This Week's Sponsor:

Kolide

Ensure that if a device isn’t secure it can’t access your apps.  It’s Device Trust for Okta.


Posts tagged with "iMessage"

iMessage Is Preparing for a Post-Quantum Computing World

Yesterday, Apple’s Security Research website published a report on a cryptographic security upgrade coming to iMessage with the release of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4 called PQ3. It’s a forward-looking, preemptive upgrade that anticipates a future where quantum computers will be able to defeat today’s cryptographic security with ease. That day isn’t here yet, but PQ3 is rolling out with the next series of Apple’s OS updates to protect against a scenario known as Harvest Now, Decrypt Later where bad actors collect vast amounts of encrypted data today, anticipating a future where it can be decrypted by quantum computers.

Source: Apple.

Source: Apple.

If you’ve heard the term quantum computing thrown around in the past and don’t know what it is, I highly recommend a couple of explainer articles by the MIT Technology Review that cover both quantum computers and post-quantum cryptography.1 But if the details don’t interest you, the bottom line is that PQ3 is being added to iMessage today in anticipation of a day in the future where today’s end-to-end encryption techniques don’t work anymore. Here’s how Apple’s paper explains it:

Historically, messaging platforms have used classical public key cryptography, such as RSA, Elliptic Curve signatures, and Diffie-Hellman key exchange, to establish secure end-to-end encrypted connections between devices. All these algorithms are based on difficult mathematical problems that have long been considered too computationally intensive for computers to solve, even when accounting for Moore’s law. However, the rise of quantum computing threatens to change the equation. A sufficiently powerful quantum computer could solve these classical mathematical problems in fundamentally different ways, and therefore — in theory — do so fast enough to threaten the security of end-to-end encrypted communications.

Although quantum computers with this capability don’t exist yet, extremely well-resourced attackers can already prepare for their possible arrival by taking advantage of the steep decrease in modern data storage costs. The premise is simple: such attackers can collect large amounts of today’s encrypted data and file it all away for future reference. Even though they can’t decrypt any of this data today, they can retain it until they acquire a quantum computer that can decrypt it in the future, an attack scenario known as Harvest Now, Decrypt Later.

PQ3 protects against a post-quantum world by setting up an iMessage conversation with a new post-quantum public key system and then periodically updating the keys so that if the keys are compromised, it won’t compromise the entire conversation. The system also uses existing cryptographic algorithms for portions of the encryption process that aren’t vulnerable to a Harvest Now, Decrypt Later scenario.

There is a lot of additional detail in Apple’s report, as you can imagine, including information about the review process that the new system has undergone and the way it is applied to iMessage in particular, which explains the design considerations that were necessary to apply these cryptographic techniques at the scale of iMessage in a way that doesn’t compromise users’ experience.

There’s more to be done to ramp up iMessage’s security even further as we approach a world where quantum computers are a threat to traditional cryptography. However, as Apple’s report concludes, with the imminent OS updates, iMessage will be “the global state of the art for protecting messages against Harvest Now, Decrypt Later attacks and future quantum computers.”

I’ve heard iMessage security get thrown under the bus a lot lately as an excuse Apple uses to protect its market dominance. There’s no reason that protecting customer communications and market-share can’t both be true. However, I think you’d be hard-pressed to read a report like this one and not come away believing that customer privacy and security are also a sincere goals at Apple.


  1. Yes, these are the sorts of articles I save in my read-later app. It’s a fascinating topic that also helps me fall asleep at night, so it’s a win all around. ↩︎
Permalink

Apple’s iMessage Service Will Not Be Regulated under the EU’s Digital Markets Act

The EU has decided that Apple’s iMessage service is not a core platform, meaning that it will not be subject to regulation under the Digital Markets Act (DMA). Jon Porter writing for The Verge:

The decision is the culmination of a five month investigation which the Commission opened when it published its list of 22 regulated services last September. Although it designated Apple’s App Store, Safari browser, and iOS operating system as core platform services, it held off on making a final decision on iMessage until an investigation could be completed. A similar investigation into iPadOS is ongoing.

In the same press release, the European Commission also decided against designating Microsoft’s Edge browser, Bing search engine, and advertising business as core platforms subject to the DMA.

As you may recall from our prior coverage, Apple’s Safari browser, App Store, and iOS are all subject to the DMA, but the EC deferred making a decision on iMessage. In the interim, Apple announced it would support the RCS messaging standard that will exist alongside iMessage in Apple’s Messages app and will include several features that previously were unavailable to non-iPhone users who messaged iPhone users. It’s likely that Apple’s decision to incorporate RCS, which the company says is coming later this year, and iMessage’s relatively small European market share played a role in the EC’s decision, although the reasoning behind the decision was not shared by EU regulators.

Permalink

Apple Releases iOS and iPadOS 17.2 with Journal App, Messages and Music Improvements, and More

iOS 17.2.

iOS 17.2.

Today, Apple released iOS and iPadOS 17.2, the second major updates to the operating systems that launched in September and I reviewed on MacStories.

iOS and iPadOS 17.2 revolve around two kinds of enhancements: there are a series of updates to built-in apps (mostly Messages, Music, and Camera) and various tweaks to widgets; then, there’s the brand new Journal app for iPhone, which aims to reinvent the practice of journaling for iOS users with a built-in solution that’s deeply integrated with the OS and apps.

We’re going to cover Journal with a standalone article on MacStories from the perspective of someone who’s been keeping a journal in Day One for several years. In this story, I’m going to focus on what else is new in iOS and iPadOS 17.2 and the different improvements you’ll find throughout the system.

Let’s dive in.

Read more


Apple to Support RCS Messaging in 2024

In a surprising move, Apple announced today that it will adopt the RCS messaging standard. The company, which has been under pressure from government regulators around the world and competitors like Google and Samsung, told Chance Miller of 9to5Mac:

Later next year, we will be adding support for RCS Universal Profile, the standard as currently published by the GSM Association. We believe RCS Universal Profile will offer a better interoperability experience when compared to SMS or MMS. This will work alongside iMessage, which will continue to be the best and most secure messaging experience for Apple users.

RCS won’t replace iMessage, SMS, or MMS. Instead, RCS will run in parallel with iMessage on a user’s device for those situations where iMessage isn’t an option, and SMS and MMS will continue to serve as fallbacks in case iMessage and RCS aren’t available.

I don’t think many people saw this coming. I certainly didn’t. SMS and MMS are creaky, old technologies that don’t work over Wi-Fi, so it’s good to see them demoted to the options of last resort. RCS isn’t perfect, but it’s an improvement over those older technologies, and perhaps Apple’s support of the standard, along with the other companies that have already adopted it, will help it continue to improve.

Permalink

Automattic Acquires Interoperable Messaging Service Texts

Source: Texts.

Source: Texts.

Today, Automattic acquired Texts, a startup that’s been building a one-stop destination for managing your many chat and messaging apps in one place.

Automattic, which runs blogging platform WordPress.com and Tumblr, has been acquiring a growing list of companies in recent years, including the makers of apps like Day One and Pocket Casts. The company’s latest purchase marks its first foray into messaging.

Texts is a paid service that allows users to send and receive messages on several platforms, including iMessage, WhatsApp, Telegram, Signal, Messenger, Twitter, Instagram, LinkedIn, Slack, and Discord DMs, from a single app. There are other companies, like Beeper, attempting something similar using the open-source protocol Matrix, but Texts is a little different. It has developed its own technology stack for handling messages from multiple services that the company says doesn’t require it to send them across its servers and is end-to-end encrypted. Instead, Texts sends messages directly from one of its supported messaging platforms to another. Currently, Texts is available on the Mac, Windows, and Linux, with an iOS app under development and Android on the company’s roadmap too.

I had a chance to speak with Automattic CEO Matt Mullenweg about the acquisition, and it was clear from our conversation that he views it as a natural next step in the company’s support of open web platforms. It’s also a great fit with WordPress.org and Tumblr’s embrace of the ActivityPub protocol, which powers Mastodon and other federated social networks.

With the list of companies that offer some sort of siloed messaging that doesn’t interoperate with any others continuing to grow, I imagine the demand for a service like Texts’ is only going to grow over time. Backed by Automattic, Texts should have the resources to bring interoperability to more messaging services and grow its support for additional OSes more quickly, making it more competitive in what I expect will become an increasingly competitive market as lawmakers and regulators continue to put pressure on tech companies to make their messaging platforms more open.


macOS Sonoma: The MacStories Review

In one sense, the story of this year’s macOS update is that there is no story, but that’s not exactly right. Instead, it’s a bunch of stories. It’s the tail end of the realignment of macOS with Apple’s other OSes that began with macOS Catalina in 2019. However, Sonoma is also part of a work-at-home story accelerated by COVID-19. The OS is also linked to the story of visionOS, only part of which has been revealed. Sonoma is a bundle of narrative threads built on the foundation of past releases, adding up to a collection of updates that will be less disruptive for most Mac users than recent macOS updates. Instead, Sonoma is packed with a variety of useful new features that help draw it closer to iPadOS and iOS than ever before, design enhancements, and a few disappointing omissions.

The timing for a more modest macOS update is right. In recent years, Mac users have had to adjust to substantial redesigns of everything from their favorite system apps to the Finder’s windows and toolbars. The changes were inescapable and necessary to harmonize the Mac with Apple’s other products, but also disruptive for some long-time users.

Sonoma adds a vast collection of new wallpaper and screensaver options.

Sonoma adds a vast collection of new wallpaper and screensaver options.

With macOS Sonoma, the biggest design shifts seem to be behind us – at least for the time being. Interactive widgets on the desktop are a big change this year, but it’s not like macOS dumps a bunch of them on your desktop by default. If you never want to see a widget anywhere near your desktop, you don’t have to. Other than the subtle way the login screen has changed and the new screensavers and wallpapers that are available, the core macOS experience has barely changed.

Instead, this year’s update is primarily about refining and building upon the foundation of the past few years, coupled with a handful of more significant updates to system apps. So, while the marquee features and design changes may be less notable than in recent years, there is still a long list of new and refreshed items that touch nearly every aspect of the OS, so let’s dive in.

Read more


Sticker Drop Lets You Use iOS 16’s Subject Isolation Feature to Make iMessage Stickers

Years ago, when the iMessage Store first debuted, I covered the best sticker packs every week in MacStories Weekly, our Club MacStories newsletter. It wasn’t long before I had more sticker packs than Messages could manage. Finding individual sticker packs became a chore, so I gradually stopped using them, except on rare occasions.

One of my favorite categories of sticker apps from those early days was apps that allowed me to make my own stickers from photos. However, the process was too laborious and fiddly to justify making more than a handful of my own stickers.

That’s changed with the release of Sticker Drop, a DIY sticker creation utility for the iPhone that leverages iOS 16’s new subject isolation technology for images. What sets Sticker Drop apart is how easy it is to make and manage your own stickers.

Read more


The Pleasures of Conversing via Voice Text

Fun story by Rachel Syme, writing for The New Yorker last week, on rediscovering the simple pleasure of sending audio messages (voice texts) to friends during the pandemic:

Voice texts (also called audio messages), by contrast, are text messages with a pulse, phone calls with none of the pressure; they are fizzy zaps of connection that demand little of the recipient except that she listen and enjoy before they’re gone. They are not a new feature—on iPhones, they launched as part of the iOS8 update, way back in 2014 (and users of WhatsApp have long communicated with a similar service). But voice texting has gained obvious new appeal during the past year of isolation. At the site nofilter, the reporter Kate Lindsay wrote that she had been prepared to dismiss voice texting as “a Gen Z (or, rather, z-lennial) fad. Then the pandemic hit, and before I knew it all my text message conversations were replaced with disappearing audio snippets.”

Audio messages have been the default communication method among my friends and family for the past several years (primarily via WhatsApp; no one I know here in Italy uses iMessage’s voice text UI since it’s, frankly, quite clunky). During the pandemic and through our various stages of lockdown, however, I’ve also rediscovered the joy of sending audio messages, which strike a nice balance between the immediacy of a text and the additional context of a phone call.

Permalink

Apple Adds More Than 30 Worldwide Companies to Business Chat

Apple introduced Business Chat at WWDC in 2017 and launched it with iOS 11.3 this past March. Today, Apple confirmed to TechRadar that the feature, which began as a beta with a handful of US business partners, has been rolled out worldwide.

As we explained in our overview of iOS 11.3:

Business Chat is a way for businesses to communicate with their customers directly over iMessage. Apple’s goal with Business Chat is to elevate the customer service experience to take advantage of the best native features of iOS, such as iMessage’s inherent privacy and security, iMessage apps, Apple Pay, and integration with Maps, Safari, and Spotlight.

Initially supported by only a handful of US companies like Discover, Hilton, Lowe’s and Wells Fargo, the roster was expanded in July to include Dish, Aramak, Four Seasons, Harry & David, and American Express. With today’s launch, that list has been expanded significantly to include companies based in Europe and Asia, as well as additional companies in North America. According to TechRadar, the additions include more than 30 companies:

Europe

  • Matchesfashion (UK)
  • nPower (UK)
  • Robins & Day (UK)
  • buddybank (Italy)
  • Engie (France)
  • La Redoute (France)
  • AXA Insurance (Switzerland)
  • Swisscom (Switzerland)
  • Vodafone Germany
  • NH Hotels (Europe) 

North America

  • 1800 Contacts 
  • DirecTV Now
  • Fairmont Hotels including the Claremont Club & Spa in Berkeley
  • Kimpton Hotels
  • Freshly 
  • Macerich Malls  including Scottsdale Fashion Square and Santa Monica Place
  • Mall of America 
  • Men’s Wearhouse 
  • Jos A. Bank
  • Overstock.com
  • Quicken Loans 
  • SnapTravel (US, Canada)
  • West Elm
  • Hendrick Automotive Group
  • Four Seasons (Canada) is expanding to 88 properties around the globe, 100+ languages
  • Lithia Group

Worldwide

  • Burberry

Asia

  • Telstra (Australia)
  • Harvey Norman (Australia) 
  • KDDI (Japan)
  • Credit Suisse (Singapore and Hong Kong)

Much like Apple Pay, Business Chat is the sort of feature that isn’t likely to see significant user adoption until a large enough pool of businesses use it to reach most iPhone owners. Still, today’s broad rollout in multiple countries shows that the service is beginning to get traction. It will also be interesting to see how much longer Business Chat retains the ‘beta’ label.

Permalink