Meta’s iOS Interoperability Requests

I’ll take Apple's word over Meta's word 100 times out of 100.

@Total Apple, the company who told us that iOS couldn’t be an open platform because a bad app could take down Cingular’s West Coast network? And that sideloaded apps would break the security of the phone, even if they were sandboxed?

Of course, Meta doesn’t have a great record in general, but I don’t think it has a history of misleading statements on this particular topic.

There's no reason to trust either of them. Neither one is actually looking out for users.

> Apple says Meta is seeking low-level access that would break both user privacy and device security.
>
> Meta says Apple is using “privacy” as a bullshit excuse to avoid even reasonable interoperability.

I think the safe bet is that these are both correct.

This is data that Apple itself has chosen not to access in order to provide the strongest possible protection to users.

Wait, but Apple does actually have access to all of the data they listed. Apple already does all of those things already (tracking my phone calls and emails so the App Store can tell I'm human, phoning home every time I open an app, scanning every photo I take to identify everyone in it, etc), and I can't opt out of most of them.

@vintner Yeah, for the typical user, Apple in fact does have access to their messages, e-mails, photos, calendar, etc., because the data is stored on their servers and not E2EE. This doesn’t break user privacy because Apple “chooses” not to access the information (except when they do, e.g. because of law enforcement). But Meta making that same choice does break privacy.

“I would love for apps to be able to access my message history because right now Apple doesn’t let me back up or search my own messages.”

Not to mention being able to find large images and videos for those of us who choose not to pay Apple a strage tax to get more than a measly 5GB. Apple will happily tell us that Messages is using a GB, but give us no useful tools to see/remove just old images or videos that are the cause of it.

Apple’s has a track record in dark patterns of storing cloud data in ways that are inscrutable and just about force folks to pay for extra storage they shouldn’t really need.

Seamless integration of third party (read Sony) wireless headphones sounds nice.

”Of course, Meta doesn’t have a great record in general, but I don’t think it has a history of misleading statements on this particular topic.”

Are you kidding me?? There’s one company that lives on selling you hardware and there’s one company that lives on harvesting your private data. And if they can get that information without having to ask for it, the better. And you throw the what aboutism into the discussion.

@Jon Whataboutism is when you make a counter-accusation as a distraction. That’s not what I did here. Apple accused Facebook of X. Meta said that Apple is making bad argument Y. I provided specific examples of other times when Apple said Y and where it’s generally agreed that Apple was wrong/deceptive/insincere.

If you are concerned about X, why not investigate that? Is Apple correct that Facebook would be able to access all of the user’s passwords?

I’ve covered many of the Facebook scandals over the years. It’s complicated. I don’t think they actually want your private data; they want data that will help them show relevant ads and ensure that the impressions aren’t faked. They actually shipped true E2EE messaging before Apple, which they totally didn’t have to do.

I think it’s obvious that, if Apple made this information available, apps would have to ask for it, as they already have to ask for much less sensitive data.

Apple is increasingly not a hardware company, as it relies more on services and its own advertising and tracking.

Merry Christmas!

Quoth Michael Tsai:

the company who told us that iOS couldn’t be an open platform because a bad app could take down Cingular’s West Coast network?

I believe Jobs believed, or at least thought possible, that too much data being transferred over Cingular could have crashed their network.

I also believe that Jobs didn’t do an Elon Musk-style “every limitation quoted must have a singular engineer’s name attached to it whom I can grill for the particulars to see if this is merely cargo-culted industry best-known-practice or an actual physical limitation, and here’s the math showing why” baloney check on this particular claim from Cingular.

One of my neighbors said he noticed exactly when the iPhone came to Verizon because the call quality on his what-we-now-call-a-dumbphone dropped significantly.

And that sideloaded apps would break the security of the phone, even if they were sandboxed?

I believe sideloaded apps would break the sandbox at least some of the time. You think Apple’s sandboxing technology doesn’t have holes in it?

Quoth Michael Tsai, in a later post:

I don’t think [Meta] actually want your private data; they want data that will help them show relevant ads and ensure that the impressions aren’t faked.

The problem is that, AFAICT, there’s no such thing as “private but doesn’t help them fine-tune their ad-selection algorithms”. One of the reasons why Amazon nerfed their order-confirmation emails was because email scanners (like, say, all of Gmail) were getting useful data from everybody’s order confirmations.

While Zuck seems personally much less odious after picking up BJJ as a hobby, I’m still not a fan of any of his companies and I have zero desire to have the EU or whatever force Apple to hand over spying data to him to be sold to the highest bidder or force-handed-over to the “friendly” local national-security apparatus.

I’ll also offer one more reason why Apple doesn’t want to implement all this.

We all gripe about how Apple software is too buggy and is underbaked and so forth, and how there doesn’t seem to be much appetite to change the incentives to make that less of a problem, like letting engineers interact with bug reporters directly instead of playing Telephone through an intermediary. Or hiring engineers, regardless of what other preexisting company initiatives that might slow increasing their headcount.

If Apple is busy implementing all these DMA-mandated features, when are they going to have time to implement anything else? Considering the pace of operating-system development in Cupertino, implementing all this to the EU’s satisfaction is probably going to take all of their engineering output.

Considering that zero-day exploits can no-click hack your phone (NSO), it’s very reasonable to ink that a sideloaded app could do the same, but with far more people. Just say it’s a copy of Photoshop for your phone and people will install it.

Facebook is simply not trustworthy.

Also, iMessage, I believe, is E2E encrypted depending on the definition used at the time of its launch (in other words, far before Facebook did so), and for the current more/most strict definition, if you simply don’t back up to iCloud. And frankly, considering CSAM and things like that, a moderately high barrier to decrypting but still being able to do so, is actually just fine with me.

I don’t think that we want Facebook or Meta to lower that barrier, especially considering its incentives and business model.

@Nathan Merry Christmas to you as well!

I don’t really understand how “spokesperson thought claim was reasonable but didn’t check it” is a defense. And the built-in apps could use unlimited data, too.

Obviously, there are holes. And there’s a long history of jailbreaking without loading an app, just loading a URL in Apple’s browser. But in order for Cook’s statement to be meaningful, sideloading would have to present a significant new avenue of attack. I guess the idea is that there are bugs in the sandbox that apps could exploit, and Apple doesn’t know what they are or they would have fixed them, but App Review is going to spend a couple minutes to review an app with hundreds of MB of compiled code and preemptively block the ones that would get through the sandbox.

If most users cared about not helping the ad-selection algorithms, they would already not be using Facebook or Gmail. And, as I said, it’s not as if you’re going to install the Facebook app and iOS just grants it access to messages/e-mails/photos/passwords without asking.

I certainly agree that the EC dictating Apple’s software development priorities is not a good outcome. Many of us have been dismayed that Apple seemed to be trying so hard to invite regulation.

@Someone else You cited the Wikipedia etymology on this changing definition before, but if you look at their earlier definition, it says “communication is never decrypted during its transport,” which is much looser than what Apple initially claimed. Apple has always used the term in the sense of them not having access to the key, i.e. the newer definition. The issue is that Apple initially only applied the idea to a subset of their messaging system. I think the whole system is what matters, and in that respect iMessage is still not doing great because it only applies if you and everyone you communicate with opts out backup or opts into ADP, whereas Facebook enables it by default.

It’s completely possible that Facebook is not trustworthy and these particular interop requests were reasonable. Personally, I wouldn’t give them access to my messages, but I would welcome the ability to give access to some other third-party utility that would let me access my own data.

"Facebook, Instagram, and WhatsApp could enable Meta to read on a user’s device all of their messages and emails, see every phone call they make or receive, track every app that they use, scan all of their photos, look at their files and calendar events, log all of their passwords, and more."

The issue here is that, apart from logging passwords, which seems like dubious claim, there are benign reasons for Meta (or many other companies) to do all of these things. I want apps to be able to do these things. I personally don't particularly want Facebook to be able to do them on my phone, but then, I solve that problem by just not installing Facebook.