Because Apple runs the only App Store for iOS, it can (and does) stop such activity. One recent issue was resolved by Apple the day after it was reported.
No, it wasn't. Do you even read what you quote DED?
It took MONTHS of complaining to Apple before ANYTHING was done. App store reviewers allowed hacked apps into the store in spite of the actual app not matching the provided screenshots, something the developer believes should have been a pretty obvious red flag to Apple's app approval person.
To be clear, I'm not complaining about Apple, iOS, apps or the App Store, but calling out DED's bullshlt "evangelism." It is not true that the incident to which he refers was resolved in one day.
Did you bother to even read my post? The last link is in fact, an exploit in the iOS Sandbox, and developer Charlie Miller was able to get the app successfully into Apple's walled garden where other people downloaded it. The app allowed third party untrusted code to be downloaded and run in an executable code page as a proof of concept exploit.
For this, Charlie was kicked out of the Apple dev program.
This happened before the Android APK exploit, so technically, iOS was cracked first (in 2011)
He didn't get an interview. He was among the media that asked questions at a conference.
So he lied/embellished. The Lede says "In May 2007, I interviewed Steve Jobs" which gives the impression that he had a 1:1 Q&A with jobs. I never heard of someone say they "interviewed" someone by standing up at a conference or meeting on a public mic.
Another example of how DED selectively twists and reinterprets facts to suit a narrative.
Next we'll learn how he got write Steve Job's Bio because he once asked how old he was while in an elevator.
What will DED say when hackers do find an exploitable flaw in iOS? All major DRM systems on every every platform have been broken so far, even those with many many layers of defense-in-depth. Will he say that Apple took shortcuts? Charlie Miller along found 20 OSX 0-day attacks. Is that the famous Apple build quality? Shipping a desktop OS with 20 security holes?
The reality is, all complex software systems have exploitable holes, it is impossible to create a 100% secure system. The idea that Google didn't put any thought into security is ludicrous, if DED actually knew anything about computer software and knew how the Android APK exploit worked, he'd see it isn't a flaw in the architecture, but a flaw in the implementation, the signature check code. So regardless of whether Android had a central Certificate Authority model, or a self-signed model, the exploit would still be there.
There have been flaws in widely used crypto/SSL libraries used by hundreds and thousands of applications, like OpenSSL and GnuTLS. This happens all the time, and many European blackhat hackers have made a business out of selling such exploits to nation states and other blackhats. Android's exploit was found in part because the source code is available.
I love how DED also tries to insinuate that Apple invented the concept of a "web app", a concept which goes all the way back to Active Desktop on Windows and Netscape Desktop. DED has a command of the historical facts already - a command of cherry picking information which conveniently leaves out the whole story, in order to fit a childish hero-worshipping narrative about Apple.
There was nothing technologically innovative about the App Store, the concept of downloadable and installable apps, digitally signed apps, sandboxed apps, apps for money, and on and on, all predated iOS by a decade. Paid J2ME apps on feature phones hit 1 billion installs before 2007. Ryoichi Mori patented SuperDistribution in 1983 which used DRM signing for encrypted app distribution.
Alot of the work, both academic and proof of implementation, was done by companies like Sun Microsystems or General Magic way before, ironically, General Magic was started by ex-Apple employees and Apple ended up suing them and shipping the Newton. The basic architecture since then, has been the same. Sandbox plus signatures for verification.
But this is the problem with zealots -- taking what is a common occurrence in the software industry, people finding exploits because of bugs, and turn it into a one side story complete with lots of bullshit assumptions.
Proof of lazy Apple not caring about build quality and shipping unfinished, buggy code?
DED is possibly the worst Apple beat writer I've ever seen.
What a load of crap. Yes, all software systems can be cracked. That's not the issue. The issue is that Android has far more holes than iOS does. This is verifiable fact. The very existence of ICS and GB (which has poor or no implementations of ASLR) are just one example.
Your post is about as stupid as someone claiming that since some iOS devices don't get all iOS 7 features that iOS is also fragmented, and make the wild assumption that Android and iOS both suffer from fragmentation and are therefore, equal.
Here's a clue - it's not black & white as trolls like you try to imply.
I also noticed a well-known troll coward gave you a like. Just like that other new drive-by account also got likes from a different, but well-known troll. You guys are pathetic.
So he lied/embellished. The Lede says "In May 2007, I interviewed Steve Jobs" which gives the impression that he had a 1:1 Q&A with jobs. I never heard of someone say they "interviewed" someone by standing up at a conference or meeting on a public mic.
Another example of how DED selectively twists and reinterprets facts to suit a narrative.
Next we'll learn how he got write Steve Job's Bio because he once asked how old he was while in an elevator.
You mean like how you selectively talk about certain aspects of security while ignoring others? Wow, talk about the pot calling the kettle black.
Yeah, I cringed at that bit also. Daniel writes excellent stuff but then he buggers it up by making some outrageous claim like he "interviewed" Steve Jobs. Also, like most of his articles, it's about 50% too long and goes over and over the same points until the reader is exhausted or has already turned the page. I'm not in the "DED hater" camp many folks on the forum are, in fact I was an avid supporter for a while, but I'm starting to get really tired of this stuff.
What will DED say when hackers do find an exploitable flaw in iOS?
I love how DED also tries to insinuate that Apple invented the concept of a "web app", a concept which goes all the way back to Active Desktop on Windows and Netscape Desktop. DED has a command of the historical facts already - a command of cherry picking information which conveniently leaves out the whole story, in order to fit a childish hero-worshipping narrative about Apple.
This is just too silly, even for you. There's no "insinuation" in the article that credits Apple for inventing "web apps."
Also, there have been many exploits discovered in iOS. The difference is that 60% of iOS users aren't on a system that's years old and full of old bugs. Apple updates and distributes them. Google releases updates for some new phones. That's just bad support.
Google also rushed into the market with the notion that "open always wins" and has failed. Spent a lot of money, lost a lot of headway in mobile ads. Not clear how the future of Android is going to solve or change any of these issues. You can't upgrade a platform by launching something new that only appears on brand new phones.
Yeah, I cringed at that bit also. Daniel writes excellent stuff but then he buggers it up by making some outrageous claim like he "interviewed" Steve Jobs. Also, like most of his articles, it's about 50% too long and goes over and over the same points until the reader is exhausted or has already turned the page. I'm not in the "DED hater" camp many folks on the forum are, in fact I was an avid supporter for a while, but I'm starting to get really tired of this stuff.
You are very much in the hater camp. And given that you've put yourself among those few droidlolz accounts whose biggest complaint with the article is picking at the word "interview" to describe asking a series of questions at that meeting, it just shows what a desperate, groveling hater you are. Quite embarrassing really.
What a load of crap. Yes, all software systems can be cracked. That's not the issue. The issue is that Android has far more holes than iOS does. This is verifiable fact. The very existence of ICS and GB (which has poor or no implementations of ASLR) are just one example.
You mean like the half-done ASLR implementations Apple introduced into OSX which were incrementally upgraded over time. OSX didn't get full ASLR until Lion, and iOS didn't get ASLR until IOS 4.3. JellyBean has full ASLR. ICS had partial ASLR. Part of the reason why people find exploits in Android is because of AOSP which makes it far easier, the same way WebKit and Chromium flaws are forged in competitions by explicit knowledge in the source and the ability to run analysis tools on the source. iOS is closed source, security through obscurity, but the existence of continued jailbreaks proves that Apple is no different than anyone else in securing their system, they keep fixing exploits, and people keep finding others. Apple in fact, is quite behind other companies in some areas. The vast vast majority of WebKit bugs were found and fixed by Google engineers in old code from Apple when Google introduced ClusterFuzz, a massively scaled out fuzzing system. Most of Miller's attacks on OSX were found by fuzzing, indicating Apple likely lacks large-scale internal automated fuzzing tools.
I get it, you're mad because someone showed one of your heroes to be someone who twists facts and shatters your world-view of Apple as some kind of outlier amongst software engineers. It doesn't help that you don't know what you're talking about, you're obviously not a security engineer.
No, it wasn't. Do you even read what you quote DED?
It took MONTHS of complaining to Apple before ANYTHING was done. App store reviewers allowed hacked apps into the store in spite of the actual app not matching the provided screenshots, something the developer believes should have been a pretty obvious red flag to Apple's app approval person.
To be clear, I'm not complaining about Apple, iOS, apps or the App Store, but calling out DED's bullshlt "evangelism." It is not true that the incident to which he refers was resolved in one day.
Step 1) click the link
Step 2) read the date of the posting: (July 2 if you can't find it yourself)
Step 3) compare the update added the next day July 3
I thought the article was entertaining and informative. The entertaining part is DED's bias. It doesn't bother me. Some of his best articles on his website were attacks on other journalists who besmirched his beloved Apple.
I was one of those who bought into the story that Jobs didn't want 3rd party Apps on the iPhone. Simply from reading a few articles. Even though I questioned it because it's such a bone-headed move from someone I consider a great visionary, I bought into the myth.
In May 2007, I interviewed Steve Jobs on the subject of native apps for the iPhone months before the new phone first went on sale. Six years later, his answers are now haunting Google's rival Android platform because the search giant has failed to heed the advice leaking from the top of Apple's ship.
This is just too silly, even for you. There's no "insinuation" in the article that credits Apple for inventing "web apps."
Also, there have been many exploits discovered in iOS. The difference is that 60% of iOS users aren't on a system that's years old and full of old bugs. Apple updates and distributes them. Google releases updates for some new phones. That's just bad support.
Google also rushed into the market with the notion that "open always wins" and has failed. Spent a lot of money, lost a lot of headway in mobile ads. Not clear how the future of Android is going to solve or change any of these issues. You can't upgrade a platform by launching something new that only appears on brand new phones.
Apple has one lineage of devices, using PowerVR derived GPUs and an incrementally upgraded ARM lineage. Android is more like the PC Desktop of the last 20 years or Linux, hundreds, or thousands of combinations of devices. 3-4 different CPUs, including different architectures like Atom. Multiple GPUs like Tegra, Mali, Adreno, PowerVR. There's also not a single distributor, so like with Linux kernel updates, your Linux based cable box or wifi-box isn't going to get the fix automagically. It's just impractical to have a single point of control in an ecosystem with hundreds of devices and vendors. Microsoft tried it with Windows and the result was BSODs everywhere.
Google didn't "rush" into the market, it was planned for it to be like this. Decentralized systems simply permit this kind of abuse. DED talks about people stealing content and repackaging it, but this is the way the Web works. I could completely copy all content from AppleInsider, upload it to a new domain "FooInsider" and no one can prevent me from publishing links to it everywhere.
If Apple users like a walled garden fine, but the situation of Android was known ahead of time, Vic Gundotra practically announced it at I/O 2009. I freely acknowledge this is the kinds of fragmentation that happen in an open system, but I myself prefer open systems. I like being able to see sort, I like hacking my device, and I like being able to install software I want. In short, I expect that if I paid $300 for a computing device, I *OWN IT*, it's *MINE* and I should be able to put whatever I want on it.
Apple benefits from controlling the entire stack, there is no denying it. I say let the end users decide. Some people will want a more controlled experienced, others may prefer more diversity. The world is big enough for both platforms to co-exist.
rogifan, When Apple started working on iPhone they did not hire anyone one from outside, that did not mean we were not getting a phone. Project iWatch is not starting soon, it is ending soon. I reckon it will be in market later this year.
Comments
Quote:
Originally Posted by AppleInsider
Because Apple runs the only App Store for iOS, it can (and does) stop such activity. One recent issue was resolved by Apple the day after it was reported.
No, it wasn't. Do you even read what you quote DED?
It took MONTHS of complaining to Apple before ANYTHING was done. App store reviewers allowed hacked apps into the store in spite of the actual app not matching the provided screenshots, something the developer believes should have been a pretty obvious red flag to Apple's app approval person.
To be clear, I'm not complaining about Apple, iOS, apps or the App Store, but calling out DED's bullshlt "evangelism." It is not true that the incident to which he refers was resolved in one day.
Great article Dan, I really enjoyed reading it.
EDIT: Redundant reply removed.
Did you bother to even read my post? The last link is in fact, an exploit in the iOS Sandbox, and developer Charlie Miller was able to get the app successfully into Apple's walled garden where other people downloaded it. The app allowed third party untrusted code to be downloaded and run in an executable code page as a proof of concept exploit.
For this, Charlie was kicked out of the Apple dev program.
This happened before the Android APK exploit, so technically, iOS was cracked first (in 2011)
As Steve Jobs would say "BOOM!"
Quote:
Originally Posted by v5v
He didn't get an interview. He was among the media that asked questions at a conference.
So he lied/embellished. The Lede says "In May 2007, I interviewed Steve Jobs" which gives the impression that he had a 1:1 Q&A with jobs. I never heard of someone say they "interviewed" someone by standing up at a conference or meeting on a public mic.
Another example of how DED selectively twists and reinterprets facts to suit a narrative.
Next we'll learn how he got write Steve Job's Bio because he once asked how old he was while in an elevator.
Quote:
Originally Posted by rjc999
What will DED say when hackers do find an exploitable flaw in iOS? All major DRM systems on every every platform have been broken so far, even those with many many layers of defense-in-depth. Will he say that Apple took shortcuts? Charlie Miller along found 20 OSX 0-day attacks. Is that the famous Apple build quality? Shipping a desktop OS with 20 security holes?
The reality is, all complex software systems have exploitable holes, it is impossible to create a 100% secure system. The idea that Google didn't put any thought into security is ludicrous, if DED actually knew anything about computer software and knew how the Android APK exploit worked, he'd see it isn't a flaw in the architecture, but a flaw in the implementation, the signature check code. So regardless of whether Android had a central Certificate Authority model, or a self-signed model, the exploit would still be there.
There have been flaws in widely used crypto/SSL libraries used by hundreds and thousands of applications, like OpenSSL and GnuTLS. This happens all the time, and many European blackhat hackers have made a business out of selling such exploits to nation states and other blackhats. Android's exploit was found in part because the source code is available.
I love how DED also tries to insinuate that Apple invented the concept of a "web app", a concept which goes all the way back to Active Desktop on Windows and Netscape Desktop. DED has a command of the historical facts already - a command of cherry picking information which conveniently leaves out the whole story, in order to fit a childish hero-worshipping narrative about Apple.
There was nothing technologically innovative about the App Store, the concept of downloadable and installable apps, digitally signed apps, sandboxed apps, apps for money, and on and on, all predated iOS by a decade. Paid J2ME apps on feature phones hit 1 billion installs before 2007. Ryoichi Mori patented SuperDistribution in 1983 which used DRM signing for encrypted app distribution.
Alot of the work, both academic and proof of implementation, was done by companies like Sun Microsystems or General Magic way before, ironically, General Magic was started by ex-Apple employees and Apple ended up suing them and shipping the Newton. The basic architecture since then, has been the same. Sandbox plus signatures for verification.
But this is the problem with zealots -- taking what is a common occurrence in the software industry, people finding exploits because of bugs, and turn it into a one side story complete with lots of bullshit assumptions.
Anyway, here you go: http://arstechnica.com/apple/2011/11/safari-charlie-discovers-security-flaw-in-ios-gets-booted-from-dev-program/
Proof of lazy Apple not caring about build quality and shipping unfinished, buggy code?
DED is possibly the worst Apple beat writer I've ever seen.
What a load of crap. Yes, all software systems can be cracked. That's not the issue. The issue is that Android has far more holes than iOS does. This is verifiable fact. The very existence of ICS and GB (which has poor or no implementations of ASLR) are just one example.
Your post is about as stupid as someone claiming that since some iOS devices don't get all iOS 7 features that iOS is also fragmented, and make the wild assumption that Android and iOS both suffer from fragmentation and are therefore, equal.
Here's a clue - it's not black & white as trolls like you try to imply.
I also noticed a well-known troll coward gave you a like. Just like that other new drive-by account also got likes from a different, but well-known troll. You guys are pathetic.
Quote:
Originally Posted by rjc999
So he lied/embellished. The Lede says "In May 2007, I interviewed Steve Jobs" which gives the impression that he had a 1:1 Q&A with jobs. I never heard of someone say they "interviewed" someone by standing up at a conference or meeting on a public mic.
Another example of how DED selectively twists and reinterprets facts to suit a narrative.
Next we'll learn how he got write Steve Job's Bio because he once asked how old he was while in an elevator.
You mean like how you selectively talk about certain aspects of security while ignoring others? Wow, talk about the pot calling the kettle black.
Quote:
Originally Posted by Michael Scrip
And some apps never go to Android at all...
Which ones? That's what MacRulez was asking. If what you say is true, you should be able to specify WHICH apps haven't made the transition.
It seems safe to assume that there may be some, but are they actually successful apps or just yet another flashlight?
And I don't see any Android 'hate' here. Truth.
Soldier on Daniel!
Quote:
Originally Posted by digitalclips
That's how I read it too.
Yeah, I cringed at that bit also. Daniel writes excellent stuff but then he buggers it up by making some outrageous claim like he "interviewed" Steve Jobs. Also, like most of his articles, it's about 50% too long and goes over and over the same points until the reader is exhausted or has already turned the page. I'm not in the "DED hater" camp many folks on the forum are, in fact I was an avid supporter for a while, but I'm starting to get really tired of this stuff.
Quote:
Originally Posted by anantksundaram
Have they?
Perhaps you should wait until they do, instead of speculating.
Or, I dunno, you could read the rest of his post, including maybe the part with a link to how and where and WHEN it happened.
Looking forward to your apology to rjc999.
Quote:
Originally Posted by rjc999
What will DED say when hackers do find an exploitable flaw in iOS?
I love how DED also tries to insinuate that Apple invented the concept of a "web app", a concept which goes all the way back to Active Desktop on Windows and Netscape Desktop. DED has a command of the historical facts already - a command of cherry picking information which conveniently leaves out the whole story, in order to fit a childish hero-worshipping narrative about Apple.
This is just too silly, even for you. There's no "insinuation" in the article that credits Apple for inventing "web apps."
Also, there have been many exploits discovered in iOS. The difference is that 60% of iOS users aren't on a system that's years old and full of old bugs. Apple updates and distributes them. Google releases updates for some new phones. That's just bad support.
Google also rushed into the market with the notion that "open always wins" and has failed. Spent a lot of money, lost a lot of headway in mobile ads. Not clear how the future of Android is going to solve or change any of these issues. You can't upgrade a platform by launching something new that only appears on brand new phones.
Quote:
Originally Posted by Gazoobee
Yeah, I cringed at that bit also. Daniel writes excellent stuff but then he buggers it up by making some outrageous claim like he "interviewed" Steve Jobs. Also, like most of his articles, it's about 50% too long and goes over and over the same points until the reader is exhausted or has already turned the page. I'm not in the "DED hater" camp many folks on the forum are, in fact I was an avid supporter for a while, but I'm starting to get really tired of this stuff.
You are very much in the hater camp. And given that you've put yourself among those few droidlolz accounts whose biggest complaint with the article is picking at the word "interview" to describe asking a series of questions at that meeting, it just shows what a desperate, groveling hater you are. Quite embarrassing really.
Quote:
Originally Posted by EricTheHalfBee
What a load of crap. Yes, all software systems can be cracked. That's not the issue. The issue is that Android has far more holes than iOS does. This is verifiable fact. The very existence of ICS and GB (which has poor or no implementations of ASLR) are just one example.
You mean like the half-done ASLR implementations Apple introduced into OSX which were incrementally upgraded over time. OSX didn't get full ASLR until Lion, and iOS didn't get ASLR until IOS 4.3. JellyBean has full ASLR. ICS had partial ASLR. Part of the reason why people find exploits in Android is because of AOSP which makes it far easier, the same way WebKit and Chromium flaws are forged in competitions by explicit knowledge in the source and the ability to run analysis tools on the source. iOS is closed source, security through obscurity, but the existence of continued jailbreaks proves that Apple is no different than anyone else in securing their system, they keep fixing exploits, and people keep finding others. Apple in fact, is quite behind other companies in some areas. The vast vast majority of WebKit bugs were found and fixed by Google engineers in old code from Apple when Google introduced ClusterFuzz, a massively scaled out fuzzing system. Most of Miller's attacks on OSX were found by fuzzing, indicating Apple likely lacks large-scale internal automated fuzzing tools.
I get it, you're mad because someone showed one of your heroes to be someone who twists facts and shatters your world-view of Apple as some kind of outlier amongst software engineers. It doesn't help that you don't know what you're talking about, you're obviously not a security engineer.
Quote:
Originally Posted by v5v
No, it wasn't. Do you even read what you quote DED?
It took MONTHS of complaining to Apple before ANYTHING was done. App store reviewers allowed hacked apps into the store in spite of the actual app not matching the provided screenshots, something the developer believes should have been a pretty obvious red flag to Apple's app approval person.
To be clear, I'm not complaining about Apple, iOS, apps or the App Store, but calling out DED's bullshlt "evangelism." It is not true that the incident to which he refers was resolved in one day.
Step 1) click the link
Step 2) read the date of the posting: (July 2 if you can't find it yourself)
Step 3) compare the update added the next day July 3
Step 4) do the math
deleted
I thought the article was entertaining and informative. The entertaining part is DED's bias. It doesn't bother me. Some of his best articles on his website were attacks on other journalists who besmirched his beloved Apple.
I was one of those who bought into the story that Jobs didn't want 3rd party Apps on the iPhone. Simply from reading a few articles. Even though I questioned it because it's such a bone-headed move from someone I consider a great visionary, I bought into the myth.
Thanks for setting the record straight.
Link please to the 2007 interview!
Quote:
Originally Posted by Corrections
This is just too silly, even for you. There's no "insinuation" in the article that credits Apple for inventing "web apps."
Also, there have been many exploits discovered in iOS. The difference is that 60% of iOS users aren't on a system that's years old and full of old bugs. Apple updates and distributes them. Google releases updates for some new phones. That's just bad support.
Google also rushed into the market with the notion that "open always wins" and has failed. Spent a lot of money, lost a lot of headway in mobile ads. Not clear how the future of Android is going to solve or change any of these issues. You can't upgrade a platform by launching something new that only appears on brand new phones.
Apple has one lineage of devices, using PowerVR derived GPUs and an incrementally upgraded ARM lineage. Android is more like the PC Desktop of the last 20 years or Linux, hundreds, or thousands of combinations of devices. 3-4 different CPUs, including different architectures like Atom. Multiple GPUs like Tegra, Mali, Adreno, PowerVR. There's also not a single distributor, so like with Linux kernel updates, your Linux based cable box or wifi-box isn't going to get the fix automagically. It's just impractical to have a single point of control in an ecosystem with hundreds of devices and vendors. Microsoft tried it with Windows and the result was BSODs everywhere.
Google didn't "rush" into the market, it was planned for it to be like this. Decentralized systems simply permit this kind of abuse. DED talks about people stealing content and repackaging it, but this is the way the Web works. I could completely copy all content from AppleInsider, upload it to a new domain "FooInsider" and no one can prevent me from publishing links to it everywhere.
If Apple users like a walled garden fine, but the situation of Android was known ahead of time, Vic Gundotra practically announced it at I/O 2009. I freely acknowledge this is the kinds of fragmentation that happen in an open system, but I myself prefer open systems. I like being able to see sort, I like hacking my device, and I like being able to install software I want. In short, I expect that if I paid $300 for a computing device, I *OWN IT*, it's *MINE* and I should be able to put whatever I want on it.
Apple benefits from controlling the entire stack, there is no denying it. I say let the end users decide. Some people will want a more controlled experienced, others may prefer more diversity. The world is big enough for both platforms to co-exist.
Enough of the constant nuclear war bullshit.