A possible unexplored reason for no iPhone wallet apps, and a solution

[casascius]

I wanted to throw out a reason I thought Apple might be weighing for not accepting iPhone wallet apps, that has nothing to do with "censorship", that we should be keeping in mind as we put effort into Apple's policy.

To be clear, I do not believe that Apple has an agenda against Bitcoin that would fit any "conspiracy theory": I am thoroughly convinced that their difficult-to-understand stance is based on articulable business reasons they choose not to share.  It's reasonable - they are a business after all, they are not the government.  I am also going to assume that competition with their in-app purchase system, the iTunes store, and the theory that they might want to start their own "credits" of their own are not the concern (I really don't think they are, and the reasons why are complex and outside the scope of this thread).

For the sake of this thread, these assumptions will be held as true, hence the self-moderation flag.  If you must challenge them, please start a new thread.

A Bitcoin wallet app on the iPhone will bring into focus the security of the platform itself, for better or for worse.  With the homogeneity of the iOS platform, a popular installed base of Bitcoin wallets is a magnet for intrusion and theft, which in all probability will succeed at about the same rate jailbreaking succeeds, and stopping it will be about as fruitless as Apple stopping jailbreakers.  I would expect it to be a miserable failure, barring any fundamental change to the way security is done on iOS.

The fact that a rash of incidents of bitcoins being stolen from iPhones is something that would directly reflect on Apple's reputation and is something they have every right and reason to consider.  To the extent they are forward thinking enough to consider this now, and to the extent they consider their brand and reputation in the marketplace (whatever that is) to be high business priorities, blocking apps for this reason represents a rational self-interested position they have every right and responsibility to pursue.

If this is true, then an Apple wallet app that avoided storing access to bitcoins anywhere malware could get to it would be a different class of app.  Instead of being a wallet, if such an app sent bitcoins directly from a paper wallet (carried by the user, read via the camera just before the transaction), immediately returning the change somewhere safe and forgetting the private key, the risk exposure of a user in the event of an intrusion would be limited to that of the next paper wallet he allowed the phone to see.

In the event of an attack, the user's ability to detect the attack would be immediate (his payment to his merchant would fail in an obvious manner), and assuming he doesn't keep his whole bitcoin stash on a single paper wallet carried in his pocket, his exposure would be limited to what's almost certainly an insignificant fraction of his wealth... i.e. that which he is already willing to carry as cash in his pocket anyway.

Since only a very small percentage of iPhones will have their cameras pointed at a paper wallet at any given moment, the risk of Apple waking up to find millions of customers angry about their Bitcoin wallets being stolen from their iPhone all at a single moment - due to a clever exploit of some sort - will be eliminated to near zero.

The attack surface on a compromised phone would also be sharply narrowed if things were done this way.  Getting access to the camera at a specific moment while another app is controlling it is far more difficult than getting access to a file sitting like a duck in the file system.

To the extent this is a concern of Apple, this would be a plausible solution.  Since such an app would have no wallet capabilities of its own, Apple might not even consider this a "wallet app" and might let it fly right under the radar today were it submitted.

[jacky4566]

As far as I know the block chain app is still on the store? They get around apple because the app stores no currency but only the keys to it. Its only a portal to your online bank account in the same way other banks have apps that let you send money.

[gweedo]

https://developer.apple.com/library/mac/#documentation/NetworkingInternet/Conceptual/StoreKitGuide/APIOverview/OverviewoftheStoreKitAPI.html#//apple_ref/doc/uid/TP40008267-CH100-SW1

You may not offer items that represent intermediary currency because it is important that users know the specific good or service they are buying.

[Stampbit]

iphones r old school, i use a pager

[Gabi]

The problem boils down to the fact that apple can control what you can and you can't install on your phone. And that sucks. Solution: go get an android phone

[BTC Books]

Interesting thought - but I suspect Apple's reasons for banning bitcoin apps lie elsewhere.

If they were concerned that their poor security would be exposed - which essentially is the meat of your thesis - then why do they allow banking apps (from BoA, etc.) in iOS?  And why don't we hear about endless and unstoppable hacks into users' bank accounts?

[dancupid]

The solution is to ignore the whole 'app' concept (previously known as software), and just log into the site you want in a browser - the mechanics are the same.
You can even create a bookmark  and pretend it's an 'app'.
At least that way you don't need to download itunes and wait 3 hours while it 'synchs'

[Gabi]

Interesting thought - but I suspect Apple's reasons for banning bitcoin apps lie elsewhere.

If they were concerned that their poor security would be exposed - which essentially is the meat of your thesis - then why do they allow banking apps (from BoA, etc.) in iOS?  And why don't we hear about endless and unstoppable hacks into users' bank accounts?

Because people want these apps, tons of people!

While a bitcoin app is used by few people. 

[BTC Books]

Interesting thought - but I suspect Apple's reasons for banning bitcoin apps lie elsewhere.

If they were concerned that their poor security would be exposed - which essentially is the meat of your thesis - then why do they allow banking apps (from BoA, etc.) in iOS?  And why don't we hear about endless and unstoppable hacks into users' bank accounts?

Because people want these apps, tons of people!

While a bitcoin app is used by few people. 

That doesn't really respond to my point.  Yes, tons of people want banking apps.

But if the OP's thesis is correct, then why aren't those apps being hacked?  As to your point that bitcoin is tiny compared to online banking - you're correct.  So hackers should be having a field day with stealing all that easy fiat - right?

Maybe someday Apple will reveal why they won't allow bitcoin apps.  But that day isn't today, and I don't believe the OP's reasoning is congruent with Apple's.

[R2D221]

https://developer.apple.com/library/mac/#documentation/NetworkingInternet/Conceptual/StoreKitGuide/APIOverview/OverviewoftheStoreKitAPI.html#//apple_ref/doc/uid/TP40008267-CH100-SW1

You may not offer items that represent intermediary currency because it is important that users know the specific good or service they are buying.

But Bitcoin is not an intermediary currency. Some may use it as such, but it's not the real purpose of Bitcoin.

[BTC Books]

https://developer.apple.com/library/mac/#documentation/NetworkingInternet/Conceptual/StoreKitGuide/APIOverview/OverviewoftheStoreKitAPI.html#//apple_ref/doc/uid/TP40008267-CH100-SW1

You may not offer items that represent intermediary currency because it is important that users know the specific good or service they are buying.

But Bitcoin is not an intermediary currency. Some may use it as such, but it's not the real purpose of Bitcoin.

I know, but i think apple expand that to bitcoins.

I tend to agree.  And that's really the problem with bitcoin.

Everyone is trying to shoehorn it into existing regulatory and fiscal structures, but it doesn't fit.  There's never been anything like it before.

[Stunna]

The main reason in my opinion is that apple simply doesn't want to create more competitors. They find it dangerous to allow any type of payment systems to root themselves within their devices as apple has many interests in microtransactions. Bitcoins could threaten this, in fact there is a company starting up which is designed for microtransactions within video games using bitcoin. Apple wants people to use $$$ so they can get a cut of it.

[casascius]

Interesting thought - but I suspect Apple's reasons for banning bitcoin apps lie elsewhere.

If they were concerned that their poor security would be exposed - which essentially is the meat of your thesis - then why do they allow banking apps (from BoA, etc.) in iOS?  And why don't we hear about endless and unstoppable hacks into users' bank accounts?

They're not the same.  Someone who hacks a BoA app, at best, gets the ability to send fraudulent requests to BoA, who can do their own due diligence and refuse to act on them in the event of a hacking problem (something they're accustomed to dealing with anyway), and can follow any money that gets sent.  The blame for any problems or losses would lie with BoA.  The money isn't in the app or in the phone, and if the credentials get stolen, there's no way for anyone to be sure it was stolen via malware on the phone.

Not so with Bitcoins.  Bitcoin would essentially expose the phone as the weak link.  There'd be no one else to blame, and the proof would be rather conclusive.

As far as I know the block chain app is still on the store? They get around apple because the app stores no currency but...

They get around Apple because... we don't really know.  We would have to be able to read their minds to really know.  Maybe they missed it.  Maybe they let one slide and let us think they just missed it, just as an experiment so they could see how bitcoin apps might work in their ecosystem.  If it ever gets hacked, they can save their name and say "whoops, told you so, not only was this app not supposed to make it to the app store, it hasn't been updated in xxxx long, so no wonder this happened!"  I cannot seriously imagine that nobody at Apple knows about this app by now after this long.

Remember Apple is an organization made of many human beings, each of whom have different interests, agendas, and opinions.  There is no such thing as an organization that robotically follows its written policy to the letter.

[beckspace]

As far as I know the block chain app is still on the store? They get around apple because the app stores no currency but only the keys to it. Its only a portal to your online bank account in the same way other banks have apps that let you send money.

+1

Somewhat i feel that people complaining that the blockchain app is lacking features doesn't own an iPhone. I have one and it's complete.

[🏰 TradeFortress 🏰]

As far as I know the block chain app is still on the store? They get around apple because the app stores no currency but only the keys to it. Its only a portal to your online bank account in the same way other banks have apps that let you send money.

+1

Somewhat i feel that people complaining that the blockchain app is lacking features doesn't own an iPhone. I have one and it's complete.

Blockchain.info gets around of it by secretly including features if you are signed into a "old" blockchain.info account. New blockchain.info wallets don't have send or receive capacities.

Unless you use Android