Highly inaccurate marketing for iOS

treenutz68

[GrapheneOS: This is highly inaccurate and deliberately misleading marketing. There are widely available off-the-shelf exploit tools which work fine against an iOS device in lockdown mode. Apple claiming to be unaware of them and unaware of any cases of people being exploited is dishonest.]

TechCrunch reports that Apple is not aware of any successful hacks of an iPhone when lockdown mode was used.

https://techcrunch.com/2023/12/07/apple-says-it-is-not-aware-anyone-using-lockdown-mode-got-hacked/

If true, that is pretty impressive. It is quite hard to prove a negative though so there may be instances that simply were not reported to Apple. I do feel better using my iPhone for business purposes though using lockdown mode.

I still use a Pixel with graphene as my personal device and I think the privacy aspects of an open source operating system with no login to the device required are great. I will admit, I prefer the simple "always works" UI of my business iPhone though and if I could get the same privacy guarantees with it, I would use it for both personal and business.

Carlos-Anso

treenutz68 If true, that is pretty impressive.

Appears it probably is not.

Cellebrite documentation suggests they have exploits to get into iOS devices. They dont mention lockdown and we presume, as they also mention the difference between stock Pixel and GrapheneOS, that it would be mentioned if lockdown impacted their capabilities.
https://discuss.grapheneos.org/d/14344-cellebrite-premium-july-2024-documentation/64

GrapheneOS

treenutz68 It's clearly not true because there are off-the-shelf exploit tools which work fine against devices with iOS. Apple claiming to be unaware of them and unaware of anyone being exploited is meaningless. How would they be specifically aware of a case of someone being exploited in the first place? This is clearly deliberately very misleading and inaccurate marketing.

DeletedUser87

treenutz68 you don't even need a study to find that out. My AdGuard Home registers all the DNS requests in my network. My Apple devices (literally ALL of them) easily beat everything else I have. The worst of them all is a HomePod mini that's basically unused. Music is played on that thing once a week. It gets two Siri requests at most per day. That thing constantly goes for the record of 1000 (one thousand!) DNS queries a day. An unused iPhone does around the same number with most iCloud s**t disabled. That almost reaches the requests of my server, that hangs around 1500 requests a day. It's pretty crazy honestly. My actively used GOS phone is around the same number (1-1.2k), but then again - it runs on my network even when I am away through a VPN...

treenutz68

DeletedUser87

Yeah, I thought I remember reading something on either the forum or the matrix chat that even though iPhones are chattering constantly, it isn't necessarily a privacy issue. I can't remember the logic, maybe something about it being anonomyzed data or it not gathering anything important.

Anyway, my preference is certainly a quieter device like my graphene pixel with no google play services installed.

DeletedUser26

treenutz68 it depends what data is actually being sent. Just counting connections doesn’t really tell the whole story.

DeletedUser87

DeletedUser26 sure, I agree. But when you look at the logs and find privacy-gateway.cloudflare.com when not having Private Relay or anything in the Safari settings related to that, it's getting creepy. It's also arguably harder to PCAP traffic off of iOS devices with no easy MitM proxy implementation for said devices. I really don't have anything against iPhones and actually like to use them, but this kind of intransparent crap fuels mistrust in the Apple platform.

DeletedUser26

DeletedUser87 it uses private relay for some things without you needing to pay for it. The paid private relay covers all Safari traffic, DNS, and unencrypted connections. This is why it’s important to know what the connection is actually being used for, you’re confusing a privacy feature with telemetry or something. I agree that Apple should allow you to root your phone if you want just like on a Pixel, maybe in the future they will.

treenutz68

DeletedUser26

Do you believe there are privacy benefits of using grapheneos over an iphone? I've been talking to my brother about potentially making the switch from iphone, but I'm not really sure if "the juice is worth the squeeze" given most of his contacts use iphones (so he can utilize e2ee imessage/facetime by default) and I have already convinced him to log out of icloud and use other backup options.

I think part of the issue is that we all know iphones chatter a lot with apple, but I'm not sure if there is anything definitive about what data is being sent to them and what is being done with it. My thought has been, better safe than sorry, which is why I love graphene as it simply isn't logged in and doesn't phone home constantly.

DeletedUser26

Carlos-Anso Cellebrite is a different type of exploitation, lockdown mode was implemented after the Pegasus attacks that were all over the news so it mostly focuses on remote exploits like that. But yes Cellebrite has no problem getting into AFU iPhones at the moment, although the recent news about the new hidden auto reboot feature in iOS 18.1 shows that Apple is now targeting that type of attack as well.

GrapheneOS

DeletedUser26 There are exploits available for iOS devices in lockdown mode. Apple is deliberately being misleading and outright dishonest. It should substantially reduce trust in them. It is simply not true that there haven't been exploits of iOS which would be usable in lockdown mode. Lockdown mode does nearly nothing to defend against local privilege escalation but rather is almost entirely based on reducing Apple service and Safari browser attack surface. It's genuinely ridiculous to act as if there aren't exploits for other apps and iOS not related to iMessage, or that lockdown mode eliminates the vast majority of Safari attack surface when it clearly doesn't. Apple is being very deliberately highly misleading. How would they know about people getting exploited in the first place? It means nothing for them to be unaware of it or to have no confirmed reports of it. The exploit tools provably exist beyond forensic data extraction.

[deleted]

treenutz68 Do you believe there are privacy benefits of using grapheneos over an iphone?

Without question.

iCloud Standard data protection - Apple can decrypt your data on your behalf whenever you need it. Apple has the decryption keys.

iCloud Advanced Data Protection - Recovery Contact. I ask myself the question is a Recovery Contact a backdoor that can be exploited to recover access to an account and decrypt user data?
https://support.apple.com/en-us/102651

App Tracking
The fact that Apple has added the ability to disable app tracking capability tells me that app tracking capability is baked into apps. Does this app tracking only disable tracking for third party apps? Can Apple still track you for their advertising greed?

Apple Advertising
The fact that Apple advertising exists and there are options in the iOS GUI to select advertising preferences tells me that Apple is exploiting user data, be it anonymised or not, to profit from advertising.
https://www.fool.com/investing/2023/11/19/apple-secret-digital-advertising-giant-revenue/
If Apple was serious about privacy there would not be any tracking and Apple advertising wouldn't exist.

To download an iOS app from the app store you need to provide, name, DOB, email address, phone number and home address. How is that private?

Some examples of how Apple have failed.

You need an email address to create an Apple account. An email address you need to get from another provider because you can't get one from Apple before you have an Apple account.
iPhone can only send scheduled messages to iMessage users.
RCS on iPhone is encrypted in transit but not end-to-end encrypted when messaging with an Android user.
60Hz displays in 2024.
There is no visual indication on the screen that on iPhone with an "action button" is in silent mode. The old slide switch had a red indicator.
The new "camera button" is welded into the case so to replace the button is a full case replacement.
Apple products are designed to create dependence.
To copy music to an iPhone requires a PC or Mac, iTunes and a cable. Android plug a USB drive with an adaptor straight into the phone.
Is Lockdown Mode on an iPhone a defacto admission the attack surface of the device is too big to start with?
Apple has created a mesh network that you cannot opt-out of. On stock Android you can opt-out.
https://youtu.be/uv_qF7mdc6A
Apple Privacy https://youtu.be/r38Epj6ldKU

DeletedUser26

treenutz68 it depends on the threat model. They make more connections with Apple but specifically in his case it sounds like because he’s using iMessage and FaceTime etc then that could be worth sticking with iOS if he does t care about telemetry and that sort of thing. I’m not sure what’s wrong with iCloud, it has E2EE that are completely seamless already.

DeletedUser26

[deleted] Recovery Contact. I ask myself the question is a Recovery Contact a backdoor that can be exploited to recover access to an account and decrypt user data?

Recovery Contact is completely optional and no it’s not.

Neither Apple nor the recovery contact have the necessary information individually to recover the user’s end-to-end encrypted iCloud data.

https://support.apple.com/guide/security/account-recovery-contact-security-secafa525057/1/web/1

You can read up on how it works here.

[deleted] The fact that Apple has added the ability to disable app tracking capability tells me that app tracking capability is baked into apps. Does this app tracking only disable tracking for third party apps? Can Apple still track you for their advertising greed?

This disables an advertising ID for third party apps. Android has a similar thing.

[deleted] To download an iOS app from the app store you need to provide, name, DOB, email address, phone number and home address. How is that private?

You can fake all of that if you want, they don’t check or anything. Personally it’s not a concern for me, it’s all about your threat model to determine what’s acceptable to you.

[deleted] You need an email address to create an Apple account. An email address you need to get from another provider because you can't get one from Apple before you have an Apple account.

If you buy an Apple device then you can create an iCloud email, I assume you tried to make an Apple account from their website. You need an Apple device or it won’t let you make an iCloud email.

[deleted] RCS on iPhone is encrypted in transit but not end-to-end encrypted when messaging with an Android user.

This is just because Apple is using the Universal Profile and not Google’s proprietary encryption. Blame the GSMA for that. They do have plans to add E2EE in the future:

The next major milestone is for the RCS Universal Profile to add important user protections such as interoperable end-to-end encryption.

https://www.gsma.com/newsroom/article/rcs-nowin-ios-a-new-chapter-for-mobile-messaging/

[deleted] Is Lockdown Mode on an iPhone a defacto admission the attack surface of the device is too big to start with?

No, is any optional security feature an admission the attack surface is too large? It’s designed to reduce attack surface for targeted individuals like journalists etc. They designed it with a specific and uncommon threat model in mind. It does also help protect you even if you’re not targeted as a byproduct though.

[deleted] Apple has created a mesh network that you cannot opt-out of. On stock Android you can opt-out.

You can absolutely opt out of it, it’s called the Find My Network and there’s a toggle in the settings.

DeletedUser87

DeletedUser26 iMessage has seemingly been the biggest contributor to zero-days in iOS. To mitigate the risks, Apple largely reduces the attack surface by disabling various iMessage features. The problem is, that iMessage then requires lockdown mode to be enabled at all times.
I think everyone is better off just using a 3rd party app like Signal instead of relying on iMessage.

DeletedUser26

DeletedUser87 Signal is not immune to zero days either, the Messages app is targeted because it’s the default messenger on iOS. If you’re trying to exploit someone, is your target more likely to have the default messaging app or Signal?

[deleted]

DeletedUser26

DeletedUser26 ou can absolutely opt out of it, it’s called the Find My Network and there’s a toggle in the settings.

I imagine this would also disable the remote wipe capability.

DeletedUser87

DeletedUser26 it's not targeted because it's a default. It's targeted, because it's bloated af. The dialer or the photos app or FaceTime or anything else preinstalled could've been an equally exploitable target; but they're not. iMessage is always at the center of attention when something like Pegasus or Operation Triangulation are discovered. The feature set is enormous (accompanied by a huge attack surface) and thus sets a precedent as to what not to use when it comes to messaging apps. I've been an avid user of iMessage myself for quite a while, but I dropped it exactly because of these concerns a while ago.

DeletedUser26

DeletedUser87 Apple has done a lot of work hardening the Messages app over the years.

https://support.apple.com/guide/security/blastdoor-for-messages-and-ids-secd3c881cee/web

Any app that deals with SMS, RCS, etc is going to have a lot of attack surface and Signal is an improvement just by virtue of not having SMS support. But some app on your system has to and Apple has done some impressive work I think hardening the Messages app.

I don’t agree that the dialer is equally exploitable, it doesn’t support them sending text or displaying images or anything of that ilk. It’s definitely possible and has happened before but I think like you said the Messages app is just a juicier target just by virtue of how much it has to support. They usually seem to exploit some old file format or send some maliciously crafted text or images it seems like.

DeletedUser87

DeletedUser26 Apple has done a lot of work hardening the Messages app over the years.

Excuse me? You mean adding Memoji, stickers, location sharing, Digital Touch, message effects, Apple Pay Cash, contact info sharing, contact posters, 3rd party apps, iMessage for Business and all the other crap is hardening?! iMessage is bordering WeChat with unnecessary bloat that can and will be exploited.

DeletedUser26

GrapheneOS it’s also a year old lol. Not exactly current either.