iOS & privacy: Looking at the
details reveals the bigger picture
written by A.k Hemanth Kumar, Head of Delivery & Lead Solutions Architect at Sparkline
Earlier this month, eagle-eyed observers on the r/iOSBeta subreddit noticed a change in behavior on devices running the latest version of beta iOS software released by Apple. While devices not yet on this version of iOS were sending information to servers owned by Google for routine security checks, the devices running the latest version of iOS seemingly didn’t send __ANY__ information to Google servers. A nice write up describing the potential change and what it means can be found here.
This might at first sound like a trivial detail that’s to be filed under the category “mildly interesting, but doesn’t affect me, so don’t care” category, but the more one considers this move, not in isolation, but against the backdrop of steady releases and updates out of Cupertino over a few years now, one may realize how profound the ramifications are for the technology industry as a whole.
To appreciate the details, lets step back for a second and try building some context. In the interest of appealing to a broad audience, let’s set aside technical semantics and approach this in a manner where we’re observing the telling of a story that’s yet to be completed…
The Foundations of the Internet as we know it
It is remarkable to consider that the vast majority of people on the planet today, can, FOR FREE, speak to satellites up in space to find out where they are exactly on the face of the earth down to a few meters and then , FOR FREE, speak to any other person with an internet connected device on the planet over a video call. For someone that grew up in the early 2000s when phone bills while traveling internationally were longer than many phone numbers, this is a marvel that feels greatly under appreciated
One of the economic models that makes all this possible is the ad-supported, free and open internet. Exactly as we’ve described in the paragraphs above. This model has paid for immeasurable leaps in technology and paved the way for an improvement in the standards of living of billions of people the likes of which have arguably never been witnessed in human history. From paying for satellite launches to photograph the entire Earth and provide those images easily and freely to anyone on the internet to paying for the incredibly expensive network of undersea cables that carry the internet across the world, companies such as Google and Facebook have demonstrated the ability to “Scale up” these economic models to the point where they are valued higher than many Nations GDP and rightfully so, for their contributions, both past and ongoing to the advancement of technology.
The great balancing act
Every website you visit, every action you take on your modern mobile phone is built upon thousands, perhaps millions of lines of code developed over generations of programmers and software/hardware companies. How your phone fetches your present location when you want to call a cab is based on a set of standards. Another set of standards dictates how your phone tries to keep your data connection when it’s going through a tunnel or you’re moving very fast on a highway. The billions of people who expect these actions to work without a hitch every single time they run them rely on the intricately complex system of layers of assumptions across all these components and standards doing exactly what it is they’re responsible for, correctly; Every. Single. Time!
To you and me, on the surface, the worst seems to be, if any of these millions of lines don’t work as they should, it stops the person trying to book a cab, for example, from getting the location that they are, leading to frustration. But a sharp observer would also note the opportunity for a spectrum of outcomes here. What happens if somewhere in one of those millions of lines somewhere, an entity that was supposed to simply look at the position of the device and return a location did so, but also made a note of that request: The person who asked, the location their device was in , the time they asked and everything else in a register somewhere? Just like the entry book at a hotel?
Two’s company and Three’s a crowd?
Well, obviously, anyone looking at that book would be able to tell a lot about the people in there. Intelligent people looking at the book may also be able to draw deeper conclusions. One may, for instance, notice that a few users request cabs at a certain location at the same time every day and infer that these users are connected somehow either through work or other societal relationships. So, there is a lot of potential here.
From the perspective of the person making the request, however, the massive complexity of the system of systems is very rarely fully clear. Even some of the most intelligent software engineers I speak to tend to employ Abstraction, a process where higher level systems are focused on instead of considering the granular inner workings of these processes to deal with pretty much every system they work on. A popular interview question I employ continues to be asking candidates for their view on what happens after one opens a browser window, types a web address in and hits enter. There is so much going on behind the scenes that I’m certain to get different responses each time and the answer is very reflective of the level of detail the candidate chooses to get into.
The paragraphs above reveal the obscurity associated with performing common actions that we all take for granted. If any of the thousands or millions of systems in the web between the person and what they’re trying to do (Book a cab, view a photo, etc.) behave in a way that the user does not intend the action to behave, we have a skew in expectations where, a person expecting to conduct a seemingly private operation stands to have their information shared amongst parties they typically have no ready visibility into.
Challenging the Fundamentals
A word constantly thrown around in technology circles dealing with startups is Disruption — the act of questioning if a process or an industry itself is operating in a way that could be heavily improved, but hasn’t, because that’s the way things have always been. We have seen successful examples of this ranging from the taxi industry being disrupted by the rise of ride hailing mobile applications to the Space Launch industry being disrupted by reusable orbital rocket stages. (You already see where we’re heading with this)
A single software developer would almost certainly find it impossible to make any meaningful impact to solving the problem we’ve seen outlined earlier around the complex web of systems that stand ready to be disrupted in favor of a better way™. It is left to the imagination of the reader what “better” means in this context. It may mean more security to some people, while others may construe it as an improvement in the transparency of the underlying system they’re talking to.
It would be very hard even for a group of engineers to justify spending a large amount of time, logical reasoning, money, computational resources etc to go about even identifying all the things that need to be tackled since these systems and conventions we use have evolved over decades and continue to change and improve every single minute.
When faced with the task of building an app or a website, a developer looking to build is more likely to choose a solution that’s available “Off the shelf” even if it does bake in these conventions and standards rather than spend more time in creating that solution from scratch than in actually building the app or the website.
Bringing it all together: Privacy, Control & so much more
Over the past couple of years (at the least), we’ve seen a steady sequence of subtle changes in the way Apple devices work amongst this very complex set of systems to preserve the privacy of the people using these devices as well as to reduce the likelihood of something going wrong because of unexpected behavior deep in the “Stack” we saw above. So many ‘little’ changes and updates that i’m certainly not going to attempt to link to all of them but will attempt a link to a generic page with a subset of the privacy changes here
Each of these elements aims to solve one part of the larger problem, but does so in a reasonably complete manner. A few examples include:
- Making it harder for websites allowing their visitors information from being shared with other companies openly.
- An improvement, preventing other websites from seeing where a person who just clicked something is coming from or even sharing information about that click.
In isolation, each of these measures seem not too big of a deal, but taken together, we see a pattern emerging where, previously routine “leaky” operations are now being challenged with solutions put forth that permit the operation as long as it operates within the boundaries of not “leaking” attributable details of the operation to someone a user performing the operation might not expect. If this isn’t possible to do, the change attempts to block all variants of such an operation.
Now, the original story that triggered this post is just one of the latest manifestations of this steady, consistent approach. It is by no means the first and it certainly will not be the last. In fact, for the curious, a subset of proposed future changes may be found here. This specific change looks to reduce even further, the avenues for information tied to a user ending up on the servers of other entities. Even if done for a good cause. Googles Safe Browsing technology protects a large number of people around the world from the harms of websites with malicious software on them. . again, FOR FREE. This is done as a service to the community and Apple is just one of the many entities that make use of Googles expertise in running such a service to identify and protect users on Apple devices. Now, from the latest version of iOS, that service will still be used by Apple, only, in a way that reduces the information tied to a single user that would previously be sent over routinely.
As has been mentioned earlier in this write up, incredibly helpful services like Google Safe Browsing exist today because of the success of the business models built on top of internet standards and protocols that rely on making an ad supported revenue stream possible and allowing billions of people to benefit from easy and free access to said technology
On the other hand, attempts to reduce unintended behavior in elements deeply embedded in the “stack”, are well intentioned and beneficial to plugging the gaps in previously routine, unchallenged assumptions.
The technology industry has gone through major disruptions in the past, from the rise of mobile phones with apps on them to the rise of extremely fast mobile networks allowing previously unimaginable use cases. The patterns described in this story make up an ongoing episode of one such period of disruption. Each of these periods of change we’ve observed in the past have the companies that adapt and coordinate better than others winning out in the new order of things.
Necessity being the mother of Invention and all that, here’s hoping that the present set of challenges put forth by these changes lead to innovation and a shared approach between the companies with differing business models in the tech world that have contributed to so many of the advances we take for granted today and go on to strengthen the model of the free and open internet.
_____
Sparkline aims to provide data accuracy, comprehension and consolidation, and most importantly, tangible insights for businesses. Get in touch if you’d like to learn more.
