Apple engineer likened App Store security to ‘butter knife in gunfight’

[Tensimeter]

Summary

 

Continuing Apple and Epic Games's legal fight, new documents have been released by both sides. There is a lot of new info regarding the actual effectiveness of Apple's App Store review process, and Epic argues that the review process is "cursory". The information of these documents will likely be used by both to argue their case.

 

Quotes

Quote

However in late 2017 Apple’s [FEAR - Fraud Engineering Algorithms and Risk] team still called the App Review process inadequate. [The head of FEAR] said it “was more like the pretty lady who greets you with a lei at the Hawaiian airport than the drug sniffing dog.”

 

My thoughts

This is something that I think seriously impacts the strength of Apple's position. One can justify Apple's iron hold on the App Store by saying "it's for security". But now there is considerable evidence that Apple does not actually effectively safeguard the App Store.

 

Sources

Original twitter thread:

Author of above tweet wrote this article:

https://www.ft.com/content/914ce719-f538-4bd9-9fdf-42220d857d5e?sharetype=blocked

Here is the tweet in the title:

The original tweet thread but pasted into an article:

https://threadreaderapp.com/thread/1380194940236353536.html

[Kisai]

1 hour ago, Tensimeter said:

Summary

 

Continuing Apple and Epic Games's legal fight, new documents have been released by both sides. There is a lot of new info regarding the actual effectiveness of Apple's App Store review process, and Epic argues that the review process is "cursory". The information of these documents will likely be used by both to argue their case.

 

Quotes

 

My thoughts

This is something that I think seriously impacts the strength of Apple's position. One can justify Apple's iron hold on the App Store by saying "it's for security". But now there is considerable evidence that Apple does not actually effectively safeguard the App Store.

 

Sources

Original twitter thread:

Author of above tweet wrote this article:

https://www.ft.com/content/914ce719-f538-4bd9-9fdf-42220d857d5e?sharetype=blocked

Here is the tweet in the title:

The original tweet thread but pasted into an article:

https://threadreaderapp.com/thread/1380194940236353536.html

Is anyone really surprised? If Apple's app store is bringing a plastic butter knife to a gun fight, than google's is bringing a paper knife.

 

Like the only real way to "detect" via automation is to decompile everything, or require apps to be uploaded as source-only, and have Apple do the final compile. Like the advantage with C# was at least you could reasonably decompile C# code to look for obfuscated functionality.

 

I imagine all the Apple staff do is run the apps on actual devices and look for duplicated functionality with Apple apps, and how any monetization is presented. 

 

[Bombastinator]

4 hours ago, Tensimeter said:

Summary

 

Continuing Apple and Epic Games's legal fight, new documents have been released by both sides. There is a lot of new info regarding the actual effectiveness of Apple's App Store review process, and Epic argues that the review process is "cursory". The information of these documents will likely be used by both to argue their case.

 

Quotes

 

My thoughts

This is something that I think seriously impacts the strength of Apple's position. One can justify Apple's iron hold on the App Store by saying "it's for security". But now there is considerable evidence that Apple does not actually effectively safeguard the App Store.

 

Sources

Original twitter thread:

Author of above tweet wrote this article:

https://www.ft.com/content/914ce719-f538-4bd9-9fdf-42220d857d5e?sharetype=blocked

Here is the tweet in the title:

The original tweet thread but pasted into an article:

https://threadreaderapp.com/thread/1380194940236353536.html

Or there wasn’t in 2017 anyway before the dude made that report. That was also four years ago. They would have to have a more up to date rebuttal for it to not be considered though.  I’m not sure the plaintiff would even use this one.  It would be trivially easy for Apple to provide more recent counter evidence and make the plaintiff look like an ass.  Might be why it’s on Twitter ranger than a legal brief.

Edited April 9, 2021 by Bombastinator

[Brooksie359]

Everyone knows it all about money. For both epic and Apple it all comes down to money and both are trying to keep as much of it as they can. 

[leadeater]

2 hours ago, Kisai said:

than google's is bringing a paper knife

Yea but only to the aftermath

 

Google: "I'm here to help!".... "Oh they're all dead already"

[Helpful Tech Witch]

2 hours ago, Brooksie359 said:

For both epic and Apple it all comes down to money and both are trying to keep as much of it as they can. 

At least for now Epic is taking a net loss on this. And that's not just counting legal fees etc.
They dropped in game purchase prices on all platforms (for fortnite) by 10%. Epic makes 10% more on mobile prices, but loses miner on every other platform.
 This will probably change, but for now at least, this isn't about money. 
 

 

 

Might as well start the epic vs apple and who's right argument, we all know it will start at some point in one of these news posts.

[Brooksie359]

2 hours ago, HelpfulTechWizard said:

At least for now Epic is taking a net loss on this. And that's not just counting legal fees etc.
They dropped in game purchase prices on all platforms (for fortnite) by 10%. Epic makes 10% more on mobile prices, but loses miner on every other platform.
 This will probably change, but for now at least, this isn't about money. 
 

 

 

Might as well start the epic vs apple and who's right argument, we all know it will start at some point in one of these news posts.

Yeah I find that hard to believe. They have made billions on fortnite so legal fees and a 10% discount is a drop in the bucket. Its not like a 10% discount makes your profit 10% less. Its completely possible that people just end up spending the same amount of money on more things. To think that this lawsuit is about anything other than money is absolutely ridiculous. 

[DrMacintosh]

The review process is not cursory, and Apple does prevent/remove apps from the App Store because they often catch things. Even if we say it is just a formality....it’s not like Epic or a court could change that policy on the App Store. 
 

What they’re really trying to do is demonstrate that the App Store isn’t secure at all, and that iOS is actually a thriving malware distribution platform. In doing this, they hope to discredit Apples position of providing a secure platform by only offering the App Store. 
 

I’d say Epic is on the losing side of that particular argument. 

[Master Disaster]

3 hours ago, HelpfulTechWizard said:

At least for now Epic is taking a net loss on this. And that's not just counting legal fees etc.
They dropped in game purchase prices on all platforms (for fortnite) by 10%. Epic makes 10% more on mobile prices, but loses miner on every other platform.
 This will probably change, but for now at least, this isn't about money.

They're both businesses, yes this is about money.

 

There is a thing called cost offsetting that big businesses like to use for the good optics however them losing money on one product doesn't mean they lose money on everything. I'm sure the CCP pay handsomely for all that user data through Epics ties to Ten Cent.

[Master Disaster]

31 minutes ago, DrMacintosh said:

The review process is not cursory, and Apple does prevent/remove apps from the App Store because they often catch things. Even if we say it is just a formality....it’s not like Epic or a court could change that policy on the App Store. 
 

What they’re really trying to do is demonstrate that the App Store isn’t secure at all, and that iOS is actually a thriving malware distribution platform. In doing this, they hope to discredit Apples position of providing a secure platform by only offering the App Store. 
 

I’d say Epic is on the losing side of that particular argument. 

Its a bit rich trying to take the moral high ground when Apple are the ones throwing subpoenas around like Shurikans in a Ninja movie.

[Bombastinator]

3 hours ago, Brooksie359 said:

Yeah I find that hard to believe. They have made billions on fortnite so legal fees and a 10% discount is a drop in the bucket. Its not like a 10% discount makes your profit 10% less. Its completely possible that people just end up spending the same amount of money on more things. To think that this lawsuit is about anything other than money is absolutely ridiculous. 

My thought on this one is epic is fortnight, and fortnight isn’t as popular as it used to be.  The basic stated goal of every corporate administration is to. Increase share price.  It’s sort of their ONLY interest. (Which I suspect is a major problem long term) what is required to do that is ever increasing profits.
 

 Fortnight was no doubt a massive cash cow, but one that is not producing an ever increasing supply of milk. An ever increasing margin means bonuses for management.  A merely steady one does not. Epic needs to make MORE money than it did last year for the executives to make huge bonuses.  Epic I think is attempting to find more revenue in the product they have which while it isn’t getting bigger is still very large.

 

A hit game is much like a hit movie.  You never know what is going to put butts in seats and more importantly it can’t really be controlled by executives that profit from it happening.  The rain dance of falling money was always BS.  fortnight put al lot of butts in a lot of seats but is doing it less and less rather than more and more.  If however they can reduce heavily the cost of marketing their game profits go up and executives see bonuses again so BOOM lawsuit. 

Edited April 9, 2021 by Bombastinator

[Sauron]

Anyone who isn't in denial knows the security argument is bullshit, even if they gave apps more than a cursory glance there would be no reason to not let users choose to run the risk with a third party store or sideloading.

[kpluck]

11 hours ago, Tensimeter said:

This is something that I think seriously impacts the strength of Apple's position.

Unless you can also prove that Apple has done nothing since that time 4 years ago to improve security it would seem to mean very little.

 

-kp

[Master Disaster]

1 minute ago, kpluck said:

Unless you can also prove that Apple has done nothing since that time 4 years ago to improve security it would seem to mean very little.

 

-kp

My issue here is with the way Apple likes to introduce programs that seem like they really should help out in cases similar to this but in reality don't. A perfect example is the Partner Repair Program, its basically a publicity stunt. Signing up is difficult, it costs you money, you may or may not be accepted (at Apples sole discretion) and even once you get in nothing really changes other than you get a new sign for your shop. You still cannot buy spares, do component level repairs or get access to Apples serialisation hardware.

 

They do this as a precaution so when it inevitably ends up in court they can say "well we did introduce a new program to help out on this front".

 

Just because they appear to be doing something proactively on the surface doesn't mean that behind the scenes they're not deciding the outcome of an app by flipping a coin or throwing a dart into a dart board.

 

This kind of stuff is of little consequence to a judge though, they have the ability to review the paperwork and processes that are really going on and decide for themselves if its genuine or an attempt to look good.

[WereCatf]

10 hours ago, Kisai said:

If Apple's app store is bringing a plastic butter knife to a gun fight, than google's is bringing a paper knife.

Given the shitshow the Play Store is, calling its security akin to a paper knife in a gunfight is still giving Google too much credit, to be quite frank.

 

I may not like Apple or their products, but Jesus Christ, they're still lightyears ahead of Google in this regards.

[Master Disaster]

1 minute ago, WereCatf said:

Given the shitshow the Play Store is, calling its security akin to a paper knife in a gunfight is still giving Google too much credit, to be quite frank.

 

I may not like Apple or their products, but Jesus Christ, they're still lightyears ahead of Google in this regards.

Yep, for all the bad stuff Apples walled garden is responsible for nobody can ever say it doesn't actually work.

 

My issue isn't the efficacy of the Apple Ecosystem, its the forced way in which it is achieved. I've said it before, if a user wants to fill their phone with malware then Apple should not have any say in that at all.

[Brooksie359]

15 minutes ago, Master Disaster said:

Yep, for all the bad stuff Apples walled garden is responsible for nobody can ever say it doesn't actually work.

 

My issue isn't the efficacy of the Apple Ecosystem, its the forced way in which it is achieved. I've said it before, if a user wants to fill their phone with malware then Apple should not have any say in that at all.

I think the problem is that Apple is the phone you get people who aren't techy so as to prevent them from doing that. Its not like any user would want to fill their phone with malware its simply the result of people not realizing what they are doing. With Apple people can have peace of mind that they won't unwittingly screw up their phone or in some cases buy the phone for a loved one to prevent them from screwing up their phone. Its not like there isn't a competitor. If people don't want the walled off os then they can buy an android phone as many people do. I don't find Apple at fault for not allowing people to choose another app store as it kinda goes against the very principle of what is Apple. It's always been about having a uniform experience that doesn't have much customization because its supposed to be experienced in the way Apple envisioned it. Some people won't like that but alot of people do. Its simplicity has made many people flock to the iPhone. You want something different then go to android simple as that. 

[Brooksie359]

4 hours ago, DrMacintosh said:

The review process is not cursory, and Apple does prevent/remove apps from the App Store because they often catch things. Even if we say it is just a formality....it’s not like Epic or a court could change that policy on the App Store. 
 

What they’re really trying to do is demonstrate that the App Store isn’t secure at all, and that iOS is actually a thriving malware distribution platform. In doing this, they hope to discredit Apples position of providing a secure platform by only offering the App Store. 
 

I’d say Epic is on the losing side of that particular argument. 

Yeah that doesn't make sense as they would have to argue that other app stores have better security and are less of a risk to really prove that not allowing other app stores doesn't improve security. So what if Apples store isn't perfect so long as its more secure than the competition then not allowing other app stores does in fact prevent security problems. 

[Vishera]

If you want to open your own app store - Apple's anti-trust violations prevent you from doing so.

And the FTC completely ignores it even though it clearly violates the Sherman Anti-trust Act of 1890,as it's a restraint of trade and a monopoly.

So Apple in fact are not only committing civil violations of the law,but criminal violation of the law as well!,monopolizing any part of the trade is a felony!

[RejZoR]

Yeah, whatever, they seem to do much much better job at curating applications and their publishing than Google does. Just look how much blatant copycat trash there is on Google Play. And by that I mean apps that are named and look like something legit and it's basically just a bait for god knows what. Probably just ads and spyware galore. And even guidelines set by Google are more for decoration where stuff that Apple enforces actually stick. Like the recent privacy thing that pissed Fecesbook. And many other things like disabling GPS tracking actually enforces that and app just accepts it and continues to work without it where on Android, the app either demands GPS tracking or it just straight out refuses to work. UGH?! This was one of the more painfully obvious things I've witnessed. App in question is "VeryFit Pro" for a smart bracelet. Same app is on Google Play and App Store. On Google Play, the app demands GPS and you have to accept it, on App Store, it asks for it and if you reject it, that's that. It'll still work, but without GPS. For which it doesn't even have ANY functionality like location or path tracking. Yet wants GPS tracking and won't accept just vague network location. It's idiotic.

[Master Disaster]

1 hour ago, Brooksie359 said:

I think the problem is that Apple is the phone you get people who aren't techy so as to prevent them from doing that. Its not like any user would want to fill their phone with malware its simply the result of people not realizing what they are doing. With Apple people can have peace of mind that they won't unwittingly screw up their phone or in some cases buy the phone for a loved one to prevent them from screwing up their phone. Its not like there isn't a competitor. If people don't want the walled off os then they can buy an android phone as many people do. I don't find Apple at fault for not allowing people to choose another app store as it kinda goes against the very principle of what is Apple. It's always been about having a uniform experience that doesn't have much customization because its supposed to be experienced in the way Apple envisioned it. Some people won't like that but alot of people do. Its simplicity has made many people flock to the iPhone. You want something different then go to android simple as that. 

Frankly, after the point of sale its non of Apples business what someone does with their phone.

[Vishera]

10 minutes ago, RejZoR said:

Yeah, whatever,

Disregarding security,especially of a store which has transactions of money through it,is a big mistake.

10 minutes ago, RejZoR said:

they seem to do much much better job at curating applications and their publishing than Google does. Just look how much blatant copycat trash there is on Google Play.

It's true,but how is it related to the topic?,It seems like you just write here to demean Apple's competition and show how great Apple are.

[lewdicrous]

1 minute ago, Master Disaster said:

Frankly, after the point of sale its non of Apples business what someone does with their phone.

Haven't you heard, you don't own the stuff that you buy.

Spoiler

Part joke, part reality.

 

[Vishera]

3 minutes ago, lewdicrous said:

Haven't you heard, you don't own the stuff that you buy.

As matter of fact that's illegal,even criminal (It's a felony),but it's easy to get lazy and ignore the laws that are a pain to enforce (and there is the possibility of bribes,AKA "robust conversation").

[RejZoR]

@Vishera

So, the fact they make sure their App Store is much cleaner than any competition and they actually enforce security and privacy rules is somehow a bad thing now? Or is it just that people are always pissy at Apple and can't accept the fact they actually quite some things right?