Changes in iOS 13 may force major redesign of VoIP apps
Major messaging app services that offer calls, such as Facebook's Messenger and WhatsApp, will have to make major changes to their code base to work properly in iOS 13, a report claims, due to fears from Apple that existing methods used by the apps could be used for data collection purposes.
Announced as part of a session on the background execution of apps during WWDC 2019, Apple is forcing apps that perform background processing when not in use to cut down on what they do, for the purposes of saving battery power and improving performance. Rather than keeping apps running, Apple instead wants to restrict the background processing as much as possible.
For apps with a VoIP component, like WhatsApp and Facebook Messenger, they attempt to keep running in the background as much as possible to allow calls to connect quickly. Under Apple's updated system, such apps will have to rely on a new "VoIP push notifications," a type of low-data push to a device that can open the relevant app and perform functions to open the call up.
Developers have until April 2020 to make their apps comply with the requirements.
Citing sources familiar with the matter, The Information claims that both the named apps will force a major redesign, as the background app technique performs a number of functions. Specifically named as a feature needing mass alteration is how WhatsApp handles end-to-end encryption.
The change may also prompt other refinements, as apps were able to take advantage of the background task for internet calls to keep the app in memory, allowing it to launch quicker than entirely from scratch. By switching to VoIP push notifications, this eliminates the benefit of having the app poised and ready to run.
Aside from power and performance, another reason Apple may be closing the function is due to the possibility of the background app collecting data about the user, something which may be seen as a privacy issue.
A Facebook spokesperson insisted to the report it was not using the calling feature to collect data. "To be clear - we are using the PushKit VoIP API to deliver a world-class, private messaging experience, not for the purpose of collecting data."
Facebook also advised the changes are "not insignificant, but we are in conversations with Apple on how best to address" the alterations.
The background processing for VoIP calls in relation to Facebook's apps has been an issue for some time, with former Apple app review team chief Phillip Shoemaker noting Facebook's splintering of Messenger into a standalone app in 2014 didn't end Facebook's use of the feature in the main social network app. While Shoemaker advises Facebook was stopped from using the system in its main app, the VoIP background mode is still actively used in both Messenger and WhatsApp.
"Messenger can still use [VoIP background] mode, and does," Shoemaker said. "What they do in the background, whether it be accept calls, listen in all the time or update the content of the main app, it's all unclear to Apple, but could be happening."
Facebook is not the only app producer to be using the technique, with Snapchat and WeChat cited as using it to run in the background for reasons other than voice calling. The lack of knowledge of what the apps are explicitly doing during those periods has been a potential cause for alarm.
The social network has been caught in a number of compromising situations relating to user privacy over the last few years. Aside from the Cambridge Analytica scandal that cost it $5 billion, the company has also used its now-banned Research VPN app to acquire data on 187,000 users since 2016, which led to Apple temporarily pulling Facebook's enterprise certificate.
Announced as part of a session on the background execution of apps during WWDC 2019, Apple is forcing apps that perform background processing when not in use to cut down on what they do, for the purposes of saving battery power and improving performance. Rather than keeping apps running, Apple instead wants to restrict the background processing as much as possible.
For apps with a VoIP component, like WhatsApp and Facebook Messenger, they attempt to keep running in the background as much as possible to allow calls to connect quickly. Under Apple's updated system, such apps will have to rely on a new "VoIP push notifications," a type of low-data push to a device that can open the relevant app and perform functions to open the call up.
Developers have until April 2020 to make their apps comply with the requirements.
Citing sources familiar with the matter, The Information claims that both the named apps will force a major redesign, as the background app technique performs a number of functions. Specifically named as a feature needing mass alteration is how WhatsApp handles end-to-end encryption.
The change may also prompt other refinements, as apps were able to take advantage of the background task for internet calls to keep the app in memory, allowing it to launch quicker than entirely from scratch. By switching to VoIP push notifications, this eliminates the benefit of having the app poised and ready to run.
Aside from power and performance, another reason Apple may be closing the function is due to the possibility of the background app collecting data about the user, something which may be seen as a privacy issue.
A Facebook spokesperson insisted to the report it was not using the calling feature to collect data. "To be clear - we are using the PushKit VoIP API to deliver a world-class, private messaging experience, not for the purpose of collecting data."
Facebook also advised the changes are "not insignificant, but we are in conversations with Apple on how best to address" the alterations.
The background processing for VoIP calls in relation to Facebook's apps has been an issue for some time, with former Apple app review team chief Phillip Shoemaker noting Facebook's splintering of Messenger into a standalone app in 2014 didn't end Facebook's use of the feature in the main social network app. While Shoemaker advises Facebook was stopped from using the system in its main app, the VoIP background mode is still actively used in both Messenger and WhatsApp.
"Messenger can still use [VoIP background] mode, and does," Shoemaker said. "What they do in the background, whether it be accept calls, listen in all the time or update the content of the main app, it's all unclear to Apple, but could be happening."
Facebook is not the only app producer to be using the technique, with Snapchat and WeChat cited as using it to run in the background for reasons other than voice calling. The lack of knowledge of what the apps are explicitly doing during those periods has been a potential cause for alarm.
The social network has been caught in a number of compromising situations relating to user privacy over the last few years. Aside from the Cambridge Analytica scandal that cost it $5 billion, the company has also used its now-banned Research VPN app to acquire data on 187,000 users since 2016, which led to Apple temporarily pulling Facebook's enterprise certificate.
Comments
There are going to be collectively millions of people that someday look back and wonder and ask how they ever allowed themselves to forfeit so much of their respective personal information just to be able to post "what's for dinner", high school yearbook pictures, along with cute and funny looking animals while at the same time unbeknownst to themselves reading volumes of deceiving and fake news.
That's the issue though... whether you're using it for VoIP or not, these apps are making use of background VoIP processing for which Apple has no idea.
Yes, that was the point of this article...Apple is changing the API for apps that need this type of feature, from an always listening to a notification implementation.
Yeah, right.
These changes seem good to me - Streamline the VOIP API to minimize the overhead and power usage. We’re looking at using iPhones with a Cisco VoIP client at work, so my main concern would be delays in connecting the calls caused by the need to load the app into memory.
BIG difference in models and approaches.
I think Apple's approach here is the right way forward (according to what I was taught in the 1990s about interrupts vs polling), but I also think they're being a bit heavy-handed in how they're forcing the change on developers. Of course, that latter part is nothing new for Apple, it's just something that still rankles - same as every other situation where I get forced to change before I'm ready to.
Maybe this is just “old news” being recycled and the actual news is that Apple is going to strictly enforce it starring in 2020.
There are legitimate reasons for specialty apps to continue to still be allowed to keep a VoIP socket open at all times — for example special purpose vertical market medical services apps where the phone is basically being used as a specialty device and not a general purpose individual owned phone.
Note that except for memory use, an app with the VoIP socket entitlement that keeps the socket open does not necessarily cause great battery use, because the app can still be put into an in between background state where the app is "active" and in memory but in the background and not given processing time unless the socket is addressed by the network or an incoming push wakes the app up.
I do not think that apps like WhatsApp use VoIP socket entitlement to stay resident in memory as I doubt Apple would grant such an app the entitlement and it wouldn't have the huge battery drain spoken of in an above comment. I have expect they are using work arounds or hacks to accomplish the purpose.
The issue being addressed now, is that VoIP apps were abusing the VoIP notifications and sending them for different purposes. VoIP notifications launch the app in the background when the app's server sends a notification. Thus any VoIP app can technically launch their app in the background at any possible moment. Apple is accusing Facebook of sending bogus VoIP notifications in order to turn on their apps so that their apps can then collect data. Apple's solution? Force apps to immediately report a call to the Apple System upon receiving a VoIP notification. When the app reports a call to the system, your iPhone will display the regular Incoming Call screen(and ring and vibrate), and so anytime a app receives this notification the user will see a phone call coming in.
Sounds great! But there are a number of problems with this solution. 1. For Whatsapp before they show you the Incoming Call screen, they want to set up end to end encryption. However with Apple's new restrictions they need to show the Incoming Call screen before setting up End to End encryption. 2. For SMS applications. SMS applications have also used the VoIP notifications in order to deliver SMS messages, now they are stuck. 3. Blocked callers. Sometimes users want to block certain callers, these settings are often stored locally and not on the server. Therefore the server send a notification, and until now the app could choose to ignore it. Not Anymore. 4. China. If your app has the capability of reporting a call to the system, China will not allow it to be available in the Apple App Store in China. China is afraid that these calls are encrypted, and will not allow them to eavesdrop on their citizens. 5. SIP. Most VoIP apps use the SIP technology. SIP takes time to start up. Apple gives them none.
What I think Apple should have done, is require some sort of notification, with a special icon or text (e.g. VoIP notification received) to show that a VoIP notification has been received. This way app developers can explain why the notification came (e.g. "Call Blocked" , "SMS Received") and users will know that the app has been started. Also Apple could have added an extra permission to allow users to allow or disallow VoIP calls. The biggest joke? There is a similar type of Push Notification called Silent Push Notifications. These can still be used at will by Facebook and others to collect your data.