Keeping your data from Apple is harder than expected

A?

New study shows that the default apps collect data even when supposedly disabled, and this is hard to switch off.

(Text continues underneath the flowchart.)

Setup process after a user has first purchased a new device. The different stages often contain hidden information that is not evident to the user. Image: Amel Bourdoucen.

‘Privacy. That's Apple,’ the slogan proclaims. New research from Aalto University begs to differ. (...)

The researchers studied eight apps: Safari, Siri, Family Sharing, iMessage, FaceTime, Location Services, Find My and Touch ID. They collected all publicly available privacy-related information on these apps, from technical documentation to privacy policies and user manuals.

The fragility of the privacy protections surprised even the researchers.

‘Due to the way the user interface is designed, users don’t know what is going on. (...)

In practice, protecting privacy on an Apple device requires persistent and expert clicking on each app individually. Apple's help falls short.

‘The online instructions for restricting data access are very complex and confusing, and the steps required are scattered in different places. There’s no clear direction on whether to go to the app settings, the central settings – or even both,’ says Amel Bourdoucen, a doctoral researcher at Aalto.

In addition, the instructions didn’t list all the necessary steps or explain how collected data is processed. (...)

Complete article

Tags: #apple #iphone #privacy #privacy_settings #data #data_mining #surveillance #safari #siri #family_sharing #imessage #facetime #location_services #find_my #touch_id

#Apple responds to the Beeper #iMessage saga: ‘We took steps to protect our users’

Source: https://www.theverge.com/2023/12/9/23995150/beeper-imessage-android-apple-statement

“We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage,” Apple senior PR manager Nadine #Haija said in a statement.

"Hey Apple" - I've a great idea 💡 give us a legal opportunity to break your walled garden!

#messenger #proprietary #communication #software #problem #economy #walledGarden #iPhone #freedom #news

#Apple has seemingly found a way to block #Android’s new #iMessage #app

Source: https://www.theverge.com/2023/12/8/23994089/apple-beeper-mini-android-blocked-imessage-app

It appears that #BeeperMini, an easy iMessage solution for Android, was simply too good to be true — or a short-lived dream, at least. On Friday, less than a week after its launch, the app started experiencing technical issues when users were suddenly unable to send and receive blue bubble messages.

#communication #software #economy #fail #problem #news #proprietary

New Beeper Mini app lets Android phones appear as blue bubbles in iMessage chats

This is a dedicated stand-alone Android app by Beeper which will carry a $1.99 pm subscription after the 7-day trial period. It validates via SMS as an iPhone 7 (just as an iPhone would) so no Apple ID is required, but there is also an optional Apple ID sign as well.

Beeper Mini claims to secure your chats with full end-to-end encryption so that neither Apple nor Beeper can read the contents of the message.

Beeper Mini does not use a Mac relay server in a data centre. Instead, the app connects directly to Apple servers to send and receive end-to-end encrypted messages. Encryption keys never leave your device. No Apple ID is required. Beeper does not have access to your Apple account.

Features:

• Send and receive blue bubble messages from your Android phone number.
• Full size photos and videos, plus replies and reactions.
• Join iPhone-only group chats.
• Secure and private, with end-to-end encryption.
• Sync existing iMessages across multiple Android or iOS devices, including Macbooks and iPads.
• read receipts, typing indicators, emoji reactions, media galleries and more!

The roadmap is apparently ending later on, with the existing iMessage functionality in the free Beeper Cloud app being closed down. That functionality is working still, and will probably continue to do so for a while. The plan is to monetise through the Beeper Mini subscriptions to make the service sustainable and to keep adding features.

The picture though will likely change again later in 2024 as Apple includes RCS in their Messages app. Yes, it will probably only show green bubbles, but it will be E2EE and otherwise fully functional. It may miss out on iPhone-only groups, though.

So far, for me, Beeper Mini got up and running fine and did authenticate via SMS for my Android phone. One of my iPhone contacts though says my message showed up grey. This could be that the app was very newly registered, or because it was a chat previously started on the main Beeper app. Another contact that I started a new chat with, confirmed he sees blue bubbles from me.

I suspect this app may be more of a hit in the USA that is far more iPhone-centric than the rest of the world, and once RCS integration takes hold inside the Apple Messages app, the world may then already become more integrated.

See https://blog.beeper.com/p/introducing-beeper-mini-get-blue
#Blog, #BeeperMini, #imessage, #technology

Apple to finally bring RCS to iPhones: But alongside iMessage

I was really sure this was an early April Fool’s joke, but it appears to be genuine…

Apple will keep its iMessage as-is, so that won’t affect its security, and they don’t want to bring iMessage either to Android (as that would lose them customers).

Right now though, iMessage is handling SMS messages, so they either need to move that into the RCS app, or find some way of routing between the two apps, as SMS and RCS are carrier supported messaging linked to the phone number. iMessage can actually work using the Apple ID.

So, it will be interesting to hear exactly how they’re doing this, but ultimately iPhone users will have an app for each service. WE are probably already used to having WhatsApp, Telegram, and Signal (and more) installed, and whichever one pops a message up, we just hit reply.

I suppose this move by Apple makes the most sense for them actually by keeping iMessage unaffected. Thing is though that RCS will then of course be a truly universal chat app that could also replace SMS finally. So many organisations are still geared around bulk SMS services, so it may be time for those services to start thinking about transitioning to RCS, which will probably save them a lot of money.

See https://techcrunch.com/2023/11/16/apple-to-finally-bring-rcs-to-iphones/
#Blog, #apple, #imessage, #RCS, #technology

Sunbird is steaming forward to bring iMessage to Android, no hardware required, and with E2EE

Back in early December 2022, news broke that a new company was attempting to achieve something that no one else done – Bring iMessage and its blue bubbles to Android phones. Granted, there are some solutions out there that “technically” allow users to use iMessage on Android, but they’re clunky and require having a host device running 24/7 to make it work. Yes, there is another app out there that promises iMessage on Android, but it’s currently closed beta, and we already know that it’s not going to be free when it finally arrives for the masses.

As you’d expect, Sunbird if very tight-lipped about how the app is delivering iMessage to users. They insist that the delivery method is 100% secure and doesn’t violate any of iMessage’s ToS. Speaking of security, Sunbird is touting that the app implements iMessage’s 100% end-to-end and that the only data stored on the company’s servers are the credentials for the Sunbird app itself.

Danny Mizrahi says that Sunbird has been able to scale while bringing the cost down to less than 60 cents per user. What is not clear is whether that is 60c per message or per month? But “cost” is not retail “price” so it will no doubt have to allow for a profit margin to be sustainable.

See https://chromeunboxed.com/sunbird-is-steaming-forward-to-bring-imessage-to-android/
#Blog, #imessage, #Sunbird, #technology

Sunbird is a new app trying to bring iMessage to Android may have found the secret formula, but is it a ‘person-in-the-middle’?

One of the most secure methods to do this has been to use an existing Macbook computer, or a macOS VM, but they all require additional stuff to be set up and keep working.

It appears that Sunbird is virtualising all of that in the background. Not everything works 100% and we have not yet seen anyone using this with their own Apple ID account.

However the big issue to remember is that there is a provider now in the middle, and I’m wondering about that claim of E2EE. I’m not sure this can be end device to end device encryption, or is it pulling a ‘Cloudflare’ here. I can’t see how else it does this.

Of course, this is an alpha app so it doesn’t work flawlessly. Lots of features are missing and things don’t work quite as expected. However, as a proof-of-concept, it is sound and shows Sunbird might be the real deal.

See https://www.androidauthority.com/sunbird-imessage-android-3244025/

#technology #iMessage #Android
#Blog, ##android, ##imessage, ##technology

Android Messages will send videos as Google Photos links for the benefit of RCS-less iPhones, rolling out iMessage compatible reactions

It is ironic (tragic?) that in 2022, the communication between modern RCS Messages and iMessage will be the ancient unencrypted SMS system. But that’s what we have to live with for now, so it is good to see Google at least trying to improve compatibility of the experience from the Android side.

As one commentator says, it would be interesting if WhatsApp, Telegram or Signal could figure out how to incorporate RCS from the iPhone side, especially. The problem is though that RCS is a carrier level enabled service.

See https://9to5google.com/2022/03/10/google-messages-new-features/

#technology #mobile #messaging #iMessage #Messages
#Blog, ##mobile, ##rcs, ##technology, #imessage, #messages

#apple #iMessage = #surveillance with #nsa and corporations looking to manipulate you. Don't follow this advice. Avoid this piece of malware completely. https://screenrant.com/use-imessage-android-windows-linux-how/

A deep dive into an #NSO zero-click #iMessage #exploit: Remote Code Execution

source: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html

#JBIG2 doesn't have scripting capabilities, but when combined with a #vulnerability, it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary #memory. So why not just use that to build your own #computer architecture and script that!? That's exactly what this exploit does. Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture with features such as registers and a full 64-bit adder and comparator which they use to search memory and perform arithmetic operations. It's not as fast as #Javascript, but it's fundamentally computationally equivalent.

#news #attack #hack #hacker #knowledge #iPhone #apple #software

About #Apple threat notifications and protecting against state-sponsored #attacks

source: https://support.apple.com/en-us/HT212960

If Apple discovers activity consistent with a state-sponsored #attack, we notify the targeted users in two ways:
* A Threat Notification is displayed at the top of the page after the user signs into appleid.apple.com.
* Apple sends an email and #iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.

#surveillance #hack #nso #trojan #privacy #technollogy #iphone #smartphone #news #problem #security

● NEWS ● #ThreatPost #Privacy #Surveillance ☞ Pegasus Spyware Uses #iPhone Zero-Click #iMessage Zero-Day https://threatpost.com/pegasus-spyware-uses-iphone-zero-click-imessage-zero-day/168899/