To Trust ICEBlock’s Anonymity, You Have to Trust Apple

Dominic Preston, writing at The Verge, regarding Android fans’ bristling at ICEBlock developer Joshua Aaron’s claims that an Android (or web) version of ICEBlock couldn’t provide the same level of privacy as the iOS version:

Aaron told The Verge ICEBlock is built around a single database in iCloud. When a user taps on the map to report ICE sightings, the location data is added to that database, and users within five miles are automatically sent a push notification alerting them. Push notifications require developers to have some way of designating which devices receive them, and while Aaron declined to say precisely how the notifications function, he said alerts are sent through Apple’s system, not ICEBlock’s, letting him avoid keeping his own database of users or their devices. “We utilized iCloud in kind of a creative way,” Aaron said. [...]

But you might have spotted the problem: ICEBlock isn’t collecting device data on iOS, but only because similar data is stored with Apple instead.

Apple maintains a database of which devices and accounts have installed a given app, and Carlos Anso from GrapheneOS told me that it likely also tracks device registrations for push notifications. For either ICEBlock’s iOS app or a hypothetical Android app, law enforcement could demand information directly from the company, cutting ICEBlock out of the loop. Aaron told me that he has “no idea what Apple would store,” and it “has nothing to do with ICEBlock.”

Bruce Schneier linked to this story saying “the ICEBlock tool has vulnerabilities”, but I don’t think that’s a fair description. As far as we know, ICEBlock is as private as possible while still enabling push notifications, and a hypothetical Android version couldn’t be as private. But that privacy does depend on trust in Apple.

Also worth a note: Aaron’s wife, Carolyn Feinstein, was an auditor at the Department of Justice but was fired last month because of her husband’s app.

Saturday, 26 July 2025