Craig Federighi ; side loading is a cybercriminal’s best friend

[Bad5ector]

6 minutes ago, saltycaramel said:

Security is a mess right now. We don’t know for sure if the hospital of the city we live in will be disabled via ransomware tomorrow morning.

You in NFLD?

 

Also, if the hospital is like others I have seen, I wouldn't be surprised if it was still running Windows XP / Windows 7 with outdated security patches. No one wants to put it in the budget to upgrade stuff that seems to be working just fine... until they're hit with ransomware....

[saltycaramel]

19 minutes ago, Bad5ector said:

You in NFLD?

 

Also, if the hospital is like others I have seen, I wouldn't be surprised if it was still running Windows XP / Windows 7 with outdated security patches. No one wants to put it in the budget to upgrade stuff that seems to be working just fine... until they're hit with ransomware....

 

I meant “we” as generic “we humans in this day and age”.

 

I’m in Europe and a couple of months ago a regional medical records database of the public health agency in my area was ransomwared, making a number of activities difficult to perform for a couple of days. The entry point was apparently an employee working remotely. 

[kvuj]

I used to wonder how Apple tech companies could get away with convincing people phones were somewhat different at a time when computers allowed you to do anything. From locking the bootloader on Android, Apple not allowing applications from third party stores, making phones glued together to prevent repairing it. Heck even modern laptops like the new Macs have soldered on CPU, RAM, SSD and wifi chip. Remember when laptop CPUs were socketed and you could swap them?

 

After reading this thread, I finally get it. People seem happy with the locking down. People seem happy with a neutered device if it means better security. People seem happy with not owning their device.

[saltycaramel]

17 hours ago, kvuj said:

I used to wonder how Apple tech companies could get away with convincing people phones were somewhat different at a time when computers allowed you to do anything. .

You’re missing a piece here: they’re not even the same people. There are many many many new users now compared to back then. People don’t realize how recent the tech bubble is. It’s no wonder security requires a different baseline and safety nets nowadays.

 

https://ourworldindata.org/grapher/internet-users-by-world-region

 

 

There is a world before iPhone&Facebook and a world after iPhone&Facebook. Reminiscing the good old days and their security assumptions doesn’t necessarily mean those assumptions would work or be optimal nowadays.

 

Pre-2007 internet/computers OGs that think the world revolves around them are so cute.

 

Little do they know that there are more new post-2007 internet users than pre-2007 users. And consequently the expectations about how a mobile computing device is supposed to work are skewed (as they should) towards the needs of those billions of new users, not necessarily towards letting the OGs sideload a NES emulator.

[Blademaster91]

1 hour ago, kvuj said:

I used to wonder how Apple tech companies could get away with convincing people phones were somewhat different at a time when computers allowed you to do anything. From locking the bootloader on Android, Apple not allowing applications from third party stores, making phones glued together to prevent repairing it. Heck even modern laptops like the new Macs have soldered on CPU, RAM, SSD and wifi chip. Remember when laptop CPUs were socketed and you could swap them?

 

After reading this thread, I finally get it. People seem happy with the locking down. People seem happy with a neutered device if it means better security. People seem happy with not owning their device.

All of those as security as marketing, really meaning companies can scare the consumer out of changing their own RAM,SSD, or battery, and get everyone to throw away their laptop or phone for a new one. Also a very important thing is being able to root your phone, most people don't know how to access the bootloader so I don't see why it shouldn't be an option for those that want to install their own OS.

But yeah I find it sad that people defend companies taking away ownership, as if a computer or phone was somehow less secure when you could choose what to install, and not download malware if you have some common sense.

[mr moose]

On 11/5/2021 at 2:17 PM, Bombastinator said:

This is a stick that points both ways though.  The lack of data goes to both arguments.  Pointing it in that direction had not been done yet though.

No it doesn't,   There is no data at all that says allowing side loading will decrease security,  ios is literally the only OS that prevents the installation of software from any source.  Malware detection's by OS as a percentage obviously puts windows at the highest with 83%,  browser malware at 11%, android specific at 3% and all the others at 1% (rounding the numbers).  Which actually shows side loading has no effect (or even arguable is safer) as android has 40% market share, windows 33% and ios 15% as of 2020. 

 

To make the claims that preventing side loading is safer is flat out unsubstantiated in the data.  

 

https://www.statista.com/statistics/680943/malware-os-distribution/

https://gs.statcounter.com/os-market-share

 

And that's before you even consider that malware exists in the appstore and in the wild through browsers, where the prevention of side loading has no impact on vulnerability.

[Arika]

On 11/6/2021 at 2:46 AM, saltycaramel said:

Nobody actually using them would like to downgrade them to a lower security. IT departments issuing them or allowing them as BYOD. Airlines issuing them to pilots and crew. You name it. Nobody ever said “I wish these were downgraded to the lesser security and lesser you-can’t-mess-them-up_ness of the good old Windows/Mac days

You still have not provided any evidence that the OPTION (added emphasis because for some reason you think it would be forced upon everyone) of allowing the side loading of apps somehow completely breaks Apple's security. You are literally saying that Apple's security engineers are absolute idiots and that the ONLY way of ensuring security on iOS is to lock out sideloading, which in reality, means their security is shit. On android there is no difference in how apps install or operate regardless if they were downloaded from the play store, or sideloaded.

 

"oh but people could be tricked into turning it on and downloading a bad app that steals all their shit"

Would love to see evidence of this actually happening on android where sideloading is OPTIONAL and has been for LONG time. You also completely glossed a previous response I made where Apple sandboxes everything.

 

 

So pray-tell how sideloading can be dangerous to security when the app is already sandboxed?

 

 

unless you can provide me with an actual response to all 3 of the above points, summarized below

• How optional sideloading would break Apple's "security", what "security" do you think it would impacted specifically?
• Evidence of Android's optional sideloading causing scammers to use it as an inlet by coercing people into turning it on and then downloading a dodgy app.
• why Apple's Sandboxing is insufficient to block apps from accessing other data

then i'm just going to put you in the category of those people who say

"Apple knows best, everything they do is in everyone's best interest, i will never question them or ask for more".

[rikitikitavi]

On 11/4/2021 at 3:34 AM, mr moose said:

You know what it did change? it made phones a fashion accessory,  that's what it did, it took the best bits of all existing phones and sold it like a dress or expensive perfume.  I thank the iphone for flooding the market with this concept that phones are everyday items, because until then you only had BB, windows or palm to choose from and they were all expensive.

Nokia turned cellphones into fashion accessories. Also made them into luxury items under Vertu branding.

[rikitikitavi]

Here's my 2 cents on the topic of sideloading and security (not moneymaking)...

 

Transmission is a (popular) torrent client, it requires sideloading, and it was infected by malware at least once as far as I remember.

macOS requires to go through settings and authentication before allowing an app from an "unknown developer" to run, but it won't prevent my nephew from installing a recommended, but potentially harmful app.

 

People might be idiots, tech illiterate, not care about security, or simply tired and click the wrong button without reading.

 

Of course, You, a tech genius and a security pro, would probably be safely enjoying your sideloaded app... but the next hypothetical person, might not be, and harm not only himself, but also everyone he is in contact with, including You.

 

Both sandboxing and good engineering work awesome, until the next exploit is found, or the user puts sensitive data into compromised sandboxed app.

 

Probably unrelated to sideloading, but... related to possible human behaviour...

Isn't it like every other month news tell us that some information get leaked or stolen from some gov website with no security or smth?!

Imagine your SIN/SSN gets stolen because some idiot decided not to pay for adobe reader and downloaded some obscure PDF editor.

...I mean it is not like some random gov agency or people in general cheap out on things, or simply lazy...

Similarities with pandemic/viruses were drawn on the thread. Again, pandemic is still a thing, and might turn into endemic... Because - people, or rather a large enough portion of people that made it possible.

 

Disabling sideloading will only cover one possible security hole, but may be it is better than covering none.

 

Also it was mentioned before on this thread, that you CAN sideload on iOS through the dev mode. You have to compile every app yourself though, or something like Alt Store.

[Bombastinator]

17 hours ago, saltycaramel said:

There is a world before iPhone&Facebook and a world after iPhone&Facebook. Reminiscing the good old days and their security assumptions doesn’t necessarily mean those assumptions would work or be optimal nowadays.

The user demographics is what would matter. It’s a major difference between all the various form factors of computer other than sheer size.   What they are used for and by whom and why rather than what they physically are.  There were mainframes less powerful than apple watches.  Their power didn’t define them.  What they were used for and by whom did.

 

9 hours ago, mr moose said:

No it doesn't,   There is no data at all that says allowing side loading will decrease security,  ios is literally the only OS that prevents the installation of software from any source.  Malware detection's by OS as a percentage obviously puts windows at the highest with 83%,  browser malware at 11%, android specific at 3% and all the others at 1% (rounding the numbers).  Which actually shows side loading has no effect (or even arguable is safer) as android has 40% market share, windows 33% and ios 15% as of 2020. 

 

To make the claims that preventing side loading is safer is flat out unsubstantiated in the data.  

 

https://www.statista.com/statistics/680943/malware-os-distribution/

https://gs.statcounter.com/os-market-share

 

And that's before you even consider that malware exists in the appstore and in the wild through browsers, where the prevention of side loading has no impact on vulnerability.

I can’t access your first link because it’s covered in a cookie settings thing.  The second one works without issue.  Looking at the links toss number sound conveniently rounded compared to what I am seeing in the links, but they’re close.  Let’s assume the numbers you are quoting are correct though:  Do they actually measure what you say they measure?  It’s a comparison of how much malware is detected, vs how big a world market share there is. This seems to be a refrain:  world market share instead of National  or regional. Android has a much larger world market share because it makes phones that sell in low income countries and areas where apple cannot do business.   There are several countries where there are next to no iPhones because of legislation.  India comes to mind. That makes this data no different from earlier posted stuff.  It COULD be relevant.  Might not though.  Same as the other thing. So while it looks like it’s adding something it’s still no different than earlier statements functionally.

 

This is why I referred to the stick thing.  There probably is data that exists though.  The public merely lacks access to it.  So instead there are appeals to logic that lack substance in both directions.  The Statement by an apple officer that caused this thread is such a thing.  There are also numerous statements in the opposite direction here, but they’re often every inch as bad.  The whole “when he does it it’s bad but when I do the exact same thing it isn’t” I keep seeing here is imho at best ludicrous.   What I find interesting is that as an apple officer he may actually have opportunity to see such data.  He might not care of course and makes an argument he knows is crap, seen that happen often enough recently.  It will be proved true or false. Eventually. 

 

9 hours ago, Arika S said:

You still have not provided any evidence that the OPTION (added emphasis because for some reason you think it would be forced upon everyone) of allowing the side loading of apps somehow completely breaks Apple's security. You are literally saying that Apple's security engineers are absolute idiots and that the ONLY way of ensuring security on iOS is to lock out sideloading, which in reality, means their security is shit. On android there is no difference in how apps install or operate regardless if they were downloaded from the play store, or sideloaded.

 

"oh but people could be tricked into turning it on and downloading a bad app that steals all their shit"

Would love to see evidence of this actually happening on android where sideloading is OPTIONAL and has been for LONG time. You also completely glossed a previous response I made where Apple sandboxes everything.

 

 

So pray-tell how sideloading can be dangerous to security when the app is already sandboxed?

 

 

unless you can provide me with an actual response to all 3 of the above points, summarized below

• How optional sideloading would break Apple's "security", what "security" do you think it would impacted specifically?
• Evidence of Android's optional sideloading causing scammers to use it as an inlet by coercing people into turning it on and then downloading a dodgy app.
• why Apple's Sandboxing is insufficient to block apps from accessing other data

then i'm just going to put you in the category of those people who say

"Apple knows best, everything they do is in everyone's best interest, i will never question them or ask for more".

More attempts to assume that this optional default off thing is new rather than already in place.  There are devices where it is NOT the default, generally desktop OSes, but phones are not one of them, and haven’t been for at least a while.  Are we doing no longer developed OSes as examples btw?  I have no data about, say, blackberry or palm.  Palm had no loadable apps at all for a long time. I never owned a blackberry.

[Arika]

37 minutes ago, Bombastinator said:

More attempts to assume that this optional default off thing is new rather than already in place.  There are devices where it is NOT the default, generally desktop OSes, but phones are not one of them, and haven’t been for at least a while.  Are we doing no longer developed OSes as examples btw?  I have no data about, say, blackberry or palm.  Palm had no loadable apps at all for a long time. I never owned a blackberry.

somehow you managed to even skip over my summary therefore it's completely irrelevant to everything i asked, unless you're trying to compare a 2021 widespread OS (Apple) to one that barely had marketing penetration (even at it's peak) from 2013, in which case, wow, you must have some intense faith in Apple's security if that's the extent you're going to.

 

There's 8 years worth of development between Blackberry's OS and iOS as it stands today. so NO, of course i'm not asking about ancient OSs that no one uses or hardly used at the best of times.

 

here is my summary again, with extra emphasis

• How optional sideloading would break Apple's "security", what "security" do you think it would impacted specifically?
• Evidence of Android's optional sideloading causing scammers to use it as an inlet by coercing people into turning it on and then downloading a dodgy app. (because this is the closest analogue to iOS in the current tech space)
• why Apple's Sandboxing is insufficient to block apps from accessing other data

 

[saltycaramel]

Having too much faith in sandboxing-only without the ability to vet what the app is actually doing, the ability to enforce a “punishment” on the developer, the ability of taking it down, the ability of killing it remotely where already installed, etc. would break down because what if the sideloaded app asks for access to

- contacts

- location

- photos

- clipboard

- files

- etc.

 

and you can’t be sure what is actually doing with those?

 

Unless you guys are OK with sideloaded apps being really-really-sandboxed-for-real meaning no way to even ask access for those things (making them useless for some uses), and only apps notarized by Apple being allowed and from developers Apple approve of so Apple can kill it remotely should the need arise, etc. 

 

But I’m sure some people here wouldn’t be OK with only this kind of “reduced functionality” sideloaded apps being possible, because “ownership”.

 

People that keep asking why the “mere” option of removing safety belts on the highway is dangerous…

 

Macs are so safe that I don’t feel safe if I’m not running LittleSnitch lol. 

 

Imagine if one had to run LittleSnitch on smartphones, smart watches, smart glasses, smart headphones, IoT devices..people don’t understand that smartphones are only the begging and that where we are going security for all is of uttermost importance. 

 

Where we are going, remote work will be just called “work”.

 

Imagine thinking security assumptions from the 90s are fine for that world.

[Arika]

31 minutes ago, saltycaramel said:

Having too much faith in sandboxing-only without the ability to vet what the app is actually doing, the ability to enforce a “punishment” on the developer, the ability of taking it down, the ability of killing it remotely where already installed, etc. would break down because what if the sideloaded app asks for access to

- contacts

- location

- photos

- clipboard

- files

- etc.

 

and you can’t be sure what is actually doing with those?

Got it, Apple's security engineers are massive idiots who can't figure out how to enforce sandboxing on their own OS. permissions are permissions regardless of how an app is installed. How can you be sure what apps installed from the app store are doing with the permissions you have allowed? remember that malware has been found on the app store before, multiple times, so their vetting process clearly isn't as good as you think. AGAIN, android has has sideloading for a long time, where is all the malware and data stealing app epidemic rolling through android?

 

28 minutes ago, saltycaramel said:

People that keep asking why the “mere” option of removing safety belts on the highway is dangerous…

literally not even close to being the same situation, are you actually serious with this strawman bullshit?

 

So you failed to address pretty much every single point, only one of them being addressed in the most vague way possible, and you're also one of those people where you "respond" to someone without quoting or tagging them, maybe i the hopes that i don't see it and therefore you can feel like you've won?

 

 

[saltycaramel]

6 minutes ago, Arika S said:

permissions are permissions regardless of how an app is installed. How can you be sure what apps installed from the app store are doing with the permissions you have allowed?

 

At least they have been somehow vetted (even if not perfectly it’s dumb to discount a system only because it’s not 100% effective as said many times), they had to give their name and address to Apple, there’s some accountability, there could be something to lose, etc. 

Compared to installing apps from a dark back alley, granting them permissions and praying for the best, with zero accountability. 

[Arika]

Just now, saltycaramel said:

 

At least they have been somehow vetted (even if not perfectly that’s dumb to discount a system only because it’s not 100% effective as said many times), they had to give their name and address to Apple, there’s some accountability, there could be something to lose, etc. 

Compared to installing apps from a dark back alley, granting them permissions and praying for the best, with zero accountability. 

6 minutes ago, Arika S said:

android has has sideloading for a long time, where is all the malware and data stealing app epidemic rolling through android?

  

 

[saltycaramel]

1 hour ago, Arika S said:

 

• How optional sideloading would break Apple's "security", what "security" do you think it would impacted specifically?
• Evidence of Android's optional sideloading causing scammers to use it as an inlet by coercing people into turning it on and then downloading a dodgy app. (because this is the closest analogue to iOS in the current tech space)
• why Apple's Sandboxing is insufficient to block apps from accessing other data

 

 

1) optional —> people that shouldn’t do it get step-by-step tricked into doing it —> bad things ensue. PROOF: decades of this happening on PCs

 

2) I’ll quote Apple which in turn is quoting publicly available data

 

Quote

Because Android supports sideloading, malware has been able to spread on that platform more easily. Android smartphones are the most common mobile malware targets and have recently had between 15 and 47 times more infections from malicious software than iPhone.4,5 A study found that 98 percent of mobile malware targets Android devices.18 This is closely linked to sideloading: In 2018,
for example, Android devices that installed apps outside Google Play, the official Android app store, were eight times more likely to be affected by potentially harmful applications than those that did not.103 For example, as previously discussed, HiddenAds, CopyCat, FakeSpy, and BlackRock are all prominent malware strains that reached Android users via third-party sources. In addition, because cybercriminals and hackers rely on sideloading to spread pirated apps, piracy and intellectual property theft are more common on Android devices.24,25,117 On the other hand, iOS users are unlikely to be exposed to malware, and many of the rare malware attacks on the platform are narrowly targeted attacks, often carried out by nation-states.82,83,118 Experts generally agree that iOS is safer compared to Android, in part because
Apple does not support sideloading.5

 

https://www.apple.com/privacy/docs/Building_a_Trusted_Ecosystem_for_Millions_of_Apps_A_Threat_Analysis_of_Sideloading.pdf

 

3) already addressed that: sandboxing without accountability breaks down at the granting-permissions level, unless we accept that the only kind of sideloadable apps allowed are very limited in scope and notarized by Apple 

 

Apple’s quoted paragraph introduces another important topic of discussion: intellectual property.

 

That’s not an important thing to protect, amirite?

 

Wonder why, despite Android having a far greater market share, most of the money to be made in software and the most lively app scene is on iOS..

[Arika]

1 hour ago, saltycaramel said:

optional —> people that shouldn’t do it get step-by-step tricked into doing it —> bad things ensue.

where are all the people getting tricked into doing it on android? it is the least efficient way of getting information out of people. Same thing with Linux. Trying to install something you don't really know about on Linux? "hey just run this script in terminal with sudo" and yet Linux isn't riddled with malware despite god knows how many people running commands they don't understand. People still get tricked by fake IRS and Microsoft scammers, so should phone providers start screening every single call to make sure you don't get a scam call come through?

 

Quote

PROOF: decades of this happening on PCs

Sideloading on mobile OSs is NOT equivalent to installing anything on Windows. i would agree IF the commonly accepted way of installing 99% new things was run through the Microsoft store, but that is not, and will not be the case. iOS has many more implemented within it that would allow them to manage third party apps, and if Apple's own team can't enforce the same system calls on apps from a third party that they can on apps from the app store, then, as i've said many times, their security is actually shit because if they only allow "vetted" apps to be installed from the app store and hinge the entirety of their claims of security on it, then it's not really that secure.

 

1 hour ago, saltycaramel said:

-snip of the apple quote-

This whole thing is disingenuous as hell, if you had actually read the sources, you would have realized that.

 

This is going to be long so strap in

-------------

 

1 hour ago, saltycaramel said:

Android smartphones are the most common mobile malware targets and have recently had between 15 and 47 times more infections from malicious software than iPhone.4,5

This report is from Nokia, This number is for ALL android devices and includes unpatched and old android devices (not just phones, anything that uses android) that people still have lying around. Who would have thought that phones missing security updates would be vulnerable. the infection rate almost halved from 2019 to 2020 (47.15% to 26.64%) and yet don't mention they types of infection, they seem to just classify everything as "malware"

they mention

Quote

However, the fact that Android applications can be downloaded from just about anywhere still represents a huge problem, as users are free to download apps from third-party app stores, where many of the applications, while functional, are Trojanized.

And yet provide no numbers on how many infections were caused by sideloading, just that it is an avenue.

 

1 hour ago, saltycaramel said:

This is closely linked to sideloading: In 2018,
for example, Android devices that installed apps outside Google Play, the official Android app store, were eight times more likely to be affected by potentially harmful applications than those that did not. 103.

Again, very disingenuous, not wrong, but represented wrong. The report is from 3 years ago, so out of date, and the numbers are actually

 

 

so yes, not wrong, but when the most dangerous number is only 0.68% it's basically a nothing burger.

 

Apple have clearly been very very careful with their wording to make it sound as scary as possible, PHA means POTENTIALLY Harmful Applications. Please read this full quote, especially the emphasis i have added

 

Quote

Potentially Harmful Applications (PHAs)
Potentially Harmful Applications (PHAs) are apps that could put users, user data, or devices at risk. Common
PHA categories include trojans, spyware, and phishing apps. In 2018, we started tracking click fraud as a PHA
category. Click fraud apps simulate clicks on advertisements without user consent.
User-wanted PHAs

Some apps with attractive features also weaken Android’s built-in security. When users try to install these
apps, Google Play Protect warns users about potential hazards so that they can make informed decisions. Our
statistics separate these from classic “malware” PHAs. For example, Google Play Protect warns users about
apps that disable Android security features, such as SELinux, or root the device with disclosure and user consent.
Google Play Protect discourages changes that lower Android’s built-in security protections, but allows individuals
to choose the risks that they are willing to take with their devices.

A warning message is displayed to the user anytime a PHA installation is detected. If they decide to ignore
this warning and proceed with the installation, they will not receive further security warnings about that app.
Interrupting the Android user experience with constant warnings would make Google Play Protect more annoying
than useful.

In 2018, user-wanted PHAs comprised 0.11% of app installations downloaded outside of Google Play (Google
Play doesn’t allow any security-breaking apps even if they are user-wanted).

So not only do PHAs compromise only 0.11% of app installs outside of Google play (not taking into account the millions of apps that ARE installed from google play), they are still checked by Google Play Protect to make sure they are not going to compltely destroy you.

 

 

1 hour ago, saltycaramel said:

For example, as previously discussed, HiddenAds, CopyCat, FakeSpy, and BlackRock are all prominent malware strains that reached Android users via third-party sources. In addition, because cybercriminals and hackers rely on sideloading to spread pirated apps, piracy and intellectual property theft are more common on Android devices.24,25,117

Piracy will always exist. Sure hope apple make sure you don't allow any Torrent applications on any of their devices because torrents are used for piracy, maybe they should block any website at the webkit level that allows you to download or stream pirated content as well?

 

1 hour ago, saltycaramel said:

On the other hand, iOS users are unlikely to be exposed to malware, and many of the rare malware attacks on the platform are narrowly targeted attacks, often carried out by nation-states.82,83,118

source 82: an attack on iPhone only, wasn't targeted at android, so irrelevant to compare to

source 83: no data at all about what kinds of phones were infected, like literally 0 mention of any brands, only the kinds of (very high profile) people that were targeted

source 103: absolutely nothing mentioned in regards to side loading.

 

-------------

 

1 hour ago, saltycaramel said:

3) already addressed that: sandboxing without accountability breaks down at the granting-permissions level, unless we accept that the only kind of sideloadable apps allowed are very limited in scope and notarized by Apple 

Accountability is on the owner of the phone, not on the manufacturer. I shouldn't expect Microsoft/windows to keep me safe online or my phone provider to protect me from scam calls, that's my responsibly.

 

Quote

unless we accept that the only kind of sideloadable apps allowed are very limited in scope and notarized by Apple 

That's literally the app store with extra steps. it's still the same result "you can only install what we allow you to"

[mr moose]

7 hours ago, rikitikitavi said:

Nokia turned cellphones into fashion accessories. Also made them into luxury items under Vertu branding.

They did that after the iphone though didn't they?

 

 

[mr moose]

5 hours ago, Bombastinator said:

 

 

I can’t access your first link because it’s covered in a cookie settings thing.  The second one works without issue.  Looking at the links toss number sound conveniently rounded compared to what I am seeing in the links, but they’re close.  Let’s assume the numbers you are quoting are correct though:  Do they actually measure what you say they measure?  It’s a comparison of how much malware is detected, vs how big a world market share there is. This seems to be a refrain:  world market share instead of National  or regional. Android has a much larger world market share because it makes phones that sell in low income countries and areas where apple cannot do business.   There are several countries where there are next to no iPhones because of legislation.  India comes to mind. That makes this data no different from earlier posted stuff.  It COULD be relevant.  Might not though.  Same as the other thing. So while it looks like it’s adding something it’s still no different than earlier statements functionally.

Just because apple can't sell a phone in half of africa due to economics does not mean the millions of android units in africa are not open to malware or somehow different to the units in places where iphoine is available or in higher circulation.    The data is good and at the moment even if we were to be extremely conservative with the figures and double the rate of malware on android and ignore the current malware/exploits in ios, it still leaves craig's argument in tatters because there is nothing to suggest even remotely that allowing side loading will decrease security. 

 

5 hours ago, Bombastinator said:

This is why I referred to the stick thing.  There probably is data that exists though.  The public merely lacks access to it.  So instead there are appeals to logic that lack substance in both directions. 

 

I don't think I can understand what you mean here,  if there is nothing substantial to underpin the appeal then it cannot be an appeal to logic.  The weight of evidence posted in this thread seems very weak on one side and hard to refute from the other. 

[Bombastinator]

9 hours ago, Arika S said:

somehow you managed to even skip over my summary therefore it's completely irrelevant to everything i asked, unless you're trying to compare a 2021 widespread OS (Apple) to one that barely had marketing penetration (even at it's peak) from 2013, in which case, wow, you must have some intense faith in Apple's security if that's the extent you're going to.

 

There's 8 years worth of development between Blackberry's OS and iOS as it stands today. so NO, of course i'm not asking about ancient OSs that no one uses or hardly used at the best of times.

 

here is my summary again, with extra emphasis

• How optional sideloading would break Apple's "security", what "security" do you think it would impacted specifically?
• Evidence of Android's optional sideloading causing scammers to use it as an inlet by coercing people into turning it on and then downloading a dodgy app. (because this is the closest analogue to iOS in the current tech space)
• why Apple's Sandboxing is insufficient to block apps from accessing other data

 

My memory is the summary was based on the premise which was based on the data. Calling the data bad is perhaps wrong but it iirc was the first example of world-wide numbers versus  more granular stuff.  With the accusation of intense faith you say that either neither is sufficiently secure or that android is more secure than iOS.  I suspect the first is the most accurate.  It becomes a question not of which is clean, because neither is clean but which is least unclean.  Who has the fewest splotches.  The issue seems to be that when world wide data is used they appear equal.  The problem is that apple isn’t really world wide.  Therefor a more limited scope would be needed to be looked at as well, since the world-wide number may not represent the actual issue accurately. I am reduced to making a choice between two inadequate contenders. I don’t know if I would consider that faith “intense”.  Certainly there are many people with greater faith.

[Commodus]

7 hours ago, mr moose said:

They did that after the iphone though didn't they?

 

 

Oh, Nokia was definitely milking the fashion angle long before the iPhone showed up. Like the Nokia 7280:

 

 

That was part of Nokia's problem when the iPhone arrived, I'd argue. Most of Nokia's business at the time revolved around endless attempts to make basic cellphones seem interesting, and that often meant "fashionable" designs with weird shapes and questionable interface decisions. Smartphones were a minority of Nokia's business, and most of them were very chunky and utilitarian (the N95's most eye-catching design feature was its faux chrome navigation pad). The company took too long to steer things around and make good-looking smartphones, and Symbian being a dumpster fire of an OS was even worse.

[mr moose]

3 hours ago, Commodus said:

Oh, Nokia was definitely milking the fashion angle long before the iPhone showed up. Like the Nokia 7280:

 

 

That was part of Nokia's problem when the iPhone arrived, I'd argue. Most of Nokia's business at the time revolved around endless attempts to make basic cellphones seem interesting, and that often meant "fashionable" designs with weird shapes and questionable interface decisions. Smartphones were a minority of Nokia's business, and most of them were very chunky and utilitarian (the N95's most eye-catching design feature was its faux chrome navigation pad). The company took too long to steer things around and make good-looking smartphones, and Symbian being a dumpster fire of an OS was even worse.

And apples marketing was/is the most superior in the world.  I believe they won some of the most prestigious awards for brand marketing 10 years in a row.

 

 

I warn people not to read it if they are prone to nausea from companies pretending their motives are pure in marketing:

 

https://cmosurvey.org/award-winners/

 

 

 

[rikitikitavi]

10 hours ago, mr moose said:

They did that after the iphone though didn't they?

Afaik first dipping into "fashion" began in the late 90s, with colourful and replaceable faceplates on 5110. Early 2000s is when they started to go places with designs, lux segment, and eventually smartphones with some funky designs.

Can't say if some were unfamiliar about these because it was long ago or if it wasn't trendy in North America. Overseas, people were already giving their last kidney for the latest dumbphone that simply looked different lol

[mr moose]

1 minute ago, rikitikitavi said:

Afaik first dipping into "fashion" began in the late 90s, with colourful and replaceable faceplates on 5110. Early 2000s is when they started to go places with designs, lux segment, and eventually smartphones with some funky designs.

Can't say if some were unfamiliar about these because it was long ago or if it wasn't trendy in North America. Overseas, people were already giving their last kidney for the latest dumbphone that simply looked different lol

It does seem as though Nokia's massive market share was due to being there at the right time with the right product early on, because throughout all their various iterations and ownership over the last decade they seem to have just gone from lackluster to even more dull. 

 

Having said that I did just buy the latest nokia because of all the phones in it's price range (in my area) it offered the best performance (even beating out motorola and oppo etc).

[rikitikitavi]

3 hours ago, Commodus said:

That was part of Nokia's problem when the iPhone arrived, I'd argue. Most of Nokia's business at the time revolved around endless attempts to make basic cellphones seem interesting, and that often meant "fashionable" designs with weird shapes and questionable interface decisions. Smartphones were a minority of Nokia's business, and most of them were very chunky and utilitarian (the N95's most eye-catching design feature was its faux chrome navigation pad). The company took too long to steer things around and make good-looking smartphones, and Symbian being a dumpster fire of an OS was even worse.

Mentioning questionable design/interface - reminds of the first N-Gage and its speaker/mic arrangement.