It's amazing how many people already forgot/ignore Snowden revelations. iOS and the rest of the complicit Apple walled garden is literal spyware for the masses. But with enough of a marketing budget, it's easy to convince people of anything, even when it is against their interests.
... iOS is the spyware for the masses? I have a background in security and I prefer iOS devices over android devices because the latter is an absolute wild west in comparison.
The most relevant bit I recall from the Snowden revelations is that NSA was treating big-4 tech companies as adversaries and splicing into their fiber networks. How would android be any better at protecting against that than apple/ios?
> How would android be any better at protecting against that than apple/ios?
The AOSP is much easier to hold accountable than the iOS codebase. Apple has a convincing security model if you take their whitepapers at face value, but between the PRISM revelations and Apple's own Transparency page[0] it's hard to claim that they won't let anyone access your data.
Similarities between AOSP and any Android device build are unclear at best.
Re: Transparency, Apple is obligated to cooperate with governments when presented with legally-valid warrants. This is not so much iOS as iCloud services though, and it applies to every service provider in the world.
> Similarities between AOSP and any Android device build are unclear at best.
Indeed. That's why other open source projects make custom ROMs and distributions based on AOSP so you can remove your dependence on those sketchy device builds. Both OSes come with guaranteed government-obligated backdoors, but only one still has the tools to mitigate them.
The AOSP is an undeniable net-positive for accountability, as well as giving security researchers an unprecedented platform for responding to and researching mobile exploits.
> This is not so much iOS as iCloud services though
Yes, they explicitly illustrate both device and iCloud warrants being filled en-masse. Apple builds backdoors into your system and offers them to state-level actors.
We can go down this "obligated" route if you'd like, but it only further illustrates the importance of accountable OS design, like how the AOSP is arranged.
Let's see, a literal fourteen year old found a bug in iOS that let him remotely listen to the microphone on any iPhone with only a phone number. Now imagine what a three letter agency is capable of, or is responsible for.
> With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.
You're welcome to dispute these facts based on technical merit or other qualifying evidence, keeping in mind the obvious advancements in technology over the past decade, as well as societies' increased reliance on the proliferated devices.
Apple was not a participant in Prism. Neither was Google.
Consequently they are not complicit.
Smartphones concentrate so much personal data in a single inadequately-protected device. The severity of vulnerabilities is greatly magnified, and they are "juicy targets", as we say in the industry, for attackers of all kinds.
If that's your argument, then you're on solid ground.
If you believe that your phone is a tool of the NSA, then you're just hypothesizing a worst case scenario, unsupported by evidence.
> If you believe that your phone is a tool of the NSA
My phone is a tool of the NSA. The "worst case scenario" you're citing is backdoor access that exists on billions of phones and has been used millions of times. We are firmly in the age of warrentless surveillance.
The original claim was that iOS is "spyware for the masses". If you cannot deny that the ability to snoop on iPhones exists, I don't see a path for refuting it.
There is no evidence that NSA has backdoor access to iOS.
Original claim was also that Apple was complicit in this spying. There is also no evidence of this.
> If you cannot deny that the ability to snoop on iPhones exists, I don't see a path for refuting it.
OK, but keep going with this idea. Choosing to believe the thing not in evidence decreases your net understanding of the world.
E.g. You cannot deny the possibility of the existence of a supreme being. I might argue that there is no requirement for the existence of a supreme being to explain any known phenomena, and plenty of evidence suggesting the opposite. Further, speculating the positive existence has a cost, and it results in an increase in overall uncertainty. It's a leap of conjecture that takes you to a place of less knowledge. This is a useful tool for some exercises!
Yes, it's possible that NSA, or your older sibling, has backdoor access to iOS. And if your threat model includes actors you believe might have such capabilities, then it's a reasonable security posture to assume compromise, or the risk of compromise. Call it an abundance of caution.
It is still an extraordinary claim, it isn't necessary to explain any known facts, and it is contradicted by many pieces of evidence. But no honest person can definitively refute it -- like literally no human can be certain it is not true (some could be certain that it is true).
So if you believe your soul hangs in the balance, then by all means go through the motions, and we hope to see you on Sunday!
So there's the concession. All this boils down to the fact that you cannot hold Apple responsible or prove that they don't spy on you or sell backdoors to the CCP.
Do you want to arm wrestle for it, or would you rather try to discredit the Snowden leaks?
AOSP addresses part of this concern, but see also baseband firmware, repeatable builds, connected services, kernel exploits, etc ad nauseam.
Proving a negative is notoriously difficult. If you've decided as a matter of faith that Apple is malevolent, then it is possible to interpret any news as corroborative of those beliefs.
If you weigh the evidence objectively, things are far less clear. If you choose to err on the side of caution, then sure absolutely lean into the healthy paranoia (I do), but it makes more sense to evangelize the safer approach, than to preach against those you perceive (without evidence) as wicked.
Apple is not perfect, and some of their misses are mind-boggling. All other vendors too.
Snowden proved that NSA will do what NSA can do (we all suspected this). He did not prove that Apple (or Google) helped beyond their legal obligations. He helped Apple and Google find and improve some of their failures.
Important indeed, I look forward to the day when FCC-unregulated hardware becomes available. Still not a reasonable threat vector unless the software layer is also maliciously complicit.
> repeatable builds
Many ROMs are.
> connected services
Many of which do not exist in custom ROMs.
> kernel exploits
Generally more of a problem when you run a poorly-maintained kernel like XNU :p
I get what you're trying to say here, and generally I agree with you - there is no secure computing anymore. So why defend Apple? They clearly have the means to remotely exfiltrate your device data, decrypt your private iCloud information and the willingness to cooperate with authorities. They're one bad regime away from operating with fascist impunit- oops, too late[0].
> Proving a negative is notoriously difficult.
There's nothing to prove. Apple reports themselves that they can compromise their own device and account security. You can personally assume that they won't use that for nefarious purposes, but that doesn't make the backdoor any more innocent than an unfired gun being held against my head.
> He did not prove that Apple (or Google) helped beyond their legal obligations.
He proved that our government was extremely good at hiding unprecedented levels of surveillance a decade ago. Even if you assume that our government hasn't expanded their control over these companies in that time (which I have for the purposes of this response), the point stands - Apple has backdoor access to both your device and account. Both they and the US government claim that they only use this power for it's intended purpose, whether you believe the two of them is up to you. It is irrelevant for the purposes of discussing how badly these systems are compromised.
> No one here is talking about the CCP!
Apple certainly talks with them, though. Unfortunately, their working relationship with China has repeatedly been an example of how despotic corporate culture can get. You're right - it's not a uniquely Apple epidemic, but they're certainly the largest example.
