Until we have some outrageously horrible events which will affect directly general population, all this facts will be comfortably avoided and "mitigated".<p>This is systemic problem derived not only from bad management and absence of responsibility.<p>This is "business as usual" with any big corporation. There is no problem until perception of the problem affects sales directly.<p>And in the case with Apple, reality is professionally managed toward "reality distortion field" of uneducated masses who are addicted to "latest tech" and "social validation psychology".<p>I don't know any other corporation which can comfortably keep silence on issues like NSO/Pegasus or just "postpone" intrusion on user privacy as CSAM.<p>People love their shiny toys. This is exactly the dynamic with tobacco companies in the past.
People believed in one point in time that cigarettes are "healthy things, recommended by physicians".
<a href="https://edition.cnn.com/2017/05/24/health/gallery/tobacco-health-claims-history/index.html" rel="nofollow">https://edition.cnn.com/2017/05/24/health/gallery/tobacco-he...</a><p>It is always psychology first, technology second. Or sales and shareholders first, services and tech appliances second.<p>You can thank "geniuses" like Edward Bernays and his contemporaries for this.
This was a very clear explanation of some very serious problems with Apple and the app store. Users who think Apple iOS is secure and private--as Apple keeps explicitly claiming--will be very sorry if their life or well-being depends on being able to have private data.
What really galls me is hoops i have to jump through and the money I have to spend to install my own apps written for my own use on an iOS device. How can that be for my own security? The ability to write a program for a computing device is such a fundamental capability, how can a device that lacks this ability even be sold?
“have you heard about any kind of security problems with Android recently? I haven't.”<p>That’s a pretty silly thing to say [1] and a non-argument. Whether or not you’ve personally heard about security problems with android doesn’t mean they don’t exist or aren’t widely known to others.<p>[1] <a href="https://www.cvedetails.com/vulnerability-list.php?vendor_id=1224&product_id=19997&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=2021&month=0&cweid=0&order=1&trc=363&sha=f1d918201ad0b0851a2b9b9562379023ac51bcd4" rel="nofollow">https://www.cvedetails.com/vulnerability-list.php?vendor_id=...</a>
This is from the same person that reported iOS vulnerabilities recently: <a href="https://news.ycombinator.com/item?id=28637276" rel="nofollow">https://news.ycombinator.com/item?id=28637276</a><p>Thanks for all the work.
So static analysis will not catch private API usage, so is mostly useless for protecting the users, it is interesting that such a rich company could not hire a team of competent developers to produce an actual secure way to give applications(and users) access to the private APIs.<p>Does Linux/BSD sandboxing system offer such protection?
> com.apple.developer.pushkit.unrestricted-voip<p>Do Duo, Otka, or Microsoft Authenticator have the special notification entitlement? These notifications never seem to be delayed no matter what internet climate i'm in unless i'm literally in the middle of nowhere.