Private Messaging Apps 'Scrambling' to Overhaul Software Following Apple Privacy Changes

Thursday September 5, 2019 12:12 pm PDT by Juli Clover
Apple in iOS 13 introduced a change that limits data collection practices using VoIP APIs, which has consequences for messaging apps like Facebook Messenger and WhatsApp.

According to a new report from The Information, the makers of encrypted messaging apps like Signal, Wickr, Threema, and Wire are now scrambling to overhaul their software to protect key privacy features that they believe may be compromised by the changes.


In a statement to The Information, an Apple spokesperson said that Apple is working with developers to alleviate their concerns.
"We've heard feedback on the API changes introduced in ‌iOS 13‌ to further protect user privacy and are working closely with iOS developers to help them implement their feature requests."
Julia Weiss, a spokesperson for Threema, said that Apple's changes may actually result "in the opposite of the privacy goals the changes were supposed to achieve."

What Apple is doing is limiting the PushKit API, which was designed to be used for VoIP calls but over time, has also been used for other purposes such as collecting data and, in the case of messaging apps, encryption. In ‌iOS 13‌, the PushKit API is limited to internet calls, with Apple eliminating its other uses.

Encrypted messaging apps currently use the VoIP APIs Apple is restricting for decrypting messages on the iPhone in the background, and the change disables that functionality.

App developers will be able to work around Apple's changes, but Tom Leavy, a VP at encrypted Messaging app Wickr said that it's a "significant engineering effort" that was unexpected. Makers of encrypted messaging apps are said to be exploring "alternative tools" in iOS to work, but they're said to be "way inferior" to the existing PushKit option.

Apple is giving app developers until April 2020 to comply with the changes to the PushKit API, but developers who want to update their apps for ‌iOS 13‌ and take advantage of new features must follow PushKit restrictions sooner.

[ 134 comments ]

Top Rated Comments

(View all)

Avatar
FaustsHausUK
25 weeks ago
Unless I'm missing something, these app developers all used an API for something it was not intended for. Why is Apple the villain for locking that API down for its intended use only?
Rating: 31 Votes
Avatar
jhfenton
25 weeks ago

Telegram is the Tidal of messaging apps. Sounds good, no one cares.

Everyone either uses iMessage, Whatsapp and/or FB Messenger.


Some of us care. Some of us don't want anything to do with Facebook.
Rating: 21 Votes
Avatar
now i see it
25 weeks ago
a not so subtle way of getting rid of the competing encrypted messaging apps
Rating: 20 Votes
Avatar
69Mustang
25 weeks ago

Sketchy developers are in last min panic mode now

Wait. When did Signal, Threema, and the others become sketchy?
Rating: 18 Votes
Avatar
thisisnotmyname
25 weeks ago
Seems like a new API should be developed specifically for encryption key pushes
Rating: 17 Votes
Avatar
xpxp2002
25 weeks ago

That's fair. I don't use Telegram either. I just want there to be a reliable, trustworthy cross-platform alternative.

That’s Signal.

Don’t understand why anybody uses WhatsApp when Signal is built using the same well-vetted encryption library and is open-source, cross-platform, and has no connection to Facebook.
Rating: 15 Votes
Avatar
TheBensonBoy
25 weeks ago
Or, now hear me out... Or you can just use iMessage...

Just my two cents
Rating: 15 Votes
Avatar
M.PaulCezanne
25 weeks ago
So it's working as intended... Good.
Rating: 14 Votes
Avatar
Amazing Iceman
25 weeks ago

Or, now hear me out... Or you can just use iMessage...

Just my two cents

I do prefer iMessage over WhatsApp (which I hate), but some of my contacts don't have iPhones, and WhatsApp is a convenient way to contact them.
But now with the FaceBook data leak and continued mishandling of our private information, I'm seriously considering ditching FaceBook, WhatsApp and Instagram.
Rating: 14 Votes
Avatar
Stromos
25 weeks ago

Read the article. Signal purposely did something the wrong way in order to steal your data and sell it to advertisers. They can still have an encrypted product by doing it the right way. Why is this so hard to understand?
I did have to laugh out loud when you said open source products are more "trustable" really? Hilarious.

The issue is the way Apple Fixed the API was to stop those that were stealing data. That was not Signal. Apple broke something else stopping the other bad players. The API was the only way to see encrypted messages being sent without opening apps. It's also the only way I can see a Signal message on my apple watch. Now developers have to code around it because there isn't a PushAPI that should be there.

This change makes all encrypted messengers unable to show messages on Apple Watch. That wasn't stealing data this problem is collateral damage. Everyone crying about its misuse of an API. It just means Apple crippled apps. The only fix is to now have all apps just say "new message" open app to view. That's stupid.
Rating: 14 Votes

[ Read All Comments ]