January 31, 2019

Link: Google Abuses Enterprise Certificates, Too ☍

Like Facebook, Google was using their internal iOS enterprise certificates externally to distribute an app outside of the App Store. They shut it down when Facebook was caught, but it looks like Apple is at least inconveniencing them as punishment. Zach Whittaker from TechCrunch:

Apple has blocked Google from distributing its internal-only iOS apps on its corporate network after a TechCrunch investigation found the search giant abusing the certificates.

“We’re working with Apple to fix a temporary disruption to some of our corporate iOS apps, which we expect will be resolved soon,” said a Google spokesperson. A spokesperson for Apple said: “We are working together with Google to help them reinstate their enterprise certificates very quickly.”

TechCrunch reported Wednesday that Google was using an Apple-issued certificate that allows the company to create and build internal apps for its staff for one of its consumer-facing apps, called Screenwise Meter, in violation of Apple’s rules. The app was designed to collect an extensive amount of data from a person’s iPhone for research, but using the special certificate allowed the company to allow users to bypass Apple’s App Store. Google later apologized, and said that the app “should not have operated under Apple’s developer enterprise program — this was a mistake.”

I suspect that athlete very least, Apple did this to enforce their terms of service consistently, but also to break any of these rogue apps that are out there. The fact that Google stopped themselves and issued an apology doesn’t necessarily make it much better. As a sidenote, I’ve been very impressed with TechCrunch’s investigation on all of this.

January 30, 2019

Link: Goodbye Big Five ☍

Kashmir Hill for Gizmodo in “Life Without the Tech Giants”:

Amazon, Facebook, Google, Microsoft, and Apple collectively make products that we love, products that we hate (but can’t stop using), and products that dictate how we communicate and how we are seen. Their devices and services make our lives easier than they’ve ever been before, yet more complicated in unforeseen ways. They are so ubiquitous and fundamental to our lives that their offerings have replaced core functions of our brains. We’re now realizing it’s as possible to get addicted to these buttons, clicks, screens, and scrolls as it is to get hooked on nicotine or heroin. Who, after all, can deny the high that comes from an Instagram like? […]

The common retort to these concerns is that you should “just stop using their services.” So I decided to try.

This is a story of how, over six weeks, I cut them out of my own life and tried to prevent them from knowing about me or monetizing me in any way—not just by putting my iPhone in a drawer for a week or only buying local, but by really, truly blocking these companies from accessing me and vice versa. I wanted to find out how hard it would be—or if I could even do it—given that these tech giants dominate the internet in so many invisible ways that it’s hard to even know them all.

I’ll be curious to see the next installments, as those are the two companies I’m mostly involved with. In the series, content is outright blocked at a network level, as opposed to just opting out of an account, which demonstrates the most extreme case. It’s an interesting experiment as we all continue to evaluate which companies are worth doing business with.

Link: Facebook Abuses Enterprise Certificates, Spies on Teens ☍

Josh Constine for TechCrunch:

Desperate for data on its competitors, Facebook has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August. Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms. […]

Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android “Facebook Research” app. Facebook even asked users to screenshot their Amazon order history page. The program is administered through beta testing services Applause, BetaBound and uTest to cloak Facebook’s involvement, and is referred to in some documentation as “Project Atlas” — a fitting name for Facebook’s effort to map new trends and rivals around the globe.

I really want to cover things other than Facebook-being-bad, but this is beyond creepy and I’d consider it malware. The fact that they’ve skirted Apple’s App Store guidelines is not surprising, but Apple took action quickly on the matter. In some capacity, I think Facebook believes that they’re above other companies’ policies, especially in the area of privacy.

January 28, 2019

Link: FaceTime is Buggy ☍

Benjamin Mayo for 9to5Mac:

A significant bug has been discovered in FaceTime and is currently spreading virally over social media. The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their phone — before the person on the other end has accepted or rejected the incoming call. Apple says the issue will be addressed in a software update “later this week”.

Naturally, this poses a pretty privacy problem as you can essentially listen in on any iOS user, although it still rings like normal, so you can’t be 100% covert about it. Nevertheless, there is no indication on the recipient’s side that you could hear any of their audio.

There’s also a related bug that gives access to the camera:

What we have also found is that if the person presses the Power button from the lock screen, their video is also sent to the caller — unbeknownst to them. In this situation, the receiver can now hear your own audio, but they do not know they are transmitting their audio and video back to you. From their perspective, all they can see is accept and decline…

This is a really bad and embarrassing bug. Apple needs to address this immediately and do all they can to stop this server-side (if possible) until the fix is released. For now, it’s probably a good idea to disable FaceTime.

Update: Apple disabled Group FaceTime as a temporary workaround. All things considered, this was a rather quick turnaround on a first step towards a fix.

Link: Now’s the Perfect Time for Apple to Bring Messages to Android ☍

Michael Grothaus for Fast Company:

First, come late 2019 or early 2020, there will be tens, maybe even hundreds of millions of WhatsApp users looking to jump ship to a new messaging app. These will be users who could stomach Facebook owning WhatsApp–but only so long as it remained as segregated as possible from Facebook’s other platforms. As that segregation will no longer exist, these people will be looking for another reliable, secure messaging service. […]

Apple could use this upcoming mass migration of messaging users as a great branding opportunity. Frame it as a public service: “Your messages in our app stay private. Period. And now it’s available for iOS and Android–because we believe privacy is a fundamental human right no matter what phone you use.”

The goodwill it would generate—and, more importantly, the service and user experience Apple would be able to provide to new users—would have the ancillary benefit of acting as a gateway to other Apple products. In other words, once Android users see how great Apple’s Messages are, they’re more likely be tempted to further move into Apple’s ecosystem and start snapping up iPhones and Macs.

Second, everyone knows Apple’s future lies in services when it comes to revenue growth. I’ve argued this before, but if Apple wanted to bring in boatloads of cash in new services, they could do it at any time by releasing Messages for Android and charging for it. Release the app for free before Facebook’s changes go into effect, and let Android users use the app at no cost for a year. Then do as WhatsApp used to and charge Android users an annual fee to use the app after the first year–say an annual $4.99 in-app subscription. As I’ve previously said, five bucks times a few hundred million Android users on an annual subscription plan brings in a lot of services dough for Apple.

It’s an interesting thought experiment—I have a few Android-using friends and we’re trying to plan around Hangoutspocalypse, as they like to send messages with their computers. However, the anecdotal evidence is that Android users don’t spend money on apps and I suspect that free would still win out, especially for people who are fine with plain SMS, RCS, or Facebook Messenger. Beyond that, Apple may be transitioning to a more services-oriented business, but I think they’re looking for services that will bring in money, not necessarily just goodwill. Unlike Spotify and Pandora, there’s no free tier of Apple Music.

While iMessage is a great service, I don’t know if it has that “Holy smokes, now I must go buy an iPhone!” effect. The blue-versus-green-bubbles angst is more for people already using iMessage. Plus, if more people cared about better winning out, the entire tech landscape would look a lot different.