The developer of ICEBlock, an iOS app for anonymously reporting sightings of US Immigration and Customs Enforcement (ICE) officers, guarantees that it “ensures consumer privateness by storing no private information.” However that declare has come beneath scrutiny. ICEBlock creator Joshua Aaron has been accused of making false promises concerning consumer anonymity and privateness, being “misguided” in regards to the privateness provided by iOS, and of being an Apple fanboy. The problem isn’t what ICEBlock shops. It’s about what it may by accident reveal by its tight integration with iOS.
Aaron launched ICEBlock in early April, and it rocketed to the highest of the App Retailer earlier this month after US Homeland Safety Secretary Kristi Noem referred to as it an “obstruction of justice.” When requires an Android model adopted, nevertheless, the developer mentioned it wasn’t potential. “Our utility is designed to supply as a lot anonymity as potential with out storing any consumer information or creating accounts,” reads a part of the lengthy message. “Reaching this stage of anonymity on Android is just not possible as a result of inherent necessities of push notification providers.”
The assertion rankled some. The builders of GrapheneOS, an open-source, privacy-focused tackle Android, took to BlueSky to accuse ICEBlock of “spreading misinformation about Android” by describing it as much less non-public than iOS. The builders mentioned that ICEBlock ignores information saved by Apple itself and claims it “supplies full anonymity when it doesn’t.”
Aaron advised The Verge ICEBlock is constructed round a single database in iCloud. When a consumer faucets on the map to report ICE sightings, the placement information is added to that database, and customers inside 5 miles are routinely despatched a push notification alerting them. Push notifications require builders to have a way of designating which gadgets obtain them, and whereas Aaron declined to say exactly how the notifications perform, he mentioned alerts are despatched by Apple’s system, not ICEBlock’s, letting him keep away from preserving his personal database of customers or their gadgets. “We utilized iCloud in type of a artistic approach,” Aaron mentioned.
No safety mannequin is one hundred pc secure, however in idea, ICEBlock has managed to restrict the dangers for folks each reporting and receiving data. The Division of Homeland Safety may demand data on who submitted a tip, however per Aaron’s rationalization, the app wouldn’t have consumer accounts, gadget IDs, or IP addresses at hand over. Likewise, if ICE thinks somebody used the app to seek out an operation and intervene, it may search information from ICEBlock tied to who obtained a specific push notification — and once more, it ought to come away empty-handed.
That trick is iOS-only, although. The ICEBlock iOS app can piggyback on Apple’s iCloud infrastructure to route push notifications as a result of each iPhone consumer is assured to have an iCloud account. Android customers aren’t equally required to create Google accounts, so “some type of database must be created as a way to seize consumer data,” Aaron mentioned. (Sharing stories throughout each telephone platforms would create its personal privateness challenges, too.)
I spoke to Gaël Duval, founder and CEO of /e/OS, one other privacy-focused model of Android, and he admitted that Android’s push notifications require “a registration token that uniquely identifies a given app on a given gadget” and that this “would usually be saved on ICEBlock’s server.”
“It’s a protracted and random string,” he mentioned, that doesn’t embrace both an Android ID or the IMEI that identifies a particular telephone. “Google can nonetheless map it again to the {hardware} on their aspect, however for ICEBlock, it’s pseudonymous till you hyperlink it to anything.” So, certainly, Android notifications would require ICEBlock to retailer doubtlessly identifiable data. Usually, iOS would, too, however a intelligent workaround lets ICEBlock keep away from simply that.
However you might need noticed the issue: ICEBlock isn’t accumulating gadget information on iOS, however solely as a result of related information is saved with Apple as a substitute.
Apple maintains a database of which gadgets and accounts have put in a given app, and Carlos Anso from GrapheneOS advised me that it possible additionally tracks gadget registrations for push notifications. For both ICEBlock’s iOS app or a hypothetical Android app, legislation enforcement may demand data immediately from the corporate, chopping ICEBlock out of the loop. Aaron advised me that he has “no concept what Apple would retailer,” and it “has nothing to do with ICEBlock.”
For individuals who submit stories, Duval prompt that there may also be “a residual threat” from matching report timings and telemetry information, and Anso echoed the same fear. However with out the exact particulars of ICEBlock’s design — which Aaron is understandably reluctant to share — that’s not possible to confirm. “Completely not,” Aaron mentioned once I requested if it’s a priority. He insisted that “there is no such thing as a threat” of Apple having information on which customers have submitted stories.
Aaron mentioned ICEBlock shops basically no information on its customers on iOS proper now and that he couldn’t obtain the identical setup on Android, an internet app, or an open-source design. Critics argue he’s providing a false sense of safety by offloading the chance to Apple. And whereas it’s not clear precisely what information Apple has on ICEBlock’s customers, it’s sufficient to forged doubt on the declare that “there is no such thing as a information.”
The query then is how secure that information is with Apple. Aaron insisted that “nothing that Apple has would hurt the consumer,” and he was assured that Apple wouldn’t share it anyway. “Apple has a historical past, that when the federal government tries to return after them for issues, they haven’t divulged that data, they’ve gone to courtroom over it,” he mentioned. “They’ve fought these battles and gained.”
That isn’t solely true. Whereas Apple has engaged in some high-profile privateness fights with governments and legislation enforcement — together with efforts to get into the San Bernardino shooter’s iPhone or its current refusal to construct a backdoor into iCloud encryption within the UK — it complies with the vast majority of authorities requests it receives. In its most up-to-date transparency report, for the first half of 2024, Apple mentioned it agreed to 86 % of US authorities requests for device-based information entry, 90 % for account-based entry, and 28 % for push notification logs. Many of those will likely be benign — they embrace assist monitoring misplaced or stolen telephones, for instance — however others relate to instances the place an “Apple account could have been used unlawfully.” Demanding push notification information from each Apple and Google has become a key way for legislation enforcement to establish suspected criminals.
People have a constitutional right to file public police operations and share recommendations on sightings. As Aaron mentioned, an app like ICEBlock — opposite to Noem’s claims — “is on no account unlawful” beneath present American legislation. However throughout a interval the place neither the president nor the Supreme Court docket have a lot regard for constitutional rights, the query isn’t whether or not ICEBlock is authorized, it’s whether or not any data that runs by it may expose individuals who resist ICE, legally or not.
“We don’t need something,” Aaron mentioned. “I don’t need a non-public database. I don’t need any type of data on my aspect in any respect.”
And there’s the rub. ICEBlock says your information is secure as a result of it doesn’t have any, however that doesn’t imply it isn’t on the market. Do you’ve got as a lot religion in Apple as Aaron does?