By John Gruber
Kolide ensures only secure devices can access your cloud apps.
It’s Zero Trust for Okta.
Josh Nadeau, writing for Fast Company:
In November 2019, Russian parliament passed what’s become known as the “law against Apple.” The legislation will require all smartphone devices to preload a host of applications that may provide the Russian government with a glut of information about its citizens, including their location, finances, and private communications.
Apple typically forbids the preloading of third-party apps onto its system’s hardware. But come July 2020, when the law goes into effect, Apple will be forced to quit the country and a market estimated at $3 billion unless it complies. […]
“Typically” is a vast understatement. To my knowledge, Apple has never included third-party apps on iOS devices anywhere in the world. In the early years of iPhone, that would have been apps from phone carriers and their “partners”. It’s still typical today for an Android phone purchased from, say, Verizon, to include Verizon apps pre-installed.
Having such apps mandated by the government is new, but the principle remains the same: I expect Apple to resist this, and if necessary, pull the iPhone from the Russian market. (I would expect a very healthy gray market to develop in Russia if that happens.) If Apple concedes to such demands in one country, where does it stop?
Now that I think about it, I’m kind of surprised China hasn’t passed a law like this. That would put enormous financial pressure on Apple — the Russian iPhone market is $3 billion, yes, but that’s small potatoes for Apple. “Greater China” accounted for $13.5 billion in revenue for Apple last quarter alone.
When the “law against Apple” was passed in Russia back in November, experts expressed concern that the preloaded apps would pose just as real a threat as an official backdoor. Last week, the Russian Federal Antimonopoly Service published a list of which applications will be required: Among the programs are government-produced apps for paying taxes and fines, as well as banking, navigation, and social media platforms with links to official bodies. These would have the potential to collect and send data related to finances, location, communications, and more, all without direct user permission.
I think Apple ought to refuse to comply with such a law from any country, but holy hell Russia in particular would be a privacy and security nightmare. (Again, though, China would be worse.)
★ Monday, 3 February 2020