Nov 20, 2023 4:13 PM PT

Nothing proves Apple’s arguments against the EU’s DMA

Nothing justified Apple's privacy and security arguments against opening up iMessage even as the iPhone maker filed an appeal against the EU's Digital Markets Act.

There was, in the oldness of time, demand for Apple to open up its iMessage service a little. Then, out of the blue, over-zealous company Nothing justified Cupertino’s privacy and security arguments against doing so in mere hours — even as Apple announced plans to open up a little more.

Winner takes it all

What that hefty opening paragraph means is that:

But choice is good, right? Not always.

Take a chance on me

During the busy iMessage weekend, Ivan Krstić, Apple’s head of security engineering and architecture, went on record to explain more about the company’s stance on privacy and security across its platforms. He was particularly scathing about the EU’s decision to force Apple to open up for app sideloading under the DMA. Krstić thinks the decision will end up degrading user choice and leave people exposed to threats.

He also suspects some key software titles will end up being exclusively sold outside of Apple’s stores, which will force users to purchase titles from alternative distributors who may or may not offer the same degree of security, privacy, and payment protection Apple provides.

“In that case, those users don’t have a choice to get that software from a distribution mechanism that they trust. And so, in fact, it is simply not the case that users will retain the choice they have today to get all of their software from the App Store,” he said.

It means users will be forced to make purchases elsewhere, exposing themselves to additional risk in what we all now know to be an extremely dangerous security environment in which high-value government surveillance attacks appear to have become routine. It really is open to question how reducing overall platform security can benefit anyone, though perhaps some people feel that’s a small price to pay for a blue bubble in a chat.

Gimme, gimme

Shortly after, or perhaps because, of Nothing’s doing, Apple moved toward adoption of the Google-championed RCS (Rich Communication Services) standard for iMessage. That means when messaging people using devices that support RCS, you will also get things like read receipts, higher quality images and typing indicators. Google has been pressing Apple to support RCS for years.

In a statement, Apple said:

“Later next year, we will be adding support for RCS Universal Profile, the standard as currently published by the GSM Association*. We believe RCS Universal Profile will offer a better interoperability experience when compared to SMS or MMS. This will work alongside iMessage, which will continue to be the best and most secure messaging experience for Apple users.”

*Italics mine: Google has done a lot of work to build extensions that work with RCS, but Apple’s statement that it plans to support the GSM standard for RCS hints that Google’s extensions won’t be supported in Apple’s implementation.

Far away, standing near

You know, at the end of the day, Apple is fond of those blue, green, and gray bubbles in iMessage. I don’t think it has any intention of changing them. Instead, it will continue to explain what they mean.

And what they mean is that the best and most secure chats will always be those made between Apple devices as those enjoy guaranteed end-to-end encryption at an industry standard level.

Apple cannot really guarantee such security in chats between different platforms or applications. How could it tell whether the Android device an Apple user is communicating with is infected with a keylogger? Or if some hacked interlocutory service such as the one chosen by Nothing turns out to be inherently insecure?

The challenge really is that creating highly secure services that interoperate effectively can only really be achieved on a standards basis, and doing so requires a degree of industry cooperation that cannot easily be forced through legislation.

In the absence of a cohesive, joint attempt to build such standards, any attempt to enforce interoperability will only expose users to the need to send an SOS when things go wrong.

Money, money, money

While blunt instruments such as the DMA may force companies to move toward opening up, such as with RCS support or new App Store protocols, the constant, overwhelming tumult of regulation disincentivizes companies from solving any single problem well. Just as in every other part of life, a balance must be found between enforcement and encouragement. Striving for this balance is the name of the game.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.