At this summer's HOPE conference, Joshua Aaron spoke about ICEBlock, his iPhone app that allows users to anonymously report ICE sightings within a 5 mile radius, and to get notifications when others report ICE sightings near them. You can see the full talk, and the lively/infuriating Q&A, here,
The complaint is: Narcissistic incompetent dev spreads FUD while putting vulnerable people at risk.
The risk appears to be anxiety, not an active threat to their safety. The black box security analysis did not indicate any direct data leakage. We don’t know the app is safe, but we also don’t have any indication it’s doing anything particularly risky.
For the most part, we don’t know what the risks are, because the app is closed-source.
What we do know is that Apple logs the downloads of every account on their platform. That alone is enough to paint a target on the backs of vulnerable people.
We also know that the gov is intercepting notification data, in the form of " which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered. In certain instances, they also might also receive unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in an app notification."
You can bypass this data collection by using UnifiedPush on Android. Apple has no such alternative.
These are all things that I, a random internet dumbass with no development experience, knows, but somehow this fool does not, despite being educated over and over.
I appreciate the link about the potential for push harvesting. That was not something I was aware of.
It doesn’t sound like they’re intercepting though, it sounds like they’re asking the platform to provide it. That should require a warrant unless Apple has gone full collaboration, but that does make it insecure to a targeted search. And paired with fake reports could potentially be used to geolocate someone to a rough area with some work.
Though I think if they have enough to compel cooperation from the platform they could also just get cell tower or direct GPS info. I’m not sure this really opens up a new vulnerability separate from the general risk of using a smartphone when the government can produce a warrant (which with the coopting of the judiciary may not be as high a bar as it once was).
Pretty meaningless in the context of our current dictatorship.
Cell towers and GPS info don’t provide any information about what the user is doing on the device.
“They received an ICE block push” isn’t a meaningful piece of information compared to location. It’s already a targeted search. What do you think the government will do with that information?
Quite the opposite. Getting notifications from ICEBlock shows that they are potentially “fugitives” or “aiding and abetting criminals” or “targeting law enforcement”. These are not my words, these are words from the current federal administration. A random location tells them nothing about any of that activity.
We’ve reached the inevitable future where the govt is using any and all information they can get to target “criminals” and feeding them into databases and processing them with shitty AI in order to decide who they’re going to harass that day.
It’s still a targeted search, which may be bullshit but isn’t a trawling operation. If they’re targeting you, a demerit for simply having ICEBlock installed is the least of your worries. And if Apple goes full collaboration, then any “improper” app install is going to be a danger regardless of whether it’s pushing.
I’m telling you it’s not a “targeted search”, It’s an AI-generated output from a bullshit generator.
You don’t know that.
Also correct. But some apps are more sensitive than others.