That article is seven years old and in no way reflects current reality. In fact it has never reflected my own experience or that of anyone I know, where iMessage spam has been near enough to non-existent.
And even if there were a spam problem, the risk is mostly on the upside anyway. It would only be an issue if iMessage got a reputation for flooding people with admonishments to take security seriously, purportedly from Apple.
Meanwhile apple has added iMessage apps[1], that you can add to your iMessage and there recently were a few iMessage exploits including a zero-click one[2].
> That article is seven years old and in no way reflects current reality. In fact it has never reflected my own experience or that of anyone I know, where iMessage spam has been near enough to non-existent.
Your anecdotal lived experience is not representative of the entire population.
I personally have encountered at least a dozen spam iMessages (not SMS) in the past year, and several friends of mine have described the same experience. I googled iMessage spam and this was on the second page, just from last year: https://thisrupt.co/lifestyle/imessage-spam-not-thai-chana/ Feel free to research yourself to discover that it is in fact a widespread issue for many people, if not as widespread as it once was since the "Unknown sender" tab was introduced.
Regardless, SMS spam remains an issue, and on iOS, many users may not know the difference, as they're in the same app.
> And even if there were a spam problem, the risk is mostly on the upside anyway. It would only be an issue if iMessage got a reputation for flooding people with admonishments to take security seriously, purportedly from Apple.
You're missing the point. iMessage spam (though it does exist as I've shown above) is not the problem. The problem is iMessage doesn't have a good way to "verify" that messages that purport to be from Apple or anyone else truly are from a known and trusted sender. This deficiency is what enables iMessage spam, and creates the same potential for abuse with this new feature.
> Your anecdotal lived experience is not representative of the entire population.
Of course. That goes without saying. But neither you nor this person you cherry picked from a Google search is representative either. (And it's noteworthy that you had to drill down into Google search results in order to find a useful citation. That alone is evidence of iMessage spam not being a broadly pervasive issue.)
> You're missing the point. iMessage spam (though it does exist as I've shown above)
Huh? I never said it didn't exist.
> is not the problem.
Huh? I never said it was the problem.
> The problem is iMessage doesn't have a good way to "verify" that messages that purport to be from Apple or anyone else truly are from a known and trusted sender.
Yes thank you. this was the concern i was trying - seems like failed - to express.
There was even an article on HN a couple days ago about a money transfer service phishing scam whose initial message looks very similar to this message from Apple.
I think a LOT of people will fall for phishing with cold messages that look like this
That does nothing to verify authenticity within iMessage itself, creating the opportunity for abuse and impersonation I outlined in my other comment in this thread. A simple solution to this problem would be a "verified" indicator for users to know that the iMessage did in fact originate from Apple, without them having to first know that such a support document exists.
Some of these scam messages, being tailored to individuals and not necessarily sent in bulk, do in fact come from technically valid Apple IDs that have been created for the purpose by the scammer. So they would show your little verified indicator just fine, so it doesn’t help.
And they did post the solution in the document. It’s an out of band verification. Pretty tried and true solution.
And even if there were a spam problem, the risk is mostly on the upside anyway. It would only be an issue if iMessage got a reputation for flooding people with admonishments to take security seriously, purportedly from Apple.