Apple's iMessage May Dodge EU Regulatory Demand for Interoperability

[Lyrics23]

Why can't people just download apps?

Because messaging has a lock-in effect, where a messaging app is useless unless you can also convince everyone you communicate with to also use it. A virtually impossible task.

Interoperability ensures apps compete based on features, rather than having to use whatever app happens to be dominant in your region.

 

[CarAnalogy]

Whoops lost post on edit

TL;DR RCS good compromise for now. Will be interesting to see what happens to this service. Apple may well simply turn a blind eye for now.

 

[Sasparilla]

Reason is not a secret, it's because they're don't have a large enough market share in the EU (for messaging systems they're not deemed a gatekeeper) to fall under these new rules.

Very well said. There's something amusing that Google's long run of different messaging apps and churn, along with finally sticking with RCS and wanting Apple to link them in iMessage is a U.S. issue for the most part.

 

[Sophisticatednut]

It’s a valiant effort, to be sure. Notifications may be less reliable, but that’s understandable. A few notes, however.



This guy is clearly very, very smart. However, security researcher may be a little generous. The linked blog post says he’s a high school student. That’s incredible, fantastic work. Still not sure I want to trust the reverse engineering of one person of necessarily limited experience.



This is the other weak spot. Even if the reverse engineering is perfect and Apple can’t change it out from under them, the implementation is a different question. That also needs to be basically perfect and something Apple can’t quietly break with plausible deniability.



This is perhaps the biggest difference. As I understand it, on iPhone iMessage keys are stored in Secure Enclave and are supposed to be essentially impossible to get at. Not sure if it’s the same here.

Overall an extremely impressive effort. It raises a few interesting arguments both for and against Apple just doing this themselves. And I have to wonder if iMessage is important enough why not use use a cheap ipad or old iPhone. And with RCS “coming soon” the advantages of this should quickly evaporate.

Like I said in another post, this guy has an unfortunate history of great ideas which are quickly destroyed by Apple.

The thing is they have done exactly what Apple didn’t want to do, make an android version of iMessage. You always have two keys, one on the device and one on apples servers.

Apple can’t change it without breaking it for every device down the line. The implementation is perfect otherwise it can’t work.

 

[killawat]

I wouldn’t count on it for anything essential but it seems interesting.

it works, but I doubt it will work by the end of the year.

 

[commander.data]

If the key to iMessage being subject to EU regulation is whether the iMessage for Business/Business Chat program is popular enough, I wonder if iMessage for Business/Business Chat is a big revenue generator for Apple? If not, if would make sense for Apple to discontinue the iMessage for Business/Business Chat program rather than risk being forced to open up iMessage.

 

[killawat]

However, security researcher may be a little generous.

why? If you look at the vulnerabilities used in exploits for jailbreaks they are all relatively minor but add up in a big way. jjtech's approach is quite elegant and very ergonomic. very similar to an early gatekeeper attack where Apple wasn't checking the validity of the protections it put in place.

though I would have approached Apple with this, I suspect he would have gotten more in bug bounties than Beeper revenue, when they shut it down.

 

[CarAnalogy]

The thing is they have done exactly what Apple didn’t want to do, make an android version of iMessage. You always have two keys, one on the device and one on apples servers.

Yes exactly. And there may well have been reasons beyond anti-competitiveness that they didn’t want to do that. We’ll see. I know there are always two keys, but the one on device is the one I’m worried about, for example, malware being able to access.

Apple can’t change it without breaking it for every device down the line. The implementation is perfect otherwise it can’t work.

Perfect is a strong word. Clearly it works. I don’t have enough information to argue either way. All I can say is that Apple hasn’t expressed any interest in making sure iMessage is interoperable, so if they did make a change to something subtle, they certainly aren’t going to make sure these guys know about it.

 

[CarAnalogy]

why? If you look at the vulnerabilities used in exploits for jailbreaks they are all relatively minor but add up in a big way. jjtech's approach is quite elegant and very ergonomic. very similar to an early gatekeeper attack where Apple wasn't checking the validity of the protections it put in place.

though I would have approached Apple with this, I suspect he would have gotten more in bug bounties than Beeper revenue, when they shut it down.

Yeah I don’t mean to demean this person’s accomplishments in any way. It’s brilliant work and from all the attention it’s getting apparently has never been done before.

Probably shouldn’t have said that, he’s doing security research therefore is a security researcher. I only meant to imply that experience is still very valuable and if jjtech really is still in high school, is the one thing that could possibly be lacking.

But yes I do question how viable it is to build a business on it.

I wouldn’t be surprised if Beeper doesn’t last, but this person winds up working for Apple.

 

[laptech]

Apple have shot themselves in the foot here because them claiming imessage is not popular enough amongst it's users to be classed as a 'gatekeeper' means Apple can no longer promote imessage in any shape or form as being the the one to use and the best to use because in doing so it would get the eyes of the EU looking in to reevaluate imessage to see if it qualifies for 'gatekeeper' status.

 

[cicalinarrot]

The EU seems to hate Apple just as much as Apple seems to hate anybody who gives them a thousand bucks every couple years.

 

[hagar]

You're operating under the assumption that governmental requirements have to be actionable, or even possible. Look, man, it's more important that legislation has flowery language that makes you feel good about yourself than it is to actually accomplish anything.

You’re right. Except that legislation protects the environment, human rights, free speech, privacy, consumer rights, the right to proper education, health, … You know, all the essential parts of life that, if you would leave them to the free market, would otherwise be turned into profit making machines and eventually destroyed.

 

[Michael Scrip]

Why can't people just download apps?

Also... if you don't have to download apps... do you even need an account on the service?

Will I be able to send a message to a WhatsApp user without having a WhatsApp account myself?

That seems fishy.

Because messaging has a lock-in effect, where a messaging app is useless unless you can also convince everyone you communicate with to also use it. A virtually impossible task.

Interoperability ensures apps compete based on features, rather than having to use whatever app happens to be dominant in your region.

But if you don't use their apps... then how will all these features be implemented?

If Signal creates some great new feature... then all other interoperable apps must implement it too. Otherwise the feature won't work with everyone.

Will interoperable services offer bare minimum messaging but you have to use the actual apps to get all the cool features?

I'm getting some "lowest common denominator" vibes here.

 

[hagar]

The EU seems to hate Apple just as much as Apple seems to hate anybody who gives them a thousand bucks every couple years.

The EU is not a conscious thing that hates and targets specific companies. And the fact that they exempt iMessage is undoubtedly something that will be very positive for Apple as they can keep doing what they want.

 

[hagar]

It's incongruent for EU users to state that iMessage is key when they always brag about exclusively using WhatsApp.

Nobody is bragging about it. It just became the standard at the time when SMS was still a thing and very expensive.

I would rather have one app to rule them all, and as an Apple fanboy i would like it to be iMessage. But that’s never going to happen, even with the adoption of RCS. It’s too little too late.

Apple had gold in its hands with iMessage and FaceTime back in the day but made a strategic blunder to keep it on their own devices. The only market where that worked out is the US. But today it would be much more valuable if they had the world’s premier messenger app.

 

[trusso]

Bloomberg reports that an investigation by the bloc's antitrust watchdog has tentatively concluded that the chat service is not popular enough with business users to warrant being subject to the new rules.

Classic case of a catch-22. Can't comprehend how they can't clearly conceive of this.

 

[cicalinarrot]

The EU is not a conscious thing that hates and targets specific companies. And the fact that they exempt iMessage is undoubtedly something that will be very positive for Apple as they can keep doing what they want.

Yeah, the second part of my comment implied that there's a good reason why the EU tries to regulate over Apple...

 

[jav6454]

Nobody is bragging about it. It just became the standard at the time when SMS was still a thing and very expensive.

I would rather have one app to rule them all, and as an Apple fanboy i would like it to be iMessage. But that’s never going to happen, even with the adoption of RCS. It’s too little too late.

Apple had gold in its hands with iMessage and FaceTime back in the day but made a strategic blunder to keep it on their own devices. The only market where that worked out is the US. But today it would be much more valuable if they had the world’s premier messenger app.

Apple never had gold. WhatsApp was already big when iMessage/Facetime came about. The whole video calling was a novelty at that point as data was a limited resource. Not only that, people prefer texting, then calling and lastly video calling.

Not only that, WhatsApp made it simpler to text people around the world.

 

[timber]

The EU is not a conscious thing that hates and targets specific companies. And the fact that they exempt iMessage is undoubtedly something that will be very positive for Apple as they can keep doing what they want.

It's almost like the EU tries to follow its goals with of course some ocasional setbacks and stupid endeavors instead of having some sort of specific anti something agenda.

 

[TimFL1]

The wording of the article is kind of confusing. I think the significance is that it’s supposed to work the other way around. If you make a messaging service, and Meta is a gatekeeper, you should be able to ask to interoperate with them and they have to do it.

I think. That’s the only way this makes sense.

This and to add ontop of that, they need to proactively outline and provide interoperability. The gatekeepers have to actively maintain a way to interoperate, not wait for the first platform to request access

That‘s probably why Apple pushes RCS out and Meta killed their Facebook meets Instagram messaging bridge: to create a proper and open interoperability interface all of their platforms share, since all 3 of them are gatekeepers. No idea whether they use an existing standard though or roll their own proprietary one in the end.

 

[CarAnalogy]

This and to add ontop of that, they need to proactively outline and provide interoperability. The gatekeepers have to actively maintain a way to interoperate, not wait for the first platform to request access

That‘s probably why Apple pushes RCS out and Meta killed their Facebook meets Instagram messaging bridge: to create a proper and open interoperability interface all of their platforms share, since all 3 of them are gatekeepers. No idea whether they use an existing standard though or roll their own proprietary one in the end.

This is why I’m optimistic but skeptical about this legislation. I understand the goal and it’s a good one. Just not sure if the tech companies are actually going to document, implement, and support open communications standards as seems to be the intent.

As you point out, they seem to be trying everything else first.

 

[jlc1978]

That sounded really cool when you wrote it, but of course the reality is your life is much safer because government regulation actually does protect you and the community. You don't have to go any further then your house, your community or your workplace to see the evidence.

I agree, but a reasonable question is "what is an appropriate government regulatory action?" A side effect is it often rises barriers to entry that prevent new competitors from entering, even if the original intent was noble; and of course higher prices.

In the meantime, Beeper seems like a working solution

Interesting solution for $2/month. Still requires apparently a connection to their server for account verification for billing, so a third party is still in the loop even if they don't handle your messages.

Interoperability ensures apps compete based on features, rather than having to use whatever app happens to be dominant in your region.

Except any features you add would have to be interoperable or else possibly run afoul of EU rules, which means new features add no value competitively; unless they become cost prohibitive for smaller companies to implement.

 

[I7guy]

Wow, so all of this regulation is about “popularity”? Something I’ve been musing over.

 

[Sophisticatednut]

Yes exactly. And there may well have been reasons beyond anti-competitiveness that they didn’t want to do that. We’ll see. I know there are always two keys, but the one on device is the one I’m worried about, for example, malware being able to access.

Why? The key is useless by itself as it’s honey works in n pairs.

Essentially imagine you have half your password on your device, and the second half on apple servers.

Perfect is a strong word. Clearly it works. I don’t have enough information to argue either way. All I can say is that Apple hasn’t expressed any interest in making sure iMessage is interoperable, so if they did make a change to something subtle, they certainly aren’t going to make sure these guys know about it.

Well perfect is a strong word. And when it comes to reverse engineering encryption it must be perfect or it will always fail somewhere when interacting with another system.

Apple can update it, but there zero ability for them to do anything without destroying backwards compatibility or pushing a new update to all devices, something that can very easily be reverse engineered when everything else already is known

 

[CarAnalogy]

Why? The key is useless by itself as it’s honey works in n pairs.

Essentially imagine you have half your password on your device, and the second half on apple servers.

I mean the private key. If that private key was leaked it could be used to decrypt your messages. That key is stored in Secure Enclave on iPhone, not sure where it’s stored here. It may or may not be an actual problem in practice, just something that caught my eye.

Well perfect is a strong word. And when it comes to reverse engineering encryption it must be perfect or it will always fail somewhere when interacting with another system.

Apple can update it, but there zero ability for them to do anything without destroying backwards compatibility or pushing a new update to all devices, something that can very easily be reverse engineered when everything else already is known

Right, I don’t mean the encryption. I mean the subtle technical implementation details. This is all reverse engineered. They may not know everything. I know this is vague and again may not be a problem. I’m just saying adding an (a) to Safari broke a bunch of websites. It’s possible that Apple could, intentionally or not, make a small system change that would otherwise be invisible but would somehow affect how this works.

I can’t think of a way they could do it that wouldn’t break it for existing users, either. My only point is that it’s officially unsupported and reverse engineered and possibly legally questionable.

You’re right they could keep it updated. But Apple has already made breaking changes to iMessage with undo send and edit. If you try those with someone running 16 and under they don’t work. And Apple is extremely aggressive about cutting off old versions. They could do it.