Saved this writeup for future reference, thanks. Agreed that privacy needs more analysis than trusting a few rather opaque OS knobs.
I am a little skeptical about some of the claims in that gist, though. One example is when they claim that APNS pushes require app access to a globally unique iOS activation identifier. That seems false. According to Apple’s dev docs at least, those tokens are device-and-app specific and have to be re-requested at app start time since they can be regenerated for a variety of reasons: https://developer.apple.com/library/archive/documentation/Ne...
Seems to have nothing to do with an activation UUID from a quick glance.
I appreciate a lot of the reference material in there, but this seeming mistake of conflating 2 different UUIDs makes me a little skeptical of some of the conclusions.
Edit for correction: I think I misread this part of the gist. They never directly say that the activation UUID is given directly to the app developer, just that Apple can track your social networking app pseudonym over APNS, "and possibly the social networking service" will be able to, as well.
This to me implied that the social networking service had the activation UUID, but the author never directly said that. If the notification has your pseudonym in it and Apple's storing that when a notification goes to APNS, it does seem like Apple would be able to tie that to your device if they're peeking inside the notification payload. The solution to this would be for the app developer to not include sensitive info in notifications or for the user to disable push notifications, but an E2E encrypted trustless notification solution provided by Apple would be much nicer.
> On iOS, there is no full-disk or full-volume encryption, only varying levels of file-based encryption, partially dependent on third-party developer choices, such that what is, and isn’t, encrypted (with encryption tied to the user passphrase) is not always clear to the end-user.
I'm not sure about this, either; all recent iOS devices have a DMA AES engine that performs encryption on anything that travels between storage and memory.
I am a little skeptical about some of the claims in that gist, though. One example is when they claim that APNS pushes require app access to a globally unique iOS activation identifier. That seems false. According to Apple’s dev docs at least, those tokens are device-and-app specific and have to be re-requested at app start time since they can be regenerated for a variety of reasons: https://developer.apple.com/library/archive/documentation/Ne...
Seems to have nothing to do with an activation UUID from a quick glance.
I appreciate a lot of the reference material in there, but this seeming mistake of conflating 2 different UUIDs makes me a little skeptical of some of the conclusions.
Edit for correction: I think I misread this part of the gist. They never directly say that the activation UUID is given directly to the app developer, just that Apple can track your social networking app pseudonym over APNS, "and possibly the social networking service" will be able to, as well.
This to me implied that the social networking service had the activation UUID, but the author never directly said that. If the notification has your pseudonym in it and Apple's storing that when a notification goes to APNS, it does seem like Apple would be able to tie that to your device if they're peeking inside the notification payload. The solution to this would be for the app developer to not include sensitive info in notifications or for the user to disable push notifications, but an E2E encrypted trustless notification solution provided by Apple would be much nicer.