
ISIS Has a Smartphone App - ldidi
http://fortune.com/2015/12/10/isis-smartphone-app/
======
AdmiralAsshat
_Alrawi can’t be downloaded from Google Play. Instead it must be installed
from shady back alleys of the Internet._

Well, there's your obvious solution. Get a copy of the APK, wrap it with some
spyware, then propagate the bugged version. If ISIS won't host the source or
can't provide an "official" outlet to grab it, you've got no way of knowing
whether your version is legit or not.

Who'd have thought the paradigms of shady Russian download sites could one day
save the world?

~~~
golergka
But that's government surveillance, and HN comments are supposed to say that
it's always bad and much worse than ISIS, right?

~~~
gkoberger
Nobody is against using technology against known foreign terrorists. We're
against mass surveillance against our own people.

~~~
eva1984
Well sometimes you cannot tell...

~~~
bad_user
Since when it's better to assume that everybody is guilty?

------
mhw
And there go the arguments for putting back doors into commercial encrypted
messaging platforms. When encryption is outlawed, only outlaws will have
privacy.

------
mikeash
Where does the article say this is an encrypted chat app? The description of
the app says that it features news and videos, and the only discussion of chat
that I can find is about using third-party encrypted services like Telegram
(which gets three separate mentions) to communicate.

------
wstrange
Which I am sure the intelligence agencies are having a field day with.

Nothing like rolling your own encryption.

What are the chances it was created by one of the intelligence agencies?

~~~
bhouston
> What are the chances it was created by one of the intelligence agencies?

I came to the comment section to say that exact same thing. If I were one of
those intelligence agencies it would be tempting to use the information right
away but for it to be truly effective, you'd need to let it propagate pretty
far. What a field day for intelligence agencies even if wasn't planned by them
-- just one thing to bust and they have everything.

Is this story even serious?

Using modern smart phones for "business" at all doesn't seem like a good idea
if you are in the cross hairs of a modern military force.

~~~
NetStrikeForce
> Is this story even serious?

It will encourage potential criminals to communicate through a system that's
just a honey trap, instead of using other more secure options.

------
mathgeek
> Apple and Google could easily kick apps used to organize violence out of
> their official app stores. But would they be willing to build further
> barriers to usage directly into their mobile operating systems?

This is a silly question for the Android side (and possibly the iOS side as
well). That would be a monumental effort that would seem easily thwarted by
simply installing your own version of the OS.

~~~
christianmann
> and possibly the iOS side as well

This is exactly what jailbreaking fixes. By default, iOS does not allow you to
install apps that are not published in the App Store.

~~~
jevinskie
Well, unfortunately jailbreaking "fixes" the problem by ruining code signing
integrity on the device. Ideally, the jailbreaks would leave code signing
enforcement in effect but just augment the default trusted CAs/CDHashes. I'm
disappointed that AOSP never gained the code signing framework that iOS has,
allowing people to have better Freedom and Security simultaneously.

~~~
mahouse
Well, you can't update an app with the same app signed with another
certificate.

------
qznc
The title is wrong. It is not a _chat_ app.

At least the article does not mention "chat" at all. More like a news app for
propaganda videos.

------
vegardx
One would assume that all mobile cell towers would be a priority target. Given
that they are not I think it's safe to assume that it's a goldmine for the
intelligence services.

Just imagine all the side channels they have access to if they get access to
the cell network. Doesn't really matter if messages are encrypted on the wire
if all phones in a certain area is backdoored through a trusted network.

It's not hard to locate a cell tower from a safe distance.

------
Lanari
This article... 10/10 would click again...

Here's the real story, the app is a mediocre app that you can download from an
archive.org link from a news website supporting ISIS, I don't have time to try
the app but I assume that it get RSS from the said website (one of those enter
RSS link here and we give you an app probably). Well by a website I mean
something.wordpress.com, yeah that's real hard to shut down I know...

------
throaway1853
Surely it can't be _that_ hard to create a chat app with end to end encryption
these days with all the open source libraries freely available for all kinds
of applications...this is why I've always said banning encryption on major
platforms like iOS/Android/Windows will get you nowhere when terrorists can
just make their own encrypted chat apps if they really want to.

~~~
pki
Sure, it's not hard, then you get into side channel, first-use-trust/update,
MITM, etc territory.

------
Mizza
Would love a sample of this..

------
sofaofthedamned
This is really stupid, surely? Even if it's not distributed via Google Play,
Android will look at the package names of all installed apps. Therefore it's
not difficult to find all the users with a subpoena to Google for these
records.

~~~
the8472
That assumes a phone-home feature that cannot be turned off.

~~~
etiam
Strictly speaking I guess a phone-home feature that _isn 't_ turned off would
do just fine.

Would be interesting to know how good the fighting parties are with that...

------
AKifer
The policy makers are always wrong if they assume terrorists will be like
normal people, agreeing to follow the laws, they will always find a way to
circumvent the rules, that only the good people freedom that will suffer.

------
christianmann
> It can even be automatically updated whenever the app’s developers send out
> new versions of the program.

This is another potential vulnerability. If the app does not check a good
signature, then it may be vulnerable to malicious update delivery.

------
totalkos
Did I miss something? The article says the app can be downloaded via existing
encrypted apps ... the app itself sounds like an RSS reader ... with the
ground breaking feature of being able to adjust font size. Seriously???

------
johansch
I don't think anything good can come from the HN community publicly analyzing
this.

~~~
krapp
That's never stopped us before.

------
akerro
It's time to ban encryption, so ISIS can't communicate safely.

------
gunnm
Elaborate honeypot operation?

------
dang
Url changed from [http://techcrunch.com/2016/01/16/isis-
app/](http://techcrunch.com/2016/01/16/isis-app/), which points to this.

~~~
jevinskie
Can you please change the title to match Fortune's as well? Currently it is
patently false.

~~~
dang
Sure.

------
tlogan
I thought they can chat in Arabic and western intelligence agencies will have
no clue what is going on.

There is very very little knowledge of Arabic language (with slang and such)
in western intelligence agencies. As far as I now, there is less than 2,500
Americans are studying Arabic at colleges across the country right now. And
80% of them will be kicked out from country by "Trumps" as terrorists :-)

~~~
nkrisc
You can't possibly be serious.

~~~
jacquesm
He's got a point:

[http://news.investors.com/ibd-
editorials/091213-670830-cia-j...](http://news.investors.com/ibd-
editorials/091213-670830-cia-job-applicants-tied-hamas-hezbollah-al-qaida.htm)

