Categories
Uncategorized

Apple’s surprisingly poor spam protection in Messages

The iOS Messages app has no way to block alphanumeric sender IDs, either in iOS 10 or in the iOS 11
public beta (as of August 2017).

The app displays a Block this caller menu option against the contact details, but tapping it does nothing, so perhaps it's a long-ignored bug:

There's also nothing an iOS user can do (other than toggling Do not disturb for each such sender ID) because neither does iOS allow a third party app to be set as the default messaging app, nor does it allow programmatic access to SMS, which would at least let a third party app scan and erase such spam.

In past years this oversight was a minor annoyance. This has become a significant problem now as we increasingly use our mobile number as an identifier on online services, and in more ways than is obvious.

For instance not only do e-commerce companies themselves store your mobile number, but also their delivery partners, who need your number in order to call for directions or otherwise. Several office buildings now not only require your mobile number in their entry log, but also verify it with a one time password.

It's a perfect storm: your mobile number is more widely available than ever before, SMS costs have dropped vastly in the last decade, and the SMS app has become the highest priority inbox on people's phones: OTPs, financial notifications, package delivery statuses are all sent as SMSes, so there is no question of turning off notifications for this app.

There's every incentive to cheaply market services both bogus and legitimate over SMS, and consequently every incentive to steal and sell poorly protected mobile number logs.

Apple has built great protection for privacy and from spam into Safari: first Reader Mode, then support for content blockers, and now the use of machine learning to block trackers across websites in iOS 11. Apple's Mail app has also long supported marking email as Junk, and its junk filter seems to have gotten better over each major iOS release.

Given this history, as well as Apple's recent focus on building features into the Messages app, it seems strange that it has ignored elementary spam control for so long.