RIP Apple Security Updates?

This is an issue.

Author

Brandon Butch
August 25, 2023 ā€¢ šŸ“– Read time: 11 minutes

Not yet a subscriber? Sign up here!

Good morning! ā˜€ļø *Tim Cook voice*

The UK is trying to ban security updates, we could see the first Ultra iPhone, boring iPhone 15 Pro colors, iOS 17 is quickly approaching, and more!

Estimated reading time: 3.7 minutes

šŸ“Š Poll

Last week, I asked: will average consumers care about USB-C?

Here were some of my favorite replies:

No - ā€œAverage consumers arenā€™t thinking about that sort of stuff. The phone has to work so they can use social media and take photos. For them, a charger is a charger.ā€ Iā€™m increasingly finding myself in this camp as Iā€™ve asked around lately.

No - ā€œMost don't care, but will be happy when their cables are consistent across all devices. I think the pressure should be more focused on Apple keeping their cable up-to-date with modern technology rather than USB-C specifically.ā€ I agree, I also think Apple needs to make a more durable cable than the standard ones

Yes - ā€œYes, but not in a positive way. The average consumer will be quite upset at having to replace cables for everything once again. There was quite an uproar the last time the iPhone changed its charging port.ā€ Idk, I think Apple is going to really ā€œsellā€ USB-C at the event & in stores so that you donā€™t think of it as ā€œreplacingā€ but rather ā€œupgradingā€ - you know Apple will do some magic marketing like always!

Yes - ā€œSo many devices now use USB-C including water pics, toothbrushes, flashlights, lighters, and many others, It's convenitent to be able to use the same charging station and cables for all.ā€ This is the most common sentiment and I agree!

This week: Do you prefer pre-recorded Apple Events, or live/in-person Apple Events? Why?

Live or Pre-Recorded Apple Events?

Login or Subscribe to participate in polls.

šŸ¤¦šŸ»ā€ā™‚ļø The UK wants to Ban Apple Security Updates

You know, Iā€™m getting sick of legislators trying to change the path of technology when they clearly do not understand the subject matter as well as they think they do.

The latest case in point? Security updates from Apple. The UK is now trying to ban security updates.

  • The United Kingdom government has unveiled plans to revise the Investigatory Powers Act 2016 (IPA)

  • In the revised plan, they state that tech companies would need to notify the British government before rolling out a security fix

  • But if the security fix blocks a vulnerability thatā€™s being exploited by security services, it could be refused permission to push the update

Device manufacturers would likely also have to notify the government before making available important security updates that fix known vulnerabilities and keep devices secure. Accordingly, the Secretary of State, upon receiving such an advance notice, could now request operators to, for instance, abstain from patching security gaps to allow the government to maintain access for surveillance purposes.

JustSecurity

E2E Encryption

Keep in mind, this is the same government who has wanted to ban end-to-end encryption since 2017.

Apple recently stated that they would remove iMessage and FaceTime entirely from the UK instead of removing E2E encryption.

This isnā€™t just something that can be removed from an app or service. Gruber puts it best:

Itā€™s a complete fantasy that E2EE can be toggled like a light switch and still allow messages to be delivered. The end-to-end encryption isnā€™t a sugar coating, some sort of extra layer of protectionā€‰ā€”ā€‰itā€™s fundamental to the messaging protocols themselves. It has to be, when you think about it. If it were possible for, say, Signal, to silently disable E2EE but still have messages go through, how could users ever trust the service?

You could neither trust that what you were sending would be delivered securely, nor that what you received wasnā€™t intercepted by an interloper. Thereā€™s an explicit guarantee with all of these E2EE messaging platforms that messages can only go through securely.

Removing E2EE wouldnā€™t require some mere tweak to the protocols, it would require replacing the protocols entirely (with inherently insecure ones).

John Gruber

The craziest part about all of this is: The UK could very well pass this law. And they will think that Apple, WhatsApp, and other companies who are all-in on E2EE will just abide by their new laws. They think Apple is bluffing.

But I can see a scenario where Apple follows through and bans FaceTime and iMessage in the UK. And this could set the example for WhatsApp, Signal, and other E2E messaging apps to do the same and pull their apps from the App Store in the UK.

This is madness and will be very interesting to see where we go from here.

Subscribe to keep reading

This content is free, but you must be subscribed to The Apple Den to continue reading.

Already a subscriber?Sign In.Not now

Reply

or to participate.