Hacker News new | past | comments | ask | show | jobs | submit login
Telegram App Says Apple Is Blocking Updates Over Dispute with Russia (nytimes.com)
413 points by Anon1096 on May 31, 2018 | hide | past | favorite | 245 comments

Apple has now entered dangerous territory.

Over the last month they seem to have banned apps because some government out there didn't like that app. To make matters worse, those very same governments weren't happy with the app being removed from their regional app store but they demanded it removed from all app stores.

The VPN issue was a wake up call for a lot of developers. These apps were on the app store for years and because China didn't like these apps one morning, they banned it and referred to some arbitrary clause in the app store TOS.

The thing is this script has played out before. Twitter also had a vibrant ecosystem of third party developers. Those developers made Twitter into a billion dollar company. Then one morning, they decided certain classes of apps were not okay. This back and forth went on for months until there were barely any apps left. Twitter eventua

The same thing is happening with Apple. Several founders I've spoken to, all with big exits in the past, refuse to write apps first for Apple or Google because of the threat of getting "banned one morning".

Worse, VCs are now getting nervous in investing in startups where the app is the fundamental foundation of the business.

For any market to thrive, there needs to be transparency and stability. Just like Twitter, once developers are gone....they're gone. They won't come back and consumers will start wondering if the 1,000 dollar smartphone they purchased, with subpar apps, is really worth it.

Whilen I entirely agree with your point, I don't think that a comparison between the Apple and Twitter is suitable. One is a company that publishes an operating system, which is locked down and requires software installation through their Monopoly App Store ( which I find highly distasteful), the other one is a web-based social media thing. iOS as a product is in no way similar to twitter.

It's the same thing. iOS is controlled by Apple. Twitter's API is controlled by Twitter. Both invite developers to develop on their platform so they can reap the benefit of increased user functionality.

An API and an operating system that runs on bare metal are in no way similar. One has a bootloader, a kernel, a filesystem, etc. The other is just a set of apis. The freedom to run your own choice of software on the OS that you boot on the hardware you own is important. It's a very different philosophical choice from being able to, or not being able to make use of one company's social media publishing API via https.

If my operating system has a rootkit or APT I am boned. If twitter is hacked I couldn't give a fuck, it doesn't affect my equipment or how I use my computers.

Sure, one is an operating system and one is an API. In the literal sense you are correct.

However, You're completely arguing a point that is different from what the entire discussion is about. We're talking about proprietary control points. The iOS operating system is proprietary and the App store dictates who and who can't publish on it.

The same is the case with Twitter. It has APIs and they control who and who can't use them to make apps.

Both companies have invited developers to make apps. Both companies have benefited from having those apps make their services/devices useful.

I guess what I am trying to say is that having a walled garden operating system is a magnitude worse than a walled garden social media API. Mostly because the OS is the gatekeeper to literally everything else. Twitter is a gatekeeper to hearing the latest ramblings of a Kardashian.

What’s distasteful about that? That’s their key differentiator that enabled a lot of their advantages. And there's also Android anyone could use if they’d want to.

>What’s distasteful about that?

The fact that if you do not control the product you do not actually own the product.

You never buy a Apple device, you pay alot of money for the permission to use the device temporarily

That is distasteful to many people.

>That’s their key differentiator that enabled a lot of their advantages.

This is complete rubbish, there is no reason Apple could not have the App Store, have all the their "advantages" and by default lock their OS down, but still have a path for people that choose to break out of the wall garden, to do so.

>> Worse, VCs are now getting nervous in investing in startups where the app is the fundamental foundation of the business.

Betting on startup whose business solely depends on a mercy of someone else's platform is a bad idea to begin with.

Thats the reality now. Many companies are based entirely on mobile apps. How would a service like uber work without relying on Android/iOS

I think Uber has incentive-like arrangements with Apple at levels not accessible to mere mortals.

I thought they just removed those VPNs apps from the China AppStore? Apple also blocked LinkedIn in Russian store as it’s banned by the government. But only in Russian.

That’s the key problem here, if what Telegram says is true and they’re blocking Telegram worldwide, it’s really different.

There are now plenty of VPN apps on iOS App Store China, some of which have literal "VPN" in their names. Many were removed, but then many new are added. For example, I used an App called Wingy to connect to my shadowsocks server, and that app was removed during the purge of VPN apps. But then other Wingy-like apps appear, and I am now using one of them.

I don't know what exactly has happened though. Is Apple defying China's government in secret now? Or are Chinese regulators only concerned with GFW bypass on some special days that has passed?

had to ban all the good vpn apps to make sure users would download the latest ones with all the latest backdoor tech!

AFAIK VPNs are not outright banned in China, rather, they have to follow regulation which enables the government to inspect the traffic.

Is it possible that the intent is kept somewhat secretive and the review teams aren't aware of it? This would lead to new apps being approved but then catch-up happens and they're removed.

I am speculating and somewhat playing devil's advocate. My thought process is that Apple is huge, global, and communication is going to suffer sometimes for it.

How is it any worse than Apple handing over all their user data in China to the government?

https://www.amnesty.org/en/latest/news/2018/03/apple-privacy... Campaign targets Apple over privacy betrayal for Chinese iCloud ...

"Twitter eventua" what?

Purism's Librem 5 phone is funded and dev kits are only $400!


I'm a little excited about this company.

This is a fundamental problem with the single DRM-enforced app store model that Apple innovated, and which has been widely copied and lauded.

Once you implement that, you have to toady up to whatever governments exist, including oppressive/murderous regimes, to be in their markets.

If your ecosystem is just console video games, say, it's not that big of a deal; you have to either censor some games or don't enter certain countries at all. Might be unfortunate, but its not a fundamental human rights issue.

But if your ecosystem is about general-purpose apps and communication tools, you become complicit to some degree in all sorts of vile shit; oppression and forced relocation of minorities (China), mass murder of gay people (Russia), etc.

There's no way around this for Apple; they have to cave to government demands or risk being forced out of the Russian market. That wasn't inevitable, though; it's a side effect of the model they chose.

> If your ecosystem is just console video games, say, it's not that big of a deal; you have to either censor some games or don't enter certain countries at all. Might be unfortunate, but its not a fundamental human rights issue.

Be careful of the ground you might concede to the censors. Freedom of expression is most certainly a fundamental human right:


It's easy to dismiss video games as "lesser" forms of art or expression, but we shouldn't underestimate the potential for games to convey significant social and political messages (both positive and negative).

In case a concrete example is needed of a thought-provoking video game with artistic merit, let me suggest this to those who haven't seen or played it:


You are right. That sounded more dismissive than I intended, and I agree on both counts; video games can be artistic masterpieces, and freedom of expression is a very important and fundamental human right.

So censorship of games is bad, too. But in my judgement, it is probably not going to rise the the level of interning or murdering people at scale.

Will check out the game. ;-)

There isn’t a single source of truth on what is or isn’t a “fundamental human right.” It’s a matter of opinion that differs across time and geography.

While it's not as universal as its name makes it seem, the UN uses The Universal Declaration of Human Rights: https://en.wikipedia.org/wiki/Universal_Declaration_of_Human... That would be a good starting point since it already backed by some pretty powerful countries.

Then make an argument about whether or not you consider freedom of expression to be a fundamental human right. You have stated that arguments on the topic are possible. You have done absolutely nothing to argue any position on the matter.

This is why we must eradicate proprietary software from our general purpose computers, because computers are the single most powerful weapon we have for freedom and self-improvement.

It doesn't matter too much if your videogame console is closed source, but it matters a lot if the software you use to read books, to write, to communicate with people is closed source.

Apple isn't going to do it, Google isn't going to do it. We must do it.

There are three ways of slicing the problem: the technical capability of loading whatever apps you want, the legal ability to do so, and the ecosystem / game theoretical (is it a reasonable way of doing things - e.g. living without gapps is possible but very hard in practice).

Back when Stallman outlined the distinction between proprietary vs open, he meant all of the above in spirit, but never really addressed the hosting and server-side side of things. I think it's currently still a weak spot in his philosophy. Open-source software doesn't truly solve the server-side if your phone has a hardcoded "ax.itunes.apple.com" - in theory, you could modify & recompile & host your own, but it wouldn't be a first-class-citizen thing. Also, consider e.g. if Apple's stack was open but highly customized - you needed a team of engineers and a swath of servers to simply get a clone up and running. Again, not impossible, but I don't think open-source is only a part of the solution.

Well, 100% conversion of the entire world to open-source software would indeed solve the issue I describe. But, I have only 57 more years to live[1], and I don't think I will likely see that happen in my remaining time on earth.

Another way to prevent this issue is simply to have open computing platforms without significant barriers to running arbitrary software, and without any gatekeeper that can prevent them. This is mostly how computers have worked since their inception, and indeed is still how Apple's macOS machines work.

I am not saying that this model can prevent atrocities, but it can prevent companies like Apple from being complicit in those atrocities.

(But I think it's likely that this kind of platform model would benefit at-risk populations to some degree, too, because when there's no effective gatekeeper, there's no central point for a state actor wishing to do evil to apply pressure to.)

[1]: I just assume I will live to 100. :)

But we still have model — Apple isn’t a monopoly in any way.

> mass murder of gay people (Russia)

any source on that? I have never heard about any murdering of gay people in russia.

Clearly, Russia is rather hostile to gay people. But "mass murder" requires a proper source. Or you you are walking on the Iraq Weapons of Mass Destruction path.

None of those in any way support your comment, whatsoever.

And calling Chechnya Russia is similar to calling Peurto Rico the United States. It's a subject of Russia, but is not what you'd call Russia. It's a 95% Islamic nation that waged a lengthy war of terror attacks against Russia and has its own independent government, rules, and laws which are driven primarily by Islamic law. You'll find nations driven by Islamic law tend to make Russia look like LGBT heaven.

Of course Russia is no such thing. It's illegal in Russian to distribute 'propaganda' for homosexual or bisexual advocacy in the presence of minors. And that in turn is used as a justification to prevent nearly all public homosexual or bisexual activism, though people are free to do whatever they want in private. In any case stating Russia is engaging in "mass murder of gay people" is something way beyond sensationalism and a reflection of how our media's efforts at creating a Red Scare has, arguably intentionally, driven people completely to the point of overt ignorance. It's like wartime propaganda, without a war.

There is no Russia in Russian Federation at all, because original Russia (Rus`, Русь) renamed itself into Ukraine to avoid any associations with bloody Russian Empire.

So Chechnya is the same region of Russian Federation as any other region.


Look at folk culture, especially at folk songs. You will found that each region of Russian Federation has it own language for folk songs and none of them are in Russian language. It because Russian Empire was formed by clumping together nations and bolting Russian language at top of them by forbidding all native languages. (It's why Russian Empire was called as Jail of Nations).

In contrast, there is 15 thousands of folk songs recorded in Ukrainian(Rus`) language (200 thousands if variants are counted).

Russians will downvote my post, so if you see it in grey, upvote it please.

Hmm, I'm American, so I can tell you Puerto Rico absolutely is part of the United States.

My understanding is that Chechnya is part of Russia in a similar way, but I'm not an expert there, so maybe I'm wrong. If so, then I should have said "murder of gays in the Russian Federation" or "in Chechnya".

But, I mean, I could have instead said "state-sponsored assassinations of journalists and political opponents in Russia".

The specific atrocities involved are kind of incidental to my point that if you decide to operate a DRM-enforced single-source app store platform, you are going to have to get into bed with authoritarian governments if you want to sell your platform in the countries they control.

(That said, I will google the relationship between the Russian Federation, Russia, and Chechnya a bit more, so that I can state things more precisely in the future.)

> Hmm, I'm American, so I can tell you Puerto Rico absolutely is part of the United States.

You misunderstand. They're saying that referring to the entire US (or Russia) when you really only mean Puerto Rico (or Chechnya) is somewhat disingenuous, and clouds what is actually being said.

While chch is definitely not russian in any way, the good question is why they didn’t come for lgbt so massively before it was stated as russian law. It is not that you’re wrong, but this kind of thinking just supports the status quo – there is a region in RF that can turn anyone into an example. Not to mention a green light for these organized thugs almost everywhere in western russia. IMO they are controlled and guided from above, no doubt.

Before I had written my comment, I quickly did a search and found some info in Chechnya which I didn't follow.

Seeing your links, I went to wikipedia to understand what Chechnya is.

It appears to be an area in political unrest.

Right now only 1,9% people in Chechnya are russian.

So I guess it makes more sense to say "there is mass murder in Chechnya"?

And reading the first article, I don't even understand who is doing that, Chechnya people or russian people who live there? or russians from outside of Chechnya?

So my conclusion: what you're saying, is at least exaggerated and at worst just misleading on purpose.

But Apple has to obey the laws of the United States. Here is an alternative viewpoint:

If Apple is based in the "right" country (that believes in freedom) -- and I think you and I seem to agree this is the case, because you don't mention anything bad about the U.S., mentioning only Russia and China by name, and with descriptions like "vile shit", "mass murder", "oppression" --, then the U.S. government should be doing whatever negotiations and interventions need to take place to keep foreign governments from forcing a U.S. company to do evil.

Here is an analogy. If you're CEO at a Fortune 500 American company, you don't have to make your life choices so that foreign governments can't blackmail you into doing evil, by kidnapping your family. Because the government protects you from that. If Tim Cook's family were abducted by China to force Tim Cook to have Apple do something... well this scenario is just completely implausible, the whole weight of the entire U.S. government would be all over it, it would be an international issue of immense proportions.

I think it's kind of up to the government to keep foreign companies from forcing American companies to do bad things.

I don't think the US government has the desire or ability to do that.

Also, I didn't mean to imply by omission that the United States government is not a bad actor. An evidence-based examination of the US government will reveal that it is (when taken as a whole) a deeply and objectively racist institution, has more people incarcerated than China and Russia combined, has killed far more civilians over the past 20 years than China and Russia combined, etc.

But as you say, American companies and individuals typically enjoy a far higher degree of freedom from governmental interference than their counterparts in (say) China and Russia.

So the reason I didn't mention the US government in this context is simply that they don't exert that type of control (at least, not yet) on platform companies like Apple.

Although parts of the US government are trying to ban encryption, and trying to force companies like Apple to create backdoors for the various secret police and law enforcement institutions, they don't seem to be successful with that so far.

It kind of isn't up to the U.S. government. It's about how you structure your organization to have the right incentives to do the right thing.

Apple and numerous other businesses are beholden to shareholders, whose #1 demand is profit. Many shareholders are located in the U.S. - so far, so good.

At some point, the business decides that more profit is best obtained through international expansion. Apple extracts money from Europe, China, Russia etc. and delivers the desired returns. Yay.

The flipside is that if those returns are in danger of disappearing, there's now an immense pressure to stop that from happening. I don't believe the U.S. government can even help Apple if they don't want to be helped - their primary incentive is not preservation of diversity and free speech, but satisfying the shareholders.

Possible fixes:

a) Avoid conflicts of interest. Apple is not an American company at this point, it's an international company. So, limit your market reach to regions that align with your principles, i.e. don't expand to Russia and China. Of course, this can never work because public companies are legally obligated to maximize shareholder returns. Which leads to,

b) Put incentives in place to prefer doing the right thing over the profitable thing, i.e. don't sell a voting majority of your business to investors who will sacrifice principles for money.

Both of these fixes mean sacrificing market share to other, less morally grounded businesses, because you don't get to be a world leader in selling stuff by playing fair. You can't go back to playing fair once you depend on being a world leader. Apple literally can't do anything about it because of what its incentives are, and if it aligned those differently then it wouldn't be the big Apple that we give a shit about.

I don't believe there's a solution to this except supporting a decentralized market and educating others about why that's important. Apple is a lost cause, they're at the point of no return. They couldn't fix it if they wanted to. Let's make sure they're only one of several viable options going forward.

>But if your ecosystem is about general-purpose apps and communication tools, you become complicit to some degree in all sorts of vile shit; oppression and forced relocation of minorities (China), mass murder of gay people (Russia), etc.

I wonder if it would be possible to sort of fence off communication tools to a more open area of the ecosystem.... like everything in an curated app store.... then another space where it is a bit of the wild west but you don't control what is installed... sort of Android's ability to side load apps....

Granted this is convoluted and I guess there's nothing keeping that side channel from becoming all pirated apps from the other store....

well that thought experiment didn't work.

What about mass incarceration of black people (USA)? Should Apple play nicely with them too?

This is presently an accusation by Telegram, nothing more. Sample of reasons why Apple may be doing whatever they are doing:

1) Telegram is prevalently used by Syrian fighters [1]. (Why they chose Telegram over Signal beats me.) As the Syrian conflict winds down, these fighters are returning home. That creates a security imperative for many governments, including in the EU.

2) Telegram recently ran an ICO that, at the very least, probably runs afoul of American securities law.

3) All of the reasons any app gets held up in review that are not "the Russian government pressured Apple."

TL; DR We have no evidence this is because of Russian meddling.

[1] https://www.huffingtonpost.com/entry/isis-telegram-app_us_59...

All this points to me is the risks of owning a phone whose only way to add apps is to go through one company's own discretion. Unlike in Android where you can easily install apps from other app stores or just download the file.

Installing apps outside an app store also introduces other risks, it's not exactly one better than the other. Personally I'd love to sideload apps, but seeing how big of a mess that was on desktops leads me to believe most users are better served by a gatekeeper.

> most users are better served by a gatekeeper.

I think the point is that Android's marketplace functions as a gatekeeper. Apple's marketplace functions as a prison warden. The difference is whether you on the inside are allowed to make exceptions for who can come through, or even pass through yourself. If you have no control, what you've been told is a protective wall is actually restraining wall.

That said, as to your original point, perhaps some people do need their devices imprisoned for the benefit of the rest of us. I'm not sure I believe that, but I will readily admit that a vast number of people are either unable or unwilling to detect and rectify the problem of their digital devices being hacked, and that ends up affecting us all.

While Android allows to install apps from anywhere, it doesn't allow them to have the same privileges that Google's apps have and doesn't allow them to manage iptables for example.

And then people install pirated .apk making iOS the most profitable mobile platform for developers as they prefer to focus on iOS, especially regarding expensive apps.

Do you actually know of anyone that installs pirated APK files? Do you have actual statistics as to how prevalent it is? I'm sure it happens, but if you're going to use it as the reason "iOS is the most profitable platform for developers" you're going to need to more evidence than an unsupported assertion such as that.

Others have already said this, but you can always add a gatekeeper on top of an open system.

IMHO what closed systems like Apple propose is a false dichotomy. There's no reason why Apple couldn't allow sideloading apps and aggressively curate it's own store. The average user will use Apple certified apps and the power users who need more will sideload uncertified apps.

If gatekeepers are as genuinely beneficial to end users as people claim, then there's no reason to force anyone to use them or to block off unofficial channels. If your claim is true then ordinary people will stick to the certified App store of their own volition because it makes them feel safe.

Put a phone permitting side loading in front of my mom or half my friends and they’ll find a way to get a virus within a month. Broadly speaking, freedom a consumer doesn’t understand isn’t freedom to them. Apple’s products are reliable in part due to their tight control over the ecosystem.

I kind of don't understand this. Nobody is forcing anyone to use sideloading. Heck, Android phones by default have sideloading turned off in the settings so you can't even accidentally do it without going through a bunch of warnings.

Unless Android phones have an extra side-channel I don't know about, I just can't imagine someone sideloading an app on one of them unless they explicitly have decided the benefits outweigh the risks.

And if an average consumer is going into their settings and explicitly turning off a security measure, then at what point does it become reasonable to say that they're doing it because the official app store is not good enough on its own for the average consumer?

I get the whole "consumers are too stupid to know what's good for them" argument that people make sometimes, but I think that's a very tricky line to walk - especially when a company has a huge amount of profit tied up in deciding that individual freedom is a net negative.

Like most security features that can be trivially disabled, if it's simple to turn it off, bad actors will just say "OK, first click 'Turn this off', just click 'Yes' on all the mumbo-jumbo that comes up, and then you can use our software that will give you [free money/a better love life/etc]". Many people who would've gotten far enough to install the app in the first place will be able to follow the prompts to disable the safeguards, and voila.

I agree with you that it's a tricky line to walk, but the UX issue can't be dismissed as a triviality.

You can go through the process now with Amazon Underground, Prime Video, and several other Amazon apps for Android. The user is prompted to sideload Amazon's apps that contain functionality disallowed in Google's app store. Amazon shows step-by-step dialogs teaching users how to do it. It would be really interesting to know how many "non-power-user" users have actually stepped through that process at Amazon's behest.

But again, if moderated app stores are good enough for the average user, why are they going through Amazon's tutorial to begin with? Why isn't Amazon on the official channel?

It feels circular to me: "Most users are better served by a gatekeeper" -> "Because if users had a choice to go outside the system they would" -> "Therefore the gatekeeper must be mandatory" -> "Because most users are better served by a gatekeeper".

At what point do we have to step back and say, "maybe users just don't want gatekeepers?" Especially bearing in mind that, again, anyone who actually did want a gatekeeper could still use one and be fully protected.

We're assuming that every casual user who sideloads an app on Android is doing it because they're uneducated. What if they're not? What if they just feel like it's an acceptable risk?

What if the reason we can't trust the average user to stay in a moderated system is that moderated systems are not scalable, adaptable, or reliable enough to meet the needs of even an average user?

Being able to install apps without Apple's permission also means being able to sell apps without paying 30% to Apple.

What would be more interesting is how many users who have stepped through that process to install the Amazon apps, have then gone on to use the same process to sideload malware.

This is because it is actually pretty reasonable to make the judgement that Amazon is trustworthy enough to sideload their applications despite the dire warnings, so what you really want to find out is how many people are making unreasonable judgements on what is trustworthy enough to sideload.

You can add a scary warning which could be enough for many users. And charge additional fee for fixing system broken because of this.

> You can add a scary warning which could be enough for many users

Hah. Does the tech crowd never learn?

What we expect the "many users" to see:

    | This is dangerous |
    | you'll be on your |
    | own, so take care |
    |                   |
    | [cancel]     [ok] |
What the "many users" really see:

    | This is a mildly  |
    | annoying message  |
    | only made to      |
    | delay access to   |
    | instant happinness|
    | and BTW blah blah |
    | blah blah blah    |
    | blah blah blah    |
    |                   |
    | [meh]  [buzz off and giev me teh warez]
> And charge additional fee for fixing system broken because of this.

<at your regular party>

"Hey I hear from <insert {relative,friend,whatever} here> that you work with, uh, computers and stuff, and, I think my phone is somehow, uh, broken, and I know zilch about computers, so could you help me with it pleeeease?"

I've been astounded with spectacular consistency over the years at how much people can achieve (however unsafely) to get stuff for free even if they openly claim to be tech illiterate. That includes jailbreaking and installing "alternative" app stores. Basically some kind of goal-oriented BOFH's dummy mode on steroids.

I think it depends on the person. There are responsible people who aren't going to take a risk for dubious opporunity to watch pirated movies on a tiny screen. The message should be honest and then it won't be interpreted as you imagine.

This has nothing to do with warez or pirated movies.

For over a year, Minecraft shipped for the Mac without being properly signed for Gatekeeper. Their official support article said the only way to get it to work is to turn the feature off (disable binary signatures system-wide) - probably because they didn't want to explain to people what right-clicking was.

I'm unsure if this was due to lethargy, lack of wanting to pay $99/yr to have their $2.5 bil product have a proper software signing key, or an ongoing technical issue. But they in no way explained to users what the ramifications of this change was, and the typical user making the change was likely a kid.

If Apple provides a way for a company (I'll pick on Spotify here as a likely example) to ship their app without having to play by the rules of the App Store, it will quickly become the only way to get the app. The only way the users will be able to get the functionality they want on their phone would be to disable the security protections and side-load. And historically, companies have dismissed the ramifications to the user of doing this ("Hit 'Ok' on the dialog which is displayed")

Companies like Amazon has a whole third party store based on exploiting what is often referred to in Android as a "developer mode". I see zero likelihood Apple will make it possible for a side loading feature compatible with mass distribution without government pressure. If you don't care about distribution but just want to build and load an app on your personal phone, thats already possible and does not require any fees or paid tools (assuming you have a Mac).

Of course, this App Store is also the central authority which would allow Telegram to take down fake apps which are there to confuse users and potentially provide vectors for things like ransomware and surveillance by state actors.

> most users are better served by a gatekeeper

If you believe that's the case the bigger problem is the lack of education that leads to some people who are incapable of understanding the risks associated with doing so and not that they have access to do so.

My mum is highly educated but somehow every time I visit her, her computer is full of fresh malware.

Usually it's stuff like sketchy webpages that say "your Flash Player is out of date. Click here to install lates version." and they just do it.

Malware makers will always find a way to trick people into installing their stuff.

Yes, let’s just educate everyone instead of bulding a better system in the first place.

While that's probably true, Apple could bring to iOS what macOS has been doing for years: code-signed apps that aren't distributed through the App Store and aren't subject to any of the App Store's restrictions (and can't guarantee the ostensible security benefits), but can still be "disabled" by Apple if they prove to be bad actors. On macOS, there are actually three states for this: signed App Store apps, signed regular apps, and entirely unsigned apps. Users get to tell the system what to allow and disallow. There's no really good technical reason for Apple not to allow at least the first two categories on iOS by now.

(That system on macOS is, for those who don't remember, called Gatekeeper!)

> There's no really good technical reason for Apple not to allow at least the first two categories on iOS by now.

But then I can sign a jailbreak with my developer certificate and pass it around. Now, you're going to say that such a thing has never happened on macOS, but the fact that it could happen because you've opened the door to it is something that should be considered.

As soon as it get wide enough they’d just block you.

iOS doesn't allow this because Apple makes shitloads more money from mobile than desktop. They recently blocked Valves app from iOS because it allows you to stream games from another device which puts apples cut from the app store at risk. They don't care about steam on OSX because they make so much less money there.

To be clear, Apple's published statement is that it was blocked because it lets you purchase games through the app, which has been forbidden since day 1.

They also state they are continuing to work with Valve to get it published (presumably with only the feature to play existing purchased and free content, like say the Kindle app)

Apple won't be able to receive its 30% revenue cut then.

That may be the reason, but it's not a technical reason. :)

I will never support an oppressor. People should be free of gatekeepers, even if they're worse at looking after themselves than the gatekeepers are, because being a gatekeeper is just far too much of a moral hazard.

I think the best option is picking your own gatekeeper. fdroid and redhat are the gatekeepers of my system but if they turn bad I can choose better ones.

I should have specified, I meant risk to freedom/censorship.

Well it has those risks too. Tainted copies of messaging apps shipped by hostile governments. If you download from the App Store you know you're getting the app that was signed by the developer.

Signed binaries and open distribution channels are not mutually exclusive.

> how big of a mess that was on desktops

Wait, what? The desktop experience is wonderful in this regard - choose any number of app stores if you want, or don't, if you don't want.

I've never, ever thought of this as a problem.

The millions of desktops riddled with adware and viruses running to this day is pretty good evidence that most people cannot effectively manage software on a desktop OS.

Remember when you'd find four different toolbars on IE that your friend/family/neighbor had no idea how they got?

If you're on this site you are not most people. But, if it wasn't for the rules of Apple and Google what kind of things do you think Candy Crush would install on your elderly relative's phone?

> The millions of desktops riddled with adware and viruses running to this day is pretty good evidence that most people cannot effectively manage software on a desktop OS.

That seems like victim blaming to me. I think this is more like pretty good evidence that Microsoft has done a disservice to its users vis a vis their security.

> Remember when you'd find four different toolbars on IE that your friend/family/neighbor had no idea how they got?

Yeah. I fixed that problem by introducing them to Ubuntu and Firefox, not by cordoning off their ability to install applications of their choosing.

> If you're on this site you are not most people. But, if it wasn't for the rules of Apple and Google what kind of things do you think Candy Crush would install on your elderly relative's phone?

I dunno man, this seems like a very dangerous argument to me. It's like you're saying that there's a huge silent majority that is not qualified to be the sovereign over the machines in their life, and that's not my world view.

I acknowledge that malware is a huge issue, but I think it's reasonably clear that the best ways of mitigating it do not include disempowering people or cutting their free speech at the knees.

> That seems like victim blaming to me. I think this is more like pretty good evidence that Microsoft has done a disservice to its users vis a vis their security.

I squarely blame developers/designers. Not just Microsoft, but Netscape with SSL, Android with app permissions and side-loading, etc.

There is this terrible historical concept that we can solve security issues with user education and work around design/deployment problems with security through obtuse user prompts.

>> Remember when you'd find four different toolbars on IE that your friend/family/neighbor had no idea how they got?

> Yeah. I fixed that problem by introducing them to Ubuntu and Firefox, not by cordoning off their ability to install applications of their choosing.

Sure, just as long as you keep in mind that Firefox extensions and Ubuntu snaps/universe/multiverse aren't vetted for malware. Plus Firefox extensions (like those toolbars of days past) can inspect all traffic and capture things like credit cards and passwords.

But hey, the user was notified that there was a risk and blindly hit OK - because it was the way to get the computer to do what they said they wanted the computer to do.

Well, I agree with a slightly different assertion: that most people cannot securely manage software on a current desktop OS.

One of the problems that I think we technical people have not been able to solve yet is giving the user appropriate signals of the relative danger of the action they are about to engage in.

If all the dialog boxes look very similar, and any app can create one, you have yourself a dangerous system.

> The millions of desktops riddled with adware and viruses running to this day is pretty good evidence that most people cannot effectively manage software on a desktop OS.

Is this an actual fact-based observation or just personal memories rooted in a time that Windows 98 was the best that many people got?

It often seems like people who hold your position are arguing against a caricature. As in, you can't do it this way because people used to have problems, or people might...

Android is almost as locked to Google Play as Apple is to the App Store, to the effect that no vendor has made a successful business selling phones without the Play Store. While they've finally fixed it, for years, they used scare tactics to prevent sideloading by insinuating it as a security risk, requiring you allow "less secure apps" in order to sideload. Most applications won't run without Play Services even if you do sideload them, and Play Services can remote uninstall an app from every device anyways, should they choose to employ it.

Yes, you can roll your own with a ROM and limit yourself to the tiny selection on F-Droid, but you enter an increasingly niche area. While it's "technically possible", it isn't really supported well enough to justify holding it as a benefit over a competing platform from a mainstream sense.

Bear in mind, when faced with a technical question revolving around making a backup of APK files, a core Android engineer said they "didn't support piracy", which was... a pretty hefty accusation to throw around for an innocuous backup of apps for being able to sideload should they be pulled from the then-called Android Market.

I wonder how difficult/useful it would be to create a community-driven package management system, like AUR or nixpkgs. Is there any known attempt?

But I can go to a public forum right now and find pirated .apk for thousands Android apps. And that’s extremely bad for the ecosystem.

Regarding your first paragraph, all of the Chinese domestic versions of Android have been totally successful without the official Play Store. The manufacturer such as Huawei, zte, oppo, etc installs the Chinese app stores as part of the OS load. What you wrote applies to the English language market.

This is a half truth. You are right in that Chinese companies have succeeded without the Play Store, but for one key reason: Google isn't in China. Literally the only place Android is open is where Google voluntarily isn't keeping it closed.

Well, not quite voluntarily.. ;)

Google is not in China because the China government tried to hack Gmail accounts so they left as the right thing to do.

But I think you know this?

The core difference is I can use an apk without any trouble.

But this is not the first time we can see a difference between how Apple and Google conduct themselves in these situations.

Look at China. The China government tried to hack Gmail accounts and so Google left China. Versus Apple handed all their user data over to the China government. I get it was so Apple could make money in China but sometimes principle is more important as we saw with Google.

https://www.amnesty.org/en/latest/news/2018/03/apple-privacy... Campaign targets Apple over privacy betrayal for Chinese iCloud ...

Not applicable to Telegram, but if the app is open source and you have a Mac (!) you can install it using Xcode.

Since Signal is actually open source, you can install it even if Apple decides to block it in the future (if you have a Mac).

Telegram clients are open source and can be built yourself.

Kinda. They're open source, but the source code is not updated frequently.

This is a great option if your audience has very high need, but it will not make it available to the average non-tech savvy person who needs it.

OK, but High Sierra VMs in VBox are pretty easy with vagrant. Plus the standard tweaks for running on Windows and Linux hosts.

So technical users could install for their friends.

Do note that it will only run for 7 days unless you pay Apple $100 a year for the privilege of running code on your own device.

You can reinstall it every 7 days for free though!

This is only true for iOS apps, not for Mac Apps. You can get Xcode and compile whatever you want with it.

OK, but we're clearly talking in the iOS context, given that was the only platform Apple was blocking.

Based on history, it’s by far more likely that it’s #3. Have we ever seen Apple prevent updates to an app globally due to government request (any government)? No... What we have seen are plenty of other reasons that Apple has rejected updates - like including new features that violate policies.

This really makes no sense on its face - if this is real Apple responding to Russian demands, why is Televram even available in the App Store at all?

We've also seen Apple just pull apps all together from countries at the request of the government, so I don't understand why Apple would only reject updates at the request of a government, rather than pull the app completely.

> Telegram is prevalently used by Syrian fighters

So Apple is afraid that they will start killing people in Europe using newer Telegram versions?

Russian propaganda says similar things, that Telegram is used by terrorists and drug dealers and that is why government needs to be able to read your messages.

> Telegram recently ran an ICO that, at the very least, probably runs afoul of American securities law.

Telegram is a British company.

Telegram is used by those people. As is Facebook, Twitter, Tor, the road network, cash, credit cards, Walmart supermarkets, mobile phones, electricity... That one bad person, or group of bad people, use a technology in support of their wrongdoing does not make the technology bad.

(I'm agreeing with you, just stating the point more obviously).

> Telegram is prevalently used by Syrian fighters [1]. (Why they chose Telegram over Signal beats me.) As the Syrian conflict winds down, these fighters are returning home. That creates a security imperative for many governments, including in the EU.

BS. There is exactly 0 reasons why they should infringe on your rights. Remember that. 0 reasons.

"Telegram recently ran an ICO that, at the very least, probably runs afoul of American securities law.” Their ICO is absolutely compliant with the securities laws. There wasn’t a sign of general solicitation and the investors were required to be accredited.

2) Telegram didn't run an ICO. They wanted to but raised enough funds in the private markets that there was no need to continue with an ICO.

I'd given this challenge some thought in the recent past, specifically the challenge that the big app store owners are each generally susceptible to coercion by large nation-state actors in spite of being multinationally distributed.

There was a project I was involved in rather heavily (cyph // resulted in a pair of neat conference talks) where we'd accounted for the risks of apps being banned by making the entire application operate exclusively in a web context. To at least somewhat mitigate the related risks stemming from having to trust the cryptographic logic delivered by a web server every time you use the service, trust-on-first-use was achieved by mangling the living daylights out of HPKP in tandem with service workers in order to persist barebones codesigning logic used for validating cryptographic packages delivered from the web service. Alas...

All of this is to say that there have been multiple parties involved in addressing this challenge, each one thinking from novel angles in an effort to mitigate the risks posed by the threat of sanctions against secure messaging. As it stands, it appears there's now a rather glaring weakness: if a nation-state decides as much, they can just twist the arms of the walled gardens supporting your secure messaging client in order to:

1) deny access generally, reducing or eliminating the growth of the target space and improving target acquisition,

2) persist known vulnerabilities just long enough to exploit against a target.

Telegram has been criticized again and again for their security hygiene and for their architectural decisions. Signal's seen some of that heat quite recently, and I raise both of these because they speak pretty strongly to the bullets above: there's a chance we're seeing a live demonstration by a preeminent world power against one of the few tools dissidents are using to literally stay alive.

If this demonstration succeeds without any sort of significant blowback (in the form of corporate or popular resistance or some other subversion or mitigation of the attack), there's nothing to stop any other major party from trying it, regardless of whether they're a nation-state.


Anyway, I'm keen on a deeper discussion here. Maybe the tinfoil hat's been a bit corrosive to my brain; counter-arguments are welcomed.

If users could install Telegram from third-party sources, without rooting their phones, this issue wouldn't be so serious. Or if users could install from trusted friends, even. That is, if iOS apps could be shared. There's a similar issue for Android apps. But it's my understanding that it's easier, and doesn't require rooting.

But of course, this would break Apple's "we are the only app source, because you can only trust us" security model. Or maybe it's "... because we can only trust us, and we don't want increased support load".

Installing apps from third-party sources is trivial on most Android phones. It only requires turning on a setting that's off by default and exposed in the regular settings app.

On android it's very easy. Settings, developer, "allow installation from 3rd party - on".

Alternatively on my phone when I try to install an app, it'll allow me to change that setting just for that single installation and then turn it off again.

If Telegram released the source code, people could compile and install it on their own iOS devices.

Which they do, to some extent. They're in a weird limbo right now where they're pushing updates but not updating the publicly available source, which is something I find vaguely off-putting.

They also provide their own "build-your-own-Telegram-client"library, at least for Android.

I never though of that before but the current situation might be a very good reason for making that library available.

No. Apple needs to allow its customers to install apps from outside the store with a bunch of warning pop-ups.

I'd be interested to see any slides or "work product" containing your conclusions if it's available and you don't mind.

I'm working for a startup that has had to pivot to web-only applications specifically because of Apple and their frustrating nervousness around anything involving applied blockchains.

I think you can skip mentioning blockchain in the app description.

If it is "applied blockchain", you don't have to tell everybody it's blockchain. App should look like natural (or, sometimes, magic) to non technical users. They couldn't care less.

Just show them what your app can do.

Well the basic premise was to use a security protocol to deny service locally to a domain after that domain will have loaded client-side code into the browser as a service worker. It's described with more detail near the end of the deck: https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20pre... -- but the practical implementation of the aforementioned is to cause local DoS by means of rapid key rotation on a domain protected by HPKP. By rotating keys (cyph.ws does this just about once every twelve hours, for instance), you can trap a service worker in the browser for up to 60 days, the length of time pins are permitted to be valid with supported browsers. I'm pretty sure we coined "HPKP suicide" for publicity's sake, but should any other ultra-footgun-prone client-side TLS-impacting security protocols emerge, this same pattern should be feasible with those as well. Local DoS was briefly described as a risk in the HPKP RFC, and we further fleshed it out and reduced it to practice as a tool for engineers to achieve the goal described in my last comment (equal credits to Ryan Lester and Jann Horn as well).

The specific device we put into production (and patented because of its criticality to Cyph) worked through the use of localized denial of service to pin signature validation logic into the local store of the browser to verify payloads received from other endpoints; in our case, we pin bad keys for the maximum permitted duration. That said, there are many different ways to use HPKP suicide that don't have to do with adding signature validation for client-side application logic, and they still come fairly close to achieving the goal of reducing how often you have to trust the server. The pattern described in this paragraph allows for Cyph to deploy new builds of the full messaging application whenever by just signing new builds such that they're validated by the pinned service worker, but if that flexibility is not a necessity, keep reading.

Since you can effectively pin any code into the browser through HPKP suicide, one different approach might be to pin a key for a more reasonable amount of time, such as two weeks, in order to stick e.g. critical application logic in the browser and rest assured that each user will use a certain build for at least two weeks time. This has the effect of reducing the exposure of an application's userbase in the event of a service compromise—at the expense of possibly committing some users to a bad build (or possibly even a compromised build) unless they manually clear pins. If you're writing a light application, this'll serve you pretty well. If you're writing a heavier application, you can outsource most of the heavier dependencies through SRI (the code pinned as the service worker would use SRI to validate the supporting libraries). The nuance here is that you're not implementing signature validation; you're just relying on that local DoS to ensure that certain code stays in the browser for as long as the bad keys are pinned and just confirming that any separate resources hash as what you'd expect them to. You're still certain to see that code--and any hashes you bake into it for SRI, should you choose to go this route--persist for as long as the invalid pins are live in your users' browsers.

HPKP still works in Firefox, so we intend to continue to research this pattern and related implementations of it. However, considering the browser with the largest market share just deprecated it while publicly mentioning the risk of footgunning via the standard, I'm not sure how much you stand to gain by implementing anything like the pattern we fleshed out two years ago. I'd love to build support to keep/fix the protocol rather than bin it, but the team that created is the team that gave up on it.

If you're curious, the private reason I've heard voiced to others by a person closely connected to the standard is that the protocol was not anticipated to be used in any manner other than what was documented, hence why termination of support for HPKP was preferred in Chrome over revision of the standard. I'm deliberately delicate with my words here because 1) it's hear-say, 2) it was expressed both off the record and in confidence to someone other than myself, and therefore 3) I can't be certain that it was expressed at all. However, key pinning--or any other TLS DoS--should always support what I described above as long as the DoS doesn't interrupt local code from executing in-browser, a behavior I doubt will change for the foreseeable future. You wouldn't want a TLS error to forcibly refresh an offline Google Docs instance just to show you said TLS error (resulting in loss of data from that offline GDocs instance), would you?

TL;DR: you can research alternatives based on the general pattern we described, but using HPKP specifically might be a dead-end for you.

But if you're keen on talking about it in more depth, I'm on keybase.io/bryant

I guess my brain is too small to grok this all in one go but are you saying that

Russia is applying pressure to Apple (what pressure?) that prevents Apple App Stores in all countries from accepting a new update of Telegram

I don't get this - why is Telegram not releasing updates in a UK or Japanese region? What pressure (besides the local russian court system) is being applied here


In general yes I expect that app stores are the / a weak point in mobile encryption messaging, but it is only at the level of major player threat model. These things are good enough for use against all but a State level actor targeting you specifically (at which point leaving the country is probably good, if tardy, advice)

Russia is even making public threats to block Apple services for everyone in Russia because of Telegram. Do you not consider this a form of pressure?

I presume earlier Apple just gave in a bit to the pressure and stopped updates to help them censor the app.

We don't have any evidence, apart from Durov's allegations, that Telegram's situation with Apple has anything to do with Russia.

Russian officials said that Apple must remove Telegram from App Store otherwise its work can be "disrupted" in Russia.

So this is Telegram saying "oh we forgot to update for GDPR because err ... umm ... err ... Russia!"?

I mean we presumably do have Russian court Records from April, records that the Roskomnadzor went to court for encryption keys, and that there have been "shutting down entire segments of the Russian internet. Many small organizations, including language schools and museums, have been blocked as collateral damage." And evidence there was a demonstration with paper aeroplanes?

I am happy to accept that Durov has an axe to grind but Russia does look like a good suspect to start looking at first.

There is certainly evidence that Russia has a problem with Telegram. There is also evidence that Russia is trying to get Telegram removed from the app store.

What we don't have any evidence for is that these are in any way related to Telegram's inability to get updates approved by Apple. This is speculation based on the above claims which do have evidence.

Fair enough - this is essentially my own question above - what pressure can be applied by Russia to Apple to prevent App Store UK getting updates? If you have a legal dispute in country A does the prevent all counties getting updates?

> Fair enough - this is essentially my own question above - what pressure can be applied by Russia to Apple to prevent App Store UK getting updates?

They can fine the company, ban import of Apple products into the country, block access to App Store, etc. Yes, that same agency.

It doesn't even matter which regional section of App Store Telegram would use to publish app - users in need can switch between them and censorship agency can't see which part of App Store you are connecting to.

So Russian censorship agency's end goal should be to remove Telegram from all regional sections of App Store and use whatever legal or not-so-legal excuses to do so. Agency in question (Роскомнадзор) is notorious for their bullshit excuses to ban imports of food from Ukraine during all the trade wars even before all European food was legally banned for import.

Let me rephrase- yes they can impose a fine, harass employees, ban imports of iphones, but what can they do that will work - ie force apple to ban a well known app from the app store innsuch a blatant fashion.

Apple would be insane to comply with these demands, because it just opens the door for every other regieme to do the same.

So ... is Apple stopping Telegram from sending the updates? Are they doing it because of Russia pressure?

or is there more?

>Apple would be insane to comply with these demands, because it just opens the door for every other regieme to do the same.

But they already did in China, right?

This it seems is something i missed - they banned VPN apps?

Russia bent Google in no time to show Crime as Russian territory on Google Maps. Apple is stronger, but not so much.

Can you really switch between stores? I think you would need UK credit card for that.

You can skip adding payment method: https://support.apple.com/en-us/HT204034

It is not the same agency - food bans were issued by Роспотребнадзор.

Maybe they found an excuse to disable updates, but they don't want to be seen helping Russia. This only works if updates are disabled for the app entirely.

Apple might have no system to stop updates in one specific country.

> So this is Telegram saying "oh we forgot to update for GDPR because err ... umm ... err ... Russia!"?

There are reasonable explanations between "Telegram is directly responsible for the delay" and "Russia made Apple hold up the app worldwide."

> Russia does look like a good suspect to start looking at first

Start. The discussion I'm seeing treats this as a foregone conclusion. That's all I'm cautioning in respect of.

Maybe Apple just doesn't have a system to block updates in one specific country?

Yeah. One finger at a time, until all 21 fingers will be inside.

anytime someone says "only nation player threat model" I say in my mind "and also internal threats". I believe this gives a more complete picture of the actual risk.

Usually true, but not consistently. There are applications which by design have accounted for internal threats but not state actors strictly because of the motivations of the threat actors themselves.

To drastically simplify it:

- Internal threats are usually motivated by finance/challenge/spite.

- State actors are usually motivated to counter perceived national security threats regardless of whether they're short-term or long-term. The result is a preparedness to spend resources orthogonally as compared to the potential impact of the threat to anyone other than the state but which may be directly correlated to the perceived risk to the state itself.

In simpler terms: risks exploitable by internal threats versus state actors do not assuredly overlap, and a lot of it is because risks exploitable by possessing knowledge might not be the same as risks exploitable with gobs of money.

Gobs of money and also legal control of the companies' markets. Controlling Apple's various markets gives nations a lot of power that is tough to get even with lots and lots of money (yes, see Piketty, but it's rather inefficient to buy politicians even if some billionaires are working on doing so.)

Skywire to the rescue. Can't wait dor it to go live.

Presumably Telegram doesn't know for sure why Apple is blocking updates... They are most likely getting stonewalled, with Apple not responding to any of their requests for information.

Telegram suspects that Apple is trying to appease Russian censors while keeping a low profile and plausible deniability. Perhaps Apple is buying time and showing goodwill to Russia while they negotiate a deal - who knows?

Acting on their suspicion, Telegram makes this announcement, putting pressure on Apple to unblock updates, or at least to stop stonewalling them.

It's a clever use of PR as a tactical weapon. And assuming that Apple was indeed stonewalling Telegram (extremely likely knowing Apple), I think it's perfectly justified.

Your assumptions are probably wrong. Most likely Telegram does know why they're being blocked, they just aren't saying because they want people to assume malfeasance on Apple's part and they're hoping bad PR will convince Apple to approve whatever it is that they're currently rejecting.

You might be right... I think it's fair to say we're both guessing.

To me it just doesn't seem logical to resort to such a "nuclear option" over a review disagreement, instead of just complying, negotiating, or at least working around the problem in a creative technical way. It's not like Telegram is changing in some fundamental way since the last review... What could Apple be telling Telegram that is such a massive showstopper?

A lot of companies do tend to reach for the "nuclear option" of crying to the press when getting rejected even though they haven't yet gone through all the steps of trying to resolve the issue privately.

> What could Apple be telling Telegram that is such a massive showstopper?

Good question. I don't know. There are a lot of possibilities here and it's impossible for us to know what without Telegram telling us the actual rejection reason.

> > What could Apple be telling Telegram that is such a massive showstopper?

> Good question. I don't know. There are a lot of possibilities here

I can't think of any. Can you name one?

Telegram wants to introduce a feature where they request access to your address book, request access to your photo library, search your photo library using CoreML for photos that appear to be indecent, and start sending them to all of your contacts. Telegram is really adamant that this is an excellent feature and they refuse to remove it when Apple denies them over it.

Or probably something else. But you get the idea. Telegram could have tried to introduce behavior that violated Apple rules. Or they could have snuck existing rules violations past Apple in the past and Apple finally noticed.

Then Apple could tell the real reason.

Apple doesn't usually comment on cases like this.

Looks like a good point to start commenting.

The people who would stop buying iphones over this were never buying iphones to begin with.

I’m pretty sure Apple communicates with the developers of major apps in a different manner. Like when they didn’t immediately deleted Uber that was tracking the permanent device IDs which is prohibited by the platform. They’d delete any regular app that tried to do that.

Honestly, I don't understand why there are still details missing from this story. Durov is willing to share that Telegram hasn't been able to ship updates, but not the full reason.

Have they been actively rejected (and thus, provided a rejection reason)? Or have Apple just stopped approving their updates silently?

If it's the former, I don't know what app store guideline says "well, Telegram is banned in Russia, and so no more updates." If it's the latter, then I can understand the frustration -- but we don't know which it is. This nuance is important.

For all we know, the answer is the former, and the app store rejection reasons are for completely unrelated issues. But as per usual, we don't know the full story.

The certification process tends to only look for things that are Bad for Apple or Google, as almost anyone who's tried getting a big app update certified. Meanwhile, 1000 iterations of shareware calculators that you have to pay $4 to unlock the number 9 are accepted frequently. There's so many clearly crap apps out there that don't get a second look.

> shareware calculators that you have to pay $4 to unlock the number 9

This is probably made up/for comedic effect, but just in case it isn't, do you have a link?

Usually it’s not like that, but they’ll show ads on a calculator that completely matches the native calculator, until you pony up.

Other examples are todo lists that only allow you one group unless you pay them.

I'm sure you understand that Apple can always find some excuse to disable updates for "unrelated" reasons. It's never going to be an honest reason, they can never give political reasoning publicly.

Telegram is right to call them out on it, they should have done it earlier. But I guess they were hoping for Apple to re-enable updates and didn't want to make the gatekeeper look bad.

I've certainly never heard of Apple rejecting an app update without giving a reason. I'd agree that it feels like there's something that Durov isn't telling us here.

Apple often cites entire paragraphs from their TOS as reason for app rejection without giving specific reasons.

Perhaps he added more domain fronting? And apple is trying to decide on their position of that technique?

Does this dispute imply that Apple backdoors its own iMessage end-to-end encryption on states' request?

It's entirely possible, I'd speculate. I once called Apple tech support for help with my iPhone. So they could see what was going on right on my phone, they were able to remotely request a "screen sharing" session, which I had to click "Allow" on a dialog on my phone to approve. One can imagine that such an approval dialog is not actually required in a technical sense, and _theoretically_ a screen share could be remotely started without any such dialog/notification.

While true they can access a phone based on the user opting in, there's likely a high degree of "security" around how and when this can occur including the necessity of a user opting in.

Tim Cook has taken a very public stance on privacy and the addition of police-unfriendly encryption of data. So, there's much to lose if news were to come out undermining that position.

He probably would not be going so far out on a limb personally if the reality of the privacy/security/encryption were just for PR. His integrity is dependent on that position being true.

Slowing things down for political purposes in entirely another matter, and well within the realm of probability.

I know this is not really on topic, but forensic companies like Cellebrite can unlock/get the data from almost any iOS Device.

Remember, those were the guys that unlocked the San Bernardino iPhone.

Android full encryptions are harder/impossible for them, a Cellebrite person told me half a year ago.



> forensic companies like Cellebrite can unlock/get the data from almost any iOS Device

I don't think this is true. Essentially Cellebrite gets ahold of an unpatched exploit that Apple then quickly fixes; that's far cry from being able to unlock "almost any iOS Device".

> One can imagine that such an approval dialog is not actually required in a technical sense, and _theoretically_ a screen share could be remotely started without any such dialog/notification.

Well I mean, they wrote the OS so they can theoretically have it do whatever they want. But there's an extremely high probability that the way the OS is written, they cannot remotely trigger screen sharing without the user confirming it first.

The new iMessages in the Cloud claims to be 'end to end encrypted', which is true, but omit the fact that a copy of the key is stored with Apple in your iCloud backup...


"Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, a copy of the key protecting your Messages is included in your backup"

Given that almost everyone has iCloud backup enabled, messages are certainly retrievable with a simple court order.

Good to be aware of, but¹ Messages in iCloud is off by default².

¹At least for existing users.

²And almost certainly requires opt-in for new users as well.

Messages in iCloud is end-to-end encrypted. It's iCloud Backup that has issues.

Backups are encrypted.

I believe the argument was that they're encrypted with keys that Apple has access to.

I don't think it implies anything like that. Apple has way too much to lose given Cooks stance on privacy.

No… from a pure game theory perspective the positives don't outweigh the negatives for doing so.

Please note that Telegram is not a Russian company; it is registered in Great Britain. Russian government doesn't have any jurisdiction over it.

Also, russian users are less than 10% of Telegram userbase.

So now Apple is putting sanctions upon a British company just because Russia says so.

This sets a dangerous precedent. What will we see tomorrow? China, Thailand, Iran and North Korea kicking apps they don't like out of App Store? Apple banning apps on political grounds?

Apple already does ban apps on political grounds, even pretty innocuous just-the-facts type apps:


And yes, I think you are likely right: we will see apps banned at the behest of the Chinese government, given the size of their market. (North Korea, perhaps not.)

Apple painted themselves into this corner when they decided to become the gatekeeper of what iPhone users are allowed to install.

We already see that, but it’s more subtle. They aren’t banning those apps worldwide, just delist them from their Chinese store.

The App Store guidelines [5] indicate that, with regard to a single app, the app author (Telegram) "must comply with all legal requirements". Telegram agreed to this requirement when they published their latest update two months ago, and so Telegram – not Apple – is liable for illegality.

Apple received a notice of illegality from Russia regarding Telegram, a third-party app. This notice was inappropriately delivered to Apple, who currently has no responsibility for Telegram. Telegram's compliance with Russian law is not Apple's problem unless a Russian court orders Apple to de-list Telegram. Until such an order occurs, Apple has no reason to de-list Telegram.

Therefore, I believe that Apple did three things:

[1] Apple temporarily suspended Telegram app updates worldwide after receiving a notice of illegality.

[2] Apple immediately forwarded the notice of illegality to Telegram, without any assertion of validity.

[3] Apple notified Telegram that they may resume updates by either declaring in writing to Apple that Telegram is legal in Russia or de-listing Telegram in Russia.

And Telegram did no things:

[4] Telegram has refused to declare in writing to Apple that Telegram is legal in Russia, and has refused to de-list Telegram in Russia.

And Telegram, after two months of refusing to act on [3], is trying to pressure Apple into giving up on [3] using the "woe is me" GDPR excuse.

[5] https://developer.apple.com/app-store/review/guidelines/#leg...

> "must comply with all legal requirements"

Every country has its own legal requirements. As Telegram is a British company I assume it must comply only with British laws, right?

Telegram may absolutely ignore non-British laws and refuse to concern itself with them. Independent of laws, Apple may refuse Telegram access to the App Store if a guideline is not met.

Tell that to GDPR. I’m pretty sure Apple meant the compliance with the regulations of the countries where the app is available.

This is why I will never own an Apple phone. No one should have the power to decide what can and can't be installed on your devices.

So you've never owned a game console either?

That's not very far fetched.

The last console I owned was a PS2, which could run Linux. No reason to own a console anyway, PCs are such a better game platform.

Many don't for that exact reason. Restrictions is one of the main arguments for pc gaming.

Tweet from Founder/CEO of Telegram: https://twitter.com/durov/status/1002653210245586944 ("Thank you @Apple and @tim_cook for letting us deliver the latest version of @telegram to millions of users, despite the recent setbacks.")

What else do people expect from a closed ecosystem? Vendor bowing down to disreputable nation-states' requests. Check. Out of date apps with vulnerabilities. Check. Impossible to verify security of said system or apps. Check. Complete opaqueness from the vendor. Check. And this is from a vendor that supposedly values both security and privacy ... not that any others are any better.

Theory 1: It’s because Russia, a market with a very small iOS user base, can pressure Apple into doing what it wants.

Theory 2: It’s because Telegram raised more than a billion dollars for a virtual currency that does an end-run around Apple’s in-app payments.

Based on Apple’s past actions, which one is more likely?

The ICO didn't mention anything about doing an end-run around IAPs, and even so, such functionality isn't integrated in the app.

How can Apple justify penalising something not in an app? Why is the Kindle app still up, despite the fact that Kindle ebooks don't go through IAP?

From all the articles I have read about this Telegram seems to offer no evidence to supports its case. Further more it claims its only iOS, and not macOS. And I personally have gotten at least several updates for at least the mac version over the past month.

On a Mac you have the option of downloading and installing the app directly from the Internet rather than from the app store. On iOS you don't, so there is a clear difference.

My macOS Telegram updated, from the AppStore, 2018-05-31.

My point is that there is no point in blocking any updates on the MacOS appstore, as it can just be side-loaded.

I keep seeing a lot of iffy reporting on this. Has anyone actually run this down and done a solid article on it?

Read the comments here, and it seems like Telegram is being pretty shrewd from PR perspective, since everyone is willing to blame Russia and Apple. Admittedly Russia is a deservedly easy target, and Apple has some vocal critics. If enough people want to believe the accusation, and are willing to at face value (and that seems to be the case here at least) then it’s already “mission accomplished” for Telegram.

IF they really are not letting them update I would at least expect a rejection letter from Apple as evidence.

Why? If they make it so obvious of course there will be outrage. What everybody with some brains would actually do is slow down the approval process and really look for all kinds of unimportant small details that the update doesn't fulfill "yet".

Why? That still makes no sense - banning updates globally is not even what Russia wants, let alone a reasonable goal.

You don't have to be strongly against something just because it's not as important to you. Telegram is a chat that has a huge number of security aware users. If they can't update, no matter the reason, the users need to go somewhere else. That doesn't necessarily mean that they would switch from Apple to Android, though. So the price for Apple might be small.

So for Apple that is either a good way to get rid of an unwanted app, or a way to do a favor for a competitor, or a way to put pressure on Telegram developers to do something that the devs haven't done yet for some reason (e.g. give access to user data).

Now I'm not saying that Apple does anything like that. It couldn't be proven by simple people like us anyways. I'm just providing possible explanations for what's maybe going on and why it might happen. It is for instance just as possible that Telegram is not updating themselves, because they want to achieve some kind of hidden agenda, e.g. in a subgroup of people they care about users would very much be willing to switch phones just to stay with their secure chat app and they might have a better deal with Google than they have with Apple. Nothing can be said for sure without insider information.

So why is Signal updating?

Because the People of Interest to Russia happen to use Telegram, not Signal.

Why is it easier to assume Russia forced Apple to block Telegram worldwide, a privilege Apple haven't even given China, than that there is another reason for the delay?

Russia hasn't banned Signal, has it?

Russia has not banned Signal yet. A possible reason may be that a) Telegram is still way more popular b) Telegram was (and still is) a major networking service for the Russian opposition

Signal is not that popular.

"Russia banned Telegram on its territory in April because we refused to provide decryption keys for all our users’ communications to Russia’s security agencies"

Why does Telegram have decryption keys for all their users' communications (or do they)?

For private chats Telegram uses end-to-end encryption and they cannot read the chats. Of course, they control the clients though, so they could update their clients to also send the chats to Russian intelligence and it would be hard for anyone to notice.

Telegram isn't E2E encrypted by default.

You need to choose an "encrypted" chat.

They have been criticised over this for many years now.

Also desktop telegram client doesn't have e2e, only mobile one.

Which is why I can't use it because most of my messages are sent from desktop.

The macOS client supports end-to-end encryption.

Yes I would think intelligence agencies should prefer Telegram over other encrypted chat providers since there's at least this possibility of leaking.

Maybe this will have the unintended consequence of moving users to a more secure and censorship-resistant alternative.

Yeah, I thought it's supposed to be e2e-encrypted, so I was confused by this statement. I guess it make sense if he means they refused to add a backdoor like you say.

The communication between client and server is encrypted and probably authorities would like to get the keys for it. By default Telegram doesn't use end-to-end encryption, and the messages are received in cleartext on the server.

If anyone here is interested, I started on a new project called Chatdog (https://chat.dog) to create an alternative to Telegram, et al. Telegram forces you to download their app and provide your phone number to join a room. Chatdog doesn’t require any personal data and can even be used anonymously!

But you require scripts from a lot of 3rd parties, which may or may not respect my privacy.

Maybe consider using a CDN or hosting necessary scripts on your server?

All scripts are on Cloudfront except for when someone shares a YouTube video or Twitter tweet. Google Analytics and Typekit are the only third-party scripts that are always loaded. I do need to add UI to allow users to disable these.

I had to accept a script from platform.twitter.com before I could close the SignIn/Register modal. Here's a short gif.


The app looks great though :)

Thanks for reporting this! Yes, apparently the Twitter script is always loaded also. I need to add logic to only load it when needed.

So, like Telegram but without false promises of security? Awesome!

What UI library are you using if any? Looks great on mobile!

Thanks! No UI library—I just wrote the CSS from scratch.

I'm surprised that nobody is talking about how Telegram raised pre-ICO of billions of dollars even when it was obvious that this type of censorship will be possible.

Mobile apps should not do ICO, period. It's irresponsible for someone to try stealing uneducated people's money while promising something that's impossible to achieve.

Realistically speaking there are only two players in the market: Google and Apple, both of which will happily comply with governments and regulators since they have no business in allowing gray area businesses, and that's a good thing.

However when you raise ICO, you're basically promising the censorship resistant future while fully knowing that it's impossible to achieve what you promised because your app is built on top of these centralized platforms.

This is on a completely different level in terms of scam factor when compared to naive idiots promising things like "putting grass-fed cows on the blockchain", because literally it's impossible to build a censorship-resistant, decentralized mobile app and they are the ones who know this the best.

I point this out because it looks as though all the press coverage seem to be focused on how Russia and Apple is censoring Telegram and Telegram is the victim, when Russia and Apple did nothing different from what they used to do. Russia has always been this way, and Apple has always tried its best to fight for user privacy but did make compromises when they really had to. It's great that Apple is doing its best to fight for user privacy but to be frank, Apple shouldn't be the one to blame here.

It's Telegram who decided to promote itself as a "censorship resistant decentralized blockchain application" to raise billions of dollars, and they got to this position because of this stance they had to take in order to raise the money. The only losers in this case are the idiots who invested in Telegram's ICO.

> Realistically speaking there are only two players in the market: Google and Apple, both of which will happily comply with governments and regulators since they have no business in allowing gray area businesses, and that's a good thing.

I don't really consider that a good thing. Having government controlled gatekeepers that take 20-30% off of every app with platform lock-in is not a great thing. We rail constantly about FBI/NSA enforced backdoors, especially people in Europe that are potentially having all their data harvested.

I'm on the same page with you. I guess i should rephrase.

I said "That's a good thing" from Apple and Google's point of view. They are public companies with shareholders who don't want them to contribute to potentially illegal behaviors. So it's a "good thing" for them to have the companies comply with the governments.

But this phenomenon itself is not a good thing, so I do think decentralized projects should fix this problem. But centralized companies should not advertise themselves as being able to tackle this type of problem because it's not possible.

This brings us back to the original issue I pointed out. Telegram knows Very very well that they have this issue. Ask anyone who has built a mobile app if building a decentralized ecosystem on top of Apple appstore is possible and they would laugh at you. But Telegram did. And they raised billions of dollars for that false vision which they knew was impossible to achieve as a centralized organization with a product that depends on a centralized platform.

It certainly represents a sea change where the "leaders" in tech are now basically gatekeepers to new technology's viability. Thats been the case for a while, but now the players are the ones who were built on the relative freedom of the internet. It could absolutely just shut the whole distributed platform thing down, but the demand will still be there I think, so eventually new platforms could come take its place. Thats of little solace to ICO investors nowadays of course, because it could delay the rollout by a decade or more.

"you're basically promising the censorship resistant future" where did telegram say anything remotely like that? They did an ICO for a utility coin. They have been honest about being centralized. Correct me if I'm wrong, but it seems like you're putting words in their mouth and accusing them of theft for not meeting your fabricated expectations.

ICO is short for Initial Coin Offering. And the coin is cryptocurrency. Cryptocurrencies are only valuable when they are not censorable. This is why there's a controversy around coins like XRP (from Ripple) because most of the coins are owned by Ripple and their architecture is designed in a way that they can very well censor transactions.

But even Ripple pales in comparison to something like Telegram, because Telegram is a mobile chat app, which is as centralized as you can get. Not only does it depend on iOS and Android, but also all push notifications must go through APN (Apple Push Notification) or FCM(Google Messaging). In fact, messaging apps are arguably the most centralized apps out there because of these features. And this is why it's so easy to censor these apps.

So if your app can easily be censored, and if your coin is useless if your users can't use the app, what else do you think they were claiming?

I am willing to bet that you haven't read the Telegram white paper. (https://drive.google.com/file/d/1ucUeKg_NiR8RxNAonb8Q55jZha0...) They didn't raise all that money to build out their chat app. They are looking to make a digital currency that can handle volume and is practical for day-to-day purchases, compared to the primarily speculatory coins that exist right now. The $1.7B they raised came from 175 accredited investors that purchased the entire supply of utility tokens in the pre-sale.

> They did an ICO for a utility coin.

One of the major selling points of that utility coin was that it'll be automatically available for 200M active users of Telegram. Frictionless entry point into coins is a huge step forward.

You can side-load apps on Android. I'm afraid this makes your rant false.

> Mobile apps should not do ICO, period.

really, should anyone?

Wat? ICO was private and only accredited investors was allowed.

Is Signal reporting any issues?

Signal is down for me right now. I am also seeing lot's of people mentioning the same thing on Twitter.

This is likely a false accusation.

If Apple acquiesced to Russia’s demands, Apple would have: 1) removed Telegram from the App Store in Russia, and 2) prevented Telegram from using the Apple Push Notification Service to distribute non-blocked IP addresses to clients.

More likely, updates are being rejected for another infraction. Telegram should publish the App Store reviewer’s criticisms publicly, and provide more context before making public denouncements.

Or Apple not decided yet how to proceed and is buying some time.

> More likely, updates are being rejected for another infraction. Telegram should publish the App Store reviewer’s criticisms publicly, and provide more context before making public denouncements.

Well, that's one of Durov's powerful weapons. Cry in public and blame others, while he is the one who messed it up.

Telegram is now implementing new sponsored Telegram proxies. This is a well designed system that motivates individuals and channel owners to provide proxies in exchange for promotion. So blocking updates prevents it from working and making Telegram less vulnerable.

Knowing Apple I would be very surprised that it is a false accusation.

Interesting, you don’t think this is an odd punishment if this was about Russia?

At the same time alternative clients are getting their updates just fine (like Teleplus and Loopy).

There are a multitude of reason why this is the case. It might be that Telegram in particular did something that pissed Apple off, or that Apple is ignoring third-party clients.

If they seriously believe that protecting customers security is important, they shall not encourage their user to use Apple products. Android is also bad for this.

Discussion at https://news.ycombinator.com/item?id=17195072.

Edit: actually that article contains much less information and the discussion is correspondingly less substantive, so I've taken the 'dupe' marker off the current post. Carry on.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact