Me on App Store Monopolies and Security

There are two bills working their way through Congress that would force companies like Apple to allow competitive app stores. Apple hates this, since it would break its monopoly, and it’s making a variety of security arguments to bolster its argument. I have written a rebuttal:

I would like to address some of the unfounded security concerns raised about these bills. It’s simply not true that this legislation puts user privacy and security at risk. In fact, it’s fairer to say that this legislation puts those companies’ extractive business-models at risk. Their claims about risks to privacy and security are both false and disingenuous, and motivated by their own self-interest and not the public interest. App store monopolies cannot protect users from every risk, and they frequently prevent the distribution of important tools that actually enhance security. Furthermore, the alleged risks of third-party app stores and “side-loading” apps pale in comparison to their benefits. These bills will encourage competition, prevent monopolist extortion, and guarantee users a new right to digital self-determination.

Matt Stoller has also written about this.

EDITED TO ADD (2/13): Here are the two bills.

Tags: , , , ,

Posted on February 1, 2022 at 2:26 PM49 Comments

Comments

pup vas February 1, 2022 2:59 PM

Yeah! Bravo Bruce! Agree with You absolutely on this.
Moreover,free apps should have always the option to be downloaded directly from app site,not app store monopolist.
Monopoly as always bad.

Hedo February 1, 2022 3:20 PM

@Bruce,
Bravo, and Thank you for your own contributions.
There’s nothing I love more about you than your integrity.

JonKnowsNothing February 1, 2022 3:39 PM

@All

re: Game stores / In Game Purchases

This is an extension of the App Store but it’s a knotty problem:

Two aspects:

1) Niche Games
2) Gold Farmers

1) Games and Niche Games

Some games have their own “stores” inside the game environment. These may call out to a web software system to handle in-game purchases and so technically exit the game environment to complete the transaction.

Often these in-game transactions have restrictions on use and also TOS/EULA rules of how transactions can be processed and how the items can be distributed.

Games may or may not be on major platforms or use game subscription services or they may use a combination of systems in order to reach their target markets.

2) Gold Farmers

Game providers have different tolerances for this category. Primarily these are “players” (1), that earn bonus, game gear, game currency and then sell these items to another person for real world currency or bitcoins.

Some games prohibit “gold sellers-gold farmers” and others allow it.

For games that do not allow it, Gold Sellers still invade the game chat promoting links to sites that may not be secure. Sellers and Buyers that violate the game TOS/EULA/CoC and can be ejected/banned.

Games that prohibit Gold Selling, spend a good deal of effort on preventing their access and jettisoning them asap.

So depending on which way you flip the view, having Game Monopoly Economics tossed into the ring of “open access”, may have undesired results.

It all depends on the definitions of such activities and how broad or narrowly they are drawn.

  • Apple scavenging funds for providing download access and taking a cut from the game economic system, puts Apple into 2 categories:

** Download Platform Provider
** Gold Seller.

Opening up these Download Platform System Accumulators spreads not just to fee-based systems but others that provide downloads of all sorts of electronic information.

Opening up In-Game/App Purchases to World+Dog to break the Game Monopoly impacts not only the users of the games but some aspects of Global Technology (1).

===
1) Gold Selling/Gold Farming is a very lucrative business. They run scripts that earn the most game gold, gear and other desired items in the shortest time. Some countries have been accused of using their incarcerated persons to do this work, others have been known to exploit members of their population.

Gold Farmers are often required to multi-box many avatars simultaneously and are required to complete set achievement goals to avoid punishment. It is an electronic piece work system.

Gold Seller Ads have the same issues with spamming of unwanted or undesired messages.

These actions maybe prohibited within a game environment; the employment issue maybe prohibited by laws but tolerated or low enforcement priority.

Marc February 1, 2022 4:10 PM

While I agree Apple’s monopoly needs to end and it’s arguments are disingenuous, I wish we could point to an alternative that isn’t the security cesspit that is the Android App Store model. I’m not well versed, but do you think its curation should stop, or that Apple’s should just be one of many possible app stores?

I think the stakes are higher for mobile phones than for computers, but if you’re proposing something similar to the Microsoft or Mac App Store models (store distributed apps/notarised apps from other sources/install anything anything you want), how do you propose making it more secure?

Impossibly Stupid February 1, 2022 5:48 PM

@Marc

how do you propose making it more secure?

Security comes in many forms. As someone who had my first iPhone app completely stonewalled by Apple’s review process until Steve Jobs himself intervened to get it into the App Store, I’ve done quite a bit of thinking about how to responsibly circumvent their self-interested monopoly. One thing I thought about doing was making my app open source so that anyone who wanted to could audit, build, and install it on their own device.

Apple already has mechanisms in place (e.g., Apple Business Manager, TestFlight, etc.) that allow developers to distribute apps “directly”, presumably without overly compromising their security. I see no reason these methods could not be improved or extended. I would very much like to create an automated process for populating an app store with open source code, especially projects that have been further audited for extra security.

Matt Sayar February 1, 2022 7:11 PM

Even if they lose, you know there will be so many dark patterns involved with using an alternative app store that users will flock to the defaults anyway. Still, it’s revenue lost so they will fight against it regardless.

Tim February 1, 2022 7:42 PM

Groans. Apple does not have a monopoly based on any definition of the word. Legal or otherwise.

Tim February 1, 2022 8:15 PM

Apple has exclusive control over the APPLE app store. They don’t have anything close to exclusive possession or control over any market. And judges agree.

ResearcherZero February 1, 2022 8:36 PM

Preemptive moves to slurp up more data:

Starting March 29, 2022, the Web & App Activity Admin console setting is going away and a new user setting, Google Workspace search history, is enabled by default for all users. You can save and manage your search activity with Google Workspace search history when it’s turned on. This gives you a better search experience with Google’s services.
https://support.google.com/a/answer/11194328

Some organizations disable all Additional Google services so end users don’t have the option to turn Web & App Activity on and therefore don’t get access to recent searches in their Google Workspace apps.

Starting March 29, 2022, we’ll remove the Web & App Activity setting in the Admin console and introduce a new end user setting on the My Activity page called Google Workspace search history. This means end users will be able to control the storage of their core Google Workspace services search history data after March 29, 2022.

What does this mean for my organization?

Users who have Google Workspace search history enabled —and perform searches in Google Workspace apps like Gmail and Drive— will see their search history shown as suggestions before or as they type their searches in these products. These apps will show a message letting users know that search history is enabled.

In addition to the new Google Workspace search history setting, the end user Web & App Activity setting will continue to exist. However, Web & App Activity will control storage of search data from Additional Google services only, and will remain disabled by default for new users.

Important details about the new search history setting

  • The new Google Workspace search history setting will be on by default but all users will have the option to turn it off.
  • Users will be able to set control how long their Google Workspace search history is stored.
  • Users will have any existing data retention settings in Web & App Activity applied to Google Workspace search history. The default time period for the data retention setting is 18 months.

Any users marked under the age of 18 by their admin that have controlled access to Google services by age will have Web & App Activity disabled from their account and will be unable to turn it on.

Any searches done in Workspace apps before March 29, 2022 will be available in the user’s Google Workspace search history if both end user and admin Web & App Activity settings are enabled when this changes goes into effect.

Users with Google Workspace search history enabled will also be able to see and delete their search data, and to opt out of collecting this data altogether.

https://pastebin.com/raw/5ayJTDDp

Google has now drawn a line in the sand. Give us all your local SSIDs, local bluetooth connections, with likely even more detail, or they now refuse to allow you to use Maps to navigate.
https://news.ycombinator.com/item?id=30167865

lurker February 1, 2022 9:00 PM

@ResearcherZero re G’s line in the sand,
“Since wifi is on most of the time, it’s the quickest way of finding your location…

Wifi is on most of the time? Once again I dodge the bullet…

MrC February 1, 2022 9:54 PM

Bruce, I don’t think you were sufficiently blunt about the worthlessness of Apple’s “curation.” A reader inclined to give Apple the benefit of the doubt might interpret your comments and the footnoted article as examples of occasional one-off failures in an otherwise adequate vetting system, rather than the utterly useless Swiss-cheese dumpster fire that it is. I think you should have been more direct in stating that Apple (and Google) is doing a terrible job of “curation” right now, and they’ll never be able to do an adequate job because it’s an impossible task.

Tim February 1, 2022 10:23 PM

@Tim

99.7% of smartphones in the US run on either Apple’s iOS (59.89%) or Google’s Android (39.79%).

Most users get apps from their platform’s respective app store. These app stores act as gatekeepers that can restrict the apps users are able to access.

If I understand correctly, Bill S. 2710 (Open App Markets Act) would open up the app marketplace by allowing other app stores to exist on these platforms.

This would break the monopoly of each platform having only their one app store – with only the apps that they’ve permitted. You would get to decide which app store you shop at and which apps you’d like, rather than having only one store in town. Make sense?

https://www.govtrack.us/congress/bills/117/s2710/summary

AL February 1, 2022 10:58 PM

I like side-loading. I did it on Android to load Signal onto a tablet. If there is a case to be made against side-loading, then there should be something to point to in the Android situation.

People want a phone, but they don’t necessarily want a nanny.

null clam February 2, 2022 1:50 AM

Trying to understand what makes Apple an evil monopolist.

The modern economic doctrine is that “fair” is what the market determines as the mutually acceptable exchange. This is even based ultimately on nature.

Mutually acceptable cannot mean merely “whatever prevails”. The ideal standard might be summed up as “full measure, shaken and sifted, pressed down, running over”. It assumes the buyer and seller have a sufficient understanding of what constitutes real value in the exchange. The buyer and the seller also are assumed to have unconstrained access to other buyers and sellers so the choice to trade is freely made.

Any exchange which deviates from this standard is to some degree theft, which is worthy to be condemned.

Naturally nothing is perfect, degrees of understanding and meeting or not meeting ideal exactitude are hard to determine, and so general reasonableness and prudence, and of course “street smarts”, play a role.

How do we know if we are at least reasonably close to the ideal ? The only way that seems to have a hope of being realistic to let the actuality of the living marketplace guide. If there is gross theft, active buyers and sellers can move away to other buyers and sellers which offer a more equitable trade.

We may feel Apple is acting badly but to know that involves showing that the seller and buyers are not in the light about what the real values to the seller and buyer are in the exchange; or that the market is constrained and not free; or both.

The blog’s original post addresses clarifying the real values to Apple and to buyers.

What about market access ? There is a general perception that the market is constrained by consisting of too few big players. There have been many attempts to address this by creating alternate markets of devices and software platforms. None seem spectacualrly successful. There seems to be something unexpectedly difficult in bringing a new phone device and platform to market. To address this it might be worthwhile for government and industry generally to fund and promote understanding of the issues involved and the development of reusable expertise in the area.

What about the bills ? They seem to require that the primary seller provide sales access on its own “premises” to any other seller of apps. This sounds like it addresses market access freedom. However, perhaps it does not. It requires that a determination be made of what is non-separable from the primary seller’s offering (presumably something like the device, the system software, and associated things), and what is separable (the app vending platform), and then insists the primary seller make this separation. This sounds arbitrary and perhaps prompted by “because we see it can be done and it’s the ‘fair’ thing to do”. This reasoning resembles the error of Cyrus regarding the two tunics [1]. Suppose someone came up with a marvelously slick and easy modular hardware change that everyone wanted. Would anyone say the primary device maker, on pain of shaming as a monopolist, be required to alter the device so this hardware could be added as desired ?

Also, to be ‘fair’, all app stores would have to provide access to all other app stores, a nightmarish sounding encumbrance for all.

Therefore, even granting Apple is in error about the value proportion it offers to users and developers, it alone cannot be solely the fault and it seems to tend to the tyrannical and ultimately counterproductive to coerce them to change their policies. Without addressing the issues via the market, we run the risk of establishing an unending arbitrary and unstable system of rules based on ad hoc considerations.

  1. Xenophon. Cyropaedia. I.3.17

Scott February 2, 2022 10:17 AM

Access to both Android and iOS devices is controlled by an effective duopoly. Neither company plays nice with anything it sees as outside its own limited interests and there are no resolution options if their company arbitrarily believes so. Both have contrived an excessive “tax” on developers for other services they offer and are using the security and privacy (of which neither is opposed to doing what they want with your information if it suits their purposes). Both companies continue to prove that absolute power corrupts the system. They continually move the balance to their advantage and that is how both now are staggering in size and influence.

Anti-competitive tying practices have been illegal for decades for this very reason. Competition brings the greatest strength and diversity of offerings and provides balance in the marketplace. Our feudal App ecosystem overlords have created a system to ensure subservience of everyone else. Time to put an end to it with appropriate laws and regulation.

Petre Peter February 2, 2022 11:13 AM

I bought the first generation iPhone the day it came out in 2007. The app store model was new, and I didn’t consider that it could be used as a monopoly. A year later, I found out that the phone can do a lot more if you jailbreak it but I was too scared, and i remained in ‘the garden’ Apple has provided for me. The app store model was such a successful tool for control, that soon Sony, Amazon Microsoft, and Google created their own versions. These are the hidden battles to control our data which Professor Schneier warned us about in Data and Goliath.

‘Follow and expert; it’s easier. Thank you Professor Schneier.

Freezing_in_Brazil February 2, 2022 11:22 AM

@ Bruce, All

There’s no reason why a ‘jailbroken’ ecosystem could not coalesce into something akin to the Linux distribution system [centered around repositories]. In fact, think that would the natural compromise between the walled gardens model and the Wasteland.

I praise your efforts and am immensely grateful.

lurker February 2, 2022 11:44 AM

@null clam
“There seems to be something unexpectedly difficult in bringing a new phone device and platform to the US market.”

Words in bold inserted to make more sense to this foreigner. The carriers have a vested interest in minimising the number of devices and platforms they have to deal with. A duopoly suits them as the two players keep an eye on each other.

Freezing_in_Brazil February 2, 2022 12:24 PM

Last post truncated. Saying again:

There’s no reason why a ‘jailbroken’ ecosystem could not coalesce into something akin to the Linux distribution system [centered around the idea of repositories]. In fact, think that would be the natural compromise between the walled gardens model and the Wasteland.

JonKnowsNothing February 2, 2022 1:00 PM

@null clam, @All

re: Monopoly or Not

In USA there is another test that applies: Barriers to Entry

This means Barriers to Enter the Same Market.

  • If you want to raise tomatoes your barriers to entry are in the Ag field, Food supply chain, Customer access.
  • If you want to create an app that can identify the best tomato on the shelf-display (1) your barrier to entry is computer, software, and the App Store.

There are many laws in US that accept barriers to entry as valid and protect companies from competition. Generally there’s some “public interest or public good” argument for this.

There are other barriers to entry that have no protection but are nearly impossible to overcome. Elon Musk has been wildly successful were DeLorean wasn’t; not because the DeLorean wasn’t popular but the costs involved in entering the market had many zeros and there just wasn’t enough of them in the bank.

When barriers to entry are deemed artificial and there are no mitigations or alternatives to that specific market, government and legal remedies can be ordered.

  • If the tomato app cannot access the Apple Store (Market of Customers) and the Store Fees are found to be excessive and EULA/TOS encumbrances impede or impact the rights-ownership of the app and any revenue generated, then this may be enough to require legal intervention.

  • The tomato app generates income for Apple, and Apple provides little or no support for the creation, maintenance or improvements to the app. The Apple Store can remove or block the App without notice and deprive the end users of the app access (either block or stealth remove) at any time. End users have no way to continue to use the app if Apple blocks it and if that’s done to promote an Apple version (Apple may create their own Apple-Tomato sniffer) then it’s more serious matter.

The number of shares a company has and the number of shareholders and the value on Wall$ have little to do with Barriers to Entry. Those items influence the creation and alteration of laws that are applied. If the laws fail certain tests, the law is invalid.

Time also has an impact on the outcome, at some point no one will care about the Apple Store because another option will be usable or preferable. Apple can delay this but their current incarnation is not going to last. They can change sooner or later.

Why would they wait? Perhaps their modeling has shown that the revenue from the current situation is greater than the revenue from all the future options and that the other options will cost them Market Share. So it’s scraping the frosting bowl now before it gets washed.

====
1) This app would use color and AI/ML to photo-video scan the tomatoes on the display shelf and know the difference between a Roma and Celebrity variety: shape, color, size, price differential.

David Oftedal February 3, 2022 3:58 AM

We’re also fast approaching a situation where the two major app stores, the Google and Apple ones, are gaining a monopoly over increasingly important societal functions.

Individuals and businesses in many countries will for instance expect payments and communication to take place within apps that are only available via these two app stores. Many people have become uncomfortable with cash or bank transfers, despite having used them frequently only a few years ago.

Worse yet, companies that often have state-mandated monopolies, such as train and bus services, have also begun to require users to pay and order via apps, despite their almost universal inability to provide their own apps. They are, of course, only available from Google and Apple.

With the COVID-19 pandemic, we’ve also seen an increase in states asking, or even demanding, that citizens install certain apps. Even assuming that every citizen had a smartphone and a subscription, what are the odds that all of these apps exist anywhere outside of the two major app stores? We may already have seen the first instance where a subscription to Apple or Google is a legal requirement, and if not, we may see it soon.

I’m not personally in favour of more regulation, but it goes without saying that the state, or a private company that performs an essential function under a state monopoly, should never require citizens to subscribe to particular commercial services in order to exercise their rights.

Rufo Guerreschi February 3, 2022 7:18 AM

As you say “App store monopolies cannot protect users from every risk, and they frequently prevent the distribution of important tools that actually enhance security.”

But this is a case for a “better store”, not “no store”.

Maybe democratically-governed international one that can be expected to has the whole users best interest as in our Trustless Computing Certification Body and Seevik Net?

http://trustlesscomputing.org

JonKnowsNothing February 3, 2022 10:02 AM

@ Rufo Guerreschi @All

re: But this is a case for a “better store”, not “no store”.

Maybe democratically-governed international one

Eons ago, there were public accessible download repositories for all sorts of software, utilities, editors etc. Some had monetized options (Pay $50 for a license) but lots of stuff was “free to download”.

So, there have been non-governmental options until we got to “closed garden” systems. Some aspects may still be available but the closed garden model started blocking installations unless “approved or unapproved” extension is listed in their own repository, using the closed garden installer, updater, and source code format.

There were several reason or issues:

1) Getting things compatible with the main program structure.

Exposing specific methods for calling the primary program and minimizing install/uninstall barfage. The repositories generally allow Others to write add-ons or helper stuff but rarely monitor it for “security”. If any monitoring happens it’s mostly to ensure no installation barfage.

2) The increase in badware, malware, vaporware and all the Under-Wares for the UnWary.

Even if you are AWary you can still get bit bad installing from any source and hoping the site hasn’t been hacked, MITM or cloned and the thing you are grabbing hasn’t been tampered with.

Closed Garden, Curated Repository have the same problems as previous incarnations.

They cannot and do not have the time, ability, functionality to prevent bad junk from getting inside, bad junk getting distributed out.

Governments can’t do it either. (1)

Governments cannot even distribute face masks or vaccines in an orderly rollout to their populations and the protection rates are average to poor.

The same problem occurs for all software systems and updates. A good hunk isn’t going to be updated and statistically there isn’t much you can do about it.

Walled Gardens do not make the software “safer”. They only make some options easier to find. End Users still have to rely on Star-Counts, Comments, Download Statistics to determine reliability just like buying a toaster at AZ$W$.

It’s far easier to return a busted toaster.

===

1) It is the purpose of all 3Ls to install barfage on world computers. That’s the job. That’s what they do. They are proud of their work. Just don’t brag about your WORDLE score.

Martin February 3, 2022 10:31 AM

I like your bog, but count me on the other side of this debate from a security standpoint. Apple, due to its walled garden, has had a more secure app store than Google for a decade by all known metrics. Google is getting better but it has taken them years to get close.

While I’m sure the bottom line for Apple/Google collective pushback is revenue and not security, but the history of both stores does tell a clear story – even to Android lovers:

https://www.androidauthority.com/ios-vs-android-1068950/

“Whether iOS is better than Android in security is now up for debate, but the consensus still gives Apple the upper hand. iOS has more consistent updates for all devices, a closed ecosystem that is harder to penetrate, and a stricter app store. All of these factors combined make it harder for attackers to target iOS users.”

-Android Authority 1/29/2022

Clive Robinson February 4, 2022 12:29 AM

@ ResearcherZero,

Google has now drawn a line in the sand. Give us all your local SSIDs, local bluetooth connections

You forgot,

And your PrivateKey as well as your PubKey…

Yup if you are a Developer Google now requires you to hand over your “Code Signing Key” for unspecified reasons.

This is obviously a very major security No No as “SolarWinds” and earlier back to Stuxnet and further, usless as Code Signing is in real terms, not keeping it privately secure leaves you application totally open to malware, spyware, addware, crypto-coin mining, and much much more.

Because if you think Google will keep your PrivateKey secret, you are very much mistaken.

The real question then becomes,

If Google can force PrivateKeys out of developers, how long before they find a reason to do it to users?

And people wonder why I don’t use Google “products”, maps, searching, etc…

SpaceLifeForm February 4, 2022 5:23 AM

@ ALL

Consider a two phone approach.

One with SIM, but you only use as a phone.

The other without SIM, that you use for WIFI.

Maybe it is not perfect, but that is what I do.

Winter February 4, 2022 5:39 AM

@SLF
“One with SIM, but you only use as a phone.”

What about using it as a WiFi hotspot too?

SpaceLifeForm February 4, 2022 12:28 PM

@ Winter

That defeats the purpose of my method. Yes, I realize that what I describe is not going to be practical for many people, such as the situation where their only internet connection is their phone.

I am segregating traffic, and using the phone as a hotspot without a VPN I feel no longer provides any segregation. Basically, I am trying to not feed the cellco data about sites visited while browsing. If I have to browse on the phone, it is minimal.

I do not use WIFI, BT, or GPS on the phone.

I do not use BT, or GPS on the non-phone. WIFI is off unless using.

I get excellent battery life on both devices doing it this way.

null clam February 4, 2022 9:24 PM

@ SpaceLifeForm

segregating traffic

Is it really certain the phones aren’t communicating or sharing somehow ? Do they never come near each other ?

Sort of xyzzy://xkcd.com/1922/

SpaceLifeForm February 5, 2022 2:39 AM

@ null clam

re: segregating traffic

Good question.

Yes, the phones are near each other. Neither has NFC. As to WIFI and BT really being off or not, who knows? But, watching battery life for years, I am pretty sure WIFI and BT is off when I think it is.

I’m talking Android, not iPhone.

Of course, the cell radio in both is still intact, so, with effort, the two devices could be correlated. But, in theory, a phone without a SIM does not generate any cell traffic except for emergency calls.

It would be easier to correlate the two devices via location given that WIFI APs and Cell Towers do not tend to move around much.

There is an app called WiFi Analyzer for Android. If you take a wardrive with an Android phone, with WIFI on, and the app running, it will open your eyes. For safety reasons, it is best to have a passenger monitor the SSIDs that are captured if moving. If in urban area, even your passenger will not be able to keep up with the changing SSIDs as you move.

(you will see a lot of printers too)

http://a.farproc.com/wifi-analyzer

Radio Silence. It is a thing.

null clam February 5, 2022 4:30 AM

@ SpaceLifeForm

Re: E.T. phone home

Another simple-minded question, then – what defines an Emergency Call ? Can the mechanism be exploited somehow ?

Full disclosure: I have been doing the same two phones thing, but have been assuming I was probably kidding myself, possibly by the devices detecting the same em fields, or by them somehow chatting in a low voice.

SpaceLifeForm February 5, 2022 6:17 AM

@ null clam

Re: E.T. phone home

The angle to bridge the gap would probably be the phone without SIM seeing the signal from the phone with SIM.

I forgot to mention that I always have the phone without SIM in Airplane Mode.

But, I do not not believe that Airplane Mode prevents the radio from monitoring. I think it really just stops transmission, which prevents a cell tower handshake from occurring. Which is why you get no calls or texts.

But, if it can monitor, and record ‘stuff’ with timestamp, and then transmit later over WIFI, then, yes, could be correlated, no problem. See Airtag.

If WIFI is on, it is now monitoring SSIDs. Combine with timestamp, and you have some good location tracking if you are moving.

Like I said, it’s not perfect, but why give the cellco data that they will just sell?

There is a lot of misinformation out there that says that if the phone is in Airplane Mode, then all radio is off. Obviously, that is false. The radio(s) still have power, it is just that some functionality is blocked.

There may be such a thing as Silent WEA, that reaches inside the phone even if in Airplane Mode. Think of it as a Ping with possibly long delayed Pong. The Ping is captured, the Pong is not relayed until either out of Airplane Mode or phone has WIFI.

WEA is broadcast. It is not specific to your phone. But the phone itself will reveal that is captured a specific Ping. With a timestamp. That specific Ping will of course identify the tower, right?

Then ET phones home.

I misplaced my Tin Foil Hat.

Clive Robinson February 5, 2022 6:46 AM

@ SpaceLifeForm,

But, in theory, a phone without a SIM does not generate any cell traffic except for emergency calls.

Err no… You’ve got the cart before the horse.

A phone without a SIM or virtual-SIM is not just capable of generating cell traffic it does, and not just for emergancy calls.

You need to think of things in layers, the lower ones have to work for the higher ones to work. A SIM and it’s function is way up the top of that stack and one heck of a lot has to go on before the SIM gets into things.

If you look at using a non home network with roaming, your phone can only send SIM info to your home-network, the non-home network quite happily carries that traffic for your phone. So the full connectivity is there to be used, and is used. It’s just what the service provider you connect to that choses what to forward or alternately drop in that “Great Big Bit Bucket in the Sky”(GBBBS) Null Device that is the equivalent of dev/null or NUL or NIL or what ever the OS owner choses to call it,

https://en.wikipedia.org/wiki/Null_device

I won’t go into details they can be found by reading through the technical docs, but you can demonstrate SMS working from a SIM less device to another SIM less device just by using the device electronic serial numbers…

Remember what you consider “your mobile phone number” has next to nothing to do with how the circuits are formed for calls. Your number is just a database entry, which is why sometimes you can dial a phone from one network say the modile service you use and get a number unobtainable but immediatly phone from a landline and get connected. The required entry to link the number you dial to a device is not in the database of your mobile service provider for some reason.

Think of it like Host Domain Names and Host IP addresses, you need the distributed database the DNS is to link them together. Once you have the IP address then traffic can be routed. Alternatively if you know the IP address then you care not about the Host Domain Name.

The process of “routing” is where all the real stuff goes on, and that is where you start talking about Rendezvous Protocols, when you are talking about linking two or more mobile devices.

Winter February 5, 2022 8:21 AM

@SLF, Clive
“A phone without a SIM or virtual-SIM is not just capable of generating cell traffic it does, and not just for emergancy calls.”

Indeed, but you can buy devices, mostly tablets, that do not have any cell phone capabilities. These can bee used as WiFi only mobile devices. They generally do have Bluetooth,but that can be handled.

Your scheme can work, but do not use a cell phone capable device.

Winter February 5, 2022 8:27 AM

@SLF
“using the phone as a hotspot without a VPN I feel no longer provides any segregation. Basically, I am trying to not feed the cellco data about sites visited while browsing. If I have to browse on the phone, it is minimal.”

You should use a VPN or Tor, or equivalent. These hide the destination of your traffic from your provider.

Anyhow, if you use VPN/Tor, why not do that on a simple phone if you only want to keep the telco in the dark? I have not yet heard of telcos breaking Tor.

Separation might indeed be useful if you fear an attack on your smartphone by way of the cell phone connection.

Dancing On Thin Ice February 5, 2022 12:18 PM

Apple used to say that having tight control was because if something goes wrong customers will blame them and not the apps on their device.

This reminds me of working at a nightclub where we evaluated a touring band’s crew abilities during the soundcheck.
Many of the bands played our venue every year.
They trusted our house guys mixing them to ensure they sounded great and that the lights made them look good.

With that, Apple’s commission rate is too high.

SpaceLifeForm February 5, 2022 6:49 PM

@ Clive, Winter

A phone without a SIM or virtual-SIM is not just capable of generating cell traffic it does, and not just for emergancy calls.

Note that I said ‘In Theory’. We are on the same page.

There is a lot of misinformation on the internet that exists to obfuscate what really can occur.

In an attempt to keep people from thinking outside the box, and connecting dots.

They generally do have Bluetooth,but that can be handled.

If it has WIFI, it has BT. 2.4 GHz. Whether it is visible or not at the user level is a software issue.

What if the tablet actually has a cell radio/modem that the user does not know exists because the software does not reveal its presence?

Two models of tablet. One has cell, one does not. Marketed with $20 price difference. But actually same hardware. The buyer can save $20 in the belief that there is no cell radio, therefore more secure.

Security Theatre.

You should use a VPN or Tor, or equivalent. These hide the destination of your traffic from your provider.

Not happening. That just concentrates the traffic into one place. Traffic Analysis made Easier.

I actually do not care about the traffic analysis angle, but I am not going to pay for a VPN in an attempt to hide from one party that I visit this site, when another party can see that.

I have no need to use a VPN for geolocation obfuscation in order to watch a video either.

Did I mention battery life?

Crooks are stupid. News at 11.

Winter February 6, 2022 2:01 PM

@SLF
“What if the tablet actually has a cell radio/modem that the user does not know exists because the software does not reveal its presence?”

It is pretty easy to check whether a tablet emits cellular frequency radio waves. So what is your point? If it doesn’t emit such radiation, it should not matter that it has the hardware. If it could do so with the right software, that also means you were rooted anyway when the cellular works. So the presence of the cellular would not matter that much.

JonKnowsNothing February 6, 2022 3:04 PM

@Winter, @SLF

re:
SFL :“What if the tablet actually has a cell radio/modem that the user does not know exists because the software does not reveal its presence?”

W: It is pretty easy to check whether a tablet emits cellular frequency radio waves. So what is your point?

Dumb for a Buck Disclosure:

I got 2 of those A$$$ jobbers on a 2for1 promotion and it never ever occurred to me that they would have cell service and their own phone numbers.

I never checked and was never told (or it might have been in the very fine print). I only realized they were cell active when I saw the bill for the extra numbers and called the A$$Joint to ask “What are these numbers for?”

I had set them up as wifi connections and never realized there was an ACTIVE CELL Connection that had been Preconfigured Active.

After a long harangue with the company that left me Unhappy and Stuck with the devices, I stored them in a closet until the batteries died. They have been stored ever since, and I look forward to the day I can throw them under an asphalt/concrete milling/grinder.

ymmv – theirs is zero (I hope)

null clam February 6, 2022 3:13 PM

@ Winter @ SpaceLifeForm

not matter that it has the hardware

Couldn’t the communication circuit be made up of two different segments, e.g cellular in, wifi out ? In general, multiplex all the parts 😉

Stealing from xyzzy://xkcd.com/2571/

But not Ohm’s law, Phone-home’s law.

Clive Robinson February 6, 2022 8:35 PM

@ null claim,

But not Ohm’s law, Phone-home’s law.

Hey… “not alowed”

Only the English are alowed to make awful/lousy technical puns, or name things after what others think are “naughty bits etc”. And then only because it’s part of our “cultural heritage”[1]… Along with stiff upper lips, clipped speech, cocking our little fingers when drinking tea, talking incessantly about the weather and in certain classes wobbling multiple gin chins 😉

[1] American’s get “Argyll Socks” and vests in bold colours for golf and when being abroad in warm climates 😉

https://en.m.wikipedia.org/wiki/Argyle_(pattern)

SpaceLifeForm February 7, 2022 2:27 AM

@ null clam, Clive, Winter, JonKnowsNothing

Re-read this, and substitute ‘phone’ with ‘portable device with hidden radio that is receive only’, while user thinks that it is a WIFI only device.

https://www.schneier.com/blog/archives/2022/02/me-on-app-store-monopolies-and-security.html/#comment-399736

The device captures the Silent WEA, The PING. The PING is received by the radio that never transmits over Cell.

Later it reveals the PING over another channel such as WIFI. The PONG.

Easy to track the device movement (or lack thereof).

Correlate with other data, and …

You get the picture.

Clive Robinson February 7, 2022 7:10 AM

@ SpaceLifeForm,

You get the picture.

I’ve actually explained it in the past with regards this BLE “covid tracking” systems.

Because they do not send location information only time, it is incorrectly portrayed as not spying on you, which is totally false, because,

1, Beacons have known locations.
2, Service providers have location information recorded against time in their “third party” business records.

Further as I pointed out with Apple AirTags, you can find the location of a users phone by the AirTags it reports back…

Location information is extreamly hard to hide, and importantly,

Any insufficient attempt to do so sends a signal.

A point people tend to forget about mobile devices they habitually carry around. Not carrying it at some point an event happens is called “circumstantial evidence”. That a defendent has to refute rather than the prosecution prove.

This shifting of the “burden of proof” is rather more than alarming as it gives such overwhelming advantage to a prosecutor people can and have be executed by it (“we kill by metadata” etc).

Another aspect of this is one of the primary assumptions behind a warrant if approved is that the subject is immediatly put on notice to defend themselves. Importantly they are also entitled to call for a speedy trial.

Modern surveillance warrants give no such warning, and thus alow a prosecutor to “cherry pick” facts for their case over as much time as they chose…

Robert February 10, 2022 12:06 PM

Third party app stores will turn the mess discussed here, https://youtu.be/Q30qZSEnI9Q, up to eleven. Unless the folks clamoring for third party stores are going to put in enough consumer protections with teeth that you don’t need third party app stores.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.