I believe that's the point. You need to download the APK or whatever IOS provides for developer packages. This means less tracking from the vendor (Google, Apple)
1) It doesn't seem to be a principled decision to stay out of the App Store on the part of Serval's author, who says "trying to get the app approved for release on the Apple App Store. But that will be an adventure for another day."
2) This wasn't planned out months in advance. This is a protest that is organically sprouting up. Nobody wants to add jailbreaking or xCode to the onboarding process for people to join a protest movement.
3) I think worrying about Apple tracking what apps you install is the least of anyone's problems there at the moment.
3) I think the worry is China forcing Apple to produce this info (list of HK users with said app installed), not what Apple themselves would do with it. Maybe not a dealbreaker, but something to consider...
I think China getting that information from Apple is sort of a second-order concern at this point. In a more stable situation, yeah, you don't want the police to have a reason to knock on your door. When you're gearing up to go protest in public and the cops are dropping tear gas on everybody, those sorts of lists are less important. Not saying that it doesn't matter, but there is no such thing as absolute security, it's a series of tradeoffs.
Keep in mind that Apple's iCloud services in China are not actually provided by Apple. They are provided by Cloud Big Data Industrial Development Co., Ltd., and allows Apple to, "continue to improve iCloud services in China mainland and comply with Chinese regulations". [0]
This service even has different terms of service, than the standard iCloud offering (though I haven't done a diff to see what's changed).
The effect of this is that the encryption keys for the service for Chinese users, are in the hands of a state-owned company (not Apple).
I'm a big support of Apple's approach and ethics with respect to privacy generally, however if you're in China, or a citizen of China, then it's probably safe to assume that anything on or passing through iCloud, is fully accessible to the state, without requiring Apple's involvement (e.g. via subpoena).
Anybody have some details on this? I always wondered how this is handled for Chinese going abroad or Foreigners traveling in China without sending the keys back and forth.
Or do Chinese iCloud accounts still use the Chinese servers even when abroad while the western ones get to go through the great firewall for western iCloud?
This is effectively documented in the link provided:
> If you are not a Chinese citizen residing in China mainland, you can edit the country or region setting of your Apple ID to reflect your current country or region and continue using iCloud under Apple's current terms and conditions.
that is an extremely interesting question, both from a technical and juridical point of view. Hope someone will ask apple about this in a more official channel.
The broader question is, if the Chinese state can demand this, then what (other than popular opinion) is stopping other states (with sufficient clout to meddle in Apple's markets and/or operations) from demanding the same?
Context of the conversation wasn't hypothetical future situations, but rather the present situation facing Hong Kong protesters.
Given that the protests are about China's over-reach into Hong Kong rule of law, Apple making any changes in the immediate future to impact Hong Kong residents would be a very challenging decision to make. It would also be particularly difficult to enforce, given that Hong Kong exists on the outside of the Great Firewall, with the rest of the wider Internet.
I disagree, hiding behind the anonymity of the crowd is critical in protests. Yes, they might catch a few people, but if you know for sure they'll just round everyone up later because they know exactly who was protesting, suddenly nobody wants to do it.
Xcode is able to dynamically generate a development provisioning profile, even if you do not have a (paid) developer account. So side-loading is definitely possible, in some respects.
Unable to reply to Illniyar’s comment below. To add to those points on the difficulty (actually practical impossibility), you’d also need to have access to a Mac to do all those things every seven days. That’s a very big ask, along with the technical know how to use Xcode, for so many people in Hong Kong.
Side loading is a threat to Apples control over all iOS and similar AppStore devices. If I didn’t want to comply with the very far-reaching requirements for e g in-app stores, I could just ask my users to side load my app. If for example Audible did this, it’d be a real threat.
