- cross-posted to:
- apple@lemmy.ml
- cross-posted to:
- apple@lemmy.ml
cross-posted from: https://lemmyf.uk/post/5813538
First ever iOS trojan discovered — and it’s stealing Face ID data to break into bank accounts
cross-posted from: https://lemmyf.uk/post/5813538
First ever iOS trojan discovered — and it’s stealing Face ID data to break into bank accounts
Let’s park the specific geopolitical powers for a moment, because I cannot speak on behalf of countries and their intentions.
People are inherently different, and have different mindsets and believes. You and I clearly don’t fully agree on whether or not iOS App Store should be opened up for example; and while our lack of alignments are fairly benign, there will always be entities on different ends of our own individual biased points of views. Some of these are relatively minor (like the App Store), others are far more significant (like privacy concerns). There are plenty of world powers that would prefer to have access to more private information, and they are, as of today, without third party App Stores, having a much harder time doing such on the Apple iOS ecosystem. This is because in order to run anything, you’d have to get through Apple’s stringent review process, and while there are plenty of terrible things we’d like to see gone from the App Store, they’ve got years of experience in heuristic detection, are generally fairly good about detecting malicious apps, and can revoke notarization when something does slip through.
Now, a hypothetical world power with drastic different view than you or I (and we don’t even have to agree with each other here) could start their own third party App Store, and bypass a lot of the checks and balances currently in place. “Don’t install that app store, and don’t install apps from it” is not an answer if they are in a position of power over you for whatever reason. I’ve called out a couple; maybe you need to pass through their country and their travel authorization at their airport is done via an app distributed only through their own app store; maybe you have family residing in such an area, and their only way to communicate with you is through a chat app through such an app store; etc. etc.
That is the problem this opens up. And while government entities have a lot of surveillance capability, they’re not having a lot of success with modern day end-to-end encryption, which is why there’s continuous legislative attempts against encryption while hiding behind the guise of child protection / anti-terrorism / national security / etc. etc., and the demand is often to have government known backdoors in the encryption – I trust you’re savvy enough to know how absurd that sounds that we don’t need to go into detail here.
Everything that’s came to light so far seems to create a net negative experience for vast majority of iOS users – third party stores that peels away layers of security and losing ability to use PWA are just two casualties we’ve became aware of so far. The gong show will likely continue and we’ll just have to wait to see what else comes to light as it further plays out.
My point this whole time is that this hypothetical world power doesn’t need an open store to make things easier. If they did, they would be doing this to Android already. And no, its not unnecessary because the relevant checks and balances are mostly baked into the OS, not the store. This simply ain’t a thing.
Getting users to install spyware by their own volition is much harder than simply cooking up an exploit to spy on users, or spying directly through the ISPs. Or by triangulating your location through cell towers. Or by legislating backdoors.
I specifically mentioned the NSA not to be political but because they are verifiably already doing the things you said can hypotetically be done, but to both OSes, right now, despite the security measures in place, and for many many years now. Police can effortlessly hack any phone through 4g using equipment called stingrays, right from your pocket, look that one up. There was never a need to make iphones more open and fair to the users to make it happen. Beause its already happening regardless.
Apple is probably peddling this security narrative, but its a fallacious argument at best. And it happens every single time we force them to be good against their will.
I clearly hit a brick wall here so imma just head out, have a good day, and relax about it, its gonna be good for everyone if it comes to pass.