iOS is the least worst mobile option and it’s ridiculous to say Apple is lying about security if any exploits are found, ever.
If you look at e.g. how messaging works in iOS 14 [0] you’ll see that they do in fact work on making secure systems. But parsing and memory safety are hard. Like, really hard. The fact that NSO found exploits doesn’t mean Apple is doing anything, but Apple is clearly making it more and more difficult to find and abuse such exploits.
For the average person that isn’t being specifically targeted by sophisticated malware from companies funded by -governments-, iOS is pretty damn secure. Dealing with being attacked is a different threat model.
[0]: https://googleprojectzero.blogspot.com/2021/01/a-look-at-ime...
[1] https://www.theregister.com/2020/05/14/zerodium_ios_flaws/
This doesn't have to be the case. Start by avoiding C and C++. Use Java (on Android) to write parsers. It is very hard to take a buggy parser written in Java, and to escalate to a memory corruption attack.
If you really can't use a language like Java, write your parser in safe Rust using slices over Vec<u8>. Then run a fuzzer over it. You'll find a few runtime panics, but you're vanishingly unlikely to encounter memory corruption.
Buffer overflows and memory corruption can be almost entirely avoided these days, at a price.
In fact I believe that it's hubris to think that we can write massive, complex systems in unsafe languages and -not- overlook some bugs here and there. We had no choice but to use these languages before, but Rust, etc, give us alternate choices now.
Speaking of companies lying... You are holding your phone wrong, and your keyboard works fine.
Oh and your apps might have a backdoor, but it took getting sued by Epic for us to let anyone know that.
Apply lying is about as common as a politician lying.
Absolutely, but creating a platform the encourages or forces users to do the wrong thing is a regression from where we were ten years ago.
>iOS is the least worst mobile option
No. Devices running a FOSS operating system like the Pinephone are the least worst mobile option, people don't like it because it's not sexy and it's currently very inconvenient. The rest of the options are so bad that you're probably better off without a mobile phone at all.
RE: iMessage
You have everyone using exactly the same messaging client, so you have one piece of software to exploit and now you can attack everyone. The extreme lack of diversity makes these sorts of complex exploits much more profitable.
>iOS is pretty damn secure
Sure, if you don't do anything with it. But it encourages users to download unaditable closed apps and reassures them that doing so is totally safe despite the fact that most of them are using 3rd party telemetry services run by data brokers.
Just because it's FOSS doesn't mean it's secure. If your problem is privacy then sure, the PinePhone is the least worst mobile option. If your problem is security I don't see how a phone that doesn't have hardware embedded key manager is a step up. It's not like the Linux Kernel, and whatever messenger you do decide to use is free from zero-days either.
>But it encourages users to download unaditable closed apps and reassures them that doing so is totally safe despite the fact that most of them are using 3rd party telemetry services run by data brokers.
And for the very same reason your bicycle is safer than a car because it doesn't encourage you to drive 75mph. I agree the world might be a lot better if we "return to monkey" but I don't think anarcho-primitivism is a solution.
Right, but it does mean you won't be forced to do things the wrong way because it makes Apple money.
>hardware embedded key manager
This means keeping copies of keys unencrypted (or encrypted with a key on the same device which is effectively the same) on the device. You're just a couple exploits away from sharing the keys at that point so many people argue that these make things worse and not better.
>It's not like the Linux Kernel, and whatever messenger you do decide to use is free from zero-days either.
Sure but you can't even guess at which messenger I use. Attacking me means taking expensive professional time and focusing it on one person. As for zero days in the kernel, they seem to appear less often than for iOS but I could be missing some.
>anarcho-primitivism
There's nothing more primitive than flinging binary artifacts around the way you do on closed OSes. The FOSS OS approach where knowledgeable people protect those who aren't knowledgeable (without restricting their rights) is a significantly more advanced social structure.
There's nothing about FOSS that makes something secure, and building secure software is so hard and expensive that my guess is that you need the sponsorship of a government of major corporation to do so. Some FOSS does have such sponsorships, but a lot doesn't.
IIRC I've even heard that OpenBSD, despite its reputation, may no longer more secure than Linux due to Linux's manpower advantage. I don't even have to look up the numbers, but Apple definitely has a major security manpower advantage over the people making the Pinephone.
That's not to put down the Pinephone, but we have to be reasonable about what a project like that is and what is can (and cannot) achieve.
The F/OSS community has a weird collective amnesia about exploits that rubs me the wrong way -- just because someone can look at it doesn't mean that someone is looking at it, or even that the person looking at it is going to fix it instead of exploit it. Heartbleed was sitting out in the open for 2+ years, despite OpenSSL being a very popular package available under a permissive license.
The flip side is the lack of diversity makes patching easy. Good luck pushing an update patching a 0-day affecting 3-4 Android versions to 60% of devices.
