Yes, the " spies on you with app-based hashes sent to their servers on each app start" is FUD (or least most of it).

However, exempting its own apps from the APIs all applications are forced to use since a while, therefore making it possible for apps to hijack traffic & circumvent the firewall "protection" entirely, is not:

Just like with key escrow for encrypted content: it's _literally_ impossible to stay secure if you break the system on purpose 🤷

· · Web · 2 · 2 · 0

@moritzheiber thanks for pointing out n°2. But which part of n°1 is FUD?

@moritzheiber Thx. Makes sense. Why didn't Apple publish that themselves? Why aren't they more transparent about this? I appreciate an independent reserach on the topic. But this could have been resolved earlier with proper comms.

@xuv Because this has been a part of their documentation all along and they explicitly denied the allegations and explained the process months ago, when this first was "a thing" .. granted, they didn't explain it in as much detail as the blog post does, but then again, maybe they shouldn't have to?

Disabling this mechanism definitely does more harm than good.

@moritzheiber I'm an advocate for alogrithmic transparency. In terms of security, it's always better to explain in details what you're doing. So great, they've explained it before. That's great to hear. :)

@moritzheiber @xuv hmm that's *a little* less bad than the original accusation, but- depending how often the check is done- given most of your apps have different developers, if they aren't stock apple, it can still be used for spying, right?

@piggo @moritzheiber Yes, of course, they have an approximate map of all sotwares on your machine, approximately how often you use them. This is probably good enough to build a pofile of what kind of use you make of that machine.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!