upvote

points

by aucisson_masque15 hours ago |
comments
upvoteby hellojesus8 hours ago|
next
[-]
I haven't seen new data from celbrite in awhile, but I believe that grapheneos was the only truly secure phone from it for both bfu and afu as of a couple years ago.

Apple lost my confidence after they removed Advanced Device Encryption for British users (plus implemented age verification for them).

https://discuss.grapheneos.org/d/14344-cellebrite-premium-ju...

reply
upvoteby virgildotcodes7 hours ago|
parent|
[-]
I think it's been said that nobody has yet cracked Apple's Lockdown Mode, but that's likely not truly comparable?
reply
upvoteby strcat2 hours ago|
parent|
next
[-]
iPhones with Lockdown Mode enabled have definitely been exploited which is confirmed by leaked documents and statements from commercial exploit vendors. Lockdown Mode primarily reduces attack surface in Safari and from Apple services. It does very little to protect against other attack vectors such as messaging apps or physical data extraction.

https://support.apple.com/en-ca/105120

You're thinking of Apple saying they haven't detected a case of a device with Lockdown Mode exploited in the wild themselves. Extremely few devices use Lockdown Mode and Apple has very little insight into successful exploits so there isn't much opportunity for them to detect it in the first place. Lockdown Mode bundles everything together and has very inconvenient changes many people won't accept. That greatly reduces usage even by people fully aware of it who want a lot of what it provides. For example, there's

Apple has said they haven't seen a case of a device with Lockdown Mode being exploited which is extremely misleading. Apple doesn't have that much visibility into devices being exploited and would mostly seen failed attempts. All of the Lockdown Mode functionality being bundled together contributes to it barely being used. There's no opt-out system for most of it beyond disabling it as a whole. Only a subset of the Safari restrictions can be partially disabled per-app and per-site which doesn't fully restore web compatibility. It's more that hardly anyone is using it and that Apple doesn't have much insight into apps and the OS being exploited successfully in the first place. Lockdown Mode is definitely useful but people should read about what it actually does and compare that to how devices get exploited. Apple's memory corruption exploit protections aren't tied to Lockdown Mode.

reply
upvoteby soco5 hours ago|
parent|
prev|
next
[-]
How is then law enforcement getting what they need from people's iphones? Because I understand they do, in some way. And I'm not asking about forcing people to hand over pin or fingerprints, but just by themselves.
reply
upvoteby strcat2 hours ago|
parent|
next
[-]
Lockdown Mode is focused on reducing the attack surface from Safari including the WebView and Apple services including iMessage/FaceTime. It does nearly nothing to protect against non-browser/non-messaging attack vectors in the OS or other apps. It's up to app developers to implement similar restricted modes and also baseline exploit protections. App developers need to explicitly opt-in to using the standard exploit protections used in many parts of the OS and Apple discourages doing it:

https://developer.apple.com/documentation/Xcode/enabling-enh...

reply
upvoteby varispeed1 hours ago|
parent|
prev|
[-]
iPhone security is a myth. This is because you can't scan iPhone for threats, so Apple can pretend they don't happen. iOS is probably the least secure platform there is thanks to the security by obscurity approach by Apple.

You can use iPhone being blissfully unaware it has malware on it even in Lockdown mode (which is essentially cope mechanism and Apple way of saying "we care about security, trust us bro").

reply
upvoteby kakacik2 hours ago|
prev|
next
[-]
Can I plug iphone via usbc and access photos and videos directly and rest of the filesystem directly? Thats my flow, I am not buying a phone which has this artificially disabled 'for my own good', while being unix under the bonnet. Insult to my intelligence and all that.
reply
upvoteby poolnoodle5 hours ago|
prev|
[-]
You really think Apple doesn't gather data on what you do on your devices? This notion that Android == spyware is so old and boring but HN just loves Apple.
reply
upvoteby aucisson_masque3 hours ago|
parent|
next
[-]
I'm sure they do collect data but not to the point that they hamper functionality. They still focus first and foremost on usability, functionality whereas Google focus on collecting data, serving ads and then on functionality.

But yeah, there is no doubt in my mind that they both collect as much as they can.

reply
upvoteby mbgerring4 hours ago|
parent|
prev|
[-]
Google gets nearly all of its revenue from targeted advertising, and Apple does not. Apple has an incentive to restrict or completely deny third-party data collection, because they’ve made privacy a major part of their brand marketing and there is major reputational risk to Apple for being caught lying about this. Apple’s “Ask App Not To Track” feature made such a measurable dent in the revenue of various surveillance tech companies that they complained about it, loudly, including Meta paying for a full-page ad in the New York Times about it.

There are multiple objective reasons to believe that Apple is a more trustworthy actor here than other companies, including vulgar capitalistic reasons.

You can just say “pfft, wow, you really believe that?”, I guess, but if that’s your position there’s no reason to argue about this with you.

reply
upvoteby kakacik2 hours ago|
parent|
[-]
Apple's ad revenue is growing massively past few years, projected to be 13 billion revenue stream next year. Where do you think those ads are ending up, and do you really believe they are non-targeted? So while your statements are still somewhat valid, not that much and not for that long.

Also, for anybody from outside of US, its US 3-letter agencies that pose biggest actual security risk since US laws treat us as sub-humans. Apple is as translucent to those as Android. But I get it, its still much easier to make PR campaign based on security for Apple than Android.

reply