News: 1720506725

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Microsoft China staff can't log on with an Android, so Redmond buys them iThings

(2024/07/09)


Microsoft China will provide staff with Apple devices so they can log on to the software giant's systems.

The Register confirmed this odd state of affairs today after Bloomberg [1]reported that Microsoft China has told its workers to stop using Android devices in the workplace – because they can't be used for authentication.

A Microsoft spokesperson sent us the following statement:

"Microsoft Authenticator and Identity Pass apps are officially available on the Apple and Google Play stores. Due to the lack of availability of Google Mobile Services in this region, we look to offer employees a means of accessing these required apps, such as an iOS device."

That's a remarkable statement, for a couple of reasons. For one, China does not lack for app stores: local giants Tencent, Huawei, and Oppo all run Android app stores. Porting an app for distribution in those stores is not a chore that should terrify Earth's largest software developer.

Yet Microsoft appears not to want to make that effort.

[2]

For another, side-loading apps by uploading a .APK is a possibility, but Microsoft evidently won't go there, either.

[3]

[4]

Some vendors also offer private app stores. Again, Microsoft's not chosen such offerings.

It's also seemingly ignored its own tech: the [5]Windows Subsystem for Android that makes it possible to run Android apps inside Windows 11. Yes, that service relied on Amazon's app store, and Microsoft binned it just 18 months after launch. But the code presumably remains intact somewhere within Redmond's vaults.

[6]Beijing issues list of approved CPUs – with no Intel or AMD

[7]China iPhone curbs reportedly extend to local government and state-owned businesses

[8]China's APT40 gang is ready to attack vulns within hours or days of public release

[9]US-China chip wars 'mainly ideological' says ex-ASML boss

Buying a few iPhones is, however, probably cheaper and easier than bothering to stand up an internal app store – especially after Microsoft [10]offered to move hundreds of its Chinese staff to other nations and [11]closed all of its retail stores in China.

The political cost of this move is harder to calculate. Microsoft's actions are effectively a vote of no confidence in China's mobile ecosystem, given it won't trust local app stores or adopt side-loading for Android devices that connect to local networks. Microsoft has reason to doubt China, which it [12]accuses of acquiring a golden cryptographic key and using it to access email accounts belonging to US government officials.

[13]

Nadella and co may not have much to lose, in the long term, by taking a hard line in China. The Middle Kingdom is pushing to replace Western tech products with home-grown creations and undertaking actions such as [14]banning use of Apple devices by workers in some government offices.

Just what happens if a Microsoft worker needs to authenticate using an iThing while in a Chinese government office is anyone's guess. ®

Get our [15]Tech Resources



[1] https://www.bloomberg.com/news/articles/2024-07-08/microsoft-orders-china-staff-to-switch-from-android-phones-to-iphones-for-work

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Zo0KPyeSdnL4vVYr9CvKRwAAAJc&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zo0KPyeSdnL4vVYr9CvKRwAAAJc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zo0KPyeSdnL4vVYr9CvKRwAAAJc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[5] https://www.theregister.com/2024/03/05/windows_subsystem_android/

[6] https://www.theregister.com/2024/03/25/china_approved_tech_list/

[7] https://www.theregister.com/2023/09/11/asia_tech_news_roundup/

[8] https://www.theregister.com/2024/07/09/apt_40_tradecraft_advisory/

[9] https://www.theregister.com/2024/07/08/us_china_chip_wars_ideological/

[10] https://www.theregister.com/2024/05/17/microsoft_china_staff_relocate/

[11] https://www.theregister.com/2024/07/03/microsoft_china_stores_close/

[12] https://www.theregister.com/2023/09/06/microsoft_stolen_key_analysis/

[13] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zo0KPyeSdnL4vVYr9CvKRwAAAJc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[14] https://www.theregister.com/2023/09/07/china_government_reportedly_bans_iphones/

[15] https://whitepapers.theregister.com/



"golden cryptographic key"

Mishak

Just goes to show that "secure back doors" are anything but. You listening in the UK and EU?

Re: "golden cryptographic key"

that one in the corner

But, but - according to the 2023 article, "Redmond assures us it has made changes to prevent them from happening again".

So don't worry, our UK/EU Golden Keys[1] are totally safe and secure, we can trust anyone in Redmond to have our backs.

[1] note: for the sake of security, end-use governments are given one cooy the Golden Key. In case you forget where you put it, Redmond can help you recover it using their Platinum Key.

Yorick Hunt

It's not a matter of firing up yet another app store; the ridiculously simple (and stupid) reason for the issue is that they've written code that relies on GMS.

Just like the majority of Windows applications these days are grossly bloated because they have an umbilical connection to the DotNet framework*, so too a potentially 10Kb authentication app grows to 50Mb and can't run without a 500Mb nanny.

* Yes, I realise that the framework is these days part of the operating system and therefore doesn't constitute per-app bloating, but it's still unnecessary and a very lazy method of programming.

Anonymous Coward

> Yes, I realise that the framework is these days part of the operating system and therefore doesn't constitute per-app bloating,

Except the next app always seems to need a newer copy of .NET than the one you currently have, so that gets fetched as part of the install, to sit next all the other minor versions in its side by side directory.

TIM_W

I don't get this, you can install MS Authenticator on an Android device from the official app store, and then enrol that app as a third party OATH provider in EntraID.

It does not support push notifications (as the Google Services are unavailable) but you can use it to generate OTP passcodes to provide MFA.

We do this for few users in our Chinese mainland offices and it works well for users that do not have an iPhone.

Did no-one at MS think of that?

Anonymous Coward

> Did no-one at MS think of that?

MS is departmentalized and all the Android geeks quietly vanished when MS got rid of Windows Services for Android.

Anyone else inside MS who is looking up "how to use a cell phone" on Bing just keeps being shown the latest docs on programming Windows 10 Mobile on the Lumia 650.[1]

[1] and the authenticator software really rocks on the Lumia! They keep sending out the purchase requests but just receive these iPhones instead. Weird.

ChoHag

> Microsoft's actions are effectively a vote of no confidence in China's mobile ecosystem

As the article alluded to, Microsoft's actions are a vote of no confidence in its own ability to make software.

They were the last people in the world not admitting that. I don't think they thought this through.

> which it accuses of acquiring a golden cryptographic key

Do you blame the thief for your own unlocked door on the building with the sign that says in bright neon letters "all the money is in here"?

Simulated picture.