The messaging claim seemed to be about carrier based messaging; SMS and MMS, and I guess in theory RCS (but is that really carrier based if Google has taken it upon themselves to enroll most Android users on a Google server)
Apps that read inbound SMS may be malicious and use that ability to steal verification codes. Or they may not be actively malicious, and meerly handle the data in an insecure way that makes messages available to others.
Performance, I dunno. Maybe they could argue something about how time between user requesting an SMS be sent and it actually getting sent is very important, and similar for display, and that they're more likely to do that right. I've certainly seen some Android manufacturer provided SMS clients that do much better than others on that, although I have no recent performance notes since I no longer get massive floods of SMS from too simple monitoring systems.
In the Epic lawsuit it was shown that Apple really actually more cared about this than "security":
> “The #1 most difficult [reason] to leave the Apple universe app is iMessage ... iMessage amounts to serious lock-in,” was how one unnamed former Apple employee put it in an email in 2016, prompting Schiller to respond that, “moving iMessage to Android will hurt us more than help us, this email illustrates why.”
> “iMessage on Android would simply serve to remove [an] obstacle to iPhone families giving their kids Android phones,” was Federighi’s concern
> Apps that read inbound SMS may be malicious and use that ability to steal verification codes. Or they may not be actively malicious, and meerly handle the data in an insecure way that makes messages available to others.
Apple can't make that argument since they allow apps that scan SMS messages for spam.
PGP isn't an end-to-end encryption service; it's a public-key encryption package.
To clarify macintux's statement, you can only guarantee end-to-end encryption will both remain secure and allow your messages to be read if you control both ends. If you do not control the other end, but you give it the ability to decrypt your messages (and thus let them be read), then whoever does control the other end can save the plaintext, post it elsewhere, and generally do whatever they want with it.
To be "end-to-end encrypted", something has to actually be a service you are using, not merely a method of encryption. An end-to-end encrypted service could use PGP if it wanted (AFAIK), but PGP, in itself, is just a way for you to encrypt your messages, and then, optionally, share your public key to allow them to be decrypted by those you give it to, while also guaranteeing that those messages came from you (as long as you have kept your private key safe).
So I'm afraid your question, as it stands, doesn't really make sense, but I hope this has helped to answer the underlying questions for you.
I think they'll claim security for Messages. I don't have nearly enough information to know if they can win that particular issue, and it sounds like there are reasonable arguments on both sides. But they don't have a monopoly on messaging — WhatsApp is huge, Signal and others exist. I don't think Apple lets you use Siri to send messages via other services, or at least they didn't used to let you. But other than that they are granted near parity on iOS.
Siri does let you send messages with other services these days. (I think it got added in the last year or two, and those apps need to be updated to support it, but it's there!)
Security: there’s no cross platform E2E messaging standard they could have adopted. Given that the DoJ is already breathing down their neck for working with Google on search, using Google’s RCS extensions and servers might also be problematic.
I don’t think the government could force them to adopt RCS without new legislation or bring iMessage to other platforms.
> there’s no cross platform E2E messaging standard they could have adopted.
Could they not have made their own? I don't think they'd be required to use open standards for the argument to be made, they just need to release an iMessage app for Android.
The messaging claim seemed to be about carrier based messaging; SMS and MMS, and I guess in theory RCS (but is that really carrier based if Google has taken it upon themselves to enroll most Android users on a Google server)
Apps that read inbound SMS may be malicious and use that ability to steal verification codes. Or they may not be actively malicious, and meerly handle the data in an insecure way that makes messages available to others.
Performance, I dunno. Maybe they could argue something about how time between user requesting an SMS be sent and it actually getting sent is very important, and similar for display, and that they're more likely to do that right. I've certainly seen some Android manufacturer provided SMS clients that do much better than others on that, although I have no recent performance notes since I no longer get massive floods of SMS from too simple monitoring systems.
In the Epic lawsuit it was shown that Apple really actually more cared about this than "security":
> “The #1 most difficult [reason] to leave the Apple universe app is iMessage ... iMessage amounts to serious lock-in,” was how one unnamed former Apple employee put it in an email in 2016, prompting Schiller to respond that, “moving iMessage to Android will hurt us more than help us, this email illustrates why.”
> “iMessage on Android would simply serve to remove [an] obstacle to iPhone families giving their kids Android phones,” was Federighi’s concern
> Apps that read inbound SMS may be malicious and use that ability to steal verification codes. Or they may not be actively malicious, and meerly handle the data in an insecure way that makes messages available to others.
Apple can't make that argument since they allow apps that scan SMS messages for spam.
End to end encryption can only be guaranteed if you control both ends.
Is the internet not built on public key encryption between two parties?
How does PGP solve this?
PGP isn't an end-to-end encryption service; it's a public-key encryption package.
To clarify macintux's statement, you can only guarantee end-to-end encryption will both remain secure and allow your messages to be read if you control both ends. If you do not control the other end, but you give it the ability to decrypt your messages (and thus let them be read), then whoever does control the other end can save the plaintext, post it elsewhere, and generally do whatever they want with it.
To be "end-to-end encrypted", something has to actually be a service you are using, not merely a method of encryption. An end-to-end encrypted service could use PGP if it wanted (AFAIK), but PGP, in itself, is just a way for you to encrypt your messages, and then, optionally, share your public key to allow them to be decrypted by those you give it to, while also guaranteeing that those messages came from you (as long as you have kept your private key safe).
So I'm afraid your question, as it stands, doesn't really make sense, but I hope this has helped to answer the underlying questions for you.
6 replies →
I think they'll claim security for Messages. I don't have nearly enough information to know if they can win that particular issue, and it sounds like there are reasonable arguments on both sides. But they don't have a monopoly on messaging — WhatsApp is huge, Signal and others exist. I don't think Apple lets you use Siri to send messages via other services, or at least they didn't used to let you. But other than that they are granted near parity on iOS.
Siri does let you send messages with other services these days. (I think it got added in the last year or two, and those apps need to be updated to support it, but it's there!)
Security: there’s no cross platform E2E messaging standard they could have adopted. Given that the DoJ is already breathing down their neck for working with Google on search, using Google’s RCS extensions and servers might also be problematic.
I don’t think the government could force them to adopt RCS without new legislation or bring iMessage to other platforms.
> there’s no cross platform E2E messaging standard they could have adopted.
Could they not have made their own? I don't think they'd be required to use open standards for the argument to be made, they just need to release an iMessage app for Android.
It seems weird to force a company to support their competitors products if there is no financial interest in them doing so.
8 replies →
But that’s precisely why I mentioned the second point. I don’t believe there’s precedence to force a company to develop support for a competitor.