
Apple reveals App Store takedown demands by governments - mindgam3
https://techcrunch.com/2019/07/02/apple-app-government-takedowns/
======
qwerty456127
This is the №1 reason I choose Android - nobody can dictate what apps I can
install.

I always knew you can only install apps from the store on Apple devices and
strongly disliked this (I already use some apps which even Google won't
approve, e.g. an open-source YouTube downloader only available on GitHub) but
once I've found out you can't get some apps (and books) in particular
countries (e.g. a book I wanted was only available in the US store) and a
government can ban something from the store I facepalmed.

~~~
arijun
An interesting contrast is the story on the front page about Chinese border
patrol installing spyware [1]. There, the fact that every app needs to be
signed by Apple meant that the surveillance app could only be installed on
Android phones. So I guess, yes, nobody can dictate what apps you can install,
but also nobody can dictate what apps others can install.

[1]
[https://news.ycombinator.com/item?id=20342063](https://news.ycombinator.com/item?id=20342063)

~~~
mirimir
> also nobody can dictate what apps others can install

That's one of the main reason why I don't use smartphones: I wouldn't be in
control of my own device. With iOS, Apple is in control. With Android,
apparently nobody is in control.

But on my Linux machines, I'm arguably in control. If I can find stuff
somewhere, I can install it. And nobody else can, unless they root them. It
happens, I know. But with LUKS FDE, even booting is arguably hard unless they
could read the key from RAM.

So how come we got this smartphone crap, instead of actual portable computers
that could, among other things, work as cellphones?

~~~
bilbo0s
> _With iOS, Apple is in control. With Android, apparently nobody is in
> control..._

A thousand times this.

The state of the mobile universe right now is such that you have to either
effectively trust Apple, or you have to effectively trust everyone. That's why
HN User qwerty456127's choice to go to Android was fine, if he wants to be
able to install his own apps, but it seriously compromised his privacy and
security.

What if you do not want to trust anyone?

Nope. Sorry. No easy to use options for you out there.

~~~
ghettoimp
I can't see a way to "trust nobody" beyond abstaining entirely from phones,
computers, etc.

Imagine a Free Software utopia with open hardware running an open source OSes
and apps. Someone is writing that code. Someone is manufacturing that device.
Someone is compiling and packaging that distribution for you. Someone is
running the network.

Having access to the (alleged) source code for everything, and being able to
compile it all yourself, would surely be worth something. But it'd be way too
much code for you to audit alone. So you're going to have to trust Someone
(security researchers, open source contributors) to be doing this for you...

~~~
mwfunk
For some people, I think it's actually exciting for them to think about how
independent they are and how nobody can spy on them or trick them out of money
because they consider themselves to be so worldly and knowledgeable about such
things. And maybe they are compared to their families or the people they deal
with during their day-to-day. I've known plenty of people (myself included at
times) who get some of their feelings of self-worth from this sort of thing.
But because it's more of a fun or emotional or ego-boosting thing than a
rational thing, they'll often make big bold binary blanket statements about
all the products they refuse to buy or web sites they refuse to go to or
companies they refuse to patronize. And that's all great, actually, as long as
it's rational and based on facts rather than some narrative in their head. We
need more skeptical people, we always do.

But it's not always rational, and sometimes it is more like they're LARPing
through some exciting narrative about the world, and in that narrative they're
the heroes who know stuff that the normies don't. They're more like
survivalists living an adventure in their head than rational people making
rational choices. And that's where people can also get into trouble, both for
having a false sense of confidence about their ability to avoid risk, and for
giving others bad advice based on excessive confidence or rose-colored glasses
about the same things.

I'm all for better security practices based on ever more openness, but I agree
100% with your example: people are kidding themselves if they think just
because they run binaries built by other people from open source, it's almost
as good as if they had personally inspected every line of code themselves. And
when people are making those sorts of utopian statements, it's generally
coming from the LARPing survivalist narrative part of the mind rather than the
skeptical rational part of the mind and should be viewed with that much more
skepticism. Not rejected, but just considered with an extra dollop of
skepticism, because they hopefully at least mean well.

~~~
mirimir
That's me, for sure.

But here's the thing: It's always just a game. So sure, call it LARPing.
However, consider that the US came out of LARPing.

------
reaperducer
The actual report[1] is very interesting to read.

I was surprised that there were zero App Store takedown requests from
governments in North America, South America, and Australia.

All of the takedown requests came from China, Vietnam, and Europe; including
Norway and Switzerland.

[1]
[https://www.apple.com/legal/transparency/pdf/requests-2018-H...](https://www.apple.com/legal/transparency/pdf/requests-2018-H2-en.pdf)

~~~
Communitivity
Also, a National Security Letter may require that the takedown not be
publicized in any way. This is in part what led to the concept of warrant/NSL
canaries: a statement in a legal doc such as terms, etc. that says there have
been no warrants or takedowns orders received. If the canary is removed from
the doc then it is not publicizing the NSL, but the canary's absence is
supposedly required by law (IANAL) because keeping it in there would be a
falsehood in a legal document, and so the absence indicates the NSL/takedown
occurred.

~~~
Communitivity
Just to add to this, Apple did have a warrant canary. It disappeared in 2014
[1], suggesting that they have been receiving warrants and possibly takedowns
for the last 5 years.

[1] [https://gigaom.com/2014/09/18/apples-warrant-canary-
disappea...](https://gigaom.com/2014/09/18/apples-warrant-canary-disappears-
suggesting-new-patriot-act-demands/)

------
personjerry
> Germany issued the most legal demands for the six-month period ending
> December 2018 with 12,343 requests for 19,380 devices. Apple said the large
> number of requests were primarily due to police investigating stolen
> devices.

In scenarios like this, is "... primarily due to ..." good enough? I'm
inclined to say no: They need to all be accounted for.

~~~
ChrisRR
I don't think I understand what's going on here. How does removing an app from
the app store help them track down a stolen phone?

~~~
personjerry
My understanding is that there's two things they did: take down apps, and
grant access to devices (presumably access to personal data). I'm specifically
talking about the latter. Context:

> Apple said it received 29,183 demands from governments — down almost 10
> percent on the last reporting period — to access 213,737 devices in the
> second half of last year.

~~~
edwintorok
Presumably investigation of stolen devices has the owner's consent, should it
be really counted as information demanded by the government? Or can the police
demand information about my phone that I myself wouldn't have access to?

~~~
Faark
To make it easy, the owner should only have to go to the police, with them
taking care of everything else. I wouldn't want some old lady coordinate the
data exchange between Apple and police. But this makes it hard for Apple to
verify the owners consent. Thus I'm fine with them only knowing "... primarily
due to ...".

On a second thought, how much detail should Apple get in the first place. If
police suspects me of some wrongdoing, I probably wouldn't want any third
party like Apple to get details about the cases as well.

------
_bxg1
> Apple said it received 29,183 demands from governments — down almost 10
> percent on the last reporting period — to access 213,737 devices in the
> second half of last year.

> Apple also received 4,875 requests for account data, such as information
> stored in iCloud — up by 16 percent on the previous reporting period —
> affecting 22,503 accounts.

I wish they were more specific. What does "access" mean? Location? All local
data? Even encrypted data?

What data from iCloud? Email addresses, or the full contents of Notes and
Drive?

Maybe I'm being naive, but I assumed that when something says "Apple can't
read X data" it means under all circumstances. But if they have a backdoor,
client-side encryption probably doesn't matter.

------
lifeisstillgood
The common thread here seems to be

"there are bad governments in the world, and mobile phones should allow people
who want to oppose their own bad governments to install apps that will help
them in their opposition?"

Honestly if our goal is to rid the world of truly bad governments then _phone
apps_ are in not in anyway the first or most effective method.

~~~
chii
> rid the world of truly bad governments

and who makes the judgement on what a "truly" bad gov't is?

I say if you own the hardware, you should be allowed to install any app you
wish on it.

Apple can claim that this voids your warranty, but they (or any other actor
(including the gov't)) cannot be allowed to _prevent_ you from doing it. .

~~~
nkkollaw
> and who makes the judgement on what a "truly" bad gov't is?

Maybe common sense, human freedom index, etc.

Are you really arguing that as Westerners we cannot tell a bad government from
a good one?

~~~
gatherhunterer
> as Westerners

What distinction are you trying to make here? Many Western governments (
namely, the US and its closest allies) engage in warrantless wiretapping,
unlawful search and seizure, imprisonment without due process, warfare without
democratic authorization and even taxation and regulation without
representation. None of these matters register on the radar of public concern.
So can we, as Westerners tell the difference? Apparently not, but we sure are
smug about our geographic orientation.

~~~
nkkollaw
Yup, the US are absolutely awful. That's why everyone wants to move there.

Unless you're a college kid or just came out of college and you've just been
brainwashed by your Marxist professors, I have no idea how you can have a
vision that is so far from reality.

------
saagarjha
Also interesting, but not mentioned in the article, is that Apple provides
data on how often they comply with such requests in addition to how many they
get.

~~~
edwintorok
Yes, see
[https://news.ycombinator.com/item?id=20341997](https://news.ycombinator.com/item?id=20341997)

------
outime
Reports available at [https://www.apple.com/legal/transparency/report-
pdf.html](https://www.apple.com/legal/transparency/report-pdf.html).

~~~
philshem
I was curious about which apps where taken down in Switzerland (Table 13, page
16), and the report says:

> All or vast majority of requests relate to illegal gambling investigations.

~~~
jmiserez
Those will only increase with this year's new gambling law, which bans and
requires blocking of unlicensed/foreign online gambling providers:
[https://www.admin.ch/opc/de/classified-
compilation/20172704/...](https://www.admin.ch/opc/de/classified-
compilation/20172704/index.html#id-7)

~~~
aurea
As far as I know all gambling sites are still accessible, with only some
having decided to suspend their activities in Switzerland (Betfair comes to
mind).

~~~
jmiserez
The blacklist is currently empty, the first set of blocks will go online in
Autumn 2019: [https://steigerlegal.ch/2019/07/01/schweiz-netzsperren-
gelds...](https://steigerlegal.ch/2019/07/01/schweiz-netzsperren-
geldspielgesetz/)

------
Synaesthesia
There were apps which tracked US bombings and violations in war zones which
were removed. I hope they’re on this list.

~~~
threezero
That wasn’t a government takedown request, so it wouldn’t be on this list.

------
appleshore
Not paying your Youtube Premium subscription is enough to take down the entire
App Store on your phone.

Imagine if Windows wouldn’t let you install software until you updated your
Paypal with a valid credit card.

~~~
edwintorok
It used to be possible to register for an Apple Id that you could use to
install apps without providing your credit card details. It it not entirely
obvious how, but I managed to do it in the past by registering from the device
itself and skipping the part where it asked for card info. I no longer own an
Apple device, so can't verify whether that is still possible.

~~~
helloindia
Apple Id signup without credit/debit card is still possible. I don't have any
card linked at the moment, and I help friends/family signup.

------
pinkfoot
How is this categorically different from other goverments demanding social
media credentials?

[https://thehill.com/opinion/immigration/445766-government-
su...](https://thehill.com/opinion/immigration/445766-government-surveillance-
of-social-media-related-to-immigration-extensive)

------
jjtheblunt
Pretty ridiculous the FBI refers to Apple Inc as Apple Computer in 2017, it
seems, which would be many years after legal renaming.

~~~
master-litty
I wonder -- Could that render these requests invalid? They're not properly
addressed to the entity after all.

Not that I'd recommend trying that luck :)

~~~
GoofballJones
The RMS defense. Like when he’s asked about Linux and he says he doesn’t know
what that is unless you specially say “GNU/Linux”

~~~
craigsmansion
And by "he says he doesn't know" you mean he meticulously, in paragraphs,
explains the difference between GNU and linux, and how he basically started
the GNU operating system out of a desire for freedom, but that he technically
or philosophically has nothing to do with the linux kernel, which is correct,
technically and otherwise?

I guess he doesn't know a lot then.

~~~
GoofballJones
He doesn’t do that in interviews. And he’s just being pedantic prick about it.

------
abvdasker
I'm glad this article puts a spotlight on this, but my gosh! Could it be more
vague? What are the subjects of the NSLs? Was this article written too soon
after the documents' release to give a summary of the juicy bits?

To me this basically reads like "a company released some government
documents". Is this typical of TechCrunch?

------
writepub
If only Apple reported it's own takedowns - a.k.a. censorship of the
competition on the app store. Anyone remember how they retroactively changed
their policies to "takedown" Steam?

------
aatharuv
I wonder what the violation of privacy law was for the apps taken down by
Kuwait (and Saudi Arabia)...

------
ggg2
only took them 5 years.

~~~
thomasedwards
The reports go back to 2013: [https://www.apple.com/legal/transparency/report-
pdf.html](https://www.apple.com/legal/transparency/report-pdf.html)

