Does anyone know how much Russian iPhone says are worth to Apple?
Also interesting to know would be much the iPhone platform is worth to Russian app developers if they can no longer buy Apple hardware to test/develop against?
If both of these figures are small then it could well in Apple's interests to just abandon sales in Russia.
Since, from the article, this proposed law would only cover sale of new devices those really motivated would still be able to buy abroad.
If Apple trusts the security of its own operating system, it should be able to sandbox the apps just like any other app.
While the US doesn’t force companies to install apps, it does force companies to support E911 and the system used for Amber alerts and other mandated alerts.
>While the US doesn’t force companies to install apps, it does force companies to support E911 and the system used for Amber alerts and other mandated alerts.
There's a huge difference between "implement this standard on your phones" and "execute this binary blob".
There are millions of “binary blobs” written by third parties on iOS. Its Apple’s responsibility to write an operating system that can run in hostile environments.
But that’s still after the fact and after the damage has been done. I’m not aware of any time that Apple has a removed an app from devices instead of removing it from the App Store v
Well, since the discussion was about iPhones that both have a tighter security model and where every app has to go through the App Store, I fail to see the relevance.
The difference is that on the iPhone, when they see a class of bad actors or a real threat model that they didn’t see before, they can tighten the sandbox much easier than they can on the Mac. The zoom fiasco could be prevented on Mac entirely just by clicking on an option that restricts apps from running in the background.
I’m not saying that the tool shouldn’t exist. I’m saying that the tool isn’t enough. I If Russia found the same hypothetical security hole and released the app to the store and Apple found out that a non privileged app could track your location without you giving it permission, it should fix the hole.
They should not trust their sandboxing, even if it happens to be flawless today that can change at any time.
Their defense in depth strategy involves inspecting apps before they get onto the App Store for completely rational reasons. If they are not allowed to do this then it’s probably in Apples interest to abandon the Russian market.
Forcing the apps to go through their approval process likely discourages some malicious behavior. Even if Apple approves an app they can still yank it at any time should the discover an issue. Require Apple to include apps and anything goes.
From the article, it will be able to be deleted just like any other app. I doubt that Apple is going to let the Russian government create the image or use some type of nationwide MDM or Enterprise. certificate.
It could go through the same app review process.
On the other hand, this should be an excellent test of Apple’s security and review process....
>I doubt that Apple is going to let the Russian government create the image or use some type of nationwide MDM or Enterprise.
>On the other hand, this should be an excellent test of Apple’s security and review process....
In between your two contrasting comments, lies the rub of how much further Apple is willing to capitulate to the demands of nation states ─ who demand nothing less.
The entire premise of the article is to highlight the fact that a government has expressly requested Apple into allowing pre-approved apps to be installed and make use of the ecosystem, on their terms. I ask once again, where is the separation or distinction being made between the political and technical, in this case?
The difference is that if an app that has to be installed by mandate only has the same rights as any other apps that can be downloaded from the App Store, it doesn’t change the security of the underlying system. If the app is restricted to the same permission and sandboxing model.
Heck, Apple could theoretically make the sandbox more restrictive.
On top of that, changing the name of a country is a server side change and changes data. That’s no different technically if France mandates that all movies had to have French subtitles.
Imagine a state requested application tracks location and sends that up (yeah, need is little as devices can be tracked over cell towers relatively good) when installing they'd certainly require permissions to be set accordingly.
Also from Apple's perspective it's about the brand. They don't want to have preloaded crap on a fresh device, where the user can't distinguish whether it comes from Apple or the state.
If Apple imposes the same restrictions as any other app - that an app doesn’t get location data without the user’s consent - it’s not different than what any other app on the store can do.
If the law requires to install some software, the law certainly requires to install them in a "working" fashion. Maybe lawmakers miss this in the first iteration. Second iteration however will contain this.
And then Apple could put up a huge warming “This app tracks your location. You can delete this app by doing X”. The proposed law will allow an app to be deleted by end users. Apple puts all sorts of scary warnings on certain apps - they did that for a year to 32 bit apps.
Depends if the law says "Apple must install what we provide, so long as it complies with their policies and is in their judgement secure" or if it merely says "Apple must install what we provide"
I would hope that Apple is not depending on the review process to keep the platform secure instead of depending on the security of the operating system.
If Apple does find that the app breaches its security process during a review, they should treat it as any other security vulnerability and fix the problem.
>While the US doesn’t force companies to install apps
The US doesn't need to. Most companies dominating the field are US based. If they weren't, the US would turn protectionist and require specific favors from them to let them operate in the USA pronto...
A lot of the grandstanding "we would never do that" stems from this dominance...
> If they weren't, the US would turn protectionist and require specific favors from them to let them operate in the USA pronto...
This is already the case. They're not called favors, they're called federal laws.
However, there are no federal laws requiring the installation of software on almost anything (maybe military applications?) There is no need. The government can just go through ISPs & carriers & companies for surveillance purposes. Russia's government can do the same thing.
This move is an attempt to energize the Russian software market and not much else.
Unlike US court, Russian government or courts cannot order Apple or Google to disclose or remove information (ok, they can, but Google simply ignores their lawful requests). So the situation is non-symmetric.
Although I am against this law because probably it is there to allow spying for Russian citizens and prevent them from using secure messengers like Telegram or Tox.
That's right. Apple and Android firmware is already written by US companies complying with US laws and US court orders. They will do everything court orders so there is no need for an additional law.
And, by coincidence, companies that sell equipment with non-US firmware, are not very welcome in the country.
> And, by coincidence, companies that sell equipment with non-US firmware, are not very welcome in the country.
This maybe the case for military equipment. In terms of infrastructure, I think currently its just Huawei equipment that is banned. An other countries are considering that ban too. But we use plenty of equipment from South Korea, Taiwan, EU. I bet the BIOS of most PCs are developed overseas.
Device management apps are given access to (almost) everything by the operating system by design. Further, it seems Russia wants the same unrestricted access to iCloud data that China got. Apple has already set a precedent with China, so expect more of this.
There was a series in a British magazine, many years ago, where a journalist would ring up a restaurant asking for special treatment for a celebrity. So they'd ring up The Ivy or whatever and say "Look, Madonna is coming in, is it possible you can serve her kid some chips?". The gag was that when it was an A-lister, the restaurant would always bend over backwards for them, but when they rang up as Kerry Katona or something, the restaurant would give a stiffly worded response along the lines of "The Ivy only serves the highest in culinary quality, and Ms Katona should leave her kids at home".
Anyway, China is a gigantic, buoyant market with a huge and growing middle class who will be Apple consumers for a long time, and also a crucial part of Apple's manufacturing strategy. CCP ain't going anywhere fast.
Russia is a failing state, and anyone who aides and abets the regime is likely to be considered an enemy of the people in a few years time, let alone the reputational damage in other Western countries of supporting Putin's regime.
It wasn’t stated that Russia was mandating device management.
And just like if a regular app can cause security issues, it’s the fault of the operating system and should be fixed, if your data on the cloud can be read by an adversary, instead of only having the private keys on the device, that’s a flaw in the implementation that Apple needs to fix. Yes si realize that everything stored on iCloud is not E2E encrypted. That’s the real issue, not that the data is in China.
I don’t trust the US government anymore than I trust the Chinese government.
> That’s the real issue, not that the data is in China.
In the US, data requests have to be for individual accounts and go through a judge and sent to the company, who might file an appeal. This is not the case in China. The government can simply get the data it wants without any company appeal.
> It wasn’t stated that Russia was mandating device management
Nor was it stated that it isn't. My point was that the sandbox doesn't automatically imply that these apps are safe, as you had claimed.
You trust government transparency more than I do. But wasn’t there just a case where Google gave our location data of anyone who was in a certain area.
I would much rather that Apple designer a system where it couldn’t give out the information because it didn’t have an unencrypted version of the data in the first place.
> wasn’t there just a case where Google gave our location data of anyone who was in a certain area.
"Google first provided location data, but no identifying information, for 19 devices in a 150-meter radius around the bank for a one-hour period that included the robbery. Police then picked out nine of those devices for more information, and Google gave location data on those devices covering two hours. Finally, police asked for — and received — subscriber information for three devices, including one that was in the bank during the robbery, left immediately after it, and followed a path matched by witness sightings."
In China, the police would simply access the location history of all iPhone users in the area, complete with identifying information, without Apple's involvement.
In one case, the government doesn't actually know all the people who were there. In the other case, the government knows all the people who were there and everywhere else.
Why do you trust the security of US emergency alerts? We know about security flaws in SMS, MMS and iMessage. I’m guessing not as many people outside the government know about the flaws in emergency alerts, but in this case I’d be most worried about them.
I trust iMessage a hell of a lot more than naked SMS.
Also emergency alerts in the US are now fairly well secured with a PKI (iirc). Doesn’t stop a dumb or rogue operator, but it does provide some authenticity regarding if the alert came from a legitimate authority or not.
I’m saying just the opposite. The threat model of an app that Apple has to install that goes through the security and review is the same as any other app on the App Store.
While I personally strongly dislike the law discussed in the article, I find the title misleading.
Taken at face value, the law, as approved by the Russian parliament [1], is, ostensibly, designed to improve the experience of the local customers (who, annoyingly, are depicted as too clueless to know how to install the applications they want). It is introduced under the rubric of "protecting customers rights", demands that smartphones, PCs and smart TVs come with pre-installed local software, and surely, surely, could be spun under a different narrative: an adorably humanist one, concerned with tailoring to the local language and culture (which might have been chosen by the left-leaning commentariat if it were about a small country obsessed with preserving its national identity), or a cynically economical one, focused on protecting local jobs.
Again, I am not defending the law — I find it offensive towards the customers who have to delete all that pre-installed crap. I am just amused by the tone that the Economist has chosen to present this news.
That means that American companies like Apple have admitted that Crimea is a part of Russia, not just an occupied territory of a foreign country? Despite the fact that there are no international treaties that would confirm transferring this territory to Russia?
There’s an interesting mix here though. As a nerd with a passing interest in politics, I don’t want to call Crimea lost. But at the same time, there needs to be a healthy dose of reality - if I’m on the ground, and crossing this imaginary line is going to mean russian soldiers with guns pointed at me - I think I’d prefer my map to render that line, imaginary or not.
Haha - this is exactly what happened to me when Maps.me app (formerly OpenStreetsMap) led me to UK military base in Cyprus (it made a route which skipped border checkpoints to occupied Turkish part of the island)
If you look at Kashmir using Apple Maps, it will look different depending whether you are in India, Pakistan, or China. Is Apple recognizing one of those countries claims any more than the other?
Is this location dependent? In other words do you only see this if you’re using your phone in a particular region?
On my device, I’m seeing “Crimea, Ukraine” when I search for it. The border with other parts of Ukraine also looks like a border for national subdivisions as it fades when zooming out.
Give enough money and they will mark US as Zimbabwe. It is a corporation that exists to make money for shareholders, duh.
What are you worrying in particular anyways? Do you really think that Apple installing the mandated apps or refusing to do so is going to sway Russian lawmakers. I do not think they give a hoot. Neither Apple marking Crimea as Russian will affect what Merkel, Macron, US senate will do about Russia. On that scale of things the Apple is big nothing.
It's more about the entertainment and seeing what Russian politicians will do without their iPhones and Apple Watches if Apple were to decline and stop selling in Russia. Because if they do comply it will be boring. No fun here.
They'll use Samsung, Huawei, Whatever. I am not sure how politician's mind works but I doubt they will perform collective seppuku.
Me personally I would not give a rat's a$$ if any of major brands has gone out of business (except of feeling sorry about employees). But then again, the only things I use my phone for are actual phone calls, GPS (off-line software mind you), bike computer and occasionally camera.
Putting all the conspiracy theorists aside the intent of the law is actually to gain what western countries have a new phone that has localized apps that non-English speakers can use.
For some apps, like twitter, translation of the ui is enough for some others local apps are just better.
Knowing how laws are being implemented in Russia it is hard to tell what this will turn out into, most operators already wrote an open letter to the president to not sign the law, but it was still signed.
So I see it more as an attempt to created isolated marked similar to china one rather than total surveillance scenario.
Most of those apps are still made with USA/Western Europe customers in mind and their habits so just translating text in the ui will not add a ton of relevant content in case of a social app.
Google assistant just doesn't work very well outside of USA for example.
The point of law is not to force backdoors but to counter monopolies.
Google devices come with Google maps, search and so on. When people get new devices, often they will stick to whatever is pre-installed.
Russia is probably on of the few countries that has perfectly capable alternatives, like Yabdex.
So now people will have an option to choose what to use - Google, Apple or yandex apps.
Obviously owners of the platforms (apple and Google monopolies) are not to happy to lose control.
That of course does not mean that Russian government won't try to force some fishy stuff on devices.
Ukraine is completely separate and orthogonal issue.
>Local digital-rights activists like Artem Kozlyuk are worried, saying that these apps could “secretly collect information: location, tools and services being used and so on”.
Technically impossible.
>The apps can be deleted, but only if users know to do that
Like any other app.
>and there are suspicions that they might leave behind backdoors into users’ phones after they are gone.
Technically impossible.
I can't read the rest of the article. What are the apps about?
It's only technically impossible if the system software and/or hardware can't be compromised/exploited.
If you are just going by the intent and marketing of any platform vendor, plenty of things are technically impossible. But exploits and flaws in software and hardware exist, and the resources a nation state can bring to bear to find and use them are significant.
There is a reason vendors run bug bounty programmes, why the jailbreak scene is still a thing, and cybercrime in general is booming.
I know someone would come up with this argument. But Apple and the community will be looking at those apps closely. Even if they managed to slip an exploit into them, it wouldn't last long.
How are those technical impossibilities? They're all essentially what Snowden says the NSA has been doing. It's a perfectly logical concern of a country demanding apps to be installed. Hell, it's been a problem with the Facebook app getting information people didn't realize it was capable of collecting.
I'm afraid there aren't many details in the rest of the article. Just scare-scare-scare. "The world’s biggest company" (is Apple the biggest? I thought it's smaller than Google, but never checked) vs "an autocrat with nuclear weapons". You know who to root for :-)
Anyway, full text of the article below:
====
Who will win the tussle between Apple, the world’s biggest company, and Vladimir Putin, an autocrat with nuclear weapons? On December 2nd Russia’s president signed a controversial law that will prohibit the sale within Russia of devices that do not come pre-loaded with locally produced applications. The legislation, which will come into force next July, has been dubbed the “law against Apple”, as it disproportionately affects the tech giant, known for its insistence on keeping tight control of the apps it allows on its devices.
The law’s sponsors have described it as a way to protect Russian internet companies, as well as to help elderly citizens who may find smartphones difficult to use, though it is not yet known which Russia-made apps will have to be installed. Local digital-rights activists like Artem Kozlyuk are worried, saying that these apps could “secretly collect information: location, tools and services being used and so on”. The apps can be deleted, but only if users know to do that—and there are suspicions that they might leave behind backdoors into users’ phones after they are gone.
The legislation follows another recent law promoting a “sovereign internet”; from November 1st the government has awarded itself the power to sever the Russian internet (known as the “RuNet”) from the rest of the globe. This is worrying for many local internet activists and experts, even though there are doubts that current network infrastructure could support it. Even before that, in the name of data protection, websites that refuse to build data servers on Russian territory, including LinkedIn, have been blocked. And this week the Russian authorities alarmed techies by raiding the Moscow offices of Nginx, an American-owned web-server company in dispute with a Russian one. The Apple showdown may be intended as a lesson to other giants, particularly Google (which owns YouTube) and Facebook; these companies present grave challenges to the Kremlin’s monopoly on information.
Apple officials may think the Russian market too small to be worth the policy change, but the company has recently proved willing to make another controversial concession. Starting in late November, Apple’s maps and weather apps, when used inside Russia, have denoted the Crimean peninsula, Ukrainian territory illegally annexed by Russia in 2014, as Russian. Even when used outside Russia, the weather app shows Crimean cities without (unusually) stating which country they are in, while Apple maps introduces a mysterious dotted line dividing the peninsula from the rest of Ukraine.
Apple may have offered this olive branch in the hope of smoothing relations with Moscow, but its actions have contributed to a growing sense of insecurity in Ukraine, where the foreign minister, Vadym Prystaiko, has accused Apple of “not giving a damn” about his country. A spokeswoman for Apple says that it is “taking a deeper look at how we handle disputed borders”. But a group of European parliamentarians has lodged a formal complaint and damage has already been done to the company’s reputation.
Unlike Facebook and Google, Apple had mostly avoided political scandal until now. It has six months to decide whether or not to quit the Russian market. The world, and Ukraine, will be watching to see if it caves in to the Kremlin’s demands.
Now let our apps have special privileges on your phones or you can't sell it here.
(Emboldened.)