a 100 different ISPs to choose from, sure glad I have one choice now. Wait, no, I kind of hate things now. I used dial-up up until the mid 2000s, and I had all the tricks in the book to make it function well into the broadband transition days. It was also cool you could literally connect to any other computer for free (assuming you had phone service and the call was locally billed) without an ISP, but you know, pesky old timers not appreciating the wonders of "life as a service" billed monthly in perpetuity.

By the early 2000s, I had my first real network I ever configured. Dial-up to a Mac, then shared out to the rest of my LAN. I want to say 10.2 Jaguar had network sharing as a couple clicks and that allowed me the easiest path to making this work, but I also remember using routing software with Mac OS 8.6-9.x Macs as well. The topology was dial-up modem connected to primary Mac, then the Mac ran Ethernet to the switch, all the other network devices were wired to the switch, excepting the one computer that was wireless by WiFi Ethernet bridge connected to one of the switch ports and another wireless Ethernet bridge to the Ethernet port on that particular Mac. I didn't have a traditional router until, I want to say 2007. Guess I've always been a bit of an oddball. :)