Editor’s Note: The following is based on one (detailed though not necessarily factual) report that relies on one reportedly inside (yet anonymous) source at Apple. We felt that it is detailed enough to relay to our readers, and if true, raises very troubling questions that Apple and AT&T need to address to their customers.
AddictiveTips is reporting in detail that a trusted source inside of Apple Inc. has told them that Apple is not only checking for jailbroken iPhones in conjunction with AT&T through OTA (over-the-air) updates every 7-14 days – and then relocking them and putting users on a blacklist – but is also storing Facetime location data, and that the un-encrypted WiFi chats can be snooped on. Beyond all of this, the source claims that Apple/AT&T shipped some iPhone 4’s early in order to test the OTA updates.
“It's both terrifyingly interesting and interestingly terrifying”
According to VICE, TNW Conference is quite the event
The source is reportedly an Apple employee – AddictiveTips says it will not reveal the name of the source, calling him/her only ‘Alpha’ – says that, “I will tell you this right now the things I am saying if you where to go to [Steve] Jobs himself he would deny.” Alpha claims that there is a line of code in iOS 4 that does the OTA updates and that some Apple employees themselves are not installing iOS 4 onto their iPhones. Here is how Alpha says it works:
“How it works is every 7 to 14 days We (Apple) and AT&T send a message to your iPhone that gathers some data from your iPhone without you knowing and we see what is running, baseband and firmware. We then send a following message. “There are optional updates for your iPhone, Would you like to install them now?” two options “Yes” or “Later”. Those are what would would call “OPTIONAL UPDATES” Now there are things called “MANDATORY UPDATES”. They tend to work the same way, grab data from the iPhones sends it to AT&T and us then back to your iPhone with the message, “Your iPhone (name of iphone) must be updated to the current AT&T standards to run”, your only option is to “Accept” Now you can try to work your way around it until you get the second mandatory message again “You must plug iPhone into iTunes and update” If you don’t do this you will then receive no Signal from the network anymore and your iPhone will potentially lock up with no signs of use until you update your iPhone via iTunes. You all agreed to this terms and condition when you installed iTunes 9.2 and then again once you updated to iOS4. With that being Said go ahead Try to unlock the iPhone it will only last 14 days max…”
Here is a screenshot from the article of the OTA updates taken from a phone in Canada, where apparently some users are already receiving them:
Update: More than a few commentators on AddictiveTips have noted the discrepancy between AT&T supposedly sending OTA updates to a jail-broken iPhone that isn’t running on their network any more – say for instance running on T-Mobile, and that that alone means that this story is false. However, that argument alone doesn’t necessarily mean that this leak is false – it is certainly possible to run a jail-broken iPhone on AT&T’s network and – if this leak is accurate – then we’re guessing that AT&T could theoretically detect that the phone is jail-broken, and then blacklist that customer (..and possibly send a lock code? Anyone know?). Again, theoretically.
Update: AddictiveTips says that the iOS 4 software itself will ping Apple/AT&T servers regularly (we are guessing that they mean through any available connection, i.e. WiFi, AT&T, T-Mobile, whatever) and that is how Apple/AT&T knows that an iPhone has been taken off of their network (we’re guessing – though this isn’t clear at all from AddictiveTips or their source – that by “iPhone” here they mean one bought in-contract with AT&T at a discounted price). Software can certainly be set to ping servers, so technically that part of it could be possible, but whether Apple/AT&T could then do anything punitive, as the leak suggests, i.e. bricking the phone or putting it on a blacklist – well, they might be able to associate the phone with a previous AT&T user and then deny them service, but brick a phone on another carrier…Why would they bother going to such extremes (if they could technically do it) for that matter, especially if you’re already out of your contract – does it really matter that much to AT&T that an out-of-contract fully-paid-for AT&T sold iPhone is now on another network?
Regarding Facetime, Alpha says that beyond the fact that the service isn’t encrypted and if someone wanted to, it isn’t hard to snoop in on the WiFi connection:
“Worst yet is once a person connects to another person on FaceTime it for some reason non of us in the office can figure out, sends us APPLE a message and says those two people are connecting via Facetime and gives out their location to us. So for whatever reason we need that information just blows my mind. As a consumer why would you need to let Apple know that you are connecting with a person via FaceTime, its non of Apple’s business.”
Updated: As was correctly pointed out in the comments below (which we agree with), the collection of anonymous usage data isn’t in itself a big deal – many software companies routinely track usage of their products and Apple has multiple ways to track and monitor the usage of iPhone – but we thought we’d relay it as it was positioned as a major part of the AddictiveTips story.
Again, all of this is from one unnamed source, although as you can see, this is very detailed (though not confirmed or tested) info. We have sent an email to Apple PR asking for a comment.
Update: We have also sent an email to AT&T asking for comment. We have not received any response so far from either Apple or AT&T, and we are going to hold off with any other updates until we either hear back from either with an official response and/or AddictiveTips offers any incontrovertible proof (see below)
Update: In comments on their own post, AddictiveTips is sticking to their guns and says “You should wait 24 hours because something interesting will be coming up“. We’ll have to wait and see if this “something” includes incontrovertible proof or not.
Update on 6/25/10
AddictiveTips has posted a follow up piece regarding FaceTime with a screenshot that they claim was taken by Alpha of an email sent to him in his “role” at Apple. Again, whether this person is an actual Apple employee is still very much in doubt: AddictiveTips is certainly sticking with to their source/story, however, saying this in their latest post:
“For those who think this guy is “fake” and is probably fooling around should know that I know his full name, he works at Apple iPhone department, I have seen his photo, and know his location.”
The screenshot of the email – which could frankly easily have been faked (and shows Microsoft Outlook’s Web mail as the email client – go to their post and take a look yourself if you want – anyone know if Apple uses Outlook? Seems somewhat unlikely…) – basically only says that in order to activate FaceTime the phone sends an SMS to Apple.
Regardless of why Apple deemed this necessary, according to this discussion thread on Apple.com, FaceTime does seem to need SMS functionality to activate. So even if the email in AddictiveTips is real, this doesn’t seem to be any kind of an issue, privacy or otherwise – it’s just an activation issue. As we’ve said before, the FaceTime part of this “leak” just doesn’t seem to be that big of a deal whatsoever.
Regarding the OTA issue, AddictiveTips had this to say in their latest post:
“The force OTA update will be discussed in later article, after I have gathered more proof and verified that it is indeed carrier update (because it could be forced apple firmware update too). This OTA leak should not be considered final and should be added under the category “Rumor” until further proof is confirmed.”
So there you have it – they are calling this themselves a “rumor” – so at this point we still have not seen any incontrovertible and/or corroborating proof of either the identity of this person or what he is saying is in any way the truth other than the assurances of AddictiveTips – who themselves are calling their own story a rumor.
We’ll continue to watch their site for any additional posts and keep you updated.