Apple's Crystal Prison and the Future of Open Platforms

Wednesday, June 06, 2012

Article by Micah Lee and Peter Eckersley

A few weeks ago, Steve Wozniak made a public call for Apple to open its platforms for those who wish to tinker, tweak and innovate with their internals.

EFF supports Wozniak's position: while Apple's products have many virtues, they are marred by an ugly set of restrictions on what users and programmers can do with them. This is most especially true of iOS, though other Apple products sometimes suffer in the same way.

In this article we will delve into the kinds of restrictions that Apple, phone companies, and Microsoft have been imposing on mobile computers; the excuses these companies make when they impose these restrictions; the dangers this is creating for open innovation; why Apple in particular should lead the way in fixing this mess. We also propose a bill of rights that need to be secured for people who are purchasing smartphones and other pocket computers.

Apple's recent products, especially their mobile iOS devices, are like beautiful crystal prisons, with a wide range of restrictions imposed by the OS, the hardware, and Apple's contracts with carriers as well as contracts with developers. Only users who can hack or "jailbreak" their devices can escape these limitations.

Locked down devices iOS

Apple changed the way we think about mobile computing with the iPhone, but they have also lead the charge in creating restrictive computers and restrictive marketplaces for software. You may have purchased an iPad, but unless you've exploited a vulnerability in iOS to jailbreak it, there are many things you cannot install on it. The App Store has thousands of apps to choose from, but your choices are limited to apps that both Apple has approved, and which can function without "root" or "administrator" privileges.

Apple has been known to reject or remove apps from sale because of their content (WikiLeaks app banned, eBook reader with access to Kama Sutra banned), for not using Apple to process payments, and for being capable of executing code that Apple can't approve.

While Apple's policies have improved in the the years since the iPhone first launched, the company still maintains total control over what apps are available to consumers. Unlike Android, iOS does not have an option to install apps from sources other than the App Store. [1]

Apps that require administrative privileges are also impossible to install on an iOS device without jailbreaking it. This includes apps that let you tether your phone to a computer, change the look and feel of your phone's user interface, firewall your device, secure your internet traffic with OpenVPN [2], amongst many others. Jailbreaking also helps security and privacy researchers observe apps on their phones to see if they're leaking any private data.

The Cydia App Store for Jailbroken iPhones
The Cydia App Store for Jailbroken iPhones

Many of these apps are readily available through Cydia, an alternative store for jailbroken iOS devices.

Additionally, because Apple modifies binaries before publishing apps in the App Store, open source apps released under the GNU General Public License cannot be published without the approval of all authors, which caused the popular media player VLC to get removed from sale.

If you need VLC to play media that won't play with the built-in Video app, you can download it to your jailbroken device with freedom intact from Cydia, and the source code is available on their website.

Since jailbreaking is so useful, why doesn't Apple let their customers (or at least their technically inclined customers) do it?

One reason is the profits from the App Store. Apple keeps 30% of the money from each app or in-app-purchase sold through its App Store. That means that for each 99 cent app sold, the developer gets 69.3 cents and Apple gets 29.7 cents.

Cydia has 4.5 million weekly users and earns $10 million in annual revenue, and Apple doesn't get any of that competition. This is more like traditional software sales where consumers get to choose which store they buy their software from, and they can even buy it directly from the developer. Locking down iOS helps Apple maintain their monopoly on software sales for iOS.

Mountain Lion and Gatekeeper

Unfortunately, Apple is building more of the restrictions that it pioneered with iOS into Mac OS X for laptops and desktops. Apple started running the Mac App Store in early 2011 to sell Mac software.

Like the iOS App Store, Apple takes a 30% cut of all software sold. The upcoming version of Mac OS X, Mountain Lion, will reportedly include warning messages that strongly discourage users from installing apps from sources other than the Mac App Store.

OS X Mountain Lion scares users away from Adium
OS X Mountain Lion scares users away from Adium

Fortunately, it will be possible to turn this off in Mountain Lion and install apps from anywhere you want, but Apple is continuing down the dangerous road of making their products less open. OS X software authors will find themselves subject to the whims of Apple HQ.

What would Mozilla do if Apple refused to authorize Firefox for OS X Mountain Lion, in the same way that Apple refuses to allow a true version of Firefox for the iPhone? Watch half their Mac market share disappear?

UPDATE: A few people have written to argue that we are being unfair to Apple in the above paragraph, because any "Identified Developer" can sign code so that it is installable on OS X Mountain Lion with the default Gatekeeper settings. We do not think we are being unfair, but a few more details are in order:

  1. The Mountain Lion "Gatekeeper" code has three possible settings; the default is that only code from the Mac App Store or Identified Developers is installable;
  2. We believe that being an "Identified Developer" [3] requires paying $99/year and agreeing to two contracts with Apple: the Registered Apple Developer Agreement and the Mac Developer Program License Agreement, which Apple tries to keep secret but which may look like this. Free software projects like Adium may or may not be willing or able to restrict themselves in this way.
  3. Even if projects sign their applications as "Identified Developers", a large fraction of OS X users may set gatekeeper to "App Store only", because the UI makes that look like the "safest" option. The App Store itself has numerous problematic restrictions, including a prohibition on GPLed code (which is also a prohibition on most free software). If, say, 10-20% of OS X users pick "App Store only", Gatekeeper will reduce the market share of free software like Adium by a similar percentage.

It's true that you might accidentally install malware if you get software from outside of Apple's App Stores. But while Apple tries to test all submitted apps to see if they're malicious, they don't always succeed. The security benefits of using a signed package manager are well established.

GNU/Linux distributions have been doing this since the 1990s, and it's one of the primary reasons they're known for good security. But Apple perverts these benefits when your choice to install software from other sources is taken away, and when the only available app store charges developers 30% of their potential profits.

Microsoft: UEFI and Windows RT

In many ways, the Windows ecosystem has been more open than iOS's since it began. People have always been able to install whatever software they want in Windows, and whatever operating systems they want on their PCs. It's common for tinkerers to dual-boot their PCs with GNU/Linux and other operating systems, and some users choose to completely remove Windows.

However, this is going to change, at least for Microsoft's mobile and embedded OSes. Microsoft recently announced that in order to be Windows 8 hardware certified, personal computers must implement the "secure boot" option in the Unified Extensible Firmware Interface (UEFI) firmware interface specification, which is a modern replacement for the traditional PC BIOS.

When "secure mode" is enabled, UEFI will execute only operating system bootloader code that is digitally signed, which could effectively shut out non-Windows 8 operating systems, including earlier versions of Windows. In response to warnings and legal steps from the free software community, Microsoft agreed to require "Windows 8" certified x86 and x86-64 hardware vendors to offer a way to turn off this "secure boot" option that locks out user-modified OSes.

Unfortunately, that's not the end of the story. For Windows computers with ARM processors, which will include Microsoft's new Windows RT tablet devices, the story is completely different. Manufacturers will be forbidden to allow booting to any operating system besides Windows. Microsoft is copying Apple's model and denying their users the right to chose an alternative OS or modify the one they paid for.

Microsoft is also planning on restricting which applications are allowed to run with high privileges in Windows RT. The only web browser that will be allowed to run with these privileges is Internet Explorer. Harvey Anderson, Mozilla's General Counsel, warned about this on Mozilla's blog:

"Why does this matter to users? Quite simply because Windows on ARM -as currently designed- restricts user choice, reduces competition and chills innovation. By allowing only IE to perform the advanced functions of a modern Web browser, third-party browsers are effectively excluded from the platform."

Microsoft, like Apple, is moving toward a dangerous future where users have less freedom to do what they want with their computers, where developers are restricted in what they can accomplish, and where competition and innovation is stifled.

Inadequate Excuses for Restricting Innovation

When technology and phone companies defend the restrictions that they are imposing on their customers, the most frequent defense they offer is that it's actually in their customers' interest to be deprived of liberty: "If we let people do what they want with their pocket computers, they will do stupid things with them. You will be safer and happier in our walled compound than you would be outside."

This is an elaborate misdirection. It may or may not be true that any particular user gets a better result from the pristine AT&T/Sprint/Apple/Microsoft experience than they do from a modifiable OS. Those companies should feel free to continue offering their own visions of how a pocket computer should function, so long as there is a simple, documented, and reliable way to drill into a settings menu, unlatch the gate of the crystal prison, and leave.

Toward a bill of rights for mobile computer owners

There are four rights that people purchasing computers should enjoy:

  1. Installation of arbitrary applications on the device. If the user wishes to, they should not be limited to what is included in one particular proprietary "app store."
  2. Access to the phone OS at the root/superuser/hypervisor/administrator level. If consumers wish to examine the low-level code that is running in their pockets, to check for invasions of privacy, run the anti-virus software of their choice, join VPNs, install firewalls, or just tinker with their operating systems, phone and device companies have no legitimate basis for preventing this.
  3. The option to install a different OS altogether. If people want to install Linux on their iPhones, Boot to Gecko on their Windows phones, or just run a different version of Android on their Android phones, the company that sold them the hardware must not prevent them. Using a cryptographic bootloader to defend against malware is a fine idea, but there must be a way to reconfigure this security mechanism to (1) allow an alternative OS to be installed; and (2) to offer the same cryptographic protections for the alternative OS.
  4. Hardware warranties that are clearly independent of software warranties. Apple denies warranty coverage to users who have jailbroken their iPhones. While nobody is asking Apple to support jailbroken or modified software, it is inexcusable that the company threatens not to cover, say, a faulty screen, if the customer has chosen to modify the software on their device.

Why Apple Can Lead the Way Out

Apple did not invent the culture of imposing restrictions on what kinds of programs people could run on the computers in their pockets. Mobile phone manufacturers and carriers were making life miserable for programmers long before Apple entered the smartphone market, and writing code for phones in those days was described as "a tarpit of misery, pain, and destruction".

If anything, Apple's innovation was to show that it was possible to have a computing platform that was simultaneously useful, successful, and deeply restrictive of what people were able to do with it.

Nor is Apple necessarily the leading culprit in anti-competitive OS design today. AT&T, which not only encourages Apple's restrictiveness, but also distributes its own modified and heavily restricted versions of the Android operating system, might even be the worse actor.

What Apple has is the institutional wisdom to know better, and the ability to fix the situation. Apple understands the importance of open platforms: their devices wouldn't exist without them. Apple's incredibly strong brand and stature in the marketplace mean that the company could give people the freedom to tinker with their devices without measurably affecting its own profits or the experience of its "mainstream", non-tinkering users. And while the phone companies like to play at being gatekeepers in the retail phone market, we doubt that they can dictate terms to Apple.

Apple, take Woz's advice. No place, and no system, can be perfect if it denies its citizens the freedom to change it, or the freedom to leave.

1. AT&T used to impose a similar restriction on the Android-based devices that it sold, but ended those restrictions last year. Unfortunately, some device makers still are tempted to restrict their customers in similar ways.
2. iOS offers some options for VPNs, but not OpenVPN. GuizmoOVPN is an open source OpenVPN client for jailbroken iOS devices.
3. Many aspects of the Gatekeeper Developer ID program are only documented to parties who agree to an NDA with Apple, which we will not do. However Apple is clear that a Developer ID requires membership in the Mac Developer Program, and also implies that membership of that program requires agreement to the Mac Developer Program License Agreement.

Cross-posted from Electronic Frontier Foundation

Possibly Related Articles:
10553
Operating Systems
General Legal
Apple iPhone Application Security Operating Systems Development Jailbreaking Innovation iOS Privileges
Post Rating I Like this!
70e177868d7bc383ce3ea10b6f976ada
Andrew Baker For good or for evil, platform vendors are viewed through the security lens of the users of their products. To the extent that any code can run on a platform *and* the users that that platform are largely non-technical, then there will be all sorts of malware issues for which the vendor will be blamed.

Microsoft has fought against this for a number of year, and only very recently have many people stopped linking "Windows" with "insecure" in their minds. (I said "many", not "every")

Apple has dual motivation for this, one of which is clearly financial. Security is also a consideration.

This is not to say that I like the closed ecosystem that Apple sports, because I don't. I just don't think that the security implications should be ignored, either.

There needs to be a way for power users to be able to tinker, in the fine tradition of computing, but there also needs to be a way to protect the masses from themselves. Android is only part way there.

And let's not forget that we don't pay for software. We pay for a license to use the software at the vendor's discretion. It's a subtle distinction.

Again, I'm not arguing that this is how it *should* be, but that most certainly is how it is today. Perhaps we should fight against that first, which would give us more leverage to address the rest of it.

-ASB: http://XeeMe.com/AndrewBaker
1339003664
Default-avatar
Cody Renden My primary question regarding this whole issue is the casting of Microsoft as a monopoly for including IE on every single Windows distribution. If that is "monopolistic", how is an iPhone that you can't even ATTEMPT to install another web browser on NOT?

It seems to be that Apple has been given a double-standard compared to Microsoft. Apple completely stifles all competition on any of their platforms. The only way to use something without paying Apple is illegally, through jail breaking.

One could argue that the main difference is that the iPhone isn't your home computer - but that is about to change. Now they are doing it on the Mac OS also, meaning that Safari is your only option. How can that not be the exact same situation as Internet Explorer on Windows, except that Windows LET you install other options. Apple FORCES you to use Safari (or will soon).
1339006416
70e177868d7bc383ce3ea10b6f976ada
Andrew Baker Well, we've never treated Apple and Microsoft the same, so no news there. :)

But your point is well made.

-ASB: http://XeeMe.com/AndrewBaker
1339007397
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.