Peter Eckersley's homepage

Apple's Crystal Prison and the Future of Open Platforms

By Micah Lee and Peter Eckersley
Published on 2012-05-29, on the EFF blog.

Two weeks ago, Steve Wozniak made a public call for Apple to open its platforms for those who wish to tinker, tweak and innovate with their internals.

EFF supports Wozniak's position: while Apple's products have many virtues, they are marred by an ugly set of restrictions on what users and programmers can do with them. This is most especially true of iOS, though other Apple products sometimes suffer in the same way. In this article we will delve into the kinds of restrictions that Apple, phone companies, and Microsoft have been imposing on mobile computers; the excuses these companies make when they impose these restrictions; the dangers this is creating for open innovation; why Apple in particular should lead the way in fixing this mess. We also propose a bill of rights that need to be secured for people who are purchasing smartphones and other pocket computers.

Apple's recent products, especially their mobile iOS devices, are like beautiful crystal prisons, with a wide range of restrictions imposed by the OS, the hardware, and Apple's contracts with carriers as well as contracts with developers. Only users who can hack or "jailbreak" their devices can escape these limitations.

[29th of May, 2012: we have added two updates to this post, here and here]

Locked down devices

iOS

Apple changed the way we think about mobile computing with the iPhone, but they have also lead the charge in creating restrictive computers and restrictive marketplaces for software. You may have purchased an iPad, but unless you've exploited a vulnerability in iOS to jailbreak it, there are many things you cannot install on it. The App Store has thousands of apps to choose from, but your choices are limited to apps that both Apple has approved, and which can function without "root" or "administrator" privileges.

Apple has been known to reject or remove apps from sale because of their content (WikiLeaks app banned, eBook reader with access to Kama Sutra banned), for not using Apple to process payments, and for being capable of executing code that Apple can't approve. While Apple's policies have improved in the the years since the iPhone first launched, the company still maintains total control over what apps are available to consumers. Unlike Android, iOS does not have an option to install apps from sources other than the App Store.1 Apps that require administrative privileges are also impossible to install on an iOS device without jailbreaking it. This includes apps that let you tether your phone to a computer, change the look and feel of your phone's user interface, firewall your device, secure your internet traffic with OpenVPN2, amongst many others. Jailbreaking also helps security and privacy researchers observe apps on their phones to see if they're leaking any private data.

The Cydia App Store for Jailbroken iPhones
The Cydia App Store for Jailbroken iPhones

Many of these apps are readily available through Cydia, an alternative store for jailbroken iOS devices.

Additionally, because Apple modifies binaries before publishing apps in the App Store, open source apps released under the GNU General Public License cannot be published without the approval of all authors, which caused the popular media player VLC to get removed from sale. If you need VLC to play media that won't play with the built-in Video app, you can download it to your jailbroken device with freedom intact from Cydia, and the source code is available on their website.

Since jailbreaking is so useful, why doesn't Apple let their customers (or at least their technically inclined customers) do it? One reason is the profits from the App Store. Apple keeps 30% of the money from each app or in-app-purchase sold through its App Store. That means that for each 99 cent app sold, the developer gets 69.3 cents and Apple gets 29.7 cents. Cydia has 4.5 million weekly users and earns $10 million in annual revenue, and Apple doesn't get any of that competition. This is more like traditional software sales where consumers get to choose which store they buy their software from, and they can even buy it directly from the developer. Locking down iOS helps Apple maintain their monopoly on software sales for iOS.

Mountain Lion and Gatekeeper

Unfortunately, Apple is building more of the restrictions that it pioneered with iOS into Mac OS X for laptops and desktops. Apple started running the Mac App Store in early 2011 to sell Mac software. Like the iOS App Store, Apple takes a 30% cut of all software sold. The upcoming version of Mac OS X, Mountain Lion, will reportedly include warning messages that strongly discourage users from installing apps from sources other than the Mac App Store.

OS X Mountain Lion scares users away from Adium
OS X Mountain Lion scares users away from Adium

Fortunately, it will be possible to turn this off in Mountain Lion and install apps from anywhere you want, but Apple is continuing down the dangerous road of making their products less open. OS X software authors will find themselves subject to the whims of Apple HQ. What would Mozilla do if Apple refused to authorize Firefox for OS X Mountain Lion, in the same way that Apple refuses to allow a true version of Firefox for the iPhone? Watch half their Mac market share disappear?

UPDATE: A few people have written to argue that we are being unfair to Apple in the above paragraph, because any "Identified Developer" can sign code so that it is installable on OS X Mountain Lion with the default Gatekeeper settings. We do not think we are being unfair, but a few more details are in order:

  1. The Mountain Lion "Gatekeeper" code has three possible settings; the default is that only code from the Mac App Store or Identified Developers is installable;
  2. We believe that being an "Identified Developer"3 requires paying $99/year and agreeing to two contracts with Apple: the Registered Apple Developer Agreement and the Mac Developer Program License Agreement, which Apple tries to keep secret but which may look like this. Free software projects like Adium may or may not be willing or able to restrict themselves in this way.
  3. Even if projects sign their applications as "Identified Developers", a large fraction of OS X users may set gatekeeper to "App Store only", because the UI makes that look like the "safest" option. The App Store itself has numerous problematic restrictions, including a prohibition on GPLed code (which is also a prohibition on most free software). If, say, 10-20% of OS X users pick "App Store only", Gatekeeper will reduce the market share of free software like Adium by a similar percentage.

It's true that you might accidentally install malware if you get software from outside of Apple's App Stores. But while Apple tries to test all submitted apps to see if they're malicious, they don't always succeed. The security benefits of using a signed package manager are well established. GNU/Linux distributions have been doing this since the 1990s, and it's one of the primary reasons they're known for good security. But Apple perverts these benefits when your choice to install software from other sources is taken away, and when the only available app store charges developers 30% of their potential profits.

Microsoft: UEFI and Windows RT

In many ways, the Windows ecosystem has been more open than iOS's since it began. People have always been able to install whatever software they want in Windows, and whatever operating systems they want on their PCs. It's common for tinkerers to dual-boot their PCs with GNU/Linux and other operating systems, and some users choose to completely remove Windows.

However, this is going to change, at least for Microsoft's mobile and embedded OSes. Microsoft recently announced that in order to be Windows 8 hardware certified, personal computers must implement the "secure boot" option in the Unified Extensible Firmware Interface (UEFI) firmware interface specification, which is a modern replacement for the traditional PC BIOS. When "secure mode" is enabled, UEFI will execute only operating system bootloader code that is digitally signed, which could effectively shut out non-Windows 8 operating systems, including earlier versions of Windows. In response to warnings and legal steps from the free software community, Microsoft agreed to require "Windows 8" certified x86 and x86-64 hardware vendors to offer a way to turn off this "secure boot" option that locks out user-modified OSes.

Unfortunately, that's not the end of the story. For Windows computers with ARM processors, which will include Microsoft's new Windows RT tablet devices, the story is completely different. Manufacturers will be forbidden to allow booting to any operating system besides Windows. Microsoft is copying Apple's model and denying their users the right to chose an alternative OS or modify the one they paid for.

Microsoft is also planning on restricting which applications are allowed to run with high privileges in Windows RT. The only web browser that will be allowed to run with these privileges is Internet Explorer. Harvey Anderson, Mozilla's General Counsel, warned about this on Mozilla's blog:

Why does this matter to users? Quite simply because Windows on ARM -as currently designed- restricts user choice, reduces competition and chills innovation. By allowing only IE to perform the advanced functions of a modern Web browser, third-party browsers are effectively excluded from the platform.

Microsoft, like Apple, is moving toward a dangerous future where users have less freedom to do what they want with their computers, where developers are restricted in what they can accomplish, and where competition and innovation is stifled.

UPDATE: The Free Software Foundation is running a campaign about Windows/UEFI restrictions on X86 and ARM devices.

Inadequate Excuses for Restricting Innovation

When technology and phone companies defend the restrictions that they are imposing on their customers, the most frequent defense they offer is that it's actually in their customers' interest to be deprived of liberty: "If we let people do what they want with their pocket computers, they will do stupid things with them. You will be safer and happier in our walled compound than you would be outside."

This is an elaborate misdirection. It may or may not be true that any particular user gets a better result from the pristine AT&T/Sprint/Apple/Microsoft experience than they do from a modifiable OS. Those companies should feel free to continue offering their own visions of how a pocket computer should function, so long as there is a simple, documented, and reliable way to drill into a settings menu, unlatch the gate of the crystal prison, and leave.

Toward a bill of rights for mobile computer owners

There are four rights that people purchasing computers should enjoy:

  1. Installation of arbitrary applications on the device. If the user wishes to, they should not be limited to what is included in one particular proprietary "app store."
  2. Access to the phone OS at the root/superuser/hypervisor/administrator level. If consumers wish to examine the low-level code that is running in their pockets, to check for invasions of privacy, run the anti-virus software of their choice, join VPNs, install firewalls, or just tinker with their operating systems, phone and device companies have no legitimate basis for preventing this.
  3. The option to install a different OS altogether. If people want to install Linux on their iPhones, Boot to Gecko on their Windows phones, or just run a different version of Android on their Android phones, the company that sold them the hardware must not prevent them. Using a cryptographic bootloader to defend against malware is a fine idea, but there must be a way to reconfigure this security mechanism to (1) allow an alternative OS to be installed; and (2) to offer the same cryptographic protections for the alternative OS.
  4. Hardware warranties that are clearly independent of software warranties. Apple denies warranty coverage to users who have jailbroken their iPhones. While nobody is asking Apple to support jailbroken or modified software, it is inexcusable that the company threatens not to cover, say, a faulty screen, if the customer has chosen to modify the software on their device.

Why Apple Can Lead the Way Out

Apple did not invent the culture of imposing restrictions on what kinds of programs people could run on the computers in their pockets. Mobile phone manufacturers and carriers were making life miserable for programmers long before Apple entered the smartphone market, and writing code for phones in those days was described as "a tarpit of misery, pain, and destruction". If anything, Apple's innovation was to show that it was possible to have a computing platform that was simultaneously useful, successful, and deeply restrictive of what people were able to do with it.

Nor is Apple necessarily the leading culprit in anti-competitive OS design today. AT&T, which not only encourages Apple's restrictiveness, but also distributes its own modified and heavily restricted versions of the Android operating system, might even be the worse actor.

What Apple has is the institutional wisdom to know better, and the ability to fix the situation. Apple understands the importance of open platforms: their devices wouldn't exist without them. Apple's incredibly strong brand and stature in the marketplace mean that the company could give people the freedom to tinker with their devices without measurably affecting its own profits or the experience of its "mainstream", non-tinkering users. And while the phone companies like to play at being gatekeepers in the retail phone market, we doubt that they can dictate terms to Apple.

Apple, take Woz's advice. No place, and no system, can be perfect if it denies its citizens the freedom to change it, or the freedom to leave.

  • 1. AT&T used to impose a similar restriction on the Android-based devices that it sold, but ended those restrictions last year. Unfortunately, some device makers still are tempted to restrict their customers in similar ways.
  • 2. iOS offers some options for VPNs, but not OpenVPN. GuizmoOVPN is an open source OpenVPN client for jailbroken iOS devices.
  • 3. Many aspects of the Gatekeeper Developer ID program are only documented to parties who agree to an NDA with Apple, which we will not do. However Apple is clear that a Developer ID requires membership in the Mac Developer Program, and also implies that membership of that program requires agreement to the Mac Developer Program License Agreement.

← Home