iOS 4.0 AT&T Locks Users via OTA Updates: A PRACTICAL "Leak" Evalution

Discussion in 'iOS Jailbreak & Cydia' started by mgiljum, Jun 24, 2010.

  1. mgiljum

    mgiljum New Member

    Joined:
    Feb 14, 2009
    Messages:
    67
    Likes Received:
    0
    Device:
    2G iPod touch
    AT&T Locks Users via OTA Updates: A PRACTICAL "Leak" Evaluation
    This is a practical evaluation of the claims of the so called "Alpha" Apple worker who supposedly leaked information regarding Apple's secret privacy scam involving iOS4. It has gathered a little bit of controversy and demands a thorough investigation. The article posted is here: http://www.addictivetips.com/mobile/leaked-apple-stealing-all-facetime-information-att-locks-user-via-ota-updates/
    The four points made by "Alpha" are the following:
    • With iOS 4, AT&T locks all US iPhone owners to their network via regular OTA updates.
    • AT&T shipped some iPhone 4 early to verify their OTA update system.
    • Apple stealing user information via FaceTime, which lacks encryption.
    • Some Apple employees who are aware of this situation are not updating to iOS 4.
    _____________________________________________________________________

    OTA Update Lockdown



    Now, the misconception and confusion here is the way in which people are interpreting what Alpha means by these updates. Basic logic would tell you, and even musclenerd, that it would be impossible for Apple to send such an update to iPhones on T-Mobile or other carriers besides AT&T. Unfortunately, this is not how Alpha described the lockdown procedure to work. It is not the OTA update that would supposedly lock the device, it's the lack of update.

    "Many users are confused how this works. Just to clarify, those who receive the updates will be safe while those who don’t get it, their phones will be locked.

    What its doing (supposedly) is sending an update without which the phone would lock down, only affecting those on a different network that won’t get the signal.

    The lack of the “update” is what does the damage. Not on the network, no update. Thus, your phone gets locked down."


    What Alpha is implying, in regards to how the code is implemented, is that the iPhone already comes with a lockdown script, and that in the event the iPhones sees that it is not on AT&T (due to lacking the update!), it will launch the lockdown script.

    PROBLEMS


    There are certain problems to such an argument that make it difficult to believe:

    1. What happens to those users who travel out of country when the OTA updates are sent? Or users that have their phones shut off when they are sent? Based on the claims of Alpha, the code implemented would cause those phones to lockdown, due to the lack of the update. However a question arises: would Apple sacrifice the AT&T customers under these circumstances simply to lock the phones of the users on other networks? Seems like a very impractical way of dealing with that issue.

    2. Such a code would be detectable in development, and with such a high number of developers and beta testers outside of Apple's "umbrella network" of employees and upper level developers, wouldn't someone have noticed a malicious code, or even asked questions? Such an organized plan from Alpha's leak surely would have taken months to develop and test. Alpha claimed that the early iPhone shipments (2, 3 days ahead of schedule) were tests of the OTA system. This is a pretty solid supporting argument, but it seems fishy of a claim that Apple would test such a widespread system in a matter of days, and no issues?

    3. What exactly would Apple gain from locking the phones of the non-AT&T users? Apple only gets a portion of the benefit from contracting solely from them, it's not like they're losing significant funds from the loss of the customers that switch to different networks. Apple still gets the money from the sale of the device; most the money that goes into the cellular network goes into AT&T, and the profits Apple make from it are mostly from the contracting with them. Where's the motive?

    _______________________________________________________________________

    Facetime Privacy and Lack of Encryption


    Alpha claims that through the new Facetime video calling feature on the new iPhone, Apple deliberately left out encryption on the system, which allows either Apple themselves, or anyone on a WiFi network to "see what the viewers and broadcasters are looking at without them knowing."

    He also claims that information regarding a Facetime users location can also be retrieved by Apple employees and that he's seen this happen.

    PROBLEMS

    There is absolutely no motive for this. Why would Apple want information on these connections to be accessible? Deliberately leaving the connections unencrypted does nothing to Apple but violate privacy restrictions, possibly even the level where lawsuits are possible. All for what? To know when and where Jim called Suzie?

    This is potentially where Alpha's leak begins to seems extremely fishy. IF Apple is doing this, it is setting itself up for major problems, potentially legal ones. It would makes sense only if Apple were retrieving (or making available) information that was worth getting at. There is no information accessible on the Facetime system that would benefit Apple if they had. But yet they are supposedly willing to violate users privacy to get it? That doesn't make any sense.

    ________________________________________________________________________

    Apple Development Employees Holding off on Upgrading to iOS4

    Alpha claims as evidence of the security and privacy issues Apple has caused, many employees who own iPhones are not upgrading with the knowledge of the potential risks.

    PROBLEMS

    This is an extremely weak argument, mainly because there is no proof shown that such activity is going on. Personally, I would only believe this if another Apple employee would come forward and say the same thing (but that pretty much goes for the whole "leak"). There are many possible reasons for an employee choosing not to upgrade, much like there are the users of any iDevice, especially user/developers.


    CONCLUSION


    As much as there are some decent arguments to Alpha's as to how Apple is potentially invading users' privacy, his "leak" lacks one painfully crucial thing: motive. Any company that decides to invade it's users' security must have some reason for doing it. Shutting down non-AT&T user devices would gain nothing for Apple but a LOT of extremely unhappy customers, and possible a few legal actions taken over the destruction of private property. Leaving Facetime connections unencrypted and receiving location and call info would gain nothing for Apple except, well, location and call information. What good are those to Apple, considering the risks it would have to take to get them? Once user/developers would discover the hole in the system, it would demand Apple stick to it's privacy policy.

    What is Apple getting out of all of this?

    Secondly, the only assurance I'm getting that this Alpha character is a real, genuine Apple employee, and a developer on the inside at that, is the word of the author of the article in the comment section. The problem is that the proof that Alpha is an actual employee would require him losing his job if all of this is true. If he were to attempt to give such proof, we could probably consider it a hoax. Someone who knows this much probably has a salary to match.

    As more "information" probably will arise, I'm calling this one a hoax...for now. The OTA update system makes sense, but there is no proof to support it, let alone a motive, but if more pieces to this "puzzle" seem to come from Mr. Alpha and hold together, I'm at least willing to consider further evaluation before posting "FAKE AND GAY" on the comment section.
  2. ThatGEEKFreak

    ThatGEEKFreak Active Member

    Joined:
    Dec 20, 2007
    Messages:
    1,324
    Likes Received:
    10
    Device:
    iPad 3
    Glad to be in Canada(just in case), our four main providers, Rogers, Fido(owned by rogers), Telus and Bell carry the iPhone. Where problems and other holes in the story arise and a problem for me is when you go out of the country. My friend has once before unlocked his 3GS so they could use it in the United States on a pay as you go while they were there. I know how this would piss AT&T off in the states if you lived there because it's another US network but why only AT&T, why are they the only mention in this story. AT&T and Rogers used to be buddies together and split off in 2004, surely Rogers would do something similar? I find this whole story very hard to believe. It would be to over the top and many, many, and I mean many people would be pissed off. If this sort of stuff happened many iDevices could be locked down for jailbreaks and what not as well. Just to much to believe. Trust me the phone companies do dick things here and if AT&T was doing it than I'm sure our main companies and iPhone providers would do it to, you'd think that would be mentioned...
  3. Shawa

    Shawa Super Moderator

    Joined:
    Jan 31, 2009
    Messages:
    3,188
    Likes Received:
    22
    Device:
    Nexus 4
    Excellent write up.
  4. NoogleNoggler

    NoogleNoggler Well-Known Member

    Joined:
    Sep 27, 2009
    Messages:
    2,089
    Likes Received:
    101
    Device:
    Samsung Galaxy S3
    Sue Apple, for watching our phone-sex.
    Yep, this user has been disciplined for this post by Shawa, yellow card, blah blah blah.
    Lol. But srsly, any topic i post, i get disciplined for, rly wtf?

    On Topic:
    Does this apply to iPod Touches?
  5. leadergo

    leadergo Active Member

    Joined:
    Aug 2, 2008
    Messages:
    2,384
    Likes Received:
    6
    Not for iPod Touches, as they cannot be used for cellular purposes.
  6. mgiljum

    mgiljum New Member

    Joined:
    Feb 14, 2009
    Messages:
    67
    Likes Received:
    0
    Device:
    2G iPod touch
    @YoungGeekGuy Yeah, some of the individual parts of the story seems plausible, but putting them all together into one big conspiracy Apple has against their user's privacy doesn't seem very believable. Let's just see what other crazy junk the guys has to add to the story.
  7. allgxxd

    allgxxd Member

    Joined:
    Jun 25, 2010
    Messages:
    35
    Likes Received:
    0
    Device:
    3G iPod touch
    just because we dont understand the motive, does not mean that there is not one....

    ..but this may be said to what ever big company... =)

Share This Page