A change Apple is making to improve privacy in an upcoming version of its iPhone operating system has alarmed an unlikely group of software makers: developers of privacy-focused encrypted messaging apps. They warn the change, which is already available in public test versions of iOS 13, could end up undermining the privacy goals that prompted it in the first place.
The Information previously reported that the technical change Apple is making to its next operating systems, iOS 13, has sparked concern at Facebook, which believes it will have to make significant modifications to encrypted messaging apps like Facebook Messenger and WhatsApp to comply. But a much wider group of developers of encrypted messaging apps—including Signal, Wickr, Threema and Wire—is scrambling to overhaul their software so that key privacy features continue to work.
Apple told The Information on Wednesday in a statement that it is working with the developers to resolve their concerns. “We’ve heard feedback on the API changes introduced in iOS 13 to further protect user privacy and are working closely with iOS developers to help them implement their feature requests,” an Apple spokerson said, using the abbreviation for application programming interfaces, a tool that lets developers take advantage of basic functions in operating systems.
• Encrypted app makers are scrambling to comply with iOS 13 changes
• Developers say Apple changes intended for privacy could instead undermine it
• Apple says it is working with developers to implement their requests
The situation is a delicate one for Apple, which has become one of the most outspoken champions of privacy in the tech industry. Apple’s change will seriously affect privacy-mind messaging apps, said Julia Weiss, a spokeswoman for Threema, a Switzerland-based encrypted messaging app, “effectively resulting in the opposite of the privacy goals these changes were supposed to achieve.”
Apple’s change involves an API called PushKit, which was originally designed to be used in apps that let people make online phone calls using voice over internet protocol—better known as VoIP—as The Information first highlighted. Over time, many apps began using the tool for purposes other than Internet phone calls, including encrypted messaging apps that found it was the best method for decrypting messages in the background on iPhones.
Privacy advocates view encrypted messaging apps as vital tools for concealing communications from intrusive government surveillance and data hungry-internet firms. But app developers could also use PushKit to collect information about the location of users and other sensitive data, which concerned Apple.
With iOS 13—which is likely to be released soon after Apple announces new iPhones on Sept. 10—the company is finally cutting off developers from using PushKit for any purposes other than internet phone calls. In a presentation announcing the changes last June at its annual developer conference, Apple said privacy and performance were the main reasons for cracking down on usage of the tool. Apps that exploited PushKit could drain iPhone batteries, Apple said.
From Apple’s perspective, developers were abusing the tool when they used it for functions other than Internet phone calling. But messaging developers say Apple didn’t give them any other good options for making their apps work.
One of the leading proponents of encrypted messaging, Moxie Marlinspike, creator of Signal, said last month on Twitter that Apple’s change will disable the encryption functions on those apps. Other executives in the field say the outlook is less dire, but complying with Apple’s change won’t be easy.
“It’s not the end of the world, but it is a significant engineering effort and an unexpected one,” said Tom Leavy, vice president of engineering at Wickr, an encrypted messaging app.
Apple’s privacy changes in its new operating system have already sparked controversy among a group of developers that rely on the iPhone’s location-tracking features for their apps. The heads of more than a half dozen companies, including Tile, Life360 and Zendrive, sent a letter to Apple CEO Tim Cook, accusing the company of anti-competitive behavior in the way it subjects its own software to the new privacy rules, as The Information first reported. Apple has denied their claims.
‘It’s not the end of the world, but it is a significant engineering effort and an unexpected one,’ said Tom Leavy, vice president of engineering at Wickr.
When Apple introduced PushKit in 2014 in iOS 8, developers say it provided encrypted messaging apps with a much better way of delivering notifications for new messages to their users than their previous options. “Just basic notifications were not working reliably well before,” explained Alan Duric, the co-founder, CTO and COO of Wire, a Swiss startup that has developed an encrypted messaging app. “With [PushKit], all notifications all started working well.”
Apple has given developers until April to comply with its restrictions on use of PushKit in their apps. But there is a cost to waiting. If developers want to update their apps to take advantage of other capabilities in iOS 13, they also have to abide by the PushKit restrictions.
In the meantime, makers of encrypted messaging apps say they are exploring alternative tools inside iOS to allow their apps to work, but the options aren’t as attractive. “It’s definitely way inferior to what we have today,” said Duric of Wire.
Some developers suspect Apple’s change to PushKit is motivated by a bigger geopolitical battle playing out between it and Facebook. Apple's Cook has decried the privacy practices of Facebook in recent years. The two companies meanwhile have come to be fierce competitors in the messaging arena—Apple with its iMessage service and Facebook with Facebook Messenger and WhatsApp.
“The basis for doing this is battery savings, but that doesn’t seem to explain away the fact that it’s a sneaky way to hurt its biggest competitors,” said Wickr CEO Joel Wallenstrom. “This shouldn’t be disguised as doing what’s right for people. They’re trying to take a swipe at their biggest competitor. That’s pretty clear.”
A Facebook spokesperson didn’t have a comment.