Well, if we’re talking about theoretical vulnerabilities, couldn’t iBoot be theoretically vulnerable too? I still think Apple is being given too much of a pass here…
-
-
Well, there’s a specific citation there. And it refers to a bunch of concrete vulns (now hopefully fixed!) in Nexus phones. And yes, Apple deserves their own crap (think GrayKey) but the Android stuff seemed sloppier.
2 replies 0 retweets 3 likes -
I guess, but vuln counting as a method of comparison is poor. Maybe comparing apis (eg file encryption) gives you a sense of platform priorities, but even that’s tough. I’d recommend iOS because it’s hard to know *which* android oems are safe, but not because “upper management.”
1 reply 0 retweets 2 likes -
I don’t think that’s valid at all. Apple has consistently led on security and privacy issues. The encryption API we discussed is a great example of that. A huge amount of engineering effort went into a feature that only a few apps use & that also seriously pissed off the FBI.
1 reply 0 retweets 5 likes -
Replying to @matthew_d_green @spongeclipper and
That isn’t the kind of decision that turns on low level employees having passions, or some vagaries of hardware. Android eventually copied many aspects of Apple’s FBE, but only after several years — and incompletely.
1 reply 0 retweets 3 likes -
Replying to @matthew_d_green @spongeclipper and
And vulnerability counting isn’t the whole story. The whole story is that Apple has much more control of the hardware, while Google (even in its own phones) has largely been assembling their own (much less widely sold) product lines from other parts.
1 reply 0 retweets 5 likes -
Replying to @matthew_d_green @spongeclipper and
I’m not gonna go too far down this line because I’m not a hardware expert and it’s just speculation. But it’s hard for me to believe that Google and Apple are getting the same economies of scale on security spending, given the relative sales of their respective product lines.
2 replies 0 retweets 2 likes -
I think you can get better security through controlling the whole stack. But that doesn’t mean you’re under some moral obligation to. It’s silly to suggest that Google employees should be forming a labor union to demand more vertical integration in their product lines.
1 reply 0 retweets 3 likes -
Wha?
1 reply 0 retweets 2 likes -
(
@Pinboard has been agitating for a long time for Google employees to unionize to demand better security for Android, which is unreasonable.)2 replies 0 retweets 2 likes
To elaborate more: Google could be doing more for Android security (and so could Apple!), but it’s not really possible to match Apple here without also controlling the whole stack, software and hardware…which is just a different business model.
-
-
If Google wanted to match or outdo Apple in this area, do you think they couldn't do it? They've got people working on human immortality, so the idea that a Google Pixel just can't be made safe because business model is hard for me to grasp.
3 replies 0 retweets 7 likes -
Again, you keep taking things out of context. The Google Pixel is safe. Nothing in the paper you linked shows otherwise.
3 replies 0 retweets 4 likes - 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.