Apple Leak: OTA lockdown, FaceTime privacy breach

Right from the start I will qualify this post as being nothing more than a rumor that could very well be just an elaborate hoax since it is based on the word of a single source who supposedly works in the iPhone Development Department. The information was leaked to what I would consider to be a reputable blog called AddictiveTips, and I say reputable because I have been following them for sometime and everything I have read there is presented professionally and well researched.

That said if, and that is a big if, what has been leaked to the blog is even close to being true it raises some real questions about Apple and their business practices, along with AT&T since none of this would be able to happen without their implicit involvement. According to Nakodari at AddictiveTips the leaks that he and the leaker, called Alpha, discussed broke down into four parts.

  • With iOS 4, AT&T locks all US iPhone owners to their network via regular OTA updates.
  • AT&T shipped some iPhone 4 early to verify their OTA update system.
  • Apple stealing user information via FaceTime, which lacks encryption.
  • Some Apple employees who are aware of this situation are not updating to iOS 4.

To get an idea of the full breadth of their discussion I recommend reading the whole post but I’m amazed by the extent of the OTA (Over The Air) updates being used to lockdown the iPhone. In fact according to Alpha both AT&T and Apple have 6 months of OTA sitting on their servers, and has been verified by Alpha. As Alpha explains in the post

As far as Base Bands go it does not matter what baseband you TRY to get on the iPhone cause in the iOS4 there is a line of code we wrote that stands for OAU also known as “Over Air Updates”. How it works is every 7 to 14 days We (Apple) and AT&T send a message to your iPhone that gathers some data from your iPhone without you knowing and we see what is running, baseband and firmware. We then send a following message. “There are optional updates for your iPhone, Would you like to install them now?” two options “Yes” or “Later”. Those are what would would call “OPTIONAL UPDATES” Now there are things called “MANDATORY UPDATES”. They tend to work the same way, grab data from the iPhones sends it to AT&T and us then back to your iPhone with the message, “Your iPhone (name of iphone) must be updated to the current AT&T standards to run”, your only option is to “Accept” Now you can try to work your way around it until you get the second mandatory message again “You must plug iPhone into iTunes and update” If you don’t do this you will then receive no Signal from the network anymore and your iPhone will potentially lock up with no signs of use until you update your iPhone via iTunes. You all agreed to this terms and condition when you installed iTunes 9.2 and then again once you updated to iOS4.

When it comes to FaceTime Alpha says that it will be the biggest privacy break ever and was for him the straw that broke the proverbial camel’s back and started him leaking information.

So what is wrong with FaceTime? Alpha explains it while losing his patience.

I will let you off with one last bit of information if your gonna write a story on this and that is Facetime, the iPhone 4 to iPhone 4 Wifi video connecting. The issue is with Wifi is that anyone can get on a Wifi Signal and potentially see what the viewers and broadcasters are looking at without them know, now Apple will deny this and say its not our problem you where not on a secure connection, in my mind I think that its all bullshit.

People should be able to have some type of security during those calls. Worst yet is once a person connects to another person on FaceTime it for some reason non of us in the office can figure out, sends us APPLE a message and says those two people are connecting via Facetime and gives out their location to us. So for whatever reason we need that information just blows my mind. As a consumer why would you need to let Apple know that you are connecting with a person via FaceTime, its non of Apple’s business.

When I asked further about FaceTime, he replied that nobody in the office has any clue as to why Apple wants this information and for what purpose but it was confirmed that their servers were receiving messages (with location of users) when any two people connected via FaceTime.

It would be interesting to know if this Alpha person approached any of the major tech blogs because I find it strange that he would go to a lesser known tech blog to release this kind of information. Perhaps he did but no-one was either willing to believe him or they don’t want to be publishing anything that will piss off the tech world’s darling tech company.

I just want to re-iterate – this could very well be a hoax of some sort but I am sure given a little bit of time we’ll hear Apple’s rebuttal via John Gruber in 10 … 9 …. 8 …. 7 ….