Private Messaging Apps 'Scrambling' to Overhaul Software Following Apple Privacy Changes

[BootsWalking]

Rene Richie did a great video on the Google Project Zero press release about the iPhone vulnerability. It is worth watching as it shed some interesting light what really happened and how much risk there really was for iPhone users.

Thanks for the video. He concludes the risk was small based on how the known websites using the exploits were in small, targeted regions like in China. However that doesn't really shed light on what the actual risk was because there could have been other sites as well using the exploit that Google doesn't know about. The important issue is that there was such a major exploit possible via passive means - the fact we only know of a few sites using it doesn't really shed light on what the actual impact was, nor does it mitigate the issue.

He also mentions how those sites used different exploits for other platforms as well, including Android and Windows, but that still doesn't mitigate the issue for iOS. We already knew Android and Windows are easy targets for exploits. What we didn't know until last week was that iOS is as well.

In short, I really don't see the point of his video other than to throw shade on Google and misdirect away from the fact iOS had a major exploit that's been used for several years and across multiple generations of their platform.

 

[rockworldmi]

You have serious comprehension issues. The issue is the way Apple Fixed the API was to stop those that were stealing data. That was not Signal. Apple broke something else stopping the other bad players. The API was the only way to see encrypted messages being sent without opening apps. It's also the only way I can see a Signal message on my apple watch. Now developers have to code around it because there isn't a PushAPI that should be there.

This change makes all encrypted messengers unable to show messages on Apple Watch. That wasn't stealing data this problem is collateral damage. Everyone crying about its misuse of an API. It just means Apple crippled apps. The only fix is to now have all apps just say "new message" open app to view. That's stupid.

This is best explained thanks.. all other Noobs who don't code or have any idea stop replying something they don't understand .. also looking forward to how Librem 5 will affect iPhone sales..

 

[Grey Area]

also looking forward to how Librem 5 will affect iPhone sales..

Not at all, I suspect. Don't get me wrong, I wish them all the best. But establishing a foothold in the mobile market without support for the established Android/iOS app & services infrastructure is a tremendous uphill battle, both for the manufacturer and the users, and bigger players have failed (Microsoft, Blackberry, Nokia). Even the makers of the Fairphone report that 95% of their users opt for the normal Google-Android over the supported free alternatives.

I have used my share of niche OSs, and it always ended up with me carrying around a second "normal" smartphone to do the things the first one could not do. Not going there again.

 

[arnoz]

But now with the FaceBook data leak and continued mishandling of our private information, I'm seriously considering ditching FaceBook, WhatsApp and Instagram.

The one from yesterday, 2 days ago, or the one from last week?

 

[Tech198]

Seems like a new API should be developed specifically for encryption key pushes

Would make things easier i reckon. Developers could have put their feet up

 

[Frantisekj]

I do prefer iMessage over WhatsApp (which I hate), but some of my contacts don't have iPhones, and WhatsApp is a convenient way to contact them.
But now with the FaceBook data leak and continued mishandling of our private information, I'm seriously considering ditching FaceBook, WhatsApp and Instagram.

Lol. You were not looking around much when you have realized that after so many years.

 

[Vjosullivan]

Wait. When did Signal, Threema, and the others become sketchy?

There are a lot of people who think any software without an Apple logo is part of an evil conspiracy to harvest their “Happy Birthday!” texts.

 

[4jasontv]

I'm managing to get people to care, the majority of my friends now use Telegram. I compare it as Betamax to VHS. Facebook is digital cancer and people are slowly realising it.

Question: How does a free app with no ads make money to maintain their servers and continue development?

 

[DoctorTech]

Thanks for the video. He concludes the risk was small based on how the known websites using the exploits were in small, targeted regions like in China. However that doesn't really shed light on what the actual risk was because there could have been other sites as well using the exploit that Google doesn't know about. The important issue is that there was such a major exploit possible via passive means - the fact we only know of a few sites using it doesn't really shed light on what the actual impact was, nor does it mitigate the issue.

He also mentions how those sites used different exploits for other platforms as well, including Android and Windows, but that still doesn't mitigate the issue for iOS. We already knew Android and Windows are easy targets for exploits. What we didn't know until last week was that iOS is as well.

In short, I really don't see the point of his video other than to throw shade on Google and misdirect away from the fact iOS had a major exploit that's been used for several years and across multiple generations of their platform.

Your points are well taken and I agree, a vulnerability is a vulnerability and it is definitely concerning that this was possible in the first place. My point in sharing the link was mainly in response to the absence of information in the Google announcement about what websites contained the malicious code. When I first read the article I (like probably every other iPhone user) immediately wondered if I had visited any websites with the malicious code. I then spent hours searching online for a list of websites that contained the code but after reading literally dozens of articles, I could not find a single reference to any specific website that could compromise an iPhone.

I am thankful the Project Zero team found the exploit and reported it to Apple. I am also very thankful Apple patched it quickly. I just agree with Rene Richie that the PZ team should have been more forthcoming about the nature of the sites that are known to have contained the malicious code.

 

[Heineken]

Question: How does a free app with no ads make money to maintain their servers and continue development?

Not my problem.

 

[rom3o]

Question: How does a free app with no ads make money to maintain their servers and continue development?

https://telegram.org/faq#q-how-are-you-going-to-make-money-out-of-this

 

[Amazing Iceman]

Lol. You were not looking around much when you have realized that after so many years.

I've been postponing it as much as possible, but this may be it.
[doublepost=1567781830][/doublepost]

The one from yesterday, 2 days ago, or the one from last week?

This last one I think it topped them all. To have a database with private information accessible to anyone was Facebook's lowest blow.

 

[jhfenton]

That’s Signal.

Don’t understand why anybody uses WhatsApp when Signal is built using the same well-vetted encryption library and is open-source, cross-platform, and has no connection to Facebook.

I agree. And Signal is the only third-party message app that I have on my phone. Unfortunately, almost no one I know uses it. If I weren't an attorney, I probably wouldn't bother.

 

[atmenterprises]

If WhatsApp becomes unusable on iOS or if Facebooks pulls the app out of spite that is the end of the iPhone in Europe. But as usual the Americans forget they’re only 5% of the world’s population.

Doubt FB would alienate a sizable portion of their user base out of spite.

 

[spacemnspiff]

I heard Apple is also scrambling to update iMessage...

My hope is that Apple is opening up iMessage to competing platforms. One can hope.

 

[Stromos]

> use encrypted messenger
> show message content in notifications

nice opsec bro

Really bro? You have people spying on your wrist? I don’t have an issue with messages being on my lock screen if you’re in my pants or on my arm there are bigger issues. The encryption is for getting to and from my devices not when they arrive.

 

[puggsly]

In short, I really don't see the point of his video other than to throw shade on Google and misdirect away from the fact iOS had a major exploit that's been used for several years and across multiple generations of their platform.

I think the point was to balance the reporting. Yes this should open people's eyes that exploits exist for All devices, but I thought we knew that. The reason for the piece is if you just watch the news it looks like iOS is more vulnerable, and that is not accurate.

Nothing will ever be 100% safe against these types of attacks (probably never). But apple continues to push security, Newer devices were not susceptible to these attacks due to further hardening of the hardware. This should have been reported as well.

 

[Frantisekj]

I've been postponing it as much as possible, but this may be it.
[doublepost=1567781830][/doublepost]
This last one I think it topped them all. To have a database with private information accessible to anyone was Facebook's lowest blow.

This is just melting top of iceberg and it is coming up above level. Most people know FB is dealing user data but were closing eyes, not looking bellow level. It is "free" why would I care......

 

[dampfnudel]

If companies like FB are still at this late date “scrambling” with overhauling their messaging apps, I have to assume that all of their workarounds so far have fallen short. That’s a troubling development. It’s possible that Apple may enhance iMessages and release an Android version to give iPhone users in Europe and elsewhere an alternative messaging app (that now functions better than WhatsApp) to stay in touch with their most likely Android-using relatives, friends and colleagues.

 

[Lalatoon]

If companies like FB are still at this late date “scrambling” with overhauling their messaging apps, I have to assume that all of their workarounds so far have fallen short. That’s a troubling development. It’s possible that Apple may enhance iMessages and release an Android version to give iPhone users in Europe and elsewhere an alternative messaging app (that now functions better than WhatsApp) to stay in touch with their most likely Android-using relatives, friends and colleagues.

I'm not sure that will happen soon, I don't think they will profit in it.

 

[4jasontv]

Not my problem.

Not unless you use it.
[doublepost=1567814112][/doublepost]

https://telegram.org/faq#q-how-are-you-going-to-make-money-out-of-this

Thanks. I didn't see that when I scanned their website this morning.

 

[Heineken]

Not unless you use it.
[doublepost=1567814112][/doublepost]
Thanks. I didn't see that when I scanned their website this morning.

Again, not my problem. Being free is not a good excuse to invade my privacy and no one should be using such an app.

 

[Nugget]

Again, not my problem. Being free is not a good excuse to invade my privacy and no one should be using such an app.

No, your problem appears to be simple reading comprehension. Telegram does not invade your privacy in any way.

 

[Heineken]

No, your problem appears to be simple reading comprehension. Telegram does not invade your privacy in any way.

Allegedly.

 

[Nugget]

Allegedly.

No, you're the one making allegations. You made the claim -- so let's see some evidence. What reason do you have to believe that Telegram violates users' privacy?