AndyRM
Elder Goth
Google own Android.
Encrypted Apple iCloud Data
- Thread starter BoldonLad
- Start date
Page may contain affiliate links. Please see terms for details.
Google own Android.
dutchguylivingintheuk
Veteran
And Red Hat owns Red Hat Linux, Suse owns Suse Linux, Canonical owns Ubuntu but with all these project and android open source you can download the source code and use it, as far as the applicable open source license allows. that the definition of open source who owns the company that develops it has nothing to do with it. They are bound by their own license terms if they release something under and open source license they have to commit to the open source conditions. Which google does, with android they have the Android open source project which is 100% open source and then Google's hardware/software devision has a seperate android version which they preinstall on their phones, technically an Fork and so does Samsung, Oneplus, Asus etc.
C R
Veteran
Android is not a Linux distribution. HTH.
dutchguylivingintheuk
Veteran
C R
Veteran
It isn't open source. Google muddies the waters by having something called Android Open Source Project, which they need to do to fulfil their obligations regarding licensing of the Linux kernel. However, other than the kernel, pretty much nothing in your android phone is open source.
dutchguylivingintheuk
Veteran
Just because some people rely on google services for every step they take doesn't mean android open source isn't open source, there are still a lot of devices that support running android open source and there are a lot of app ect. available if you dare to look past google and are willing to sacrifice convenience for less tracking and more privacy and above all have control over your device instead of your device having control over you.
Huawei when it was banned from using any US technology so Google as an US company wasn't allowed to support them in any way was able to make their own android fork so quickly because it is in fact an open source project.
I have run linageos and also got push notifications(for messages) because spoiler that google uses firebase in their roms does not mean there aren't alternatives.
I would call it muddling the waters like you see as with some router manufacturers they supply the source code because they used opensource components but if you where to build an firmware from those sources you can't because the drivers and other components you need to run the firmware are not open source.
So that is in fact an example of something being open source on paper, that's not the case with android.
Android isn't android open source can be build for lots of devices, with full functionality, yes software that google and others provide made give you more convenience using that same functionality but there are no technical limitations and for example Pixel 6 pro on Android provided by google can technically do the same as an Pixel 6 pro running an android open source version.(which you can built yourself or use the one of the many distributions ) and yes i'm giving the example of the Pixel 6 pro because i am in fact speaking of experience i'm not just saying it i ran both versions on it.
dutchguylivingintheuk
Veteran
OP
OP
BoldonLad
Old man on a bike. Not a member of a clique.
- Location
- South Tyneside
They might have a challenge with removing existing user ADP access. As they don't hold the keys and as existing data in the iCloud will be encrypted to stop users using those keys would mean losing existing encrypted data ie trash everything those users have on iCloud - which is not a viable way forwards.
To implement a scheme whereby new data is encrypted using keys Apple hold and old data encrypted using keys Apple don't hold would be a nightmare and take a fair time to implement & test and it would need to keep running for ever.
Tell users to disable it themselves and many wouldn't.
It's madness and shows the UK Gov. to be daft and not really understand how easy it is for people to get round their snooping. eg Use Cryptomator (free) which will do the same as Apple's ADP, is free and works on any cloud storage service. Ooops, UK Gov. missed that one. And UK still needs a warrant and Apple have not even complied with the full request.
Plus it is already tarnishing the UK's reputation and for no security benefit. Stupidity of politicians.
As to Apple "caving" down to linguistics and perception. Apple have not introduced a "backdoor", and instead are just not offering a service to some users. Data is still encrypted and UK Gov. still have to go through courts, serve Apple with a warrant to get Apple to decrypt it and there are constraints on that access.
UK Gov. just made UK citizens slightly less safe and gain UK a "less reliable player" reputation.
Ian
OP
OP
BoldonLad
Old man on a bike. Not a member of a clique.
- Location
- South Tyneside
I am not an expert in this area, but, would the simplist "solution" be to put the onus on the users, ie, tell users "if you have encrypted data in iCloud, then, you have x days/weeks/months to save it in unencrypted form, or, risk it becoming inaccessible when we turn off ADP in UK"
But, as you say, no matter how implemented, it does little for the UK's reputation.
Wouldn't work as after <x> days what would you do? delete all their encrypted iCloud data? Irrecoverable photos and documents. What is somebody was away travelling and didn't get the "You have <x> days ..." and suddenly lots everything in the cloud?
They'd have to find some way to force your computer to hand the keys back to Apple. Might be challenging to do depending on what security blocks you have in place eg I have a number of apple.com domains blocked from all my devices (they can even resolve the domain name to an IP address to even setup communications). They'd have to be very careful about how they did it to ensure any such blocks don't trash the keys and destroy the data.
US security agencies, including the FBI and NSA, have been advocating for increased use of encryption to protect against Chinese cyber threats, creating potential conflicts between UK and US security interests.
nb the "bad actors" wont be using Apple ADP anyway as it isn't great for sharing stuff, much shared will no longer be ADP encrypted. ie sharing illegal content would likely take the content out of ADP encryption. So now eg US users with ADP enabled who share content with somebody they don't realise is a UK user (who won't have ADP enabled) will be decrypting that content!
Ian
Last edited:
nb UK Gov. might not have noticed but even with ADP disabled there is a fair amount of Apple device data twhere they keys are not held by Apple (only held on device). eg Messages in iCloud Apple don't have the keys to decrypt even without ADP. Same with Home data, Journal Data, Maps, Card Transactions, Safari browser (history, etc.), etc.
Plus, Apple have not actually complied with the UK gov.'s full request and it would likely cause problems with other Governments if they did as they was access to all Apple Users worldwide eg a US citizen, never having travelled outside US UK gov. want to be able to get their data without the US Gov. being aware of what is happening. Wonder how US Gov. would feel about that.
And even without ADP I can still end to end encrypt eg a note so Apple (and thus UK Gov) can't decrypt it using the existing app, existing options (just password lock a note, basic privacy w never disable).
Ian
Plus, Apple have not actually complied with the UK gov.'s full request and it would likely cause problems with other Governments if they did as they was access to all Apple Users worldwide eg a US citizen, never having travelled outside US UK gov. want to be able to get their data without the US Gov. being aware of what is happening. Wonder how US Gov. would feel about that.
And even without ADP I can still end to end encrypt eg a note so Apple (and thus UK Gov) can't decrypt it using the existing app, existing options (just password lock a note, basic privacy w never disable).
Ian
Last edited:
the snail
Active Member
But the police can require you to give up the password/key.
Which means there is no point in weakening server security. So as you say security services can get at your data with ADP available but if hackers try they face additional security (as you are not obliged to provide hackers your pass keys/password).
One problem with known weaker security is tbat hackers try to break-in which can cause the account to be locked for security which can be a real nuisance (particularly if away from home). With ADP some additional functionality is disabled and hackers know even if they get in they can't decrypt your data ... so they don't bother (anything like so much).
I'm not bothered about keeping my iCloud from UK Gov. (which I do through other servers). My concern is weakened server security. Which is why US security agencies, including the FBI and NSA, have been advocating for increased use of encryption to protect against Chinese cyber threats, creating potential conflicts between UK and US security interests. UK going in opposite direction.
Ian
