ecton.dev

I no longer trust Apple

An aside: this blog

It's been a long time since I last posted here. In the months since my last post, I've been writing about my development journey on my Discourse forums. I'm going to continue doing that, so if you wish to follow along, please continue doing so over there -- Discourse has feed support as well as excellent email digests.

This blog will be a bit more personal moving forward. However, it will still be primarily focused on tech-related topics because that's what I'm mainly interested in.

I no longer trust Apple

Maybe I shouldn't have ever trusted Apple, but I felt like they had security and privacy in mind for a while. While I disagreed with several specific app store guidelines and disliked their inconsistent application, I overall believed in the general approach to protecting our devices: have a human verification process before letting executables onto our devices.

I don't have qualms with the overall app store. Yet, specific behaviors in the past few years have made me go from enjoying using the Apple ecosystem to actively investigating how I might switch away.

Anti-innovation behaviors

My previous startup was an app company. We built apps for tradeshow attendees to load the maps, schedules, and more onto their devices. We had our first app in the store in the fall of 2009 -- one year after the SDK was announced. I left the company in November 2019, after being part of shipping tens of thousands of natively-developed apps into both the Apple and Google stores.

In California and South Korea Apple finally had one of their most blatantly anti-competitive clauses deemed illegal. In our startup, we encountered this limitation multiple times when trying to modernize the trade show industry.

Most people focus on how this is anti-competitive. And it is. But, it's also anti-innovation. Let's briefly look at one example in the trade show industry: badge scanning.

For those unfamiliar with trade shows, companies purchase "booth space" to set up a small display to show off their products and services. The standard way for exhibitors to collect the contact information of an attendee is to scan their badge.

This can be accomplished in many ways, but generally, the company that handles attendee registration also rents hardware devices that exhibiting companies use to scan badges.

To attempt to bring that into an app on a phone, we needed good enough cameras. By 2013 or so, a large enough population of attendees had smartphones capable of reliable capturing QR codes in non-ideal conditions -- such as trying to scan a small QR code printed on a badge hanging on someone's lanyard protected by a slightly glare-inducing, fingerprint-covered plastic sleeve. We had customers asking for us to integrate badge scanning into the app.

Seeing the obvious business case, we developed it. However, we also recognized that the guidelines would prevent the most compelling use-case: an exhibitor is on the show floor and wants to scan badges. Can they purchase inside of the app they're going to use?

The short answer is no: the industry had a standard model, and Apple's guidelines prevented selling a competing app-only product without losing the app store tax. Moreover, since exhibitors knew that they could purchase scanning at registration, there was no practical way on-site to direct them to a mobile-friendly payment website. The app couldn't advertise the ability to purchase it at all due to Apple's guidelines.

But, the app could advertise the rental of the physical registration devices. When you're a business operating on margins, a 30% margin is hard to stomach when you know your competitor doesn't have to pay it.

In this situation, Apple wasn't just anti-competitive. They were anti-innovation. These guidelines served as a way for Apple to prevent other payment processors from competing. They also prevented other businesses from disrupting established business models.

I don't want to support any company that actively gets in the way of other people innovating. We need innovation more than ever as we face our global problems.

CSAM Scanning

Many more intelligent people than I have voiced their concerns for CSAM scanning on iOS devices.

My short take is this: if they're only scanning photos that are being uploaded to iCloud Photos, why can't they scan it at ingest? Why must we do this on our devices? I don't want to consent to background processes running on my device that can be potentially hijacked.

But iOS is secure, so that's a moot point... right?

Lackluster Security Responses

I read about three 0-day iOS vulnerabilities disclosed this morning, and it's what prompted me to finally put a voice to the thoughts I've been having. These vulnerabilities are failures in API designs by Apple, and the security researchers failed to get reliable communication about fixing these vulnerabilities (let alone payouts according to their public bounty program). Beyond that, as you can see, the researcher also links a list of other bad experiences with the Apple bounty program.

This is inexcusable. And, it's the last straw for me. When a white-hat researcher participates in your bug bounty program with a critical 0-day vulnerability, you should never hesitate to fix the issues and reward the researcher. That's the point of these programs: ensure that the vulnerabilities that are discovered are likely to be disclosed before being exploited in the wild.

Apple's failure to work with many security researchers caused multiple 0-day vulnerabilities to be disclosed without available patches. That is a direct rebuttal to the argument that "iOS is secure." Each of these snubbed researchers might ask themselves the next time: should I just sell the exploit instead since Apple won't pay out their bounty program?

As an iOS user, you can only hope that in the future those researchers still responsibly disclose the vulnerabilities to Apple and hope that they get fixed before someone with malicious intents discovers the vulnerability.

Nowhere to go

We're at the cusp of genuinely open phones being available. But we have another problem to solve: it's one thing to allow geeks like me to hop onto a new platform. It's another thing to get less technical family members onto those same platforms.

As much as I dislike thinking about my mortality, these topics are intertwined. For each step I take to protect my privacy, I might be making it that much harder for loved ones to gain access to potentially important information in the event of an unexpected death. When Apple announced Digital Legacy in iOS 15, I thought it was an excellent solution to this problem. Since then, I've become much more critical of Apple and no longer trust them to be the steward of my data.

I don't know where I'm going to go or whether I will build some solutions myself. All I know is that I no longer trust Apple, and I believe others should consider doing the same.