Apple slow to release a much needed security fix and what Apple needs to learn from Microsoft’s own security woes.

Well it appears that after much soul searching and giving Apple plenty of time to fix security holes the security researcher has released proof of concept exploit code for three iOS zero day vulnerabilities (link). I’m sorry to sound cynical but for Apple to talk about how they take privacy seriously but then half ass it when it comes to security. The problem is that security is more than just doing regular auditing and pushing out patches when required, it is also ensuring that when something is designed it is secure by design and the only way you can do that is working within the security community by allowing third parties to analyse your design and point out the flaws before a line of code is written. It is one thing to have an error in the code itself, that can easily be fixed with a patch, it’s another thing entirely when the fundamental structure of the design is at the source of the problem. Apple needs to start working with the security community rather than seeing them as a threat and actually use the bounty system by offering decent rewards because if Apple doesn’t offer decent rewards then someone else will (link).

I just hope that Apple learns from Microsoft when one considers what Microsoft was like 15-18 years ago back in the days of Windows XP, the long protracted nature of Windows Vista development, the development reset where developers within Microsoft were retrained to think about security being baked into the product right from the outset rather than it being an after thought. The net result of that was Windows Vista was reset so that rather than being built on Windows XP it was moved to being based on Windows 2003 an although Windows Vista received a lot of flack it did for the foundation for Windows 7. What I do mean by ‘forming the foundation for Windows 7’? well, WDDM (Windows Display Driver Model) was introduced to replace the Windows XP model which gave Microsoft the ability to built all this fun stuff (link) into Windows 7, 8, 8.1, 10 and now 11. What I wish for is for Apple to do the same along with recognising that security is a team effort – that working with third parties is good because a fresh pair of eyes looking over a piece of software might pick up issues that could have slipped below the radar. In the case of the most recent iOS security fiasco, a decent reward followed by fixing it in a timely manner would build confidence with the security community that you’re as serious about security as you claim you care about privacy.

The other thing I want to have a grizzle and a whinge about is Apple’s relationship with third party repairers. Louis Rossman has been covering this issue for quite some time (and is involved in the push to get ‘right to repair’ legislation passed (link)) and the one thing to keep in mind is that when one talks about the right to repair it isn’t “if you get your device repaired by a third party and the screw it up then Apple has to fix it under warranty” but simply providing the parts and specifications. For example, Louis talks about instances in his many videos that certain parts are impossible to get and the reason for that isn’t because suppliers lack the capability of supplying but rather that Apple forbids them to supply said component to anyone other than Apple (for example, fixing up a charging chip then having to buy a second accessory to get that chip to then transplant it all because the vendor who makes it was told by Apple they weren’t allowed to sell it to third parties) which at this point you’d be thinking ‘they can get any more punitive than that’, well, you’d be wrong.

As I go on and on I’m finding that Apple has become more and more hostile to consumers but I have to admit it reminds me of something someone posted on a forum about how if Apple got into the same market dominance position as Microsoft that Apple would be a whole lot worse for consumers. When I first heard that I thought it was just the mad ramblings of an Apple hater who is allowing Steve Jobs/Tim Cook to live rent free in their head. Well, a few years later and it appears that I’m quite the fool having not taken onboard that observation but it’ll be interesting to see how things pan out going forward particularly when you consider that Samsung software support is a lot longer than the past (not to mention the rumoured 5 years of support that the Pixel 6 will be including) – there are fewer compelling reasons for those in the know to stay with the platform. Even when you consider the privacy angle the reality is that Google doesn’t ‘sell’ your personal information to third parties, third parties come to Google and say, “hey, I want to advertise to men between the age of 30-40, live in New Zealand, openly gay but single and politically lean to the left” to which Google then comes back, “sure, and here is the cost” – no information is exchanged.

It is the part of the Apple community that frustrates me to the most, not because I feel the need to defend Google but rather I get frustrated when the discourse is polluted with either half truths of blatant lies. You cannot have a meaningful conversation if the conversation isn’t being done in good faith and that good faith rests on a person being honest with the facts. Let’s assume that the person has sincerely made a mistake, that’s ok, we all make mistakes but when the mistake is pointed out and the correction made then guess what? stop repeating the incorrect information now that you’ve advised that you said is incorrect an then provided with the correct information because continued repeating of the now established incorrect information tells me that you have no interest in having a good faith discussion. Forums die or thrive on whether those who are members of said forum are engaging in a good faith discussion – when all those participating are engaging in a good faith discussion the whole experience is enjoyable because knowledge is being shared, provoking points are being made which force you to confront maybe incorrect information you had picked up in the past so as a result you want to come back because the conversation is stimulating (unfortunately far too many create forums like a blog rather than a place to have a conversation).

Android 13 development has already started and what I hope is that they deal with the mess which consists on forks of forks of forks when it comes to the linux codebase resulting in updates and upgrades taking much longer than should be necessary (link). What I am hoping is that the move to bog standard ARM designs and AMD GPU in the next Galaxy release will result in maybe Samsung leveraging the open source AMD GPU driver which will hopefully translate into longer term support.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.