Apple: Android is a tracking device [pdf]
justice.govAll smartphones are. There's only so much you can do to cover your track. There's most likely always someone knowing where you are if your phone is powered on (or even powered off with Apple Find My network).
https://9to5mac.com/2021/06/07/ios-15-find-my-network-can-fi...
Forget about all the app and OS, maybe they're clean and maybe not.
There's also the cell layer, which constantly negotiates with cell towers for sector and power as normal idling. So they know your location at least to tower (CGI), sector and delay (CGITA) and sometimes trilaterated (UTDOA) from ~1000m down to 10m accuracy. The towers' base station controllers need to keep logs anyway, so the cell company has records of your rough location.
Then there's bluetooth, wifi, audio beacons, optical, magnetic and inertial nav, all emitting or recieving you move through the world. None of this requires GPS, some requires app participation, some doesn't.
All phones are location and surveillance devices. Leave it home if you're serious.
The positive side to tracking and a cell layer anecdote - cell layer forensics are often utilized in search and rescue contexts. I have seen this data accessed (through legal procedure in the US) and utilized to save lives of the missing and to provide closure to the families/friends of the missing.
On the flipside e.g. in Germany this has been used to track down creators of illegal graffiti, using a law that is intended for terrorism and other heavy crimes. We can allow search and rescue missions without having to also accept abuse of power.
All this and the parent comment means is that any tool that is useful, is equally useful for good or bad. It is yet another example showing how it's wrong to address something bad by attacking the tool used to do it.
Can you reference anywhere where that happened because I've never heard of that and would expect huge pushback in Europe in general..
I think I found the talk I got most of the info from [0]. The interesting parts about the law and how it was abused start roughly at 25:03, though unfortunately it's only available in German (Edit: turns out it actually does have an English audio track).
A very short summary: the law is only supposed to be used for very severe crimes and only if the investigation would otherwise be significantly more difficult or impossible. Also the owners of the tracked phones have to be notified of the tracking as it is a violation of the person's rights. In reality (at the date of the talk) it had never been used for terrorism, about 5% of the time for crimes like murder and in over 70% of the time for theft (including a case of stolen empty beer barrels), and nobody was ever notified.
[0] https://media.ccc.de/v/35c3-9972-funkzellenabfrage_die_allta...
Thank you, those stats of the usage seem fine on paper, maybe worse than they should be, I'm still waiting to see what parent was talking about when he inferred abuse..
Europe does need a security authority, that doesn't depend on slow bureaucracy.
> would expect huge pushback in Europe in general..
In general those things are not made public so that you don't have pushbacks.
And when the SIM card will be gone, isn’t it gone already in USA for iPhones, you won’t even have the ability to remove that SIM. And you can be tracked all the time. Because we are already there - your phone is switched of but not really switched off.
My understanding is that modern phones still connect to cell towers without a SIM card in the device to allow for emergency calls.
Find My doesn’t actually map the device to an individual. Someone might know where the device which is currently broadcasting an ID is, but that ID rotates frequently, and can only be resolved to you using keys held against your Apple ID. The entire thing is specifically designed such that objects being tracked by Find My can’t be resolved to individuals, because the network depends upon publicly broadcasting those object’s IDs via Bluetooth.
Yeah, the GPS location (of the finder device) is encrypted using the ID as encryption key before uploading to Apples servers, so unless the owner of the device actually looks for it, Apple doesn't even know who the encrypted blob they can't read belongs to.
It would be nice if the code on the device and server could be independently viewed and verified. Otherwise we need to trust the biggest corporation in the world. There are reasons why governments of the second and third great powers in the world, China and Russia, have banned Iphones for government use.
Can ID be mapped to IMEI and by extension SIM or mobile number? If yes, then it can be resolved to individuals.
It can not.
The master private key used by the system is generated locally and never leaves your Apple devices in a state that anyone except your devices can read it.
The master key is used to derive an AirTag specific private key which is provisioned to the AirTag and is in turn combined with an increasing counter which generates a third private key that's never stored anywhere. The ID broadcast is the public key of this third key. It changes every 30 minutes or 1 hour, I forget which.
Other devices see this key, use it to encrypt their own location, and upload that encrypted blob along with the public key to Find My, and in order for Apple to even know which account the encrypted blob they can't decrypt belongs to I have to actually request the location of my AirTag by locally deriving the keypair it used for a certain point in time.
No, the "Find My" identifiers cannot be mapped to an IMEI except by the user to whose account the device is registered.
Find My does not leak user or device location to Apple or other users. The greatest info leak is “there is a find my device near me”.
> The greatest info leak is “there is a find my device near me”.
Which is anonymous and the identity changes every 30 minutes or an hour, I forget which.
Talk about a false equivalency. One has spying built into the business model itself. The other does not.
The thing about business models is they are in never-ending flux, always shifting, optimizing, and re-optomizing seeking the most profitable model(s).
If you have some business model either coincidentally or intentionally in alignment of consumer privacy, you're going to see marketing said alignment so long as it's a potential selling point (if it's not, it wont be advertised unless you can spin it).
It doesn't mean anything though. It doesn't mean that either or any business has your interests in mind. Apple executives do not care about your privacy, no matter what narrative they weave. Apple probably banked on older ideals of consumer privacy and didn't anticipate businesses that disregarded user privacy and found ways of making money out of that process would be so successful. They were behind the curve and found a way to spin the narrative that the reality is they're just here to protect consumers all along.
Perhaps they took a risk that differentiating on privacy would be more profitable years ago and are pushing it more now there's real consumer talk (a wise risk path IMHO). No matter what, it's all profit driven. At this point there could be a bit of a sunk cost fallacy and it would be pretty awkward for them to shift but that doesn't mean they won't . Consumers have shown by and large they just don't care about privacy or at least are willing to sacrifice it for other things. That's bad for Apple (and bad for consumers frankly, IMHO).
I don't buy these narratives from any business propaganda machine and you shouldn't either. When push comes to shove, if Apple is down and forced to compete and privacy protection isn't profitable or they're not in a position to explore an alternative truly competitive position, they will jump ship in an instant and mimic the rest of industry.
The only thing keeping these models at bay are a distribution of consumers that keep the competing models afloat. If Apple caves we'd rapidly go down the lack of privacy hole of spying functions until we reach legal protections. If Android caves, we'll see Apples continued model for awhile until the insatiable demand for revenue growth starts looking at initial principles like privacy as the last remaining revenue streams then we'll slowly start back with 2000s era advertising back to current and future dystopian levels of privacy invasion. The difference is just a time factor here, so long as large enough segments of the consumer market will cave to these ideals (which has already been proven).
I suppose some business could just add a line item "privacy tax" that you just pay for depending on the valuation of your privacy so to keep your privacy you clearly pay that tax so the business continues to get its expected revenue growth from said privacy invasion without actually invading your privacy. To some degree this is already baked into higher costs for many Apple products but as markets optimize I anticipate we'll eventually get to such a point, just like we have ad-free and ad-infested service options.
Maybe I don't understand your point, but isn't this similarly false equivalency? The business models are for-profit and subject to change. But despite that, right now, there is a material difference in privacy.
Also I think it a bit humorous - "privacy tax" to me is when services like Google offer services at a cost to my privacy.
> The thing about business models is they are in never-ending flux, always shifting, optimizing, and re-optomizing seeking the most profitable model(s).
Googles hasn't since the start. It's ads. Which leads to abuse and spying.
> All smartphones are.
My Librem 5 isn't.
Your carrier can follow your location by triangulating your position from your SIM ID.
Only if the modem hardware kill switch is on. I can always make sure I'm not tracked whenever I need it.
plus as anyone doing navigation with these open source phones knows, 3gpp location is embarrassingly low resolution without a supplemental source like WiFi SSID visibility, which has to be measured client-side. plus cell networks are asymmetric (SNR is higher from tower -> cell than from cell -> tower) so all else equal triangulation on the tower side should be even lower resolution.
Title could probably use a “2013”
It hasn’t changed though, has it?
It really has, Android actually has privacy controls now which they definitely didn't in 2013. Developers can't request your location 24/7 without you even being aware of it like they could 10 years ago.
The point of the slides was Google, not third party developers. I feel things have gotten worst. Google controls not only the device itself, but also most people’s browser and tools when they decide to use something else.
https://news.ycombinator.com/item?id=26639261
Google collects 20 times more telemetry from Android devices than Apple from iOS (therecord.media)
816 points by gormandizer on March 30, 2021 | 445 comments
I guess my point is that I think even Apple likely has different policies or talking points around this now as opposed to a decade ago. Probably some more and some less troublesome than what's shown here.
Android isn't a device though. Airtags are tracking devices. Android phones can be used for tracking, but that's because of phones, not because of Android.
My impression is that it’s metonymy not meant to be taken literally
I guess so, but it's an awkward use, like if you said "the oval office is a bad president".
It is because of Android: https://news.ycombinator.com/item?id=26639261
I'd rather have Apple's hypocritical "only we may spy on our users" approach than Google's. But anyway, I use GrapheneOS.
Why is Apple's approach better and what is really different?
I would guess is because Apple and Google have different business models, Google is an ad company specializing on collecting info while Apple is selling hardware and software.
What does this prove? That I was wrong about my assumption because an article about Apple having incorrect default setting?
What's wrong with someone watching us? Aren't we already competing on social media to show where we are
I don't think you really need this explained to you.
Do you build the binary from source?
I love that the presentation was called "..._Final.key". Even the best business people haven't solved that problem.
It's a whole thing, right?
There EXIST tools to do versioning of office docs, same as they do with code, but there's almost zero usage of them in offices.
On a similar note, do you know any tools for version control with changes visible for something like word? There's "track changes" but the UI isn't the best.
The convention on HN to put the year in the title for older articles, so this is missing 2013.
I mean, Android is extremely invasive and Google collects a ton of data on you. That's why you don't see Elon Musk, Sam Altman, Mark Zuckerberg, Jeff Bezos, Evan Spiegel and other prominent figures use Android devices.
Zuck uses a Samsung Galaxy
This is so crazy to see. Usually when Apple faces the public, everything is super curated to sound pro-consumer, even if its anti-consumer.
Sure this PDF doesnt venture far from it, they still paint Apple in the prettiest picture, but the terminology shows that Apple is basically doing the same thing as google but with slightly different methods to blur it. Heck, we don't actually know what is going on inside an iPhone, they could be combining accounts and sending data to Cambridge Analytica for all we know. At least with a degoogled Android, you know exactly where everything is going.
This is the classic gaslighting that I've come to expect.
> Heck, we don't actually know what is going on inside an iPhone, they could be combining accounts and sending data to Cambridge Analytica for all we know.
You have a point. Apple depends so much on security by obscurity.
That’s true of everything you haven’t compiled yourself, using a compiler you wrote and bootstrapped yourself.
There is no technical proof that any of the software or hardware we use every day is trustworthy. There is, however, incentive alignment that makes it unlikely that companies do wild and crazy things.
> That’s true of everything you haven’t compiled yourself, using a compiler you wrote and bootstrapped yourself.
Don't forget the hardware you built yourself. [1]
> That’s true of everything you haven’t compiled yourself
Except if your software is reproducible: https://reproducible-builds.org/
Still not 100% secure. Someone can MITM your connection and forge the info used to verify builds.
It’s a silly example, but the point stands: there is no 100% security for anything that any other person or system has had any access to. It’s not a reasonable standard to demand.
There is no 100% of anything, but there is a reasonable security.
I don't understand from this document how you mean Apple is doing the same thing? In what sense do you mean?
Also, how can you consider it "gaslighting" if it's a private document not intended for the public? Who are they gaslighting?
Apple sells expensive hardware and Google sells ads and data. I agree that we will never know for sure what Apple does, but follow the incentives and you will know which company has more to lose.
Apple also now sells a big advertising network, tracking devices and online services that compete with Google.
They're way past hardware.
I always felt Apple pivoted to 'privacy' when they saw they had missed the race to harvest and monetise personal information.
Could be but anyways this is why competition is good.
That doesn't really bear scrutiny.
Apple has always been a hardware company. Even before the ad economy online, they were a hardware company.
Google was always a "harvest and monetize data" company.
In the Apple world, they basically carefully redefined privacy as "anyones else besides us getting access". They put themselves as a fully trusted party for everything.
How do you square that claim with E2EE and the way Find My works?
You can finally have your entire iCloud account end-to-end encrypted using Advanced Data Protection since earlier this year.
iCloud Backups, iCloud drive, passwords, health data, basically everything except specifically iCloud Mail, Contacts, and Calendar [1] is all inaccessible to Apple when Advanced Data Protection is enabled.
https://sneak.berlin/20231005/apple-operating-system-surveil...
> First, iCloud E2EE is opt-in.
> Second, iCloud E2EE is woefully incomplete. When you iMessage with someone, they have iCloud Backup on by default, and non-E2EE by default, which means that approximately all of your iMessages (including all image and document attachments) will still be readable by Apple and the FBI because they are backed up twice: once from each end of the conversation.
> Furthermore, the E2EE for iCloud Photos is not designed to preserve privacy. Even though iCloud Photos now supports E2EE for the content of the photos and videos stored, the file metadata is not E2EE, and the metadata includes the FILENAME and also a unique hash of the unencrypted file content.
Yeah I wasn't sure how they claim iCloud Photos is E2EE, on your side there, but the iMessage thing is obvious, if information is leaving me it's going to someone and becomes that persons information. Not much you can do about that. ¯\_(ツ)_/¯
I did specifically choose not to mention Photos for that reason.
> if information is leaving me it's going to someone and becomes that persons information.
This is fine. Not having end-to-end encryption by default is not fine, because default plain text backups effectively removes the end-to-end encryption.
Yeah. I don't think this is done out of malice though, Apple has literally hundreds of millions of customers, not being able to restore access to the majority of these due to lost passwords would risk losing customers which they can't have.
That said I think the benefits of Advanced Data Protection should be more clearly explained to users and the feature should be more prominently presented during onboarding, both new users but also existing users when the feature was rolled out.
Same way as I square it with my MacOS/iOS having a separate tick for Apple data collection vs. everyone elses data collection and having their ad targeting and data having different defaults.
They're a corpo of hundreds of thousands, there's no feelings attached to it from their side. They'll do what makes their stock go up or the CEO will be replaced with someone who'll do the needful.
E2EE arrived very very late and is even off by default. Anybody you are messaging to is going to have E2EE off and their backup data sent to the US government for analysis (see PRISM revelations which Apple participated to). Since you can't get iMessage without iCloud (at least to my knowledge) it's one of the most problematic messaging platform out there because of that.
For Find My, since they can even locate switched off phones, that tells you all you need about how it works. I find the whole concept creepy.
I'll give you that E2EE arrived late and is off by default. But:
> For Find My, since they can even locate switched off phones
They can't. Find My is actually truly end-to-end encrypted, at least the version used for when a device is off (I'm not 100% sure how encrypted the self-reported version is for powered on iPhones with data).
Copy-pasting my summary about how Find My works from another comment in this post:
> The master private key used by the system is generated locally and never leaves your Apple devices in a state that anyone except your devices can read it.
> The master key is used to derive an AirTag specific private key which is provisioned to the AirTag and is in turn combined with an increasing counter which generates a third private key that's never stored anywhere. The ID broadcast is the public key of this third key. It changes every 30 minutes or 1 hour, I forget which.
> Other devices see this key, use it to encrypt their own location, and upload that encrypted blob along with the public key to Find My, and in order for Apple to even know which account the encrypted blob they can't decrypt belongs to I have to actually request the location of my AirTag by locally deriving the keypair it used for a certain point in time.
This has all been proven through [1] where they read the whitepaper (which I can't for the life of me find now but know exist because I've read it, or at least parts) and implemented OpenHaystack which proves Apple aren't lying about anything because if they did then OpenHaystack wouldn't work.
I'm aware that for airtags, the implementation should not be too bad. I'm talking about iPhone which are much more important.
They can also be tracked close to real time with their gps coordinates so it cannot be passive, the phone has to report somewhere. And it's reporting in the background, there's no indication that its doing it.
Admittedly I have nothing to back this up, but judging by how well designed Find My is in this aspect, I'd be surprised if the implementation for the self-reporting one is that much worse, I suspect the re-did it in iOS 13 when Find My launched.
Was it ever possible to access your iPhones location through iCloud.com? I know Find My Friends was available there, but I don't remember if "Find My iPhone" was.
Not everything is under E2EE and the Find My is probably not the biggest privacy problem of Apple.
Everything except specifically iCloud Mail, Contacts, and Calendar is E2EE when Advanced Data Protection is enabled.
See this for what is and isn't encrypted: https://support.apple.com/en-us/HT202303
Ah, I stand corrected. They do monitor and intercept everything, then.