Think about the web services that you use every day. What do or Amazon do with the information you give them? Is the NSA getting a firehose of phone call and email metadata from US telecoms and tech companies? (Reminder: That happened .)It’s a dilemma that Apple and Google have faced before, to a less publicized extent. The secure communication app Telegram has endured numerous, unsubstantiated rounds of accusations that it contains a backdoor for Russian government access. But Apple and Google have never removed the app because of these claims. The massively popular Chinese social communication app WeChat is even more plausibly thought to be a funnel for broad Chinese government surveillance, yet it, too, is available through Google Play and Apple’s App Store around the world. The intelligence community's warning about ToTok—by way of the Times report—is perhaps the most direct and actionable yet, although demonstrably difficult for Apple and Google to deal with.
“It’s a really interesting question to think about with WeChat,” says Will Strafach, an iOS security researcher who has analyzed the WeChat app for potential signs of its use in surveillance. “I think companies have a very hard time when it comes to privacy issues that aren’t directly observable in an app itself. I have a hard time thinking of what the right answer is to the app store policy side.”Purported ToTok cofounder Giacomo Ziani said in a statement last week that ToTok was having "productive dialogue with Google, which highlighted some areas of improvement on the app." He said it seemed that ToTok would be reinstated on Google Play, but added, "On the Apple side, there is less traction due to the holiday season."
Google declined to comment on its decision to reinstate ToTok, pointing instead its original statement: "We take reports of security and privacy violations seriously. If we find behavior that violates our policies, we take action." This seems to imply that in reviewing ToTok, Google didn't find anything about the app that violates Play Store policies. Apple said on Monday that ToTok is still not present in the iOS App Store, but that its investigation into the app is ongoing, more than two weeks after it began.
In general, Google is known for being fairly specific about how denied or rejected apps are in violation of the Play Store's policies. Meanwhile, Apple has a reputation among developers for blocking or removing apps without explanation or with only opaque commentary."If Apple does not reinstate ToTok, that's a crazy precedent to set. Say China claims WhatsApp is a United States government surveillance tool. Would Apple remove it? Or would Apple vet all the developers who submit apps and try to figure out if they are connected to governments,” says Patrick Wardle, a security researcher at the Apple-focused enterprise management firm Jamf, who was the first person to publish a technical analysis of ToTok in late December. "But if they do reinstate it, that also sets a crazy precedent! Basically it green-lights any government surveillance app, as long as the app doesn't violate App Store policies. That would seriously undermine the claims that Apple cares about its users and their privacy."
If there’s anything that’s clear from Apple’s event Monday, it’s that the maker of premium tech products is trying to sell people on its vision for the future of services—a seemingly effortless lifestyle filled with always-accessible media, exclusive video games, and cash-back incentives from a literal titanium credit card.