Phil Zimmermann's New App Protects Smartphones From Prying Ears 121
Hugh Pickens writes "Neal Ungerleider notes that cryptography pioneer and Pretty Good Privacy (PGP) creator Phil Zimmermann has launched a new startup that provides industrial-strength encryption for Android and iOS where users will have access to encrypted phone calls, emails, VoIP videoconferencing, SMS, and MMS. Text and multimedia messages are wiped from a phone's registry after a pre-determined amount of time, and communications within the network are allegedly completely secure. An 'off-shore' company with employees from many countries, Silent Circle's target market includes troops serving abroad, foreign businesspeople in countries known for surveillance of electronic communications, government employees, human rights activists, and foreign activists. For encryption tools, which are frequently used by dissidents living under repressive regimes and others with legitimate reasons to avoid government surveillance, the consequences of failed encryption can be deadly. 'Everyone has a solution [for security] inside your building and inside your network, but the big concern of the large multinational companies coming to us is when the employees are coming home from work, they're on their iPhone, Android, or iPad emailing and texting,' says Zimmermann. 'They're in a hotel in the Middle East. They're not using secure email. They're using Gmail to send PDFs.' Another high-profile encryption tool, Cryptocat, was at the center of controversy earlier this year after charges that Cryptocat had far too many structural flaws for safe use in a repressive environment."
exceptionally interesting and useful (Score:5, Interesting)
for those of us who prize our anonymity. I do hope they'll take Bitcoin for the $20/month they charge.
RedPhone (Score:1)
RedPhone was a decent encrypted voice call tool. It was always beta and eventually stopped working. (Servers pulled, as was the app).
I believe Phil Z was also the author of RedPhone.
Sad to see such a restrictive pricing model for the new "solution".
Whatever (Score:1, Insightful)
Birthers will recind their claim against Obama, Dawkins will get Baptised, and Ron Paul elected president before this will happen.
Rest assured, if it DOES, it is with full blessings of the aforementioned governments.
Re:Whatever (Score:5, Interesting)
That is another valuable experience Zimmermann brings to the table: They tried pretty hard to suppress PGP and he prevailed. I remember than in order for him to not go to jail, it was exported as printed book and then scanned in Europe. He used the stupidity of the US bureaucracy against them. Development continued outside of the US afterwards. That was the time when the US snoops wanted backdoors into any crypto.
I think is will be interesting to watch, but I expect he will make it again.
Re: (Score:2)
Re: (Score:2)
> and Ron Paul elected president before this will happen.
FOUR MORE WEEKS, FOUR MORE WEEKS...!! :-D
Re:Whatever (Score:4, Insightful)
>> and Ron Paul elected president before this will happen.
> FOUR MORE WEEKS, FOUR MORE WEEKS...!! :-D
Of course this was meant as a joke. ;-) :-)
We all know, that in reality Gary Johnson (L) will be elected President! And then we don't need to encrypt our phone calls anymore...at least not because of the government snoops, because Pres. Johnson has shut them all down!
Is this thing on? (Score:1)
Why would a government wiretapper need to intercept your phone call? Wouldn't they just mandate that your provider give them access to your device to record anything going to your mic? In fact, this would minimize the amount of audio they'd have to sift through...If Silent Circle call, then record audio from mic.
Re: (Score:1)
Much easier ways (Score:2)
Wouldn't they just mandate that your provider give them access to your device to record anything going to your mic?
Why all the high-tech twists when if they really cared they'd just bug the rooms in the places you hung out in most often?
Re: (Score:1)
Because I can turn on a million mics with a touch of a button...wireless warrant taps for undesirables. Requesting a million warrants and placing a million bugs...do the math. But I agree, a covert camera to record you typing your password is infinitely easier than breaking your PGP key.
Re:Much easier ways (Score:5, Interesting)
A beacon, trap and trace, a microphone, a camera lab (as in pictures taken, shared, gps, unique data in every image to find other images you took and posted)...
As for any encryption - detailed keystroke logs, clear-text captures of passwords was offered by diagnostic options shipped in many US telco offerings.
You had the 'mic on' remote dial in, spyware in the cell phone infrastructure - when will a generation learn to put down their small versions of ENIGMA?
As for 'your device to record anything going to your mic? "
The classic case was the NSA and GCHQ - let us work in the dark and we can predict the future
Then you had federal police asking for non court help with encryption, tracking...
Then for logs, recordings
Then high profile cases... state task forces.. fusion centers... the press reports on recordings
At some point the court magic stops and that next person of interest takes the battery out.
Re: (Score:1)
That's why @AHuxley we should all be yelling "bomb, bomb, president" into our phones at all times....
Re: (Score:3)
In innocent ways as well..
"Yo yo, man, this President butter is the BOMB man, it's so beautiful, like yellow cake. Margarine is just toxic, it gives me food poisoning. Those trans-fats are a public health issue. I swear, it gives me the runs like salmonella, a real brown out in my pants. I'm in the facility, performing evacuation of my bowels until there's a spillover. Dropping a real dirty bomb, you know what I'm saying?"
(selected words from this list [dailymail.co.uk]
Re: (Score:1)
So you're rockin' a custom ROM? Only because they allow you to. Simple for a provider to disallow anything they don't approve of. If G-DOG says they are required to provide X-access, and your custom ROM doesn't let them...then YOU don't have access. Not true?
Re: (Score:2)
That's one of the reasons people have been advocating for years, that it's undesirable/borderline_senseless to buy your PC from your ISP. In some contexts (PC sits on a desk) people get that and think the idea is absurd and they never would do it, and in others (PC fits in a pocket) it's routine and people don't give it a second thought. Weird.
But even so, that risk isn't absolute. Not all a
Closed Source. (Score:1)
If you trust closed source security software... good luck.
Re: (Score:3)
If you trust closed source security software... good luck.
Indeed. After Dave Schroeder, a Navy Information Warfare Officer[1], recently gave me Vint Cerf's email address, I posited in a 35 page manifesto[2] that ssh + IPv6 + gstreamer would make a good open source encrypted video network phone solution. Of course I haven't actually tried it, and no doubt the performance would initially suck. But I imagine a week of tuning parameters and you'd have something usable (when need dictates). And in a year if it caught on, I'm sure the performance would probably beco
Failsafe encryption requires no MitM (Score:2)
If you want complete failsafe encryption, the two devices must either be physically connected by wire, or else must broadcast wirelessly directly to eachother, with no repeater or any other physical device not under the complete control of either endpoint in between them.
Protocols can be devised in such systems which are completely eavesdrop tolerant, such that even if eavesdropping did occur, it would be indecipherable, even if one were to try to listen to the entire communication, including the protoco
Re: (Score:3)
Re: (Score:3)
Radio can be point-to-point. You can't exactly intercept an airborne signal and try to relay it without building a shield large enough to fully encompass the sender. Something that they would readily be aware of.
This seems irrelevant though: provided two parties have some type of initial shared but not public knowledge, modern crypto can give you a reliably secure channel despite any number of intermediary parties.
Re: (Score:2)
Re: (Score:2)
But this is true of all encrypted mechanisms and is the nature of establishing trust. There's no technological solution for it, other then to have actually met or otherwise established that who you are talking to holds a certain shared secret.
The idea that "direct point to point" channels fixes it is foolish - without a shared secret, you can't be sure the channel is point to point to who you think it is, and the trouble and effort to establish it is is just a very convoluted way of establishing a shared se
Re: (Score:2)
There are, believe it or not, times when you are much more concerned with keeping data from being eavesdropped on far more than you are concerned with who you're sending it to because, presumably, the identity of the recipient has already been confirmed to your satisfaction by some other process.
For example.... two people are communicating via ordinary radio. They exchange some discourse, and then determine that they must secure their communications with encryption to discuss more confidential matters.
Re: (Score:3)
You don't need any previously shared secret to exchange data on an encryted communication path.
For example.... both A and B can independently choose their own commutative key pairs (such as RSA) for a communication. The intent is for these keys to be disposable, so they do not need to be kept in any long term storage, nor does either party need to inform the other of either of its keys. The keys must be commutative in that they could be applied in any order, and one half of each pair will decrypt whate
Re: (Score:1)
Only if you had a shared secret that had NEVER gone through any other channels that could be intercepted, and which you could then use to set up your encrypted channel, could you reasonably trust a system that routes through someone else's hardware. But that takes an outside-of-the-network connection to set up, and thus is useless in any kind of any-to-any communications network.
Why do you think it's useless? I think it's much better than using no ecryption at all. You can either exchange the secret by other channel (personaly for example) or you can exchange the key before the channel is intercepted (i.e. before you start doing anything suspicious or illegal)
Re: (Score:2)
Re:Failsafe encryption requires no MitM (Score:4, Informative)
Re: (Score:1)
If you want complete failsafe encryption, the two devices must either be physically connected by wire, or else must broadcast wirelessly directly to eachother, with no repeater or any other physical device not under the complete control of either endpoint in between them.
That isn't practical, and definitely not as secure as you think. And wireless is NOT secure from a man in the middle attack, ever. It doesn't matter if the sender and receiver are unidirectional. The purpose of a MiM attack can be something deceptively simple, like spoofing GPS (and we all know what that can do). The attacker only needs to interrupt the communication or overpower the real transmitter to wreak havoc.
Your idea of being in complete control of endpoints is silly. Bugs can intercept anything, wi
Re: (Score:2)
And wireless point to point is not remotely difficult.... all you need is a transmitter and antenna that are strong and large enough to reach any reachable destination. CB can even be point-to-point quite easily.
Re: (Score:1)
Actually, if you want completely failsafe encryption (excluding actually cracking the key itself) you need two three things:
1. Trusted endpoints (i.e. devices that you can trust - this is quite a challenge itself)
2. *One* interaction guaranteed to be protected from a MiTM for key exchange
3. An encryption protocol which isn't broken
#3 is easy. There are multiple options available.
#2 can be easy, if you live just down the road from the person you want to have secure communication with. It can also be hard if
Re: (Score:1)
Actually, that's not correct. You do not need even one guaranteed interaction in order to establish an encrypted channel. Diffie-Hellman key exchange is pretty secure, as long as your encryption protocol is not broken.
Whatever the circumstances, you need trusted endpoints, and you need a viable encryption protocol. You need those two. Not two out of a set of three, which include those. Untrusted endpoints means you're open to side channel attacks or simple bugging. Even if you have bulletproof protocols and
Re: (Score:2)
Actually, that's not correct. You do not need even one guaranteed interaction in order to establish an encrypted channel. Diffie-Hellman key exchange is pretty secure, as long as your encryption protocol is not broken.
Whatever the circumstances, you need trusted endpoints, and you need a viable encryption protocol. You need those two. Not two out of a set of three, which include those. Untrusted endpoints means you're open to side channel attacks or simple bugging. Even if you have bulletproof protocols and 100% trusted interaction, it's no help if your endpoints have keyloggers sending their data to Eve.
Diffie-Hellman just lets you establish session keys. It doesn't let you establish trust - you have no idea if the remote party is who you think they are, unless you communicate out-of-band or from a shared knowledge base.
Trust establishment can be very simple and only needs to be done once if you protect your system, but it can't be done technologically - it's all about establishing a causal chain from someone else's brain to whatever the technology exposes.
Re: (Score:1)
Aah yes, you are correct from a trust point of view. However, from a trust point of view, how can you really ever be truly sure of whom you are talking? Impersonation is always a problem, and then there's the issue of double agents and infiltrators. Then there's the whole sci-fi aspect like in the movie Face Off.
Re: (Score:2)
Re: (Score:2)
Aah yes, you are correct from a trust point of view. However, from a trust point of view, how can you really ever be truly sure of whom you are talking? Impersonation is always a problem, and then there's the issue of double agents and infiltrators. Then there's the whole sci-fi aspect like in the movie Face Off.
Which it's worth noting, was resolved in that movie the same way - by using the common body of shared secrets to establish who was who.
The only way to improve it would be to use the Socialist Millionaire means to allow them to establish that they have a shared secret without divulging what it is.
Re: (Score:2)
Yeah, the 'two three' was a typo. I started with two, added the 'not broken protocol' to make it three, and screwed up my correction. But as other commenters have noted, without the one guaranteed secure interaction trust isn't established.
With digital signing of keys by other trusted parties, this problem can be reduced but for 'failsafe' encryption you probably don't want to trust any third parties.
Only during trust establishment! (Score:3)
Protocols can be devised in such systems which are completely eavesdrop tolerant, such that even if eavesdropping did occur, it would be indecipherable, even if one were to try to listen to the entire communication, including the protocol setup itself, it would sound like undecipherable gibberish right from the moment that the encryption began.
Such protocols can be vulnerable to MitM attacks, but that is why they are really only reliable as encryption when the communication is not subjected to any routing.
The criteria you give are accurate for key agreement in the absence of a preexisting trust anchor, such as the classic Diffie-Hellman key exchange protocol [wikipedia.org]. However, once a trust anchor is established — for example, by meeting and agreeing on a shared secret or verifying one another's public keys in person — that shared secret or known-good public key can be used for authenticating [wikipedia.org] or verifying digital signatures [wikipedia.org] on messages that arrive over an untrusted communication path.
Re: (Score:2)
This is what key signatures are for.
Maybe try it on an iPod Touch rather than a phone (Score:2)
Even if Silent Circle is secure, that doesn't mean that the cell phone is secure. The safest mobile innernet device is probably an iPod Touch.
problems with America? (Score:1)
"off-shore"?
Are the people starting to realize that the enemy is within?
so excited. (Score:5, Insightful)
There, fixed it for you.
Does anyone really think any application that is layered on top of IOS is free from interception? Everything is an API, all hidden away, and as much as I love Apple, there is no way in hell I would trust any application running on that device to be free from covert interception(keyboard, voice, you name it). I'm not saying that app doesn't encrypt and do all the right things when transmitting over a network, but I'm going to assume everything is compromised locally on the phone.
And not to be a tin foil hatter, but really, who pays for this stuff and paid these guys salaries in the past anyways (hint, it was your famous uncle).
Re: (Score:2)
Does anyone really think any application that is layered on top of IOS is free from interception?
I, for one, don't.
One other point of contention - the system is based on existing public key crypto. Therefore all messages exchanged are non-repudiable by design.
Re: (Score:2)
You sound exactly like a tin foil hatter, actually. Are you saying that Phil Zimmerman [wikipedia.org] is now, or has been, working for the US Government?
Re: (Score:1)
Both Good Guys and Bad Guys Will Find it Useful (Score:1)
If rebels fighting for a good cause can use this to their advantage, so can the terrorists.
I wish I lived in a world where there were no need to encrypt anything.
Does it encrypt REAL phone calls? (Score:4, Interesting)
While it is nice for someone to be making an easy-to-use all-in-one encryption app, the real question for me is this:
Does it encrypt phone calls; real, phone-to-phone, no-VoIP phone calls.
There are already several solutions [cellcrypt.com] out [whispersys.com] there [securegsm.com] for encrypted VoIP. Even a free, open-source general-purpose Android SIP client CSipSimple [google.com] supports ZRTP for key exchange (or 'of course' a free, open-source ...)
However, I have not found a single app (and indeed only a few specialised devices) to actually make encrypted phone calls without using VoIP, and none that have made encrypted phone calls over GSM voice. A few people have talked about phone call encryption over GSM voice (e.g. at DEFCON [defcon.org]) and there are many papers on the topic of data-over-GSM-voice), but I haven't yet seen it implemented. If this *does* implement it, *then* I'll be pumped.
On the SMS front, there is already TextSecure [google.com] for sending encrypted SMS, and all the key exchange is handled through SMS (and perhaps MMS? I believe only SMS). Mind you, Moxie Marlinspike hasn't released the source for it (and it is now owned by Twitter, so we'll probably never see it).
Re: (Score:1)
And then I RTFPM (PM = promotional material) and it doesn't encrypt phone calls, SMS or MMS. It provides yet another encrypted VoIP and Email-Replacement-Over-IP. On the upside, it is actually encrypted and appears to use keys which are stored by the endpoints and not in the middle, so it is no less secure than using x509 or (G)PG(P) encryption for e-mail, or SRTP for calls.
I guess it might provide an easy solution for key exchange. That would be a win.
Re: (Score:2)
You do understand that there are basically no non-VoIP systems today, do you? Even GSM typically goes to VoIP somewhere in the chain, sometimes right at the base-station. No, they may not want to admit that and often it is at least with reserved bandwidth and good synchronization which ordinary VoIP lacks. But basically there is nothing special about GSM anymore.
On the angle of existing applications, when PGP came out, there were a lot of encryption programs, and all sucked and/or were expensive commercial
Re: (Score:2)
You're missing my point about encryption over GSM voice, and encrypted SMS, which is that neither GSM voice nor SMS require a GPRS/3G/4G/WiFi connection.
I don't care whether things are VoIPed left, right and centre once it's hit the tower, but between my phone and the tower GSM and SMS has advantages.
Re: (Score:2)
You're missing my point about encryption over GSM voice, and encrypted SMS, which is that neither GSM voice nor SMS require a GPRS/3G/4G/WiFi connection.
I don't care whether things are VoIPed left, right and centre once it's hit the tower, but between my phone and the tower GSM and SMS has advantages.
I highly doubt that. GSM codecs are so much worse that what is available today. As to SMS, just make your Emails shorter and you get the same. Or rather much better as the SMS backend sucks.
Re: (Score:1)
Just to clarify: You highly doubt that a GSM voice call and SMS don't require a GPRS/3G/4G/WiFi connection? Really?
I think you may be a little bit confused. Or stupid. It could be either.
Re: (Score:2)
Thanks, and same to you, regarding "stupid" and "confused". Maybe I meant that GSM does not have advantages between your phone and the tower? But seeing that would require actual reading comprehension. Seems you do not have that. And maybe you are out of touch with current technology?
Re: (Score:2)
Yeah, my comment was unduly harsh and I regretted posting it shortly after I had: I shouldn't be attributing to stupidity what I could attribute to misunderstanding.
Anyway, my whole point was that GSM voice *does* have an advantage between your phone and the tower, and until GPRS/3G/4G provide the same QoS and coverage as GSM voice calls it will continue to have an advantage. There may be situations in which you can't make GSM voice calls but can get GPRS/3G/4G, but it is much more likely you will be in a s
Re: (Score:2)
Re: (Score:2)
That's fantastic - I somehow overlooked that. Next on the 'want/I should do myself' list: integrating that into CyanogenMod so it can send encrypted SMS transparently.
The Serval Project (Score:2)
So similar to the set of services that the Serval Project [servalproject.org] (my current employer) is aiming to deliver? But it costs $20 a month, and it only works when you have a viable internet connection to their servers?
When the Serval product set grows to include an internet directory service, I'm certain we'll be able to run it for less than $20 a month. Probably for less than $20 a year.
Re: (Score:1)
Or maybe not even vaguely like Serval, since rather than being a distributed mesh network Silent Circle is an encryption communication platform.
Don't get me wrong, I think it is a great project and I'm very happy to see it appearing - I've been hoping something your project would appear for ages. It is just almost, but not quite, entirely unlike the product in TFA.
Re: (Score:3)
No it really is. Serval is building an encrypted, *decentralised* communication platform, that can also route packets over a local mesh network. Initially including voice, text, and file transfer services. But that doesn't mean we are forever limited to only supporting communications over a local mesh, or that we will be limited to this set of secure services. Just that providing communications in an emergency, without supporting infrastructure, is our main focus. Everything must always work in isolation.
I
Re: (Score:1)
No it really is. Serval is building an encrypted, *decentralised* communication platform, that can also route packets over a local mesh network.
Ok, cool. When I looked over the website I saw a lot of discussion of mesh, but not discussion of encryption. I'll have more of a look.
Re: (Score:2)
I'm definitely interested into this, heard of Serval before -probably here-, but when going to your site I definitely don't find how I could register, be it for $20/month, nor even am I capable to find if my current devices (Nokia N9000, Blackberry playbook, macintoshes...) indeed have applications available.
Please see no offense, definitely, but if I'm wrong do show me where to go!
(or then get a "register your email to be warned when..." button on page 1 of the site?)
H.
Re: (Score:2)
You could sign up to our developer [google.com] email list, I don't think we have a low traffic announcements list.
Anyone who wants to use our daemon [github.com] as the basis of a port to other platforms is welcome to start one. We've also got an asterisk channel driver [github.com], if you'd like to use any other voice protocol like SIP to talk to other Serval ph
He is still active? Nice! (Score:3)
The PGP documentation files were the first hands-on documentation for encryption I read that actually got it right. They are still among the few today. Most texts either get the crypto wrong or the environment or the procedures on how to use the thing. These did not.
Of course, PGP went through some refactoring and design changes, but the basic code was sound. If he manages to achieve this with this new product, it will be the only one on the market that this can be said for. Basically all others are buggy, badly designed, insecure because of fundamental misunderstandings or easy to make user errors, etc. Of course, careful review is still required, but this product should be worth the effort.
Frying ears (Score:2)
Reading the title I thought this was about some quack who made an app that 'prevents' you from the electromagnetic radiation while calling. Then I read the blurb and I thought: what has this to do with encryption? Then I saw that the title said Prying ears, not Frying ears. Aha!
Re: (Score:1)
>> I thought this was about some quack
Bob Dylan is not a quack.
Pointless (Score:4, Insightful)
The company is US-based. No matter how renowned the makers of this software are, under the Patriot Act they can be forced to secretely put backdoors into their apps and never tell anyone. For this reason alone the encryption is worthless, and possibly even dangerous for companies outside the USA that have to guard trade secrets.
They're actually offshore (Score:1)
As mentionned on their website.
Re: (Score:2)
It's a shame the comment was modded down. AC's statement is inline with CISPA and the Patriot Act as they are applied in the United States. Nick Merrill, founder of the Calyx Institute, was the ONLY person running an ISP to turn down one of those orders to snoop on his customers and fight it in court. Ever. The only other people who have fought National Security letters in court were librarians. Considering that orders for disclosure under National Security letters are in the tens of thousands, and eac
Re: (Score:1)
Their servers are in Canada....
Re: (Score:2)
The company is US-based. No matter how renowned the makers of this software are, under the Patriot Act they can be forced to secretely put backdoors into their apps and never tell anyone. For this reason alone the encryption is worthless, and possibly even dangerous for companies outside the USA that have to guard trade secrets.
I wouldn't say it's worthless but yes, governments have to be taken into account such as India forcing blackberry to give them the blackberry encryption keys.
http://www.theregister.co.uk/2012/08/02/rim_keys_india/ [theregister.co.uk]
But it's not worthless because you're still protected from most potential listeners, just not all of them.
What's wrong with Gmail? (Score:2)
They're not using secure email. They're using Gmail to send PDFs.
Isn't Gmail using SSL to send and receive mail? Isn't that secure enough?
Re: (Score:2)
The problem I have with this type of solution is that we are placing absolute trust in the vendor's promises that it won't snoop on our data. If I personally generated my CSR and kept my key
Re: (Score:1)
Re: (Score:1)
I didn't read TFA, let alone finish reading TFS... After all, and I'm assuming the service is hosted in the US, the White House has access to any keys which are transmitted to and from Silent Circle's systems.
From TFA: "Silent Circle stresses that their product offers secure communications within the networks and only uses Canadian servers that are outside of U.S. government control."
Re: (Score:2)
No. Not sure what more the is to say. All it takes is one certificate authority caring more about a government contract then your privacy, or just any one of thousands of people at different stages of the chain making a mistake.
Secure Communications? (Score:2)
I don't think people understand the definition of secure, then. Before you start worrying about your messages being secure after they leave the device, you should be concerned with the security of the device itself. It's pretty widely accepted by those in the know that Android and iOS are effectively trojans (and/or can easily be compromised if you still believe the OS itself is secure) for spooks of all sorts. If a message absolutely, positively has to be secure, it should never tou
they're what?? (Score:1)
".....They're in a hotel in the Middle East"
That's plain stereotypical and frankly quite offending.. The "Middle East" - which mind you consists of several countries cultures and races - is not all bad, and certainly this case can be applied to any country, and many hotels in all them countries.
Re: (Score:2)
Failing? Make crypto easier. (Score:1)
I have found in my own limited use of cryptography code that I was entirely unsure if I were using it correctly or as intended, owing to a completely new lingo used for everything, which was nowhere bound to a comprehensive explanation of what it meant, why it was needed, and what practices should be avoided.
I came off thinking the big advance would be to avoid sending out under-documented code in the first place. The average user is not a cryptologist, but a vanilla coder-of-things, and to avoid heartache
Bull (Score:1)
You mean like Burner for iOS? (Score:5, Informative)
I doubt it. Our apple overlords will categorise this as 'Undesirable' as it allows their phone users to communicate in ways that they want
It's funny how so many things people seem to doubt Apple would ever approve, actually get approved. Like for instance a virtualized burner phone [apple.com], an app that provides you a temporary number lasting a week or as long as you see fit.
There's already a ton of precedent for Apple to approve something like Silent Circle, and a ton of people like yourself in the dustbin of failed predictions claiming Apple will not accept product X because, well, Apple.
Re:You mean like Burner for iOS? (Score:5, Insightful)
And how many seemingly innocuous apps are denied, when we would predict they should be fine?
Maybe it will be approved...maybe it won't. Nobody can predict it because their rules are so arbitrary. And that, I imagine, is GP's point.
Examples? (Score:2)
And how many seemingly innocuous apps are denied, when we would predict they should be fine?
None that I know of. I provided a link with an example, funny you cannot do the same.
Re: (Score:2)
You sure are snarky for someone who is seemingly incapable of using a search engine.
Google: "site:techdirt.com apple arbitrary" They've done a fairly thorough job of documenting Apple's arbitrary policies. Of course, Apple is free to be as arbitrary as they wish, as are the fanboys free to defend them blindly (thanks for your shining example!). And the rest of us are free to criticize their silly approach and enjoy a superior product.
For the lazy ones:
http://downloadsquad.switched.com/2009/04/24/crudebox-b [switched.com]
Bad examples, all wrong. (Score:2)
Google: "site:techdirt.com apple arbitrary"
Well you could do that if you wanted to end up with a lot of out of date and incorrect information. But that's close enough for an Apple Hater!!
http://downloadsquad.switched.com/2009/04/24/crudebox-becomes-prudebox-to-make-it-into-the-app-store/
The link even says it's in the App Store. Next!
http://almerica.blogspot.ca/2008/09/podcaster-rejeceted-because-it.html
http://news.cnet.com/8301-17939_109-10042127-2.html?part=rss&subj=news&tag=2547-1_3-0-20 [cnet.com]
Podcaste
You betray yourself (Score:5, Insightful)
"There's already a ton of precedent for Apple to approve something like"
"ton of precedent"
and
"something like"
Really give away your lack of confidence in your own argument. Let me state something so you can see the difference.
"The application WILL be approved for sale on Android, that is inevitable as day follows night."
There, and that's why Apple will ultimately fail. Because even the fanboys don't have confidence in Apple making the decision they think is right.
Re: (Score:2, Offtopic)
And also iOS (Score:2)
"The application WILL be approved for sale on Android, that is inevitable as day follows night."
And also on iOS. I just have to help people understand why it is so certain, because people like you like to raise doubts where none rightfully exist.
Since Google has also pulled apps from the Android app store, you have no greater certainly that it will stay than on iOS.
Re:App store approved? (Score:4, Insightful)
Given iOS has no APIs for making phone calls without involving the dialler or sending SMSes without invoking Messages, this app would have to be entirely self-contained. Effectively, it's a VoIP phone app that does SMS and MMS, just offering strong encryption.
And there are plenty of VoIP phone apps on iOS. As are private network "free" texting type apps. This is nothing special other than offering encryption.
So in the end, it's just another VoIP app, or "free texting" app, of which there are tons. Like say, Skype.
Re: (Score:1)
How are you going to handle NAT traversal without a central server? Read up on the ZTRP protocol. The server is just a dumb relay, passing encrypted bits back and forth. The keys live on the devices, so the server couldn't decrypt the data even if it wanted to.