Is TikTok Safe? – Intego Mac Podcast Episode 341
Posted on
by
Kirk McElhearn
What does the future look like for TikTok now that it has less than a year to avoid being banned in the US. And is the platform safe to use? After two data breaches, Roku introduces so-called two factor authentication. Are Roku users safer? And the rumors say new iPads will be announced next week. Anything else? We’ll have a quick preview of Apple’s “Let Loose” event.
- Let Loose, Apple Event May 7
- iPadOS 18 could ship with built-in Calculator app, after 14 Calculator-less years
- Everything you can do with the Apple Pencil and Logitech Crayon on your iPad
- Kuo: Apple cuts Vision Pro shipments due to low demand
- Zoom submitted a security update to the App Store 1½ weeks ago… where is it?
- XAgent Spyware Targeting iOS Devices in Western Europe: Analysis of Capabilities
- 13-year-old Marco Liberale created a proof-of-concept botnet that works on macOS
- After my brother’s iPhone got stolen… he got phished
- The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers
- Roku’s amateur two-factor authentication could put you at risk
- Windows 11 Start menu ads are now rolling out to everyone
- China Orders Apple to Remove Popular Messaging Apps
If you like the Intego Mac Podcast, be sure to follow it on Apple Podcasts, Spotify, or Amazon.
Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you’re ready to buy.
Get Apple security news delivered straight to your inbox, for free. Intego’s twice-monthly newsletter will keep you informed about Apple-related privacy and security, along with tips and tricks for getting the most out of your Mac or iPhone. Subscribe for free—no strings attached.
Transcript of Intego Mac Podcast episode 341
Voice Over 0:00
This is the Intego Mac Podcast—the voice of Mac security—for Thursday, April 25 2024.
This week’s Intego Mac Podcast security headlines include: what does the future look like for TikTok now that it officially has a year to avoid being banned in the US. After two data breaches, Roku introduces — so-called — two factor authentication. Are Roku users safer? And the rumors say new iPads will be announced next week. Anything else? We’ll have a quick preview of Apple’s “Let Loose” event. Now here are the hosts of the Intego Mac podcast. Veteran Mac journalist, Kirk McElhearn. And Intego’s chief security analyst. Josh Long.
Kirk McElhearn 0:49
Good morning, Josh, how are you today?
Josh Long 0:51
I’m doing well. How are you, Kirk?
Kirk McElhearn 0:52
I’m doing just fine. Are you ready to “let loose” on May 7?
Apple announces “Let Loose” event for May 7
Josh Long 0:55
Yeah, we’re getting an Apple event coming up. And it’s called “Let Loose”.
Kirk McElhearn 0:59
People have been examining this, the kremlinologists of Apple event notifications, trying to figure out what it is. I was talking to someone yesterday I was saying, Well, yeah, you can see the hand holding the Apple Pencil, right. And he said, I didn’t notice that really as if well, if it’s too small. And the article you looking at, you might not see it. But yeah, the new Apple Pencil is a hand holding the pencil, drawing what looks like flowers, it will use your creativity with the new Apple Pencil, let your creativity flow through the Apple Pencil, that sort of thing.
Josh Long 1:26
And we know it’s not just an Apple Pencil, like they wouldn’t have an event specifically just for a pencil. So we know we’re getting new iPads too. This has been a long time coming. And what has it been like, it’ll be like 20 months or something like that, by the time we get them. So that’s a very long time to go without any updates to the entire iPad line. So now we finally have an answer. We don’t know exactly when they’re going to ship, but at least they’ll announce them on that date. And probably pre orders will open up shortly thereafter.
Kirk McElhearn 1:56
Now, I’ve been saying for months that I think that they’re unifying something in the iPad platform. And maybe what they’re doing is creating a whole new line of devices, they can use the same pencil, because certain devices can use one model and others can use another model. And maybe they’re making a pencil that will be usable for all the devices going forward. Maybe it’ll even be usable on the iPhone.
Josh Long 2:18
That would actually be really cool. I would love to see something like that. It’s such a weird thing. And we have an article about this. If you’re curious about Apple Pencil compatibility, which version of the Apple Pencil do you need if you’re using which iPad? It’s so confusing. It’s ridiculous. This is not Apple like. And so yeah, I would I would I really hope that the new Apple Pencil is going to work with all the new iPads, whatever they end up announcing, I hope and expect that they’ll probably be refreshing the entire iPad lineup, we’ll find out soon enough, less than two weeks away.
Kirk McElhearn 2:51
Yes. And it’s at 7am California time, which is an odd time it’s very early, it’s usually 10am. Or they did one the last one was much later. It’s not clear they’re trying to target different regions to get them in the time slots when people would watch it. In this case, it would be a good time for well, East Coast us is going to be 10am, but maybe Central Europe, where it’s going to be three 4pm like it’ll be 3pm here in the UK, 4pm and France and Germany, etc. So maybe they’re targeting that demographic that they don’t pay attention to. Maybe the whole point of these pre recorded events is to allow them to stagger them at different times. So each part of the world feels that they’ve got an event at a time that they can watch.
Josh Long 3:32
Yeah, it is a nice thing. I’m sure for a lot of people in other countries that just you know, have always felt out of the loop on these Apple events. You can’t watch them live unless they stay up into the middle of the night. So it’s nice that Apple’s from that perspective. It’s nice that Apple’s experimenting with different times that they start these events. It’s fine for me either way. It’s either at the beginning of my day or the end of my day. Either way, I’m okay in California.
Is Apple preparing a Calculator app for the iPad?
Kirk McElhearn 3:58
Okay, we have a rumor. Are you ready for this iPadOS 18 may be getting a calculator app. I had to catch my breath when I read that an actual calculator app on iPadOS. This is the kind of thing like who at Apple has been blocking this for years and years and years. Look how long it took to make a proper weather app for the iPad. Right? They had the Weather app for the iPhone and you couldn’t get it for the iPad. How hard is it to make a calculator app for iPad? Why did it take so long? In a company this size? There’s a team responsible for the calculator app that have nothing to do all year except a few updates for new operating systems. They could have made a dozen different versions.
Josh Long 4:41
So this story sort of evolved. It started out with one of the Apple news slash rumor sites kind of saying Apple is planning a new version of the calculator app for Mac OS and I was like really this article did not even mention iPad one time. If there Making a brand new revised revamped calculator for macOS? Wouldn’t this be a great time to update the you know, to finally make a the first official Apple calculator app for iPadOS like it would only make sense to do them at the same time. So the original article never got updated after I kind of teased the author of that article, but they did a few days later published this article about iPadOS, a teen might also be getting a calculator app and like, Yeah, you think?
Kirk McElhearn 5:30
Yeah, it’s due and I wonder if they’re going to because there were rumors of a modified Calculator app for Mac OS, I hate to say something on steroids, but something with a lot more power. I wonder if they’re going to somehow link the calculator to the numbers app with spreadsheets, so you can do a calculation and then bounce it into a spreadsheet? Or maybe there’s going to be calculations with AI that you can do in the calculator app. All speculation.
Josh Long 5:55
Calculations with AI. Okay. Well, what do you mean by that?
Kirk McElhearn 5:59
Well, I don’t know. So a lot of my clients are in the US. So I have exchange rates when I get invoices. And maybe can you predict exchange rates for the next month, something like that, maybe you’ll be able to use a spreadsheet and the calculator to do tests, instead of doing them in the spreadsheet, altering the form, you will maybe you’ll be able to do it in the calculator, and then copy the formula into the spreadsheet, it’s notoriously difficult to put formulas into spreadsheets, at least for people who don’t do this for a living. So it might be easier to do in the calculator, then copy the formula, put it in this. There’s a whole world of calculation that can be changed out there.
Josh Long 6:34
That’s pretty interesting. Yeah. And I actually have seen a calculator, third party, obviously, calculator apps that do these kinds of things, too. They’ll do unit conversion, they’ll do monetary conversions for you and a whole bunch of other things. So it would be really interesting to see Apple doing something like that. I don’t know if we’re getting that or not. But the very least just a basic calculator app would be nice, right? I assume, because it’s on a bigger screen, they’ll probably do maybe like graphing, make it a graphing calculator and do some other fancy things like that too.
Has Apple reduced Vision Pro production?
Kirk McElhearn 7:04
Didn’t they have a graphing calculator in the first version of Mac OS 10? (They might have.) It was always in the Utilities folder somewhere, but I never needed it. So I wouldn’t you know, but when you’re in high school or college, you need that for certain types of things. I never used it anyway. calculators are things that we use under duress. So I would welcome any improvement, we want to briefly talk about a rumor. And this is a kind of well founded room with an analyst named Ming Chico, who I think what he will does is he looks at suppliers for Apple, and how much they’re making to be able to predict how many Apple products the company is planning to sell. And he’s saying that Apple is slashing their Vision Pro production. They’re counting to sell between 404 150,000 units this year, whereas they had planned to sell between seven and 800,000. And in the third paragraph of the article in The Verge we blinked to facing the unanticipated drop in steam Apple is now adjusting its headset roadmap, did they really not anticipate that people wouldn’t want to pay $3,500? For the Vision Pro? Did they really not anticipate that this was a totally new product candidate? Well, a mostly new product category at a luxury price, and that this would not sell as well as you think they’re kind of in a silo drinking the same kool aid if they really thought this was going to be a best selling product?
Josh Long 8:28
Well, one of the things I think is interesting about this is that we’ve gotten some indications that Apple may be planning to launch as soon as sometime this year, Vision Pro and other countries. So according to some like virtual keyboard languages that they’ve started to put into the operating system. It looks like it may be coming to Australia, Canada, China, France, Germany, Japan, Singapore, South Korea and the UK sometime relatively soon. So if they’re planning to launch in like nine additional countries, why are they cutting the supply? Now, you would think that they would be at least keeping supply where it is, if not ramping it up slightly in anticipation of a multi-country launch sometime this year.
Apple has yet to approve latest Zoom app with security fixes
Kirk McElhearn 9:13
Unless they’ve already manufactured enough for what is going to be sold in these other countries. If they’re extrapolating US sales to the other countries, and they’re saying the US sales are half what they expected, then maybe they don’t need any more. For the other countries. They’re watching it. And we’ll know soon. A couple months, I’m willing to bet that we’ll see some mention of diVision Pro at the worldwide developer conference in June. We probably won’t see it on May 7 with a wet loose event. Because that’s not really the thing, although they could have a brief thing just to remind people of diVision Pro, they tend to do that. We’ll find out zoom submitted a security update to the app store a week and a half ago, but where is it? Have you found the Zoom security update? I’m looking in the show notes and you saying where is it? Did you find it between the moment you type that and now?
Josh Long 9:59
So If this is a thing that I’ve noticed happens a lot, usually at least once a month, we get zoom updates on both desktop and on mobile. And they often say that there are security enhancements in the new version of the app, they don’t always really give a lot of details on it. They do have a security advisory page on their website. And so far that hasn’t said what has been included in the new version of zoom. So the Zoom app has now been renamed zoom workplace. And it’s now on version 6.0. point something. Zoom appears to have submitted their new version of the app to the iOS App Store on April 15, according to their own documentation. And they also submitted another version on April 19. So far, we’ve gotten neither of those versions on the iOS App Store. So it seems like they’re kind of hanging in this like Apple approval limbo right now, which is pretty weird. And a little bit concerning, because apparently, there were security enhancements in these new versions of the app, or at least the 6.0 point one. And then since then, there’s also been 6.0. Point two, which would incorporate the previous versions, security enhancements, so we don’t have them yet. Meanwhile, on Android, they got the update on April 18. So it only took three days for Google to approve the update on Android. And now we’re at like a week and a half on iOS. So I don’t know what is going on and Apple headquarters, they apparently are just fine with approving a bunch of like posts, potentially malicious apps all the time. And then they delay apps that actually have security updates. And then like, I just scratch my head sometimes and wonder like, What the heck is going on at Apple?
What is XAgent spyware?
Kirk McElhearn 11:47
Okay, we have some new malware, we were saying before the show, it used to be new malware, oh my god, this is like such a big deal. And it’s become so common now that we’re just going to mention this in passing. And we’re going to do this in 90 seconds. XAgent spyware targeting iOS devices in Western Europe. Here’s an analysis of capability. So iOS devices, spyware, we used to think that iOS was much safer, much less likely to get malware, but it seems more and more common. Yeah.
Josh Long 12:14
So. First of all, let’s let’s talk about that XAgent, iOS spyware. So this was reported on by the antivirus industry veteran who wrote an article about this, and noted that apparently had been targeting countries in Western Europe. Now eXAgent is some iOS spyware that has been linked to a potentially Russia based threat actor. And well, you know, one of these advanced persistent threats or AAPT groups. And so he he wrote up some details about the capabilities of this malware, and claims that it may have been spreading sometime recently in Western Europe. If you have Intego software, we do detect this malware, however, because this is iOS malware. And Apple doesn’t allow you to run antivirus software on your iPhone, it is a little bit difficult to tell whether you have an active infection of this. But this is one of those kind of like state sponsored mercenary spyware type things. In this article, it doesn’t really talk about how an iPhone could have gotten infected with this. But apparently, it’s still out there. It’s been around for a few years. And it continues to spread in the wild apparently. Meanwhile, we have another story about a 13 year old who created proof of concept malware, a botnet command and control server, the whole shebang. And this apparently works on Windows, Linux, and Mac OS. And he put this all up on GitHub, even 13 year olds are developing malware these days. And because it’s one of those things that like it’s open source, and you could potentially use this as a good guy, you know, a penetration tester, for example. It’s one of those things that like GitHub is probably not going to take this down. And we don’t know that it’s been used in the wild yet. But you know, there’s yet another piece of malware that’s out there and ready for the bad guys to potentially use.
Kirk McElhearn 14:16
What this says to me is that there aren’t enough good after school jobs anymore.
Josh Long 14:22
So you would rather the 13 year old go work for a fast food company rather than creating malware.
Kirk McElhearn 14:27
I think that would be better for all of us. Let’s take a break. When we come back. We’re going to talk about TikTok and is it safe or not?
Voice Over 14:37
Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego’s Mac Premium Bundle X9 includes Virus Barrier, the world’s best Mac anti-malware protection, Net Barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important files safe from ransomware. And much more to help protect, secure and organize your Mac. Best of all, it’s compatible with macOS Sonoma, and the latest Apple Silicon Macs. Download the free trial of Mac Premium Bundle X9 from intego.com today. When you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode’s show notes at podcast.intego.com. That’s podcast.intego.com and click on this episode to find the special discount link exclusively for Intego Mac Podcast listeners. Intego. World class protection and utility software for Mac users made by the Mac security experts.
Bizarre phishing scheme targets friend, relative or associate of stolen iPhone
Kirk McElhearn 15:53
So before we get to TikTok, we want to talk about a few other news stories. We have a Twitter thread from someone whose brother’s iPhone got stolen, and then he got fished. Now we don’t know a lot about this. But it does raise some interesting questions and suggests a few things that if you see them happen to you, you should be very careful.
Josh Long 16:12
Yeah. Okay. So really quickly, some guy’s iPhone got stolen, his friend received a message stating that his iPhone had been found. That message included a link that looked kind of like one of these find my location tracker things. So the friend clicked on the link. And it asked for the passcode for the iPhone that had been lost, trying to trick them into thinking that like this is a way to prove that it really belongs to you. But of course, in reality, this page was a phishing page, and they were trying to find out the pin code to get into the iPhone. It’s kind of unclear how the person who stole the iPhone knew that this was the friend of the person whose iPhone got stolen, that part of this whole thing is a little bit unclear. But then, if you had gone on beyond that, if you put in a PIN code, the next thing would ask you for is to sign in with your Apple ID. Again, this is still actually a phishing page. So they would have not only your pin to get into your iPhone, but they would also have your Apple ID username and password. Pretty clever phishing method. The one thing that’s really unclear here is just how exactly the attacker would have known the friend and thought that the friend would go to the person whose iPhone was stolen. That is all very fuzzy.
Kirk McElhearn 17:35
Okay. Do you remember back in iOS 8, when third party keyboards were first allowed on the iPhone. And this was a big deal. Everyone was getting interested in the swipe keyboards that now are standard in iOS. I haven’t heard anyone talk about keyboard apps in years on the iPhone, it’s not the kind of thing to say, Hey, I got this great new keyboard app. Baidu’s iOS keyboard has weaknesses present in cryptography implementation. Baidu is kind of like the Chinese Google.
Josh Long 18:01
Now this is really interesting, because this is a report published by Citizen Lab. And they talk about things like mercenary spyware and other things like that. But they also investigate other potential security and privacy vulnerabilities sometimes. And in this particular article, they’re mostly focused on Android third party keyboards, they do talk a little bit about Windows and iOS. The one that affects iOS is just this Baidu keyboard. Apparently, they have kind of a weak cryptographic implementation in their keyboards. So maybe consider not using the Baidu keyboard if you are using it, I don’t imagine probably we have very many listeners who are. But it’s especially important to note if you have Android or if you have Windows and you’re using a third party keyboard on those platforms, then there are some much more severe vulnerabilities. As bad is this working exploit created to decrypt transmitted keystrokes for both active and passive eavesdroppers if that doesn’t sound a little bit scary? Well read the article, I guarantee you’ll be a little bit concerned about it.
Kirk McElhearn 19:08
So there are a keystroke logger. And that’s I would always thought that these keyboard apps could be keystroke loggers. And I never really used when they
Josh Long 19:15
made it possible for bad guys to potentially log keystrokes and things like that. So yeah, it sort of added vulnerability to your system by using one of these third party keyboards. And there’s a whole bunch of different manufacturers that are listed here, an app developers listed. Okay,
Roku introduces two-factor/two-step verification after data breaches
Kirk McElhearn 19:32
Last week, we talked about a very large Roku data breach, I think it was 576,000 accounts. Roku has mandated two factor authentication for their accounts, except it’s not real two factor authentication. It’s like the kind of two factor authentication that six year olds would come up with.
Josh Long 19:50
Well, okay, it’s more accurate to call this two step verification. You’ll notice that a lot of companies use that term now. And that’s for good isn’t because sometimes it really just means you’re getting some second factor that’s on the same device that you’re using to sign in with. So it’s really more of a second step than it is a second factor in many cases. But the way that Roku implemented this, when you put in your password, they now send you an email to your registered email address, and you must click on a link in that email to finish the signing process. Now, when I first read that at Roku had added a second factor authentication, I thought, oh, okay, well, I’ll document this for my article that I’m writing up for the Mac security blog. And so I’ll put the steps to go through to like, set this up. But that’s it. That’s the whole thing. Every single time you sign in now, you just get a link emailed to you. And you click on that I’m like, Okay, well, it’s not exactly two factor. The really big flaw here is if remember, like these 576,000, Roku accounts were supposedly exposed due to password reuse, and credential stuffing attacks. If you had used the same password for your email that you use for your Roku account, then this is just a minor annoyance to the people who want to break into your Roku account. Because now they can just log into your email account using the same password because you unfortunately reused it. Now they not only have access to your Roku account, which is like who cares, but they have access to your email, which means they can reset the passwords on every one of your other accounts, and basically take over your entire digital identity.
Kirk McElhearn 21:37
Gee, that’s a real buzzkill, Josh.
Josh Long 21:39
So the takeaway is Don’t reuse your passwords, you need to have unique passwords, especially on your email account.
Windows operating system shows ads in the Start Menu
Kirk McElhearn 21:48
Okay, so Windows is doing something. And I want to I want to make a complaint. I think that the “advertisification” of the internet is one of the worst things that’s been happening in recent years. It’s not new, but it’s gotten worse. And Windows is starting to add ads advertisements to the windows 11 Start menu. If anything would keep me from using Windows, it’s this now, they are saying that these are recommended apps from a small set of curated developers an example that shown in the verge article we link to is about one password. There is no way I’m going to put up with ads in my operating system. I will stop using computers. I will go back to abaci if I have to. If if Apple were to put ads in the operating system.
Josh Long 22:33
Is that the plural of abacus? (It is.) “Abaci”? (Yes.) Okay. I’ve never heard that before. But okay. (I do crossword puzzles a lot.) Yeah, this one Windows 11 Start Menu ads thing. This reminds me of you know, you can get a Kindle or an Amazon Fire tablet that has ads on the lock screen. And they try to kind of like encourage you to because it gives you a cheaper price. You know, like you can choose to get with ads and save a little bit of money if you don’t mind seeing the ads. But in this case, this is just Windows throwing it at everybody. And oh my gosh, that is so obnoxious.
Kirk McElhearn 23:11
Now to correct you, Amazon, it’s not ads, it’s special offers. Oh,
Josh Long 23:15
I’m sorry. It’s special offers?
TikTok has a year to find a US buyer or be banned in the US
Kirk McElhearn 23:18
Yes. I always pay the extra 10 or 20 pounds to not have that when I buy a Kindle. I have never owned a Kindle with special offers. Because I find that insulting. I want to read a book, I pick up my Kindle. And here’s an ad for whatever. Because it’s not just it’s not just special offers for books. It’s special offers for anything, probably the last thing you looked at on Amazon. And you know, do I want to see ads for cat food on my Kindle? No, thank goodness Apple’s not doing this. We’re gonna be talking about TikTok in a second. And it’s interesting to use this as a counterpoint that China has ordered Apple to remove popular messaging apps from app stores in the country, WhatsApp signal and telegram among others. It’s not just Apple, it’s all companies all app stores. So focusing on Apple in the article is a bit disingenuous. But it does point out how we’re in a sort of a war between China and US companies about social media. So let’s talk about TikTok is TikTok safe. TikTok is really complicated. So we’re recording this on the 24th of April and this morning, President Joe Biden signed a bill which would ban TikTok if it is not sold or divested, so they could divest it to a US company or they could sell it to us company. We have an article on the Indigo Mac security blog that I’ll link to in the show notes. And one thing that I noticed when researching the article is a lot of people said that China would never give up the TikTok algorithm. They consider that one of the most valuable parts of the company. This said anyone can reverse engineer an algorithm like that. It’s just well someone who spent three seconds looking at this video which showed them another video like that because that’s basically what it is. There are a lot of reasons why TikTok is unsafe. And we’re going to talk about some of them.
Josh Long 25:01
Well, the main reason supposedly that this TikTok ban came up in the first place is because of alleged national security risks. And so because TikTok’s parent company has ties to the Chinese government, there’s a concern that bytedance the parent company may be acting on behalf of the Chinese government and maybe doing some surreptitious things maybe spying on people. TikTok is reportedly spied on journalists from at least a few different news agencies who had written critical articles about the platform. TikTok had also apparently logged user keystrokes in the past, which is really concerning, right? Like these are not normal things for any app to do. And so the fact that this is a Chinese owned app makes people especially concerned.
Kirk McElhearn 25:53
A lot of governments consider this a national security threat. And many countries have banned it already least for government employees, some countries like India have banned the app entirely. And that’s, you know, one of the largest countries in the world, but government employees, they don’t want people using it because of all these reasons, bottom keystrokes, potentially recording location data, and the other type of information that TikTok collects. Now, it’s worth pointing out that if you use facebook, WhatsApp, Instagram, Twitter and any of these other apps, they’re also they’re not probably not logging keystrokes, but they’re recording location information, information about the websites you visit, if you’re using an in app browser, etc. So what’s the difference between the two? I can’t really put my finger on it.
Josh Long 26:33
Well, yeah, that’s one of those kind of oddities here, right? Like we’re giving kind of special treatment in a way to US based companies, it’s like, Sure, you can starve up all the day of the that you want, we’re not really going to punish you all that much. Right? We may occasionally have you come in testified before Congress, but in the end, we’re not really going to do anything about it. And in the meantime, you’ve got Chinese companies, and it’s like, oh, no, we must break them up and make them sell to a US company or become, you know, spin off into a US kick. Okay, all right. Either way, you’re getting spied on by somebody. And I don’t know that it’s that much better to be spied on by US based companies.
Kirk McElhearn 27:13
We’re gonna refer you to the article because we talk about a number of things about privacy, about content, moderation, and bullying, and things like that. But one thing we want to focus on that I haven’t seen covered very much is the fact that if the app is banned, anyone who has TikTok on their device will still be able to use it. And when security vulnerabilities are found, they won’t be able to download updates to TikTok because it will be removed from all the app stores. Now, this might mean that for a month or two, you’ll be using TikTok and it’s okay. But as time goes on, and more security vulnerabilities are patched, it becomes more and more insecure. So we’re not talking about the safety about being spied on or keystroke logging, we’re talking about the type of vulnerability that people could exploit through the app.
Josh Long 27:57
Right. And I haven’t seen anybody talking about this. But this is one of the first things that I thought about when we talked about this whole like possibility of the TikTok app being banned. Because of the nature of this only being banned and potentially in the US. That means that Apple can’t revoke the developer certificate, it still has to be available in every other country. So if you’ve already got the app installed, it’s probably pretty unlikely that Apple would actually go to the length of removing it from your device, unless they were compelled to if they were forced to by US law, then maybe they would have to do that. But nobody’s talking about removing it existing installations. So that’s where this becomes a little bit problematic, because apps do have security vulnerabilities. And they are discovered over time. And so you might, you know, maybe TikTok is going to allow people who already have the app installed, to continue to use the app. And, you know, not require you to upgrade to a newer version of the app in order to use the platform. In other words, however, if at some point, there is a vulnerability in that software, you’re now not going to be able to get an update to it, because you’re gonna have an app store that’s not listing that app anymore, and not listing updates for that app anymore. Whereas everyone else in the entire world is able to still get updates, you won’t be and so you’ll have a vulnerable app. That’s really problematic and not something that of course, any politician has given any consideration to.
Kirk McElhearn 29:32
We don’t know of any instance, when Apple has used the famous kill switch to delete an app from everyone’s device. One could speculate that they wouldn’t use it in this case, but we don’t know about that.
Josh Long 29:44
Yeah. And again, I don’t think that that’s likely to happen unless the government tells apple that they must do this because Apple’s not taking a position in this fight. They haven’t come out either way on the side of the US government saying yes, we agree that TikTok’s the problem and I don’t expect them to do that. And I also haven’t seen Apple coming to TikTok’s defense either and saying no, we believe that TikTok should remain on the platform. Now, maybe Apple just hasn’t made a statement about it. Maybe they’re going to wait and see what actually happens, because this whole thing won’t actually take effect until a year from now. If we potentially have a change in President then that might reverse this order. So we don’t even really know like, what’s going to ultimately happen, but this these are just some considerations and some things to think about that. I don’t think Congress has given any consideration to or anybody in politics.
Kirk McElhearn 30:39
Okay, that’s enough for this week. Until next week, Josh, stay secure.
Josh Long 30:42
All right, stay secure.
Voice Over 30:45
Thanks for listening to the Intego Mac podcast, the voice of Mac security with your host, Kirk McElhearn and Josh Long. To get every weekly episode, be sure to follow us on Apple Podcasts, or subscribe in your favorite podcast app. And, if you can, leave a rating, a like or review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode at podcast.intego.com. The Intego website is also where to find details on the full line of Intego security and utility software. intego.com.
