<!--#include virtual="/server/header.html" -->
<!-- Parent-Version: 1.96 -->
<!--#set var="DISABLE_TOP_ADDENDUM" value="yes" -->
<!-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  Please do not edit <ul class="blurbs">!
    Instead, edit /proprietary/workshop/mal.rec, then regenerate pages.
           See explanations in /proprietary/workshop/README.md.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-->
<title>Apple's Operating Systems are Malware
- GNU Project - Free Software Foundation</title>
<link rel="stylesheet" type="text/css" href="/side-menu.css" media="screen,print" />
 <!--#include virtual="/proprietary/po/malware-apple.translist" -->
<!--#include virtual="/server/banner.html" -->
<div class="nav">
<a id="side-menu-button" class="switch" href="#navlinks">
 <img id="side-menu-icon" height="32"
      src="/graphics/icons/side-menu.png"
      title="Section contents"
      alt=" [Section contents] " />
</a>

<p class="breadcrumb">
 <a href="/"><img src="/graphics/icons/home.png" height="24"
    alt="GNU Home" title="GNU Home" /></a> /
 <a href="/proprietary/proprietary.html">Malware</a> /
 By company /
</p>
</div>
<!--GNUN: OUT-OF-DATE NOTICE-->
<!--#include virtual="/server/top-addendum.html" -->
<div style="clear: both"></div>
<div id="last-div" class="reduced-width">
<h2>Apple's Operating Systems Are Malware</h2>

<div class="infobox">
<hr class="full-width" />
<p>Nonfree (proprietary) software is very often malware (designed to
mistreat the user). Nonfree software is controlled by its developers,
which puts them in a position of power over the users; <a
href="/philosophy/free-software-even-more-important.html">that is the
basic injustice</a>. The developers and manufacturers often exercise
that power to the detriment of the users they ought to serve.</p>

<p>This typically takes the form of malicious functionalities.</p>
<hr class="full-width" />
</div>

<div class="article">
<div class="important">
<p>If you know of an example that ought to be in this page but isn't
here, please write
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>
to inform us. Please include the URL of a trustworthy reference or two
to serve as specific substantiation.</p>
</div>

<div id="TOC" class="toc-inline">
<h3 style="display: none">Types of Apple malware</h3>
<ul>
  <li><a href="#back-doors">Back doors</a></li>
  <li><a href="#censorship">Censorship</a></li>
<!-- <li><a href="#deception">Deception</a></li> -->
  <li><a href="#drm">DRM</a></li>
  <li><a href="#incompatibility">Incompatibility</a></li>
  <li><a href="#insecurity">Insecurity</a></li>
  <li><a href="#interference">Interference</a></li>
  <li><a href="#jails">Jails</a></li>
  <li><a href="#manipulation">Manipulation</a></li>
  <li><a href="#pressuring">Pressuring</a></li>
  <li><a href="#sabotage">Sabotage</a></li>
  <li><a href="#subscriptions">Subscriptions</a></li>
  <li><a href="#surveillance">Surveillance</a></li>
  <li><a href="#tyrants">Tyrants</a></li>
</ul>
</div>

<h3 id="back-doors">Back Doors</h3>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201907100">
    <!--#set var="DATE" value='<small class="date-tag">2019-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple appears to say that <a
    href="https://techcrunch.com/2019/07/10/apple-silent-update-zoom-app/">
    there is a back door in MacOS</a> for automatically updating some
    (all?) apps.</p>

    <p>The specific change described in the article was not
    malicious—it protected users from surveillance by third
    parties—but that is a separate question.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201607284">
    <!--#set var="DATE" value='<small class="date-tag">2016-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Dropbox app for Macintosh <a
    href="https://web.archive.org/web/20180124123506/http://applehelpwriter.com/2016/07/28/revealing-dropboxs-dirty-little-security-hack/">
    takes control of user interface items after luring the user into
    entering an admin password</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201504090">
    <!--#set var="DATE" value='<small class="date-tag">2015-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Mac OS X had an <a
    href="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/">
    intentional local back door for 4 years</a>, which could be exploited
    by attackers to gain root privileges.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201011220">
    <!--#set var="DATE" value='<small class="date-tag">2010-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The iPhone has a back door for <a
    href="http://www.npr.org/2010/11/22/131511381/wipeout-when-your-company-kills-your-iphone">
    href="https://www.npr.org/2010/11/22/131511381/wipeout-when-your-company-kills-your-iphone">
    remote wipe</a>.  It's not always enabled, but users are led into
    enabling it without understanding.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M200808110">
    <!--#set var="DATE" value='<small class="date-tag">2008-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The iPhone has a back door <a
    href="http://www.telegraph.co.uk/technology/3358134/Apples-Jobs-confirms-iPhone-kill-switch.html">
    href="https://www.telegraph.co.uk/technology/3358134/Apples-Jobs-confirms-iPhone-kill-switch.html">
    that allows Apple to remotely delete apps</a> which Apple considers
    “inappropriate”.  Jobs said it's OK for Apple to have
    this power because of course we can trust Apple.</p>
  </li>
</ul>


<h3 id="censorship">Censorship</h3>

<p>Apple mainly uses iOS, which is a typical jail, to impose censorship
through the Apple Store. Please refer to the <a href="#jails">Apple Jails</a>
section for more information.</p>


<h3 id="drm">DRM</h3>

<p>Digital restrictions management, or “DRM,” refers to
functionalities designed to restrict what users can do with the data
in their computers.</p>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202203210">
    <!--#set var="DATE" value='<small class="date-tag">2022-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple prevents people from upgrading their Mac hardware <a
    href="https://www.theverge.com/2022/3/21/22989226/apple-mac-studios-removable-ssd-blocked-software-replacement">by
    imposing DRM on its removable SSD storage</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202111040">
    <!--#set var="DATE" value='<small class="date-tag">2021-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple's new tactic to restrict users from
    repairing their own device and impose DRM on people is to <a
    href="https://www.ifixit.com/News/54829/apples-new-screen-repair-trap-could-change-the-repair-industry-forever">completely
    disable its Face ID functionality</a> when you replace its screen.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201908150.1">
    <!--#set var="DATE" value='<small class="date-tag">2019-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple is putting DRM on iPhone batteries, and the system proprietary
    software <a href="#M201908150">turns off certain features when batteries
    are replaced other than by Apple.</a></p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201704070.1">
    <!--#set var="DATE" value='<small class="date-tag">2017-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>DRM makes the iPhone 7 nearly <a
    href="#iphone7-sabotage">unrepairable</a> by anyone else but Apple.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201512260">
    <!--#set var="DATE" value='<small class="date-tag">2015-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://www.vice.com/en/article/bmvxp4/switzerland-wants-a-single-universal-phone-charger-by-2017">
    Apple uses DRM software to prevent people from charging an iThing
    with a generic USB cable</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M200811210">
    <!--#set var="DATE" value='<small class="date-tag">2008-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://www.eff.org/deeplinks/2008/11/apple-downgrades-macbook-video-drm">
    DRM (digital restrictions mechanisms) in MacOS</a>. This article
    focuses on the fact that a new model of Macbook introduced a
    requirement for monitors to have malicious hardware, but DRM software
    in MacOS is involved in activating the hardware. The software for
    accessing iTunes is also responsible.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M200708130">
    <!--#set var="DATE" value='<small class="date-tag">2007-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a href="http://arstechnica.com/apple/2007/08/aacs-tentacles/"> href="https://arstechnica.com/gadgets/2007/08/aacs-tentacles/">
    DRM that caters to Bluray Blu-ray disks</a>.  (The article focused on Windows
    and said that MacOS would do the same thing subsequently.)</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M200703310">
    <!--#set var="DATE" value='<small class="date-tag">2007-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>iTunes videos have DRM, which allows Apple to <a
    href="https://en.wikipedia.org/wiki/FairPlay">dictate where its
    customers can watch the videos they purchased</a>.</p>
  </li>
</ul>


<h3 id="incompatibility">Incompatibility</h3>

<p>In this section, we list characteristics of Apple programs that block or
hinder users from switching to any alternative program—and, in
particular, from switching to free software which can liberate the device
the software runs on.</p>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201803300">
    <!--#set var="DATE" value='<small class="date-tag">2018-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>In MacOS and iOS, the procedure for <a
    href="https://support.apple.com/guide/photos/export-photos-videos-and-slideshows-pht6e157c5f/mac">
    converting images from the Photos format</a> to a free format is so
    tedious and time-consuming that users just give up if they have a
    lot of them.</p>
  </li>

  <li id="M201802120">
    <!--#set var="DATE" value='<small class="date-tag">2018-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple devices lock users

<!-- Copied from workshop/mal.rec. Do not edit in <a
    href="https://gizmodo.com/homepod-is-the-ultimate-apple-product-in-a-bad-way-1822883347">
    solely to Apple services</a> by being designed to be incompatible
    with all other options, ethical or unethical.</p>
  </li> malware-apple.html. -->
  <li id="M201605044">
    <!--#set var="DATE" value='<small class="date-tag">2016-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>iWork (office software that runs on MacOS,
    iOS and iCloud) uses secret formats and <a
    href="https://en.wikipedia.org/wiki/IWork">provides no means of
    converting them to or from Open Document Formats</a>. iWork
    formats have changed several times since they were first
    introduced. This may have had the effect of thwarting <a
    href="https://github.com/obriensp/iWorkFileFormat">reverse
    href="https://gothub.projectsegfau.lt/obriensp/iWorkFileFormat/">reverse engineering
    efforts</a>, thus preventing free software from fully supporting
    them.</p>

    <p>iWork formats are considered <a
    href="https://wiki.harvard.edu/confluence/download/attachments/204385883/Format%20profile%20-%20Apple%20iWork%20Pages%20v04.docx?version=1&modificationDate=1459873751000&api=v2">
    unfit for document preservation</a>.</p>
  </li>
</ul>


<h3 id="insecurity">Insecurity</h3>

<p>These bugs are/were not intentional, so unlike the rest of the file
  they do not count as malware. We mention them to refute the
  supposition that prestigious proprietary software doesn't have grave
  bugs.</p>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202312270">
    <!--#set var="DATE" value='<small class="date-tag">2023-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature/">
    A back door in Apple devices</a>, present and abused from at least
    2019 until 2023, allowed crackers to have full control over them by
    sending iMessage texts that installed malware without any action on
    the user's part.  Infections, among other things, gave the intruders
    access to owners' microphone recordings, photos, location and other
    personal data.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202201040">
    <!--#set var="DATE" value='<small class="date-tag">2022-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>A critical bug in Apple's iOS makes
    it possible for attackers to alter a shutdown event, <a
    href="https://blog.zecops.com/research/persistence-without-persistence-meet-the-ultimate-persistence-bug-noreboot/">tricking
    the user into thinking that the phone has been powered
    off</a>. But in fact, it's still running, and the user can't feel
    any difference between a real shutdown and the fake shutdown.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202111110">
    <!--#set var="DATE" value='<small class="date-tag">2021-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Some researchers at Google <a href="https://www.vice.com/en/article/93bw8y/google-caught-hackers-using-a-mac-zero-day-against-hong-kong-users">found
  a zero-day vulnerability on MacOS,
  which crackers used to target people visiting the websites</a> of
  a media outlet and a pro-democracy labor and political group in Hong
  Kong.</p>

  <p><small>Please note that the article wrongly refers
  to crackers as “<a href="/philosophy/words-to-avoid.html#Hacker">hackers</a>”.</small></p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202107180">
    <!--#set var="DATE" value='<small class="date-tag">2021-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://www.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-does-it-hack-phones">
    The pegasus spyware used vulnerabilities on proprietary smartphone
    operating systems</a> to impose surveillance on people. It can record
    people's calls, copy their messages, and secretly film them, using a
    security vulnerability. There's also <a
    href="https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf">
 	a technical analysis of this spyware</a> available in PDF format.</p>

    <p>A free operating system would've let people to fix the bugs for
    themselves but now infected people will be compelled to wait for corporations to
    fix the problems.</p>

    <p><small>Please note that the article
    wrongly refers to crackers as “<a
    href="/philosophy/words-to-avoid.html#Hacker">hackers</a>”.</small></p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202012200">
    <!--#set var="DATE" value='<small class="date-tag">2020-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Commercial crackware can <a
    href="https://www.theguardian.com/technology/2020/dec/20/iphones-vulnerable-to-hacking-tool-for-months-researchers-say">
    get passwords out of an iMonster</a>, use the microphone and camera,
    and other things.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202011120">
    <!--#set var="DATE" value='<small class="date-tag">2020-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple has <a
    href="https://sneak.berlin/20201112/your-computer-isnt-yours">implemented
    href="https://sneak.berlin/20201112/your-computer-isnt-yours/">implemented
    a malware in its computers that imposes surveillance</a> on users
    and reports users' computing to Apple.</p>

    <p>The reports are even unencrypted and they've been leaking this
    data for two years already. This malware is reporting to Apple what
    user opens what program at what time. It also gives Apple
    power to sabotage users' computing.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201908310">
    <!--#set var="DATE" value='<small class="date-tag">2019-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>A series of vulnerabilities <a
    href="https://www.forbes.com/sites/gordonkelly/2019/08/31/apple-iphone-ipad-security-ios-upgrade-iphone-xs-max-xr-update/">found
    in iOS allowed attackers to gain access to sensitive information
    including private messages, passwords, photos and contacts stored on
    the user's iMonster</a>.</p>

    <p>The deep insecurity of iMonsters is even more pertinent given that
    Apple's proprietary software makes users totally dependent on Apple
    for even a modicum of security.  It also means that the devices do
    not even try to offer security against Apple itself.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201607220">
    <!--#set var="DATE" value='<small class="date-tag">2016-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>A vulnerability in Apple's Image I/O API allowed an attacker to <a
    href="https://www.theguardian.com/technology/2016/jul/22/stagefright-flaw-ios-iphone-imessage-apple">execute
    malicious code from any application which uses this API to render a
    certain kind of image file</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201604120">
    <!--#set var="DATE" value='<small class="date-tag">2016-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>A bug in the iThings Messages app <a
    href="https://theintercept.com/2016/04/12/apple-bug-exposed-chat-history-with-a-single-click/">allowed
    a malicious web site to extract all the user's messaging
    history</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201311120">
    <!--#set var="DATE" value='<small class="date-tag">2013-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
    The NSA can tap data in smart phones, including iPhones,
    Android, and BlackBerry</a>.  While there is not much
    detail here, it seems that this does not operate via
    the universal back door that we know nearly all portable
    phones have. It may involve exploiting various bugs.  There are <a
    href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
    href="https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/">
    lots of bugs in the phones' radio software</a>.</p>
  </li>
</ul>


<h3 id="interference">Interference</h3>
<p>Various proprietary programs often mess up are designed to harass, annoy or cause
  trouble for the user's system. user. They are like sabotage, but they are not grave
  enough to qualify for the word “sabotage”. Nonetheless,
  they are nasty and wrong. This section describes examples of Apple
  committing interference.</p>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202211300">
    <!--#set var="DATE" value='<small class="date-tag">2022-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a href="https://www.techarp.com/mobile/apple-china-limit-airdrop/">
    Obeying a demand by the Chinese government, Apple restricted the
    use of AirDrop in China</a>. It imposed a ten-minute time limit
    during which users can receive files from non contacts. This makes
    it nearly impossible to use AirDrop for its intended purpose, which
    is to exchange files with strangers between iMonsters in physical
    proximity. This happened after it became known that dissenters
    were using the app to distribute digital anti-government fliers
    anonymously.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202105300">
    <!--#set var="DATE" value='<small class="date-tag">2021-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://www.theguardian.com/technology/2021/may/30/gadgets-have-stopped-working-together-interoperability-apple">Apple
    is systematically undermining interoperability</a>. At the hardware
    level, it does this via nonstandard plugs, buses and networks. At
    the software level, it does this by not letting the user have any
    data except within one app.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201908150">
    <!--#set var="DATE" value='<small class="date-tag">2019-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple is putting DRM on iPhone
    batteries, and the system proprietary software <a
    href="https://www.vice.com/en/article/59nz3k/apple-is-locking-batteries-to-specific-iphones-a-nightmare-for-diy-repair">turns
    off certain features when batteries are replaced other than by
    Apple.</a></p>
  </li>
</ul>


<h3 id="jails">Jails</h3>

<p>Jails are systems that impose censorship on which application programs.</p>
programs a user can install.</p>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202207200">
    <!--#set var="DATE" value='<small class="date-tag">2022-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Shortcuts, a built-in scripting app on Apple devices, <a
    href="https://support.apple.com/guide/shortcuts/apdf01f8c054/5.0/ios/15.0">
    doesn't give you complete freedom to share scripts</a>
    (a.k.a. “shortcuts”). Exporting a script as a file <a
    href="https://web.archive.org/web/20230329031338/https://www.reddit.com/r/StallmanWasRight/comments/vogb0c/all_methods_of_sharing_ios_shortcuts_require_an/">
    requires an Apple ID</a>, and may be subjected to censorship by Apple.</p>

    <p>In this situation (and many others), switching from iPhony/iBad to a
    freedom respecting device gives you both convenience and freedom. The
    assumption that you must sacrifice convenience to get freedom is
    often wrong. Jails are inconvenient.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202109170">
    <!--#set var="DATE" value='<small class="date-tag">2021-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple has made it <a
    href="https://gizmodo.com/apple-and-google-pull-opposition-app-from-russian-store-1847695238">
    impossible to load Navalny's tactical voting app into an iPhone</a>
    in Russia.</p>

    <p>It is impossible because (1) the iPhone refuses to load apps
    from anywhere other than Apple, and (2) Apple has obeyed a Russian
    censorship law.  The first point is enforced by Apple's nonfree
    software.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201904080">
    <!--#set var="DATE" value='<small class="date-tag">2019-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple plans to require that <a
    href="https://www.macrumors.com/2019/04/08/mac-apps-notarization-macos-10-14-5/">
    all application software for MacOS be approved by Apple first</a>.</p>

    <p>Offering a checking service as an option could be
    useful and would not be wrong.  Requiring users to get
    Apple's approval is tyranny. Apple says the check will
    only look for malware (not counting the malware that is <a
    href="/proprietary/malware-apple.html#TOC">part of
    the operating system</a>), but Apple could change that policy step
    by step.  Or perhaps Apple will define malware to include any app
    that China the Chinese government does not like.</p>

    <p>For free software, this means users will need to get Apple's
    approval after compilation.  This amounts to a system of surveilling
    the use of free programs.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M200803070">
    <!--#set var="DATE" value='<small class="date-tag">2008-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a href="https://en.wikipedia.org/w/index.php?title=IOS_jailbreaking&oldid=835861046">
    iOS, the operating system of the Apple iThings, is the prototype
    of a jail</a>.  It was Apple that introduced the practice of
    designing general purpose computers with censorship of application
    programs.</p>

    <p>Here is an article about the <a
    href="http://weblog.rogueamoeba.com/2008/03/07/code-signing-and-you/">
    href="https://weblog.rogueamoeba.com/2008/03/07/code-signing-and-you/">
    code signing</a> that the iThings use to lock up the user.</p>

    <p>Curiously, Apple is beginning to allow limited passage through the
    walls of the iThing jail: users can now install apps built from
    source code, provided the source code is written in Swift.  Users
    cannot do this freely because they are required to identify
    themselves. <a href="https://developer.apple.com/xcode/">Here
    are details</a>. While this is a crack in the prison walls, it is not
    big enough to mean that the iThings are no longer jails.</p>
  </li>
</ul>

<h4 id="jail-censorship">Examples of censorship by Apple jails</h4>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202108200">
    <!--#set var="DATE" value='<small class="date-tag">2021-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Russian communications watchdog <a
    href="https://www.reuters.com/legal/litigation/russian-watchdog-tells-google-apple-remove-navalny-app-report-2021-08-20/">
    tells Google and Apple to remove Navalny's app</a> from their
    stores.</p>

    <p>Because Apple controls what a user can install, this is absolute
    censorship. By contrast, because Android does not do that, users can
    install apps even if Google does not offer them.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202008300">
    <!--#set var="DATE" value='<small class="date-tag">2020-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple is <a
    href="https://www.theguardian.com/technology/2020/aug/30/this-isnt-the-1990s-apple-under-pressure-from-app-developers">
    putting the squeeze on all business</a> conducted through apps
    for iMonsters.</p>

    <p>This is a symptom of a very big injustice: that Apple has the
    power to decide what software can be installed on an iMonster.
    That it is a jail.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201910100">
    <!--#set var="DATE" value='<small class="date-tag">2019-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple has <a
    href="https://www.theguardian.com/world/2019/oct/10/hong-kong-protests-apple-pulls-tracking-app-after-china-criticism">
    banned the app that Hong Kong protesters use to communicate</a>.</p>

    <p>Obeying the “local laws” about what people can do with
    software is no excuse for censoring what software people can use.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201910070">
    <!--#set var="DATE" value='<small class="date-tag">2019-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple <a
    href="https://boingboing.net/2019/10/07/apple-ios-13-1-2-for-hong-kong.html">
    censors the Taiwan flag in iOS</a> on behalf of the Chinese
    government. When the region is set to Hong Kong, this flag is not
    visible in the emoji selection widget but is still accessible. When the
    region is set to mainland China, all attempts to display it will result
    in the “empty emoji” icon as if the flag never existed.</p>

    <p>Thus, not only does Apple use the App Store as an instrument
    of censorship, it also uses the iThing operating system for that
    purpose.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201905150">
    <!--#set var="DATE" value='<small class="date-tag">2019-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Users caught in the jail of an iMonster are <a
    href="https://boingboing.net/2019/05/15/brittle-security.html"> sitting
    ducks for other attackers</a>, and the app censorship prevents security
    companies from figuring out how those attacks work.</p>

    <p>Apple's censorship of apps is fundamentally unjust, and would be
    inexcusable even if it didn't lead to security threats as well.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201710130">
    <!--#set var="DATE" value='<small class="date-tag">2017-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple is <a
    href="https://www.eff.org/deeplinks/2017/10/iranian-hardliners-want-isolated-internet">
    censoring apps for the US government too</a>. Specifically, it is
    deleting apps developed by Iranians.</p>

    <p>The root of these wrongs is in Apple. If Apple had not designed
    the iMonsters to let Apple censor applications, Apple would not have
    had the power to stop users from installing whatever kind of apps.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201707290">
    <!--#set var="DATE" value='<small class="date-tag">2017-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple <a
    href="https://www.nytimes.com/2017/07/29/technology/china-apple-censorhip.html">
    deleted several VPNs from its app store for China</a>, thus using its
    own censorship power to strengthen that of the Chinese government.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201701064">
    <!--#set var="DATE" value='<small class="date-tag">2017-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple used its censorship system to enforce Russian surveillance <a
    href="http://www.nytimes.com/2017/01/06/technology/linkedin-blocked-in-russia.html?partner=rss&emc=rss&_r=0">
    href="https://web.archive.org/web/20220402210254/https://www.nytimes.com/2017/01/06/technology/linkedin-blocked-in-russia.html">
    by blocking distribution of the LinkedIn app in Russia</a>.</p>

    <p>This is ironic because LinkedIn is a surveillance system itself.
    While subjecting its users to its own surveillance, it tries to
    protect its users from Russian surveillance, and is therefore subject
    to Russian censorship.</p>

    <p>However, the point here is the wrong of Apple's censorship of
    apps.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201701050">
    <!--#set var="DATE" value='<small class="date-tag">2017-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple used its censorship system to enforce China's censorship <a
    href="https://www.theguardian.com/world/2017/jan/05/apple-removes-new-york-times-app-in-china">
    by blocking distribution of the New York Times app</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201605190">
    <!--#set var="DATE" value='<small class="date-tag">2016-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple censors games, <a
    href="http://arstechnica.com/gaming/2016/05/apple-says-game-about-palestinian-child-isnt-a-game">
    href="https://arstechnica.com/gaming/2016/05/apple-says-game-about-palestinian-child-isnt-a-game/">
    banning some games from the cr…app store</a> because of which
    political points they suggest. Some political points are apparently
    considered acceptable.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201509290">
    <!--#set var="DATE" value='<small class="date-tag">2015-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple <a href="http://ifixit.org/blog/7401/ifixit-app-pulled/"> href="https://www.ifixit.com/News/7401/ifixit-app-pulled">
    banned a program from the App Store</a> because its developers
    committed the enormity of disassembling some iThings.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201509230">
    <!--#set var="DATE" value='<small class="date-tag">2015-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>As of 2015, Apple <a
    href="http://www.theguardian.com/commentisfree/2015/sep/23/apple-anti-choice-tendencies-showing-in-app-store-reproductive-rights">
    href="https://www.theguardian.com/commentisfree/2015/sep/23/apple-anti-choice-tendencies-showing-in-app-store-reproductive-rights">
    systematically bans apps that endorse abortion rights or would help
    women find abortions</a>.</p>

    <p>This particular political slant <a
    href="http://www.theguardian.com/technology/2011/dec/01/siri-abortion-apple-unintenional-omissions">
    href="https://www.theguardian.com/technology/2011/dec/01/siri-abortion-apple-unintenional-omissions">
    affects other Apple services</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201506250">
    <!--#set var="DATE" value='<small class="date-tag">2015-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple has banned iThing
    applications that show the confederate flag.  <a
    href="http://www.huffingtonpost.com/2015/06/25/apple-confederate-flag_n_7663754.html">
    href="https://www.huffpost.com/entry/apple-confederate-flag_n_7663754">
    Not only those that use it as a symbol of racism</a>, but even
    strategic games that use it to represent confederate army units
    fighting in the Civil War.</p>

    <p>This ludicrous rigidity illustrates the point that Apple should
    not be allowed to censor apps.  Even if Apple carried out this act of
    censorship with some care, it would still be wrong.  Whether racism
    is bad, whether educating people about drone attacks is bad, are not
    the real issue.  Apple should not have the power to impose its views
    about either of these questions, or any other.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201412110">
    <!--#set var="DATE" value='<small class="date-tag">2014-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="http://www.theguardian.com/technology/2014/dec/11/papers-please-game-ipad-nude-body-scans">
    href="https://www.theguardian.com/technology/2014/dec/11/papers-please-game-ipad-nude-body-scans">
    More examples of Apple's arbitrary and inconsistent censorship</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201405250">
    <!--#set var="DATE" value='<small class="date-tag">2014-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple used this censorship power in 2014 to <a
    href="http://boingboing.net/2014/02/07/apple-yanks-last-remaining-bit.html">
    href="https://boingboing.net/2014/02/07/apple-yanks-last-remaining-bit.html">
    ban all bitcoin apps</a> for the iThings for a time.  It also <a
    href="http://www.gamespot.com/articles/apple-removes-game-about-growing-marijuana-from-app-store/1100-6419864/">
    href="https://www.gamespot.com/articles/apple-removes-game-about-growing-marijuana-from-app-store/1100-6419864/">
    banned a game about growing marijuana</a>, while permitting games
    about other crimes such as killing people.  Perhaps Apple considers
    killing more acceptable than marijuana.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201402070">
    <!--#set var="DATE" value='<small class="date-tag">2014-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple rejected an app that displayed the locations
    of US drone assassinations, giving various excuses. Each
    time the developers fixed one “problem”, Apple
    complained about another.  After the fifth rejection, Apple <a
    href="http://mashable.com/2014/02/07/apple-app-tracks-drone-strikes/">
    href="https://mashable.com/archive/apple-app-tracks-drone-strikes">
    admitted it was censoring the app based on the subject matter</a>.</p>
  </li>
</ul>


<h3 id="manipulation">Manipulation</h3>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201308290">
    <!--#set var="DATE" value='<small class="date-tag">2013-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>“Dark patterns” are <a
    href="http://www.theverge.com/2013/8/29/4640308/dark-patterns-inside-the-interfaces-designed-to-trick-you">user
    href="https://www.theverge.com/2013/8/29/4640308/dark-patterns-inside-the-interfaces-designed-to-trick-you">user
    interfaces designed to mislead users, or make option settings hard
    to find</a>.</p>

    <p>This allows a company such as Apple to say, “We allow users
    to turn this off” while ensuring that few will understand how
    to actually turn it off.</p>
  </li>
</ul>


<h3 id="pressuring">Pressuring</h3>

<p>Proprietary companies can take advantage of their customers by imposing arbitrary limits to their use of the software.  This section reports examples of hard sell and other unjust commercial tactics by Apple.</p>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201510270">
    <!--#set var="DATE" value='<small class="date-tag">2015-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple Siri <a
    href="http://www.theguardian.com/technology/2015/oct/27/apple-music-subscribers-siri-questions">refuses
    href="https://www.theguardian.com/technology/2015/oct/27/apple-music-subscribers-siri-questions">refuses
    to give you information</a> about music charts if you're not an Apple
    Music subscriber.</p>
  </li>
</ul>


<h3 id="sabotage">Sabotage</h3>

<p>These are situations in which Apple employs its power over users
to directly intervene in ways that harm them or block their work.</p>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202311301">
    <!--#set var="DATE" value='<small class="date-tag">2023-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://web.archive.org/web/20231213150111/https://www.nytimes.com/2023/11/12/technology/iphone-repair-apple-control.html">To
    block non-Apple repairs, Apple encodes the iMonster serial
    number in the original parts</a>. This is called “parts
    pairing”. Swapping parts between working iMonsters of the same
    model causes malfunction or disabling of some functionalities. Part
    replacement may also trigger persistent alerts, unless it is done by
    an Apple store.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201908130">
    <!--#set var="DATE" value='<small class="date-tag">2019-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>When Apple suspects a user of fraud, it
    judges the case secretly and presents the verdict
    as a fait accompli.  The punishment to a user found guilty <a
    href="https://qz.com/1683460/what-happens-to-your-itunes-account-when-apple-says-youve-committed-fraud/">is
    href="https://qz.com/1683460/what-happens-to-your-itunes-account-when-apple-says-youve-committed-fraud">is
    being cut off for life, which more-or-less cripples the user's Apple
    devices forever</a>.  There is no appeal.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201810240">
    <!--#set var="DATE" value='<small class="date-tag">2018-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple and Samsung deliberately <a
    href="https://www.theguardian.com/technology/2018/oct/24/apple-samsung-fined-for-slowing-down-phones">degrade
    the performance of older phones to force users to buy their newer
    phones</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201805310">
    <!--#set var="DATE" value='<small class="date-tag">2018-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple has <a
    href="https://www.theverge.com/2018/5/31/17412396/telegram-apple-app-store-app-updates-russia">blocked
    Telegram from upgrading its app for a month</a>.</p>

    <p>This evidently has to do with Russia's command to Apple to block
    Telegram in Russia.</p>

    <p>The Telegram client is free software on other platforms, but not on
    iThings. Since <a href="/proprietary/proprietary-jails.html#apple">they
    are jails</a>, they don't permit any app to be free software.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201710044">
    <!--#set var="DATE" value='<small class="date-tag">2017-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>MacOS High Sierra forcibly reformats SSD boot drives, and <a
    href="https://www.macworld.com/article/3230498/apple-file-system-apfs-faq.html">
    href="https://www.macworld.com/article/230582/apple-file-system-apfs-faq.html">
    changes the file system from HFS+  to APFS</a>, which cannot be
    accessed from GNU/Linux, Windows or even older versions of MacOS.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201706060">
    <!--#set var="DATE" value='<small class="date-tag">2017-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple will stop <a
    href="https://www.theguardian.com/technology/2017/jun/06/iphone-ipad-apps-games-apple-5-5c-obsolete">fixing
    bugs for older model iThings</a>.</p>

    <p>Meanwhile, Apple stops people from fixing problems themselves;
    that's the nature of proprietary software.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201704070">
    <!--#set var="DATE" value='<small class="date-tag">2017-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p id="iphone7-sabotage">The
    iPhone 7 contains DRM specifically designed to <a
    href="https://www.vice.com/en/article/kbjm8e/iphone-7-home-button-unreplaceable-repair-software-lock">
    brick it if an “unauthorized” repair shop fixes it</a>.
    “Unauthorized” essentially means anyone besides Apple.</p>

    <p><small>(The article uses the term “lock”
    to describe the DRM, but we prefer to use the term <a
    href="/philosophy/words-to-avoid.html#DigitalLocks"> digital
    handcuffs</a>.)</small></p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201606080">
    <!--#set var="DATE" value='<small class="date-tag">2016-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple <a
    href="https://www.theregister.co.uk/2016/04/14/uninstall_quicktime_for_windows/">
    href="https://www.theregister.com/2016/04/14/uninstall_quicktime_for_windows/">
    stops users from fixing the security bugs in Quicktime for Windows</a>,
    while refusing to fix them itself.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201605040">
    <!--#set var="DATE" value='<small class="date-tag">2016-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Apple Music client program <a
    href="https://web.archive.org/web/20170520213355/https://blog.vellumatlanta.com/2016/05/04/apple-stole-my-music-no-seriously/">scans
    the user's file system for music files, copies them to an Apple server,
    and deletes them</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201602050">
    <!--#set var="DATE" value='<small class="date-tag">2016-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>iOS version 9 for iThings <a
    href="https://www.theguardian.com/money/2016/feb/05/error-53-apple-iphone-software-update-handset-worthless-third-party-repair">sabotages
    them irreparably if they were repaired by someone other than
    Apple</a>. Apple eventually backed off from this policy under
    criticism from the users. However, it has not acknowledged that this
    was wrong.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201510020">
    <!--#set var="DATE" value='<small class="date-tag">2015-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple forced millions of iThings to <a
    href="https://discussions.apple.com/thread/7256669?tstart=0">download
    a system upgrade without asking the users</a>. Apple did not
    forcibly install the upgrade but the downloading alone caused lots
    of trouble.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201412040">
    <!--#set var="DATE" value='<small class="date-tag">2014-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple <a
    href="http://www.theguardian.com/technology/2014/dec/04/apple-deleted-music-ipods-rivals-steve-jobs">
    href="https://www.theguardian.com/technology/2014/dec/04/apple-deleted-music-ipods-rivals-steve-jobs">
    deleted from iPods the music that users had got from internet music
    stores that competed with iTunes</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M200709270">
    <!--#set var="DATE" value='<small class="date-tag">2007-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://www.computerworld.com/article/2541250/update--apple-plays-hardball--upgrade--bricks--unlocked-iphones.html">
    href="https://web.archive.org/web/20230315024447/https://www.computerworld.com/article/2541250/update--apple-plays-hardball--upgrade--bricks--unlocked-iphones.html">
    An Apple firmware “upgrade” bricked iPhones that had been
    unlocked</a>.  The “upgrade” also deactivated applications
    not approved by <a href="/proprietary/proprietary-jails.html">Apple
    censorship</a>.  All this was apparently intentional.</p>
  </li>
</ul>


<h3 id="subscriptions">Subscriptions</h3>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202008180">
    <!--#set var="DATE" value='<small class="date-tag">2020-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple can remotely <a
    href="https://www.theguardian.com/games/2020/aug/18/apple-sets-deadline-in-feud-with-fortnite-maker-epic-games">
    cut off any developer's access to the tools for developing software</a>
    for iOS or MacOS.</p>

    <p>Epic (Apple's target in this example)
    makes nonfree games which have their own <a
    href="https://ekgaming.com/2019/03/17/is-the-epic-games-store-spying-on-your-computer/">
    malicious features</a>, but that doesn't make it acceptable for Apple
    to have this sort of power.</p>
  </li>
</ul>


<h3 id="surveillance">Surveillance</h3>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202211140">
    <!--#set var="DATE" value='<small class="date-tag">2022-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://web.archive.org/web/20230101185726/https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558">
    The iMonster app store client programs collect many kinds of data</a>
    about the user's actions and private communications. “Do not
    track” options are available, but tracking doesn't stop if
    the user activates them: Apple keeps on collecting data for itself,
    although it claims not to send it to third parties.</p>

    <p><a
    href="https://www.theregister.com/2022/11/14/apple_data_collection_lawsuit/">
    Apple is being sued</a> for that.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202105240">
    <!--#set var="DATE" value='<small class="date-tag">2021-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://www.cpomagazine.com/data-privacy/icloud-data-turned-over-to-chinese-government-conflicts-with-apples-privacy-first-focus/">Apple
    is moving its Chinese customers' iCloud data to a datacenter controlled
    by the Chinese government</a>. Apple is already storing the encryption
    keys on these servers, obeying Chinese authority, making all Chinese
    user data available to the government.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202004200">
    <!--#set var="DATE" value='<small class="date-tag">2020-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple whistleblower Thomas Le Bonniec reports that Apple
    made a practice of surreptitiously activating the Siri software to <a
    href="https://www.politico.eu/wp-content/uploads/2020/05/Public-Statement-Siri-recordings-TLB.pdf">
    record users' conversations when they had not activated Siri</a>.
    This was not just occasional, it was systematic practice.</p>

    <p>His job was to listen to these recordings, in a group that made
    transcripts of them. He does not believes that Apple has ceased this
    practice.</p>

    <p>The only reliable way to prevent this is, for the program that
    controls access to the microphone to decide when the user has
    “activated” any service, to be free software, and the
    operating system under it free as well. This way, users could make
    sure Apple can't listen to them.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M202004131">
    <!--#set var="DATE" value='<small class="date-tag">2020-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Google, Apple, and Microsoft (and probably some other companies)
    <a href="https://www.lifewire.com/wifi-positioning-system-1683343">are
    collecting people's access points and GPS coordinates (which can
    identify people's precise location) even if their GPS is turned
    off</a>, without the person's consent, using proprietary software
    implemented in person's smartphone. Though merely asking for permission
    would not necessarily legitimize this.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201910131">
    <!--#set var="DATE" value='<small class="date-tag">2019-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Safari occasionally <a
    href="https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/">
    sends browsing data from Apple devices in China to the Tencent Safe
    Browsing service</a>, to check URLs that possibly correspond to
    “fraudulent” websites. Since Tencent collaborates
    with the Chinese government, its Safe Browsing black list most certainly
    contains the websites of political opponents. By linking the requests
    originating from single IP addresses, the government can identify
    dissenters in China and Hong Kong, thus endangering their lives.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201910130">
    <!--#set var="DATE" value='<small class="date-tag">2019-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Chinese Communist Party's “Study
    the Great Nation” app requires users to grant it <a
    href="https://www.ndtv.com/world-news/chinese-app-allows-officials-access-to-100-million-users-phone-report-2115962">
    access to the phone's microphone, photos, text messages, contacts, and
    internet history</a>, and the Android version was found to contain a
    back-door allowing developers to run any code they wish in the users'
    phone, as “superusers.” Downloading and using this
    app is mandatory at some workplaces.</p>

    <p>Note: The <a
    href="http://web-old.archive.org/web/20191015005153/https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html">
    Washington Post version of the article</a> (partly obfuscated, but
    readable after copy-pasting in a text editor) includes a clarification
    saying that the tests were only performed on the Android version
    of the app, and that, according to Apple, “this kind of
    ‘superuser’ surveillance could not be conducted on
    Apple's operating system.”</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201905280">
    <!--#set var="DATE" value='<small class="date-tag">2019-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>In spite of Apple's supposed commitment to
    privacy, iPhone apps contain trackers that are busy at night <a
    href="https://www.oregonlive.com/opinion/2019/05/its-3-am-do-you-know-who-your-iphone-is-talking-to.html">
    sending users' personal information to third parties</a>.</p>

    <p>The article mentions specific examples: Microsoft OneDrive,
    Intuit's Mint, Nike, Spotify, The Washington Post, The Weather
    Channel (owned by IBM), the crime-alert service Citizen, Yelp
    and DoorDash. But it is likely that most nonfree apps contain
    trackers. Some of these send personally identifying data such as phone
    fingerprint, exact location, email address, phone number or even
    delivery address (in the case of DoorDash). Once this information
    is collected by the company, there is no telling what it will be
    used for.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201809070">
    <!--#set var="DATE" value='<small class="date-tag">2018-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Adware Doctor, an ad blocker for MacOS, <a
    href="https://www.vice.com/en/article/wjye8x/mac-anti-adware-doctor-app-steals-browsing-history">reports
    the user's browsing history</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201711250">
    <!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The DMCA and the EU Copyright Directive make it <a
    href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html">
    illegal to study how iOS cr…apps spy on users</a>, because
    this would require circumventing the iOS DRM.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201709210">
    <!--#set var="DATE" value='<small class="date-tag">2017-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>In the latest iThings system,
    “turning off” WiFi and Bluetooth the obvious way <a
    href="https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off">
    doesn't really turn them off</a>.  A more advanced way really does turn
    them off—only until 5am.  That's Apple for you—“We
    know you want to be spied on”.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201702150">
    <!--#set var="DATE" value='<small class="date-tag">2017-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple proposes <a
    href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
    fingerprint-scanning touch screen</a>—which would mean no way
    to use it without having your fingerprints taken. Users would have
    no way to tell whether the phone is snooping on them.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201611170">
    <!--#set var="DATE" value='<small class="date-tag">2016-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>iPhones <a
    href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/">send
    lots of personal data to Apple's servers</a>.  Big Brother can get
    them from there.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201609280">
    <!--#set var="DATE" value='<small class="date-tag">2016-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The iMessage app on iThings <a
    href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
    a server every phone number that the user types into it</a>; the
    server records these numbers for at least 30 days.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201509240">
    <!--#set var="DATE" value='<small class="date-tag">2015-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>iThings automatically upload to Apple's servers all the photos
    and videos they make.</p>

    <blockquote><p> iCloud Photo Library stores every photo and video you
    take, and keeps them up to date on all your devices. Any edits you
    make are automatically updated everywhere. […] </p></blockquote>

    <p>(From <a href="https://www.apple.com/icloud/photos/">Apple's href="https://web.archive.org/web/20150921152044/https://www.apple.com/icloud/photos/">Apple's iCloud
    information</a> as accessed on 24 Sep 2015.) The iCloud feature is
    <a href="https://support.apple.com/en-us/HT202033">activated by the
    startup of iOS</a>. The term “cloud” means “please
    don't ask where.”</p>

    <p>There is a way to
    <a href="https://support.apple.com/en-us/HT201104"> deactivate
    iCloud</a>, but it's active by default so it still counts as a
    surveillance functionality.</p>

    <p>Unknown people apparently took advantage of this to <a
    href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
    nude photos of many celebrities</a>. They needed to break Apple's
    security to get at them, but NSA can access any of them through <a
    href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201411040">
    <!--#set var="DATE" value='<small class="date-tag">2014-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple has made various <a
    href="http://www.theguardian.com/technology/2014/nov/04/apple-data-privacy-icloud">
    href="https://www.theguardian.com/technology/2014/nov/04/apple-data-privacy-icloud">
    MacOS programs send files to Apple servers without asking
    permission</a>.  This exposes the files to Big Brother and perhaps
    to other snoops.</p>

    <p>It also demonstrates how you can't trust proprietary software,
    because even if today's version doesn't have a malicious functionality,
    tomorrow's version might add it. The developer won't remove the
    malfeature unless many users push back hard, and the users can't
    remove it themselves.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201410300">
    <!--#set var="DATE" value='<small class="date-tag">2014-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p> MacOS automatically <a
    href="https://web.archive.org/web/20170831144456/https://www.washingtonpost.com/news/the-switch/wp/2014/10/30/how-one-mans-private-files-ended-up-on-apples-icloud-without-his-consent/">
    sends to Apple servers unsaved documents being edited</a>. The
    things you have not decided to save are <a
    href="https://www.schneier.com/blog/archives/2014/10/apple_copies_yo.html?utm_source=twitterfeed&utm_medium=twitter/">
    even more sensitive</a> than the things you have stored in files.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201410220">
    <!--#set var="DATE" value='<small class="date-tag">2014-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple admits the <a
    href="http://www.intego.com/mac-security-blog/spotlight-suggestions-in-os-x-yosemite-and-ios-are-you-staying-private/">
    href="https://www.intego.com/mac-security-blog/spotlight-suggestions-in-os-x-yosemite-and-ios-are-you-staying-private/">
    spying in a search facility</a>, but there's a lot <a
    href="https://github.com/fix-macosx/yosemite-phone-home">
    href="https://gothub.projectsegfau.lt/fix-macosx/yosemite-phone-home/"> more snooping
    that Apple has not talked about</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201410200">
    <!--#set var="DATE" value='<small class="date-tag">2014-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Various operations in <a
    href="http://lifehacker.com/safari-and-spotlight-can-send-data-to-apple-heres-how-1648453540">
    href="https://lifehacker.com/safari-and-spotlight-can-send-data-to-apple-heres-how-1648453540">
    the latest MacOS send reports to Apple</a> servers.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201409220">
    <!--#set var="DATE" value='<small class="date-tag">2014-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple can, and regularly does, <a
    href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
    href="https://arstechnica.com/gadgets/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
    remotely extract some data from iPhones for the state</a>.</p>

    <p>This may have improved with <a
    href="https://www.denverpost.com/2014/09/17/apple-will-no-longer-unlock-most-iphones-ipads-for-police/">
    iOS 8 security improvements</a>; but <a
    href="https://firstlook.org/theintercept/2014/09/22/apple-data/">
    href="https://theintercept.com/2014/09/22/apple-data/">
    not as much as Apple claims</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201407230">
    <!--#set var="DATE" value='<small class="date-tag">2014-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
    href="https://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
    Several “features” of iOS seem to exist
    for no possible purpose other than surveillance</a>.  Here is the <a
    href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
    Technical presentation</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201401100.1">
    <!--#set var="DATE" value='<small class="date-tag">2014-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
    href="https://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
    Spotlight search</a> sends users' search terms to Apple.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201401100">
    <!--#set var="DATE" value='<small class="date-tag">2014-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The <a class="not-a-duplicate"
    href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
    href="https://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
    iBeacon</a> lets stores determine exactly where the iThing is, and
    get other info too.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201312300">
    <!--#set var="DATE" value='<small class="date-tag">2013-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
    href="https://web.archive.org/web/20190924053515/https://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
    Either Apple helps the NSA snoop on all the data in an iThing, or it
    is totally incompetent</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201308080">
    <!--#set var="DATE" value='<small class="date-tag">2013-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The iThing also <a
    href="https://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
    href="https://www.theregister.com/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
    tells Apple its geolocation</a> by default, though that can be
    turned off.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201210170">
    <!--#set var="DATE" value='<small class="date-tag">2012-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>There is also a feature for web sites to track users, which is <a
    href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
    href="https://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
    enabled by default</a>.  (That article talks about iOS 6, but it is
    still true in iOS 7.)</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201204280">
    <!--#set var="DATE" value='<small class="date-tag">2012-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Users cannot make an Apple ID (<a
    href="https://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-id">necessary
    to install even gratis apps</a>) without giving a valid
    email address and receiving the verification code Apple sends
    to it.</p>
  </li>
</ul>


<h3 id="tyrants">Tyrants</h3>

<p>Tyrants are systems that reject any operating system not
“authorized” by the manufacturer.</p>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201802120">
    <!--#set var="DATE" value='<small class="date-tag">2018-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple devices lock users in <a
    href="https://gizmodo.com/homepod-is-the-ultimate-apple-product-in-a-bad-way-1822883347">
    solely to Apple services</a> by being designed to be incompatible
    with all other options, ethical or unethical.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201412010">
    <!--#set var="DATE" value='<small class="date-tag">2014-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple arbitrarily <a
    href="http://9to5mac.com/2014/12/01/ios-8-1-signing-window-closed/">blocks
    href="https://9to5mac.com/2014/12/01/ios-8-1-signing-window-closed/">blocks
    users from installing old versions of iOS</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-apple.html. -->
  <li id="M201205280">
    <!--#set var="DATE" value='<small class="date-tag">2012-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Apple iThings are tyrant devices.  There is a
    port of Android to the iThings, but installing it requires <a
    href="https://web.archive.org/web/20150721065208/http://www.idroidproject.org/wiki/Status">
    finding a bug or “exploit”</a> to make it possible to
    install a different system.</p>
  </li>
</ul>
</div>

</div>
<!--#include virtual="/proprietary/proprietary-menu.html" -->
<!--#include virtual="/server/footer.html" -->
<div id="footer" role="contentinfo">
<div class="unprintable">

<p>Please send general FSF & GNU inquiries to
<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
There are also <a href="/contact/">other ways to contact</a>
the FSF.  Broken links and other corrections or suggestions can be sent
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>

<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
        replace it with the translation of these two:

        We work hard and do our best to provide accurate, good quality
        translations.  However, we are not exempt from imperfection.
        Please send your comments and general suggestions in this regard
        to <a href="mailto:web-translators@gnu.org">
        <web-translators@gnu.org></a>.</p>

        <p>For information on coordinating and contributing translations of
        our web pages, see <a
        href="/server/standards/README.translations.html">Translations
        README</a>. -->
Please see the <a
href="/server/standards/README.translations.html">Translations
README</a> for information on coordinating and contributing translations
of this article.</p>
</div>

<!-- Regarding copyright, in general, standalone pages (as opposed to
     files generated as part of manuals) on the GNU web server should
     be under CC BY-ND 4.0.  Please do NOT change or remove this
     without talking with the webmasters or licensing team first.
     Please make sure the copyright date is consistent with the
     document.  For web pages, it is ok to list just the latest year the
     document was modified, or published.

     If you wish to list earlier years, that is ok too.
     Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
     years, as long as each year in the range is in fact a copyrightable
     year, i.e., a year in which the document was published (including
     being publicly visible on the web or in a revision control system).

     There is more detail about copyright years in the GNU Maintainers
     Information document, www.gnu.org/prep/maintain. -->

<p>Copyright © 2015-2021 2015-2024 Free Software Foundation, Inc.</p>

<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by/4.0/">Creative
Commons Attribution 4.0 International License</a>.</p>

<!--#include virtual="/server/bottom-notes.html" -->

<p class="unprintable">Updated:
<!-- timestamp start -->
$Date: 2024/11/10 16:05:44 $
<!-- timestamp end -->
</p>
</div>
</div><!-- for class="inner", starts in the banner include -->
</body>
</html>