Russia wants Apple's source code to prove it's not used for spying

The Russian government has asked for security cooperation from Apple and enterprise services firm SAP. The proposal would see Apple handing over the source code for their products so Russia could inspect them for backdoors or defects that could be exploited by spy agencies like the NSA. Apple has repeatedly denied working with the NSA or other government agency to create such backdoors, but the Russian government, well, they're not wanting to take any chances.

It is laughable to think that Apple (or SAP) would willingly turn over the source code for their flagship products to any government, be it the United States or Russia. The Russian government claims that the proposal is meant to secure customers from spying, but at the same time given the decaying state of relations between the home nations of Apple (United States) and SAP (Germany), they'd be hesitant to enter into any such arrangement.

On the other hand, Microsoft has been engaged in such an agreement with the Russian government for over a decade, with no immediately obvious threats to their business having come out of it. The Russian Ministry of Communications said that the prospect of state companies using the hardware and software of uncooperative companies "remains uncertain."

Source: Reuters

Derek Kessler

Managing Editor of Mobile Nations, Army musician, armchair pundit, and professional ranter.

More Posts

 

8
loading...
0
loading...
65
loading...
0
loading...

← Previously

Despicable Me: Minion Rush Jelly update includes new challenges

Next up →

How to get your screen read with VoiceOver for visual accessibility on iPhone and iPad

Reader comments

Russia wants Apple's source code to prove it's not used for spying

30 Comments

Windows phone seems to do better in third world countries, and they apparently already have Microsoft's source codes, so that seems to be a moot point.

Posted via iMore App

All OS's get bugs, and Android viruses aren't as big a deal as you think. Manage you device right and you will avoid them. Same as Windows pc and Macs. It's not an inherent flaw of the Os that give it viruses. Android it self is rather secure, the people that use it aren't. That's where your problem lies.

Posted via iMore App

Unfortunately I'm gonna have to disagree with you here @Sax_Derp. Android has more security holes in it than swiss cheese. Besides, if you're gonna stay isolated, at least do it in the proper way (like iOS or WP). The Play Store (or the Android App Store) is filled with bogus, scamming apps, many of which unfortunately contain malware. Compare that to the Apple App Store **(the largest App Store on the planet)** ##(till this year)##, which had its first malware infected app last year. This was after more than 5 years of operations!
Now, if only iOS could get PROPER home screen widgets, not any of that notification centre crap.

Check your facts, the vast vast majority of nasty android apps have never been near the google play store

Posted via iMore App

But why does Google barely even review and approve apps in the Play Store??? There's a bunch of apps that App Store doesn't have, and that's because Apple reviews all the apps 1 by 1.

Sent from the iMore App

I seem to recall *many* apps in the App Store that were worded in a way to hide the fact that they weren't Microsoft Office. They'd have extra words in the title to hide the "Tutorial" part. They even went so far as to use the icon from some Office products. Let alone all the clone apps in both stores. How many fart buttons do we need?

Edit: You're also forgetting AppOps/XPrivacy. I can stop SoundHound on my Android from using my location, can't get that in my Privacy thing on my iOS device. Glad I jailbroke to add ProtectMyPrivacy though.

I think that any food company that I consume a product of should divulge all if the intimate details of it's "secret recipe" of that product so I can "confirm" they're not trying to poison me.
[sigh]

Sent from the iMore App

Nope. No way. There are two things that are wrong about this. First is the kind of obvious but stupid concern about patents and some stuff that are usually confidential. Secondly, this just sets a precedent. If Russia gets the source code, how long before the NSA asks for it from a company that is set in the country where the NSA is from? Besides, if apple doesn't agree with the us government and provides the source code to any other country, this just allows USA to threaten apple using the cover all term 'national security' as an excuse. The legal complications are endless.
Besides, majority of the source code is public/open source anyway.

Let me contradict your statement with these two points-

Firstly, as you might be aware (given the Dev in your username) that apple follows a mixed open/closed source policy for iOS. Basically they let developers work on a part of iOS as open source software, finding bugs, and fixing vulnerabilities. Then, they let the coding ninjas at Cupertino take over. These guys test it even further, and add the non open source (patented) code, so as to complete the whole package. Then they test it for months, *then* they launch a few betas that last a few more months, and THEN they release it for everyone. So, any vulnerabilities are usually found and fixed by the main release.^

Secondly, Please, I hope that you didn't take my comment to be against open source software. I LOVE open source software. For a school going student with a 5 year old broken laptop, open source SW was the sole reason I could code, design or do any of the stuff I can do right now. (The devs at Code::Blocks, you da real MVP!). In fact, even now, the only two sets of paid or closed source software in my Mac are the standard apple apps and Adobe CC.

^You might refute this sentence by giving examples such as the recent bug (more like a major fracked up sh*t storm) in OpenSSL, popularly called as Heartbleed. But here's the thing, this bug was in an outside software. Apple (or any company for that matter) can do only so much for protecting/fixing/scanning their SW. It wasn't Microsoft or Apple which found the bug, despite the fact that they use it, or deal with customers that use it daily. (Yes, I know that the big was discovered by members of the Google Security team). The point is, its very tough to find these vulnerabilities (if they exist), so please, for God's sake, don't come up with any conspiracy theories from that (or this) sentence. Even if the bug/vulnerability is in the 'home' software (the goto fail bug comes to mind), they can result from tiny little errors, and can go unnoticed, lost in millions or even billions of lines of code.

NOTE TO EVERYONE!: Please, for gods sake, don't jump to any conclusion. it was just one bloody article. Android phones can be used as a listening device ('bug') just by downloading a single malware you get after opening a mail attachment. Dozens of people talking about Android being a big mess of security holes, its fine. You get one person talking about a 'vulnerability' in iOS, and everyone loses their minds! Oh, and what's worse? You need physical access to not only the iOS device, but the Mac it syncs with AS well. PHYSICAL ACCESS!

Oh, and to add to my earlier long as shit post, I should also add that I will bet everything i own (which admittedly is not much) that the NSA is using the trick mentioned in Zdziarski's slides to access the data of its targets. In fact, probably every surveillance agency in the world is doing it in one way or the other. This 'trick' and several other vulnerabilities that are still there in people who don't or can't update their phones is being used by these agencies to spy on us. Most of us don't even realise it. There are a significant number of people out there, who use a jailbreaked (jailbroken?) device (which in itself is a huge SNAFU), that are stuck on 7.0.5 or below, as there is no JB for iOS 7.1

You miss one crucial point -- you most emphatically do *NOT* need access to the mac the phone syncs with. You only need access to the unlocked phone and *a* computer to which you can connect it and click "trust"

Since leaked documents have revealed a) that the NSA has bragged internally about the extent of their iOS penetration, and b) that NSA can and does intercept shipments of consumer electronics before the end user receives them. Zdziarski's method is absolutely *perfect* for the NSA's needs in that scenario. Intercept the shipment, unwrap the phone, create a pairing, wrap the phone up, send it back on its way. If the user does not wipe his phone, it is compromised, with its data accessible remotely, with no way for him to notice.

That does not mean Apple was complicit or even aware of what the NSA could do; however, their reaction so far does not suggest they are in any hurry to close these *cough* diagnostic holes.

Yes, I am a dev, and yes, you are still wrong. From a security standpoint, source is 100% open or it is not. I can use OSS software for 99% of my stack, but if that closed 1% is a wrapper that intercepts and modifies the calls out of the OSS components, the stack may as well be closed to the security researcher, because (s)he cannot identify where the change was introduced. (Leaving out GPLv3 software where the person has to publish source code modification, because Apple does not use GPL'd software.) That security researcher *may* in some limited cases be able to line up the same circumstances for Apple's product and for the declared OSS component in a vacuum, and compare the behavior of each, but, if the responses are not identical, there is no way to tell where those changes were introduced.

Tim Cook at Apple would need to be insane to turn over his source code to anyone. I think the Russians would be the very last country you'd trust though. Russia is known to be run by a bunch of gangsters, with Putin the biggest one.

"The Russian government claims that the proposal is meant to secure customers from spying..."

Would be far better to secure airliners from being shot down by pro-Russian separatists.
You know, the amateurs with too much firepower and too much to prove.

Providing source code changes nothing. Apple can give the Russians one version of the source code and still have different source code on the iOS devices.

Dear Russia,
Get out of your communist ways and no, Murica' ain't givin' you anything.
Not sincerely,
US Army

Sent from the iMore App