ONSAU Regulatory Action in Messages App

no worries.

It is incorrect to say that this message relates to Australia's teen social media ban (which was the Online Safety Act [Social Media Minimum Age] Amendment).

It relates to another part of Australia's internet regulation, which places rules on online messaging platforms about certain requirements, which are included in those links but include things like being able to report non-consensual explicit deepfakes from within the messaging app.

In short: this "ONLINE_SAFETY_AU_REGULATORY_ACTION" message in your settings means that you're using iMessage with a bit of Australian flavouring but in effect there's no real difference.

I was able to get rid of the ONLINE_SAFETY message by going into Settings->General->Transfer or Reset Phone->Reset->Reset Network Settings.

Shutdown and Restart phone.

Still doing some weird things like green message bubbles and the like. Hopefully, there will be an update to 18.2 shortly.

@KiltedTim why be so hostile towards OP? This is a very valid question/concern to have.

For anyone wondering, this is a bug. Apple apps have a key/placeholder value for buttons for devs to toggle on. This looks like they forgot to turn off the feature flag in a production app and that’s why we’re seeing a button that isn’t mapped to a function and doesn’t have proper button text presented.

[Edited by Moderator]

It is not a bug it is to do with Australian law just passed to protect under 16s it results when your OS system on your iPhone is updated to 18.2.1.

this is not correct. This is relating to the Australian government's online safety codes (which are internet regulations) here: https://www.esafety.gov.au/industry/codes/register-online-industry-codes-standards

source: I am a tech reporter.

When your OS system updated on your iphone that is how it resulted. It is to do with Australian law just been passed to protect under 16s.

I can’t tell you why Apple support can’t answer your question because I don’t work for Apple. No one here does.

I’m guessing it’s a requirement of the Australian government that has been implemented in the latest version of iOS.

I'm on 18.3 and the ONLINE_SAFETY_AU_REGULATORY_ACTION message is no longer there.

I'd say it was just a leftover from the development stage. And for those thinking that it's going to be used by the government to read messages, have a read of the "About iMessage and FaceTime & Privacy" link underneath the "Send & Receive" panel in Settings > Apps > Messages.

If iMessages is encrypted to the point where Apple can't read your messages then how can the Australian government?

How to protect from advanced spyware on iOS

Reboot daily. According to research from Amnesty International and Citizen Lab, the Pegasus infection chain often relies on zero-click 0-days with no persistence, so regular reboot helps clean the device. If the device is rebooted daily, the attackers will have to re-infect it over and over again. In time, this increases the chances of detection; a crash might happen or artifacts could be logged that give away the stealthy nature of the infection. Actually, this is not just theory, it’s practice — we analyzed one case in which a mobile device was targeted through a zero-click exploit (likely FORCEDENTRY). The device owner rebooted their device regularly and did so in the next 24 hours following the attack. The attackers tried to target them a few more times but eventually gave up after getting kicked a few times through reboots.

NoReboot: A fake restart to gain a foothold in the system

Disable iMessage. iMessage is built into iOS and is enabled by default, making it an attractive exploitation vector. Because it’s enabled by default, it is a top delivery mechanism for zero-click chains and for many years, iMessage exploits were in high demand, with top payouts at exploit brokerage companies. “During the last few months, we have observed an increase in the number of iOS exploits, mostly Safari and iMessage chains, being developed and sold by researchers from all around the world. The zero-day market is so flooded by iOS exploits that we’ve recently started refusing some (of) them,” Zerodium’s founder Chaouki Bekrar wrote back in 2019 to WIRED. We realize life without iMessage may be very difficult for some (more on that later), but if Pegasus and other high-end APT mobile malware is in your threat model, this is a tradeoff worth taking.

Disable Facetime. Same advice as above.

Keep the mobile device up to date; install the latest iOS patches as soon as they are out. Not everyone can afford zero-click 0-day’s, actually many of the iOS exploit kits we are seeing are targeting already patched vulnerabilities. Nevertheless, many people run older phones and postpone updates for various reasons. If you want to be ahead of (at least some) nation state hackers, update as soon as possible and teach yourself not to need Emojis to install the patches.

Don’t ever click on links received in messages.This is simple advice yet effective. Not all Pegasus customers can afford to buy zero-click 0-day chains at a cost of millions so they rely on 1-click exploits. These arrive in the form of a message, sometimes by SMS, but can also be via other messengers or even e-mail. If you receive an interesting SMS (or by any other messenger) with a link, open it on a desktop computer, preferably using TOR Browser, or better yet using a secure non-persistent OS such as Tails.

This is mine

ShazaW wrote:

Yes I am having issues. This is not a poll or a survey. I am asking if anyone else has this on their phone.

That’s pretty much the definition of a poll…

I have it on mine, my workmate does not. I want to know what it is and there is nothing when I search this on google. Fourth more I have spent a lot of time on the phone with Apple Support and they don’t know what it is.

Sounds like it’s region specific. Can you post a screen shot?

You may want to look at this: https://en.wikipedia.org/wiki/Online_Safety_Amendment#:~:text=It%20is%20an%20amendment%20of%20the%20Online%20Safety,prevent%20minors%20from%20creating%20accounts%20on%20their%20services.

I’m guessing you are underage or need to complete some kind of verification that you are not underage.

I was not 'hostile'. I simply stated a fact.

I'm also not being hostile when I remind you that you accepted an NDA when you joined the beta program which you are violating with this post. Perhaps you should take a moment to actually read it.