undefined | Better HN

0 pointsAnthonyMouse7y ago0 comments

> So what sandbox is available for apps that don’t allow a native app to ascertain individually identifiable device information?

That's the point. Currently nobody can build that because Apple doesn't allow it.

> You also now have to trust the non Apple App Store to check the source code. The entire open source community let the HeartBleed bug stay in open source software for a year and a half...

"Many eyes" results in fewer bugs over time, not zero bugs instantaneously. It doesn't have to be perfect to be better.

0 comments

scarface747y ago

That's the point. Currently nobody can build that because Apple doesn't allow it.

And where does this Sandbox wrapper for third party app stores exist for the Android ecosystem where it is both allowed and their are five time more devices?

Many eyes" results in fewer bugs over time, not zero bugs instantaneously. It doesn't have to be perfect to be better.

Have any statistics to back that up? Is Android more secure or less buggy than iOS?

AnthonyMouseOP7y ago

> And where does this Sandbox wrapper for third party app stores exist for the Android ecosystem where it is both allowed and their are five time more devices?

https://seap.samsung.com/sdk/knox-standard-android

https://yajin.org/papers/asiaccs15_appcage.pdf

> Have any statistics to back that up? Is Android more secure or less buggy than iOS?

Obvious confounder:

https://en.wikipedia.org/wiki/Darwin_(operating_system)

But what metric would you use anyway? Number of discovered bugs doesn't work because the whole premise is that a higher percentage of the bugs will be found.

It's inherently difficult to measure. But refute the logic: Bugs found by vendor + everyone else > Bugs found by vendor alone. The only assumption is that bugs found by everyone else is non-zero, which is clearly true for any number of open source projects including both Android and Darwin.

scarface747y ago

So your solution to a sandbox app is to buy a Samsung device and use a corporate MDM product to manage that one device?

But what metric would you use anyway? Number of discovered bugs doesn't work because the whole premise is that a higher percentage of the bugs will be found. It's inherently difficult to measure. But refute the logic: Bugs found by vendor + everyone else > Bugs found by vendor alone.

Google and third parties have been finding bugs in other people’s closed source products for decades. Again just because people can look at code doesn’t mean that people are looking at code.

You made the claim that there are less bugs in open source software, without any citations, studies, etc.

Android and Darwin are open source but a large part of both iOS and Android are closed source.

1 more reply

j / k navigate · click thread line to collapse

0 comments

scarface747y ago

That's the point. Currently nobody can build that because Apple doesn't allow it.

And where does this Sandbox wrapper for third party app stores exist for the Android ecosystem where it is both allowed and their are five time more devices?

Many eyes" results in fewer bugs over time, not zero bugs instantaneously. It doesn't have to be perfect to be better.

Have any statistics to back that up? Is Android more secure or less buggy than iOS?

AnthonyMouseOP7y ago

> And where does this Sandbox wrapper for third party app stores exist for the Android ecosystem where it is both allowed and their are five time more devices?

https://seap.samsung.com/sdk/knox-standard-android

https://yajin.org/papers/asiaccs15_appcage.pdf

> Have any statistics to back that up? Is Android more secure or less buggy than iOS?

Obvious confounder:

https://en.wikipedia.org/wiki/Darwin_(operating_system)

But what metric would you use anyway? Number of discovered bugs doesn't work because the whole premise is that a higher percentage of the bugs will be found.

scarface747y ago

So your solution to a sandbox app is to buy a Samsung device and use a corporate MDM product to manage that one device?

Google and third parties have been finding bugs in other people’s closed source products for decades. Again just because people can look at code doesn’t mean that people are looking at code.

You made the claim that there are less bugs in open source software, without any citations, studies, etc.

Android and Darwin are open source but a large part of both iOS and Android are closed source.

1 more reply

j / k navigate · click thread line to collapse