Apple is the best, even if it runs Android...

The only thing Apple didn't do but should do, IMHO, is that they should have known that it can be slow to download Xcode in China and they should set up a server in China for Chinese developers to download Xcode much more quickly.

Which doesn't help if the app. developer deliberately uses the infected Xcode in order to compromise iOS devices. Heck considering the proliferation of "clones" on the app store, it'd be easy to just make a clone of a legitimate app with a similar name using the infected Xcode and release it on the store.

So if you think this is "bad security" then consider that Android don't even have most of these available. It's much easier to download a infected Android SDK and have your apps infected before uploading to Google Play.

However, it is bad security in that a malicious software developer can purposely use the infected version of Xcode on MacOS to circumvent the security measures on iOS devices. IMO, that's a rather large gaping hole in the walled garden if those apps are getting into the app store.

Just because security on Android devices is worse, doesn't mean this security hole isn't bad.

I haven't read up on it much, but does the iOS device give a warning that the application they are downloading is potentially capable of running malicious code?

Regards,
SB
 
Wine tasting is a documented very bogus field though, when even so-called experts are unable to correctly identify wines in blind tests. :p
I know it - I did say something different. I said I can recognize the taste of a good wine from shitty one, which is something totally different.And trust me, that is easy.
Recognizing excellent wine from good wines - no way to me. Not even between similar types.

My point is, if you are used to certain kind of food, you immediately recognize different stuff.
i.e. you cant sell me a supermarket chicken vs. a real chicken, as they taste different - and their consistency is different (i.e. meat is attached to the bones, you have to strip it with your teeth, color is slightly different as well).

But that happens as I got used to it, so I can easily spot changes.
 
I haven't read up on it much, but does the iOS device give a warning that the application they are downloading is potentially capable of running malicious code?
The device would reasonably have to warn for every single app, and knee-jerk cry-wolf warnings is the worst kind of warning you could possibly have, as it trains users to ignore them. It promotes bad behavior instead of discouraging it; this is why windows UAC is such a shitty thing. Who stops to consider what that window really says? Most people - regardless of if they even understand what the UAC warning is or why it appears when it does - just click it away with little thought so they can get on with doing whatever it was they were doing before that piece of crap appeared on their screen...
 
@pcchen you are misunderstanding what I'm saying (reread what I wrote again perhaps), yes I realize the app developers are intentionally doing bad stuff(*) BUT my point is
you/me (all these 100s of millions of app users) did nothing wrong, they downloaded angrybirds2 etc from apples store (we werent running xcode and compiling the apps ourselves)


(*) like ppl that write viruses etc 'do bad stuff', you're arguing they should just stop doing this bad stuff and it will be OK, guess what? not gonna happen, thus OS makers etc have to be pro-active against this

@Grall, I sorta agree with what you're saying with too many warnings but install an app on android, before you install it it will give a message what privilegdes the app will use.
Will it use the camera, connect to the internet, GPS etc
I always read it, perhaps IOS could adopt this later (IOS developer team - hey we still havent copied most of android 4.4 yet give us time ;))
 
Last edited:
@pcchen you are misunderstanding what I'm saying (reread what I wrote again perhaps), yes I realize the app developers are intentionally doing bad stuff(*) BUT my point is
you/me (all these 100s of millions of app users) did nothing wrong, they downloaded angrybirds2 etc from apples store (we werent running xcode and compiling the apps ourselves)


(*) like ppl that write viruses etc 'do bad stuff', you're arguing they should just stop doing this bad stuff and it will be OK, guess what? not gonna happen, thus OS makers etc have to be pro-active against this

So Apple removed the infected apps once they were found. What's the problem here?

If you think Apple should be able to find them earlier, then that's a completely different issue: how much control should Apple have? It's a Catch-22: if Apple do too much, people complain about how Apple is a control-freak. If Apple do too little, people complain about why they can't find some obscure virus earlier. Especially when you are comparing to Android, where almost nothing is done on Google's part.

And people seem to think it's easy to find malware. It's not. It's actually very easy to hide malware. A malware trying to collect user data can hide very well, such as only transmitting data on some randomly selected time slots. If an app connects to a command server only once a week or even once a month, it can be very difficult to find anything about it.

A possible solution is to require apps to declare which servers they'll connect, and refuse connections for non-declared servers. This helps some apps (e.g. those only need to connect the developer's servers), but not every apps only connect to their developers' servers.

Basically, from what I read is you are complaining that Apple have worse security than Android using an example where Android will fare much worse.

@Grall, I sorta agree with what you're saying with too many warnings but install an app on android, before you install it it will give a message what privilegdes the app will use.
Will it use the camera, connect to the internet, GPS etc
I always read it, perhaps IOS could adopt this later (IOS developer team - hey we still havent copied most of android 4.4 yet give us time ;))

On iOS, apps always ask for permission when it needs to use camera or GPS the first time.
 
I haven't read up on it much, but does the iOS device give a warning that the application they are downloading is potentially capable of running malicious code?

The problem is how to know whether an app is "potentially capable of running malicious code."

There are always people who find creative ways to workaround restrictions. For example, on iOS 9 a new rule requires that an app to declare which custom URL scheme they'll use. That's because some apps tries to "poll" for custom URL schemes in order to know which apps you have installed on your phone, and that's a privacy concern. (For example, suppose that Facebook uses "fb://" custom URL scheme, then you can easily check, in your app, whether it's possible to open "fb://". If it's possible, then it's very likely that the user have Facebook app installed on the device).
 
Back
Top