After Apple took on Facebook strongly for wantonly breaching users privacy, Apple itself has been found to have exposed its over one billion iPhone customers to at least two privacy breaches that allows third parties to read customers’ private messages and have access to their social media accounts.
Below is a full article from Forbes titled Apple’s huge iPhone mistake – band news for 1 billion users, that spells out in detail what the breaches are and how Apple is aware but, like Facebook, have refused to do anything about it.
Yes, Apple’s iPhone is more secure than Android and leads the way in protecting the privacy of its billion-plus users. And yes, Apple’s crackdown on Facebook and others is a game-changer. But there remains a glaring failing in Apple’s security that it could fix but will not—because it is stubbornly putting its profits before your security.
The architecture that underpins Apple’s iMessage is the best on the market—period. It enables multi-device end-to-end encryption without the compromises that WhatsApp continues to live with. It syncs a rolling backup, ensuring that all trusted devices can access the same chat histories, and it works on all your devices.
But iMessage still has two major weaknesses—both of which need fixing and both of which impact all its billion-plus users, not just the tiny minority targeted by the highly sophisticated Pegasus attacks.
Worse, the same issue impacts WhatsApp as well. Unless you disable general iCloud backups, WhatsApp’s own encrypted backup solution is rendered equally pointless. “If you have iCloud Backups turned on for your entire iPhone,” WhatsApp warns, “an unencrypted version of your chat history is also backed up to iCloud.”
Until now, Apple’s ring-fencing iMessage has made sense. Android users didn’t have a similar secure messenger and most opted for third-party platforms. Android makes it possible to change a device’s default messaging app to the likes of Facebook Messenger or (so much better) Signal. And WhatsApp’s user base is significantly larger across Android than iOS, more so just for market-share reasons.
But Google has been on a mission to fix this. Taking the reins on the global rollout of RCS—Rich Communication Services, essentially SMS 2.0. This universal standard for next-gen SMS began its deployment under the control of carriers around the world, but Google became frustrated with the lack of pace and took over.
RCS is primarily designed to add rich text and media features to SMS, catching up with iMessage and the raft of third-party platforms now available, but sticking with the spider’s web approach of being part of the networks and not “over-the-tops”.
But Google has now added its first-off attempt at end-to-end encrypting RCS, as seen in its own stock Google Messages app. This is very restricted compared to iMessage—no groups, no multi-devices, just 1:1 phone messaging, but it’s built around the same protocol that secures Signal and WhatsApp and it will improve.
Apple considered addressing iMessage’s cross-platform issue back in 2013, exploring the option of an Android client. It seems this was dismissed so as not to undermine the stickiness of Apple’s ecosystem across families, enabling cheaper Android devices to access Apple’s stock messenger. Now Google Messages has closed the feature/security gap to iMessage, but Apple’s sticky walled garden issue remains.
Just as Apple launched a raft of new, sticky iMessage features with iOS 15, the major U.S. carriers were all getting behind Google’s RCS rollout, making the lack of a cross-platform Android/iOS messenger all the more stark, echoing back to the early days of SMS, where cross-network messaging didn’t work.
As Google’s Hiroshi Lockheimer cheekily taunted Apple this month, the system is broken; Apple and Android are essentially pushing users to third-party alternatives “here’s an open invitation to the folks who can make this right: we are here to help.”
iPhone users do not benefit from Apple’s intransigence here. How can it be a good thing that the stock messaging stitched into your OS cannot securely communicate with non-Apple devices? With no option to replace the stock messenger with a different app, how is this not the exact kind of criticism that has hit Apple and Google and Microsoft repeatedly over the years? It is not in users’ interests.
It’s 2021 and no-one should message over SMS v1 anymore. It’s not secure and prone to compromises and hacks—as we’ve seen repeatedly this year alone. But essentially, Apple is saying to its users that there’s no choice. Unless everyone you know uses an Apple phone, the company pushes you to unsecured SMS or a third-party app. And if the latter, you cannot make this the default. Not good.
When Android was stuck with SMS v1, Apple could reasonably argue that iMessage was as integrated with Android as Android was with itself. But that has now changed. Now, Apple is isolated and needs to step up the plate. There is no excuse for pushing users to SMS v1 in 2021, not with its weaknesses being so open to exploitation.
Putting user security aside, there’s a twisted irony here for Apple. Despite the Apple versus Facebook, Cook versus Zuck narrative, the primary beneficiary of Apple’s stubbornness here is Facebook. Were Apple to enable RCS messaging between iPhones and Androids, the main losers would likely be WhatsApp and Facebook Messenger, the world’s leading platforms with 2 billion and 1.3 billion users respectively.
“I want to highlight that we increasingly see Apple as one of our biggest competitors,” Mark Zuckerberg said earlier this year. “iMessage is a key linchpin of their ecosystem—which is why iMessage is the most used messaging service in the U.S.,” his claim being that Apple is “using their dominant platform position” to weaken Facebook.
The irony for Facebook and Zuckerberg is that while iPhone’s U.S. install base might be the impediment keeping WhatsApp from garnering its usual foothold there, the alternative is likely worse. I don’t believe that iMessage breaking its walled garden and opening itself to Google Messages would help WhatsApp in the U.S., but I do believe it would help Google Messages there and elsewhere, changing the messaging landscape.
In his Meta PR, Zuckerberg highlighted the mobile OS restrictions and control Apple and Google exert over Facebook. But it seems that as much of an irritant as Facebook might be to Apple, and as much as the anti-Facebook agenda plays well in the media, the real threat to Apple is Google, and Apple seems unlikely to budge.