7 votes

Apple Change Causes Scramble Among Private Messaging App Makers

10 comments

  1. [4]
    JXM
    Link
    I find it amusing that The Information, a technology focused news site, explained that API stood for application programming interface. But for the article itself, it seems like these developers...

    I find it amusing that The Information, a technology focused news site, explained that API stood for application programming interface.

    But for the article itself, it seems like these developers were using the VOIP API (application programming interface) in a way that it wasn't intended to be used. It’s Apple’s prerogative to change its guidelines for how those APIs are used. Especially with how abused they are.

    But it’s good that Apple is working with concerned developers to fix the issue and provide a better way to accomplish the same goals.

    1 vote
    1. [3]
      skybrian
      Link Parent
      The issue as explained by others on Hacker News is apparently that there's currently no way to send a notification, decrypt it on the device, and then decide whether it should actually notify the...

      The issue as explained by others on Hacker News is apparently that there's currently no way to send a notification, decrypt it on the device, and then decide whether it should actually notify the user or not based on their preferences. Hopefully they'll fix it.

      3 votes
      1. [2]
        babypuncher
        (edited )
        Link Parent
        You can tell where Facebook's head is when they call Apple's move unilaterally bad for privacy without properly explaining the problem. You know Facebook is actually harvesting user location data...

        You can tell where Facebook's head is when they call Apple's move unilaterally bad for privacy without properly explaining the problem. You know Facebook is actually harvesting user location data this way, which is why Apple is closing the hole to begin with.

        Obviously the correct move is for Apple to provide an API that accomplishes the same task without exposing the users location data, but if Apple can't make that happen before their deadline, they should probably open the VOIP API back up temporarily so that millions of users don't wake up to broken messaging apps in April next year.

        3 votes
        1. skybrian
          Link Parent
          Where did they say that? Facebook isn't quoted in the article. Apparently they decided not to comment. And no, I don't know what Facebook is doing with this API. How do you know? Please don't make...

          Where did they say that? Facebook isn't quoted in the article. Apparently they decided not to comment.

          And no, I don't know what Facebook is doing with this API. How do you know?

          Please don't make this a place to make unsubstantiated accusations about companies you don't like. There's entirely too much of that already on Hacker News. Speculation just makes it harder to tell what's really going on.

          1 vote
  2. [6]
    Weldawadyathink
    Link
    Most of the article is blocked for me. Does anyone have another source? Or even just an overview of the change and why it could backfire for some apps?

    Most of the article is blocked for me. Does anyone have another source? Or even just an overview of the change and why it could backfire for some apps?

    1. [4]
      Deimos
      Link Parent
      I edited in a paywall bypass that The Information used on Hacker News. Try clicking the link again now.

      I edited in a paywall bypass that The Information used on Hacker News. Try clicking the link again now.

      3 votes
      1. [3]
        emdash
        Link Parent
        Apologies, if I'd known this was the secret sauce to make the link continue to function properly I would've kept it on! I usually strip those utm_* type tags and anything after the canonical URL...

        Apologies, if I'd known this was the secret sauce to make the link continue to function properly I would've kept it on! I usually strip those utm_* type tags and anything after the canonical URL and this query parameter likely got caught up in the crossfire.

        3 votes
        1. [2]
          Deimos
          Link Parent
          Tildes automatically strips all utm_ parameters out of any submitted links, so you don't even need to worry about doing that manually!

          Tildes automatically strips all utm_ parameters out of any submitted links, so you don't even need to worry about doing that manually!

          7 votes
          1. emdash
            Link Parent
            Okay that's really clever, thank you.

            Okay that's really clever, thank you.

            3 votes
    2. babypuncher
      Link Parent
      Private messaging apps are abusing PushKit, an API meant for VOIP, to deliver and decrypt message notifications in the background. This is because PushKit allows the app to intercept the push...
      • Private messaging apps are abusing PushKit, an API meant for VOIP, to deliver and decrypt message notifications in the background. This is because PushKit allows the app to intercept the push notification and run it's own code before delivering it to the notification system. Without this hack, these apps would be relegated to delivering generic "You have a new message!" notification, requiring users to open the app to actually see it.

      • Starting in April, Apple will no longer allow the API to be used in this manner, citing the potential for apps to gather and transmit user location data whenever a notification is delivered.

      • Apple has yet to provide an alternative API that allows these apps to provide the same user experience without having the message decryption happen server side, which means these services could no longer offer end-to-end encryption.

      2 votes