Apple servers briefly enabled signing of older iOS firmwares, allowing users to downgrade ...

2»

Comments

  • Reply 21 of 35
    gatorguygatorguy Posts: 17,872member
    macxpress said:
    macxpress said:
    wood1208 said:
    There should be older version of IOS available to downgrade to and newer version if someone wants to upgrade to new features version.
    So you can downgrade your phone and re-unlock exploits in the OS. Yeah, thats a great idea! There are reasons why Apple does things the way they do and its not to lock you into a specific OS. The reason I just mentioned alone should be more than enough. Also, if you have an App that requires iOS 11 and you downgrade to iOS 10 well guess what, it no longer works! 

    Your argument is NOT really practical. There are plenty of people (we are talking about few hundred millions of people here) with more than 2 years old iPhones/iPads and they DO face significant performance issues EVERY year after upgrading to the LATEST and supposedly GREATEST version of iOS. Your solution to them is - Learn to live with it because it is secure OR replace it with a newer device (which is what you are more likely doing hence you probably never faced the slow-down issue). And you assume this is good enough for each and everyone owning an old iPhone/iPad. Apparently it is NOT enough of a solution for the people who are struggling with older devices. People who are reasonable about this issue asks for a different solution - Allow the people to downgrade to previous version of iOS which did NOT exhibit significant performance issues AND provide security updates alone to even older versions of iOS for 4 years.


    You may argue it costs additional money for Apple to support older versions of iOS. But that is another short sighted view, purely from a shareholder point of view, with total disregard for end-users. If you are an Apple customer, you should demand the best for you as a customer. In this case, good performance for life time of the device (i.e. 4 years) AND security updates for 4 years. Maximizing Apple's profit SHOULD NOT be your objective as a customer.

    If you want options and fragmentation then go to Android and enjoy your insecure, fragmented OS. Simple as that. Security alone is more than enough reason for Apple NOT to allow backtracking of updates. Security should be one of the top priorities, not worrying about a supposed slow down in a phone because of an update. If its that big of a deal to someone, then don't update your phone to the newer version of iOS. 

    This also creates a mess for developers too so you have to look at that end of it as well. Why do you think Android apps are such a mess?
    I think you're conflating privacy with security. Android is a very secure OS, right up there with iOS. Apple's iOS is better from a privacy standpoint as we all know. 

    And no I'm not going to argue the point. Anyone that disagrees can do their own research into Android security and determine the facts for themselves. Keep in mind system security where both major OS's are comparable is not the same as privacy (some overlaps of course), which Apple markets as a priority of theirs. Google not so much.
    edited January 11 muthuk_vanalingam
  • Reply 22 of 35
    macxpressmacxpress Posts: 3,886member
    gatorguy said:
    macxpress said:
    macxpress said:
    wood1208 said:
    There should be older version of IOS available to downgrade to and newer version if someone wants to upgrade to new features version.
    So you can downgrade your phone and re-unlock exploits in the OS. Yeah, thats a great idea! There are reasons why Apple does things the way they do and its not to lock you into a specific OS. The reason I just mentioned alone should be more than enough. Also, if you have an App that requires iOS 11 and you downgrade to iOS 10 well guess what, it no longer works! 

    Your argument is NOT really practical. There are plenty of people (we are talking about few hundred millions of people here) with more than 2 years old iPhones/iPads and they DO face significant performance issues EVERY year after upgrading to the LATEST and supposedly GREATEST version of iOS. Your solution to them is - Learn to live with it because it is secure OR replace it with a newer device (which is what you are more likely doing hence you probably never faced the slow-down issue). And you assume this is good enough for each and everyone owning an old iPhone/iPad. Apparently it is NOT enough of a solution for the people who are struggling with older devices. People who are reasonable about this issue asks for a different solution - Allow the people to downgrade to previous version of iOS which did NOT exhibit significant performance issues AND provide security updates alone to even older versions of iOS for 4 years.


    You may argue it costs additional money for Apple to support older versions of iOS. But that is another short sighted view, purely from a shareholder point of view, with total disregard for end-users. If you are an Apple customer, you should demand the best for you as a customer. In this case, good performance for life time of the device (i.e. 4 years) AND security updates for 4 years. Maximizing Apple's profit SHOULD NOT be your objective as a customer.

    If you want options and fragmentation then go to Android and enjoy your insecure, fragmented OS. Simple as that. Security alone is more than enough reason for Apple NOT to allow backtracking of updates. Security should be one of the top priorities, not worrying about a supposed slow down in a phone because of an update. If its that big of a deal to someone, then don't update your phone to the newer version of iOS. 

    This also creates a mess for developers too so you have to look at that end of it as well. Why do you think Android apps are such a mess?
    I think you're conflating privacy with security. Android is a very secure OS, right up there with iOS. Apple's iOS is better from a privacy standpoint as we all know. 

    And no I'm not going to argue the point. Anyone that disagrees can do their own research into Android security and determine the facts for themselves. Keep in mind system security where both major OS's are comparable is not the same as privacy (some overlaps of course), which Apple markets as a priority of theirs. Google not so much.
    So you want to claim something, but don't want to post the facts to back it up. Thats not how it works... I'm not doing the research for you. 
  • Reply 23 of 35
    gatorguygatorguy Posts: 17,872member
    macxpress said:
    gatorguy said:
    macxpress said:
    macxpress said:
    wood1208 said:
    There should be older version of IOS available to downgrade to and newer version if someone wants to upgrade to new features version.
    So you can downgrade your phone and re-unlock exploits in the OS. Yeah, thats a great idea! There are reasons why Apple does things the way they do and its not to lock you into a specific OS. The reason I just mentioned alone should be more than enough. Also, if you have an App that requires iOS 11 and you downgrade to iOS 10 well guess what, it no longer works! 

    Your argument is NOT really practical. There are plenty of people (we are talking about few hundred millions of people here) with more than 2 years old iPhones/iPads and they DO face significant performance issues EVERY year after upgrading to the LATEST and supposedly GREATEST version of iOS. Your solution to them is - Learn to live with it because it is secure OR replace it with a newer device (which is what you are more likely doing hence you probably never faced the slow-down issue). And you assume this is good enough for each and everyone owning an old iPhone/iPad. Apparently it is NOT enough of a solution for the people who are struggling with older devices. People who are reasonable about this issue asks for a different solution - Allow the people to downgrade to previous version of iOS which did NOT exhibit significant performance issues AND provide security updates alone to even older versions of iOS for 4 years.


    You may argue it costs additional money for Apple to support older versions of iOS. But that is another short sighted view, purely from a shareholder point of view, with total disregard for end-users. If you are an Apple customer, you should demand the best for you as a customer. In this case, good performance for life time of the device (i.e. 4 years) AND security updates for 4 years. Maximizing Apple's profit SHOULD NOT be your objective as a customer.

    If you want options and fragmentation then go to Android and enjoy your insecure, fragmented OS. Simple as that. Security alone is more than enough reason for Apple NOT to allow backtracking of updates. Security should be one of the top priorities, not worrying about a supposed slow down in a phone because of an update. If its that big of a deal to someone, then don't update your phone to the newer version of iOS. 

    This also creates a mess for developers too so you have to look at that end of it as well. Why do you think Android apps are such a mess?
    I think you're conflating privacy with security. Android is a very secure OS, right up there with iOS. Apple's iOS is better from a privacy standpoint as we all know. 

    And no I'm not going to argue the point. Anyone that disagrees can do their own research into Android security and determine the facts for themselves. Keep in mind system security where both major OS's are comparable is not the same as privacy (some overlaps of course), which Apple markets as a priority of theirs. Google not so much.
    So you want to claim something, but don't want to post the facts to back it up. Thats not how it works... I'm not doing the research for you. 
    I've posted the facts before, I'm already familiar with them, and I'm not asking you to do a single thing for me. If you disagree with what I said do your own research and post your own "facts" to prove me wrong. THAT'S how it works.


    (and that's also how you learn)
    edited January 11 muthuk_vanalingam
  • Reply 24 of 35
    macxpress said:
    macxpress said:
    wood1208 said:
    There should be older version of IOS available to downgrade to and newer version if someone wants to upgrade to new features version.
    So you can downgrade your phone and re-unlock exploits in the OS. Yeah, thats a great idea! There are reasons why Apple does things the way they do and its not to lock you into a specific OS. The reason I just mentioned alone should be more than enough. Also, if you have an App that requires iOS 11 and you downgrade to iOS 10 well guess what, it no longer works! 

    Your argument is NOT really practical. There are plenty of people (we are talking about few hundred millions of people here) with more than 2 years old iPhones/iPads and they DO face significant performance issues EVERY year after upgrading to the LATEST and supposedly GREATEST version of iOS. Your solution to them is - Learn to live with it because it is secure OR replace it with a newer device (which is what you are more likely doing hence you probably never faced the slow-down issue). And you assume this is good enough for each and everyone owning an old iPhone/iPad. Apparently it is NOT enough of a solution for the people who are struggling with older devices. People who are reasonable about this issue asks for a different solution - Allow the people to downgrade to previous version of iOS which did NOT exhibit significant performance issues AND provide security updates alone to even older versions of iOS for 4 years.


    You may argue it costs additional money for Apple to support older versions of iOS. But that is another short sighted view, purely from a shareholder point of view, with total disregard for end-users. If you are an Apple customer, you should demand the best for you as a customer. In this case, good performance for life time of the device (i.e. 4 years) AND security updates for 4 years. Maximizing Apple's profit SHOULD NOT be your objective as a customer.

    If you want options and fragmentation then go to Android and enjoy your insecure, fragmented OS. Simple as that. Security alone is more than enough reason for Apple NOT to allow backtracking of updates. Security should be one of the top priorities, not worrying about a supposed slow down in a phone because of an update. If its that big of a deal to someone, then don't update your phone to the newer version of iOS. 

    This also creates a mess for developers too so you have to look at that end of it as well. Why do you think Android apps are such a mess?
    Why should I choose "either" performance "Or" security? If you had read my post carefully, I chose both security AND performance. Why should I demand less, after paying a premium for the product?
  • Reply 25 of 35
    A good move! Users of newer iPhones can now play their older/obsolete games on their replaced and idle iPhones! 

    But Apple should provide security updates as sub-sub-versions of those older iOS version. At least, it helps to secure iCloud data.

  • Reply 26 of 35
    The intention of Apple may be a step in neutralization of the “planned obsolescence” accusation which is now a criminal offence in France.
  • Reply 27 of 35
    ivanh said:
    The intention of Apple may be a step in neutralization of the “planned obsolescence” accusation which is now a criminal offence in France.
    Hardly, as it was temporary
    (and what purpose could that serve...?)
    edited January 11
  • Reply 28 of 35
    gatorguy said:
    macxpress said:
    macxpress said:
    wood1208 said:
    There should be older version of IOS available to downgrade to and newer version if someone wants to upgrade to new features version.
    So you can downgrade your phone and re-unlock exploits in the OS. Yeah, thats a great idea! There are reasons why Apple does things the way they do and its not to lock you into a specific OS. The reason I just mentioned alone should be more than enough. Also, if you have an App that requires iOS 11 and you downgrade to iOS 10 well guess what, it no longer works! 

    Your argument is NOT really practical. There are plenty of people (we are talking about few hundred millions of people here) with more than 2 years old iPhones/iPads and they DO face significant performance issues EVERY year after upgrading to the LATEST and supposedly GREATEST version of iOS. Your solution to them is - Learn to live with it because it is secure OR replace it with a newer device (which is what you are more likely doing hence you probably never faced the slow-down issue). And you assume this is good enough for each and everyone owning an old iPhone/iPad. Apparently it is NOT enough of a solution for the people who are struggling with older devices. People who are reasonable about this issue asks for a different solution - Allow the people to downgrade to previous version of iOS which did NOT exhibit significant performance issues AND provide security updates alone to even older versions of iOS for 4 years.


    You may argue it costs additional money for Apple to support older versions of iOS. But that is another short sighted view, purely from a shareholder point of view, with total disregard for end-users. If you are an Apple customer, you should demand the best for you as a customer. In this case, good performance for life time of the device (i.e. 4 years) AND security updates for 4 years. Maximizing Apple's profit SHOULD NOT be your objective as a customer.

    If you want options and fragmentation then go to Android and enjoy your insecure, fragmented OS. Simple as that. Security alone is more than enough reason for Apple NOT to allow backtracking of updates. Security should be one of the top priorities, not worrying about a supposed slow down in a phone because of an update. If its that big of a deal to someone, then don't update your phone to the newer version of iOS. 

    This also creates a mess for developers too so you have to look at that end of it as well. Why do you think Android apps are such a mess?
    I think you're conflating privacy with security. Android is a very secure OS, right up there with iOS. Apple's iOS is better from a privacy standpoint as we all know. 

    And no I'm not going to argue the point. Anyone that disagrees can do their own research into Android security and determine the facts for themselves. Keep in mind system security where both major OS's are comparable is not the same as privacy (some overlaps of course), which Apple markets as a priority of theirs. Google not so much.
    “Very secure” means nothing to me.  Not arguing, but you need to give us 3 points of your claim that Android is as secure as, if not better than, iOS. Persuade us.
    macxpress
  • Reply 29 of 35
    macxpressmacxpress Posts: 3,886member
    ivanh said:
    gatorguy said:
    macxpress said:
    macxpress said:
    wood1208 said:
    There should be older version of IOS available to downgrade to and newer version if someone wants to upgrade to new features version.
    So you can downgrade your phone and re-unlock exploits in the OS. Yeah, thats a great idea! There are reasons why Apple does things the way they do and its not to lock you into a specific OS. The reason I just mentioned alone should be more than enough. Also, if you have an App that requires iOS 11 and you downgrade to iOS 10 well guess what, it no longer works! 

    Your argument is NOT really practical. There are plenty of people (we are talking about few hundred millions of people here) with more than 2 years old iPhones/iPads and they DO face significant performance issues EVERY year after upgrading to the LATEST and supposedly GREATEST version of iOS. Your solution to them is - Learn to live with it because it is secure OR replace it with a newer device (which is what you are more likely doing hence you probably never faced the slow-down issue). And you assume this is good enough for each and everyone owning an old iPhone/iPad. Apparently it is NOT enough of a solution for the people who are struggling with older devices. People who are reasonable about this issue asks for a different solution - Allow the people to downgrade to previous version of iOS which did NOT exhibit significant performance issues AND provide security updates alone to even older versions of iOS for 4 years.


    You may argue it costs additional money for Apple to support older versions of iOS. But that is another short sighted view, purely from a shareholder point of view, with total disregard for end-users. If you are an Apple customer, you should demand the best for you as a customer. In this case, good performance for life time of the device (i.e. 4 years) AND security updates for 4 years. Maximizing Apple's profit SHOULD NOT be your objective as a customer.

    If you want options and fragmentation then go to Android and enjoy your insecure, fragmented OS. Simple as that. Security alone is more than enough reason for Apple NOT to allow backtracking of updates. Security should be one of the top priorities, not worrying about a supposed slow down in a phone because of an update. If its that big of a deal to someone, then don't update your phone to the newer version of iOS. 

    This also creates a mess for developers too so you have to look at that end of it as well. Why do you think Android apps are such a mess?
    I think you're conflating privacy with security. Android is a very secure OS, right up there with iOS. Apple's iOS is better from a privacy standpoint as we all know. 

    And no I'm not going to argue the point. Anyone that disagrees can do their own research into Android security and determine the facts for themselves. Keep in mind system security where both major OS's are comparable is not the same as privacy (some overlaps of course), which Apple markets as a priority of theirs. Google not so much.
    “Very secure” means nothing to me.  Not arguing, but you need to give us 3 points of your claim that Android is as secure as, if not better than, iOS. Persuade us.
    Oh but he has in other articles so he doesn't have to...apparently you can just say whatever you want with nothing to back it up now days. Only from a fandroid!
  • Reply 30 of 35
    macxpressmacxpress Posts: 3,886member

    gatorguy said:
    macxpress said:
    gatorguy said:
    macxpress said:
    macxpress said:
    wood1208 said:
    There should be older version of IOS available to downgrade to and newer version if someone wants to upgrade to new features version.
    So you can downgrade your phone and re-unlock exploits in the OS. Yeah, thats a great idea! There are reasons why Apple does things the way they do and its not to lock you into a specific OS. The reason I just mentioned alone should be more than enough. Also, if you have an App that requires iOS 11 and you downgrade to iOS 10 well guess what, it no longer works! 

    Your argument is NOT really practical. There are plenty of people (we are talking about few hundred millions of people here) with more than 2 years old iPhones/iPads and they DO face significant performance issues EVERY year after upgrading to the LATEST and supposedly GREATEST version of iOS. Your solution to them is - Learn to live with it because it is secure OR replace it with a newer device (which is what you are more likely doing hence you probably never faced the slow-down issue). And you assume this is good enough for each and everyone owning an old iPhone/iPad. Apparently it is NOT enough of a solution for the people who are struggling with older devices. People who are reasonable about this issue asks for a different solution - Allow the people to downgrade to previous version of iOS which did NOT exhibit significant performance issues AND provide security updates alone to even older versions of iOS for 4 years.


    You may argue it costs additional money for Apple to support older versions of iOS. But that is another short sighted view, purely from a shareholder point of view, with total disregard for end-users. If you are an Apple customer, you should demand the best for you as a customer. In this case, good performance for life time of the device (i.e. 4 years) AND security updates for 4 years. Maximizing Apple's profit SHOULD NOT be your objective as a customer.

    If you want options and fragmentation then go to Android and enjoy your insecure, fragmented OS. Simple as that. Security alone is more than enough reason for Apple NOT to allow backtracking of updates. Security should be one of the top priorities, not worrying about a supposed slow down in a phone because of an update. If its that big of a deal to someone, then don't update your phone to the newer version of iOS. 

    This also creates a mess for developers too so you have to look at that end of it as well. Why do you think Android apps are such a mess?
    I think you're conflating privacy with security. Android is a very secure OS, right up there with iOS. Apple's iOS is better from a privacy standpoint as we all know. 

    And no I'm not going to argue the point. Anyone that disagrees can do their own research into Android security and determine the facts for themselves. Keep in mind system security where both major OS's are comparable is not the same as privacy (some overlaps of course), which Apple markets as a priority of theirs. Google not so much.
    So you want to claim something, but don't want to post the facts to back it up. Thats not how it works... I'm not doing the research for you. 
    I've posted the facts before, I'm already familiar with them, and I'm not asking you to do a single thing for me. If you disagree with what I said do your own research and post your own "facts" to prove me wrong. THAT'S how it works.


    (and that's also how you learn)
    I'm not about to argue with someone who says something with nothing to back it up and do all of the work for you. 
  • Reply 31 of 35
    I down graded my iPhone 4S & iPad 2 last night from 9.3.5 to 6.1.3. Amazing how much faster they run now. And I kind of miss the look of iOS 6...
  • Reply 32 of 35
    nhtnht Posts: 4,005member
    gatorguy said:
    macxpress said:
    gatorguy said:
    macxpress said:
    macxpress said:
    wood1208 said:
    There should be older version of IOS available to downgrade to and newer version if someone wants to upgrade to new features version.
    So you can downgrade your phone and re-unlock exploits in the OS. Yeah, thats a great idea! There are reasons why Apple does things the way they do and its not to lock you into a specific OS. The reason I just mentioned alone should be more than enough. Also, if you have an App that requires iOS 11 and you downgrade to iOS 10 well guess what, it no longer works! 

    Your argument is NOT really practical. There are plenty of people (we are talking about few hundred millions of people here) with more than 2 years old iPhones/iPads and they DO face significant performance issues EVERY year after upgrading to the LATEST and supposedly GREATEST version of iOS. Your solution to them is - Learn to live with it because it is secure OR replace it with a newer device (which is what you are more likely doing hence you probably never faced the slow-down issue). And you assume this is good enough for each and everyone owning an old iPhone/iPad. Apparently it is NOT enough of a solution for the people who are struggling with older devices. People who are reasonable about this issue asks for a different solution - Allow the people to downgrade to previous version of iOS which did NOT exhibit significant performance issues AND provide security updates alone to even older versions of iOS for 4 years.


    You may argue it costs additional money for Apple to support older versions of iOS. But that is another short sighted view, purely from a shareholder point of view, with total disregard for end-users. If you are an Apple customer, you should demand the best for you as a customer. In this case, good performance for life time of the device (i.e. 4 years) AND security updates for 4 years. Maximizing Apple's profit SHOULD NOT be your objective as a customer.

    If you want options and fragmentation then go to Android and enjoy your insecure, fragmented OS. Simple as that. Security alone is more than enough reason for Apple NOT to allow backtracking of updates. Security should be one of the top priorities, not worrying about a supposed slow down in a phone because of an update. If its that big of a deal to someone, then don't update your phone to the newer version of iOS. 

    This also creates a mess for developers too so you have to look at that end of it as well. Why do you think Android apps are such a mess?
    I think you're conflating privacy with security. Android is a very secure OS, right up there with iOS. Apple's iOS is better from a privacy standpoint as we all know. 

    And no I'm not going to argue the point. Anyone that disagrees can do their own research into Android security and determine the facts for themselves. Keep in mind system security where both major OS's are comparable is not the same as privacy (some overlaps of course), which Apple markets as a priority of theirs. Google not so much.
    So you want to claim something, but don't want to post the facts to back it up. Thats not how it works... I'm not doing the research for you. 
    I've posted the facts before, I'm already familiar with them, and I'm not asking you to do a single thing for me. If you disagree with what I said do your own research and post your own "facts" to prove me wrong. THAT'S how it works.


    (and that's also how you learn)
    Lying again I see.  You're assuming that everyone is too lazy to post the data showing you are lying (again).

    I would be charitable and simply call you wrong except that this is a pattern for you.  To make bald, unsupported false equivalences, implications of wrongdoing or general "reasonable" sounding concern trolling.
    "While all mobile devices have inherent security risks, Android has more vulnerabilities because of its inherent open-source nature, the slow pace with which users update the OS and a lack of proper app vetting."
    ...
    "The truth is, when Android gets attacked, it tends to be more vulnerable because there are more devises out there and more people also hear about it," Gold said. "Android also has a problem in that the latest version of Android OS is generally a small portion of the base of devices in the marketplace. So, when upgrades are issued, not everyone gets them. Whereas, when Apple upgrades, everyone gets it."
    ...
    Among new malware attack vectors, Android continues to be the most targeted mobile platform, according to Symantec.
    https://www.computerworld.com/article/3213388/mobile-wireless/android-vs-ios-security-which-is-better.html
    Studies have found that a far higher percentage of mobile malware targets Android than iOS, the software than runs Apple’s devices. That’s down both to Android’s huge global popularity and its open approach. Plus, Apple tightly controls which apps are available on its App Store, vetting all apps to avoid allowing malware through."
    ...
    Many threats to Android could be largely eliminated if all users upgraded their handsets to the latest version of the OS. The fragmentation of Android devices across old versions plays into the hands of malware creators, so it’s vital to keep your own devices up to date.
    https://us.norton.com/internetsecurity-mobile-android-vs-ios-which-is-more-secure.html
    "There are several reasons why iPhones are more secure than the various phones running Android software, according to Mike Johnson, who runs the security technologies graduate program at the University of Minnesota.
    ...
    “Criminals are going to target the thing that provides them the most return,” Johnson says. 
    Plus, he says, the process of “patching” security holes is easier on iOS devices. Apple’s iOS operating system only runs on iPhones, while Alphabet’s Android software runs on phones made by numerous manufacturers. It’s more complicated to deliver patches, or bug fixes, that work across so many device makers and carriers. Android can release a patch, but it won’t necessarily be available on all devices right away.
    “Fragmentation is the enemy of security,” Johnson says.
    There’s a financial way to measure vulnerability, as well. So-called “zero days” are exploits discovered by hackers and security researchers that remain unknown to the software developer. When developers don’t know about them, they can’t issue a patch. That makes the exploits valuable to the intelligence community, and government agencies will sometimes buy those zero days to monitor suspected criminal behavior. 
    Last year, Wired magazine reported that one security firm was offering up to $1.5 million for the most serious iOS exploits and up to $200,000 for an Android one, a sign that iOS vulnerabilities are rarer.

    https://www.barrons.com/articles/android-vs-ios-are-iphones-really-safer-1496254475

    "FIRST, THE GOOD news: Half of all Android devices have gotten fairly recent security updates, patching the hackable flaws that leave users vulnerable to digital crime and espionage. The bad news? The other half hasn't.
    ...
    Those patching statistics are a mixed bag, says Josh Drake, the researcher for security firm Zimperium, who in 2015 found the so-called Stagefright vulnerability that allowed the takeover of Android phones with only a text message. "If this is really a doubling, that's great," Drake says. "But fifty percent is a terrible number."
    ...
    But he says Google's new data also further illustrates how starkly Android devices have lagged in security updates. The fact that half of devices received an update sometime in 2016 doesn't mean they've received one at all recently, he points out. "When exactly you got the patch can be the difference between being protected from trivial things or really critical things," Smith says.
    ...
    Android's biggest hurdle to better patching remains the byzantine fragmentation of its operating system. Samsung alone offers 13 models, sold by 200 different carriers, each of which customizes its operating system to different degrees. That results in close to 1,500 variations of every version of the software, says Samsung's mobile security director Henry Lee. "It might seem like we just receive a patch from Google and apply it, but it's actually not that simple," he says
    https://www.wired.com/2017/03/good-news-androids-huge-security-problem-getting-less-huge/
    More malware is written for Androids than iPhones. On top of that, almost half of the top 50 Android devices didn't have the most recent security updates by the end of 2016, according to Google.

    Even if your phone is only a year or two out of date, it's vulnerable to some very simple hacks, says Nathan Freitas, a fellow at Harvard's Berkman Center for Internet and Society. "It doesn't take much for your adversary to get into your [Android] device, and that's a big problem."
    http://money.cnn.com/2017/06/07/technology/gadgets/android-iphone-security-poor-digital-divide/index.html

    I'm sure you're going to mealy mouth some excuse how you're only talking about the OS rather than the platform but the key metric is that iOS zero days are worth a lot more than Android zero days which means there are fewer of them.
    "On Thursday, exploit broker Zerodium announced that its bug bounty for zero-day (previously undisclosed) exploits now tops out at $1.5 million for Apple's new iOS 10.
    ...
    ...
    Under this year's revised pricing, Android 7 Nougat zero-day exploits will fetch up to $200,000
    ...
    In a way, yes, it's a little alarming that there's so much incentive for someone to crack the iPhone. Then again, this also means it's that much harder to crack."
    https://www.wired.com/2016/09/top-shelf-iphone-hack-now-goes-1-5-million/
    Asked why a string of iOS exploits commanded 7.5 times the price of a comparable one for Android he said: "That means that iOS 10 chain exploits are either 7.5 x harder than Android or the demand for iOS exploits is 7.5 x higher. The reality is a mix of both."
    https://arstechnica.com/information-technology/2016/09/1-5-million-bounty-for-iphone-exploits-is-sure-to-bolster-supply-of-0days/

    Why are iOS exploits rarer?  Because:
    But it's not just about the immediate reward. iOS is such a complex, locked-down, and secure operating system that simply to inspect and do research on it, one needs multiple, unpatched, zero-day bugs, perhaps even a full-fledged jailbreak, according to researchers. In other words, you need unknown bugs just to find bugs in other parts of the operating system that might be otherwise locked.
    https://motherboard.vice.com/en_us/article/gybppx/iphone-bugs-are-too-valuable-to-report-to-apple

    In comparison, Android source code is available and you can easily root a device to do exploit testing.

    So again we find Gatorguy lying about Apple.  iOS exploits, while being more desired is also harder to discover and develop working exploits for.  The iOS platform is more secure overall due to lower fragmentation, fewer targeted malware, fewer exploits available to malware makers, tighter app installation control and much more rapid patching of security risks across the user base.

    So, no, you aren't "wrong" because that implies a good faith mistake.  You are lying because this disinformation is a pattern you deliberately follow.
    edited January 12
  • Reply 33 of 35
    gatorguygatorguy Posts: 17,872member
    nht said:
    gatorguy said:
    macxpress said:
    gatorguy said:
    macxpress said:
    macxpress said:
    wood1208 said:
    There should be older version of IOS available to downgrade to and newer version if someone wants to upgrade to new features version.
    So you can downgrade your phone and re-unlock exploits in the OS. Yeah, thats a great idea! There are reasons why Apple does things the way they do and its not to lock you into a specific OS. The reason I just mentioned alone should be more than enough. Also, if you have an App that requires iOS 11 and you downgrade to iOS 10 well guess what, it no longer works! 

    Your argument is NOT really practical. There are plenty of people (we are talking about few hundred millions of people here) with more than 2 years old iPhones/iPads and they DO face significant performance issues EVERY year after upgrading to the LATEST and supposedly GREATEST version of iOS. Your solution to them is - Learn to live with it because it is secure OR replace it with a newer device (which is what you are more likely doing hence you probably never faced the slow-down issue). And you assume this is good enough for each and everyone owning an old iPhone/iPad. Apparently it is NOT enough of a solution for the people who are struggling with older devices. People who are reasonable about this issue asks for a different solution - Allow the people to downgrade to previous version of iOS which did NOT exhibit significant performance issues AND provide security updates alone to even older versions of iOS for 4 years.


    You may argue it costs additional money for Apple to support older versions of iOS. But that is another short sighted view, purely from a shareholder point of view, with total disregard for end-users. If you are an Apple customer, you should demand the best for you as a customer. In this case, good performance for life time of the device (i.e. 4 years) AND security updates for 4 years. Maximizing Apple's profit SHOULD NOT be your objective as a customer.

    If you want options and fragmentation then go to Android and enjoy your insecure, fragmented OS. Simple as that. Security alone is more than enough reason for Apple NOT to allow backtracking of updates. Security should be one of the top priorities, not worrying about a supposed slow down in a phone because of an update. If its that big of a deal to someone, then don't update your phone to the newer version of iOS. 

    This also creates a mess for developers too so you have to look at that end of it as well. Why do you think Android apps are such a mess?
    I think you're conflating privacy with security. Android is a very secure OS, right up there with iOS. Apple's iOS is better from a privacy standpoint as we all know. 

    And no I'm not going to argue the point. Anyone that disagrees can do their own research into Android security and determine the facts for themselves. Keep in mind system security where both major OS's are comparable is not the same as privacy (some overlaps of course), which Apple markets as a priority of theirs. Google not so much.
    So you want to claim something, but don't want to post the facts to back it up. Thats not how it works... I'm not doing the research for you. 
    I've posted the facts before, I'm already familiar with them, and I'm not asking you to do a single thing for me. If you disagree with what I said do your own research and post your own "facts" to prove me wrong. THAT'S how it works.


    (and that's also how you learn)
    Lying again I see.  You're assuming that everyone is too lazy to post the data showing you are lying (again).

    I would be charitable and simply call you wrong except that this is a pattern for you.  To make bald, unsupported false equivalences, implications of wrongdoing or general "reasonable" sounding concern trolling.
    "While all mobile devices have inherent security risks, Android has more vulnerabilities because of its inherent open-source nature, the slow pace with which users update the OS and a lack of proper app vetting."
    ...
    "The truth is, when Android gets attacked, it tends to be more vulnerable because there are more devises out there and more people also hear about it," Gold said. "Android also has a problem in that the latest version of Android OS is generally a small portion of the base of devices in the marketplace. So, when upgrades are issued, not everyone gets them. Whereas, when Apple upgrades, everyone gets it."
    ...
    Among new malware attack vectors, Android continues to be the most targeted mobile platform, according to Symantec.
    https://www.computerworld.com/article/3213388/mobile-wireless/android-vs-ios-security-which-is-better.html
    Studies have found that a far higher percentage of mobile malware targets Android than iOS, the software than runs Apple’s devices. That’s down both to Android’s huge global popularity and its open approach. Plus, Apple tightly controls which apps are available on its App Store, vetting all apps to avoid allowing malware through."
    ...
    Many threats to Android could be largely eliminated if all users upgraded their handsets to the latest version of the OS. The fragmentation of Android devices across old versions plays into the hands of malware creators, so it’s vital to keep your own devices up to date.
    https://us.norton.com/internetsecurity-mobile-android-vs-ios-which-is-more-secure.html
    "There are several reasons why iPhones are more secure than the various phones running Android software, according to Mike Johnson, who runs the security technologies graduate program at the University of Minnesota.
    ...
    “Criminals are going to target the thing that provides them the most return,” Johnson says. 
    Plus, he says, the process of “patching” security holes is easier on iOS devices. Apple’s iOS operating system only runs on iPhones, while Alphabet’s Android software runs on phones made by numerous manufacturers. It’s more complicated to deliver patches, or bug fixes, that work across so many device makers and carriers. Android can release a patch, but it won’t necessarily be available on all devices right away.
    “Fragmentation is the enemy of security,” Johnson says.
    There’s a financial way to measure vulnerability, as well. So-called “zero days” are exploits discovered by hackers and security researchers that remain unknown to the software developer. When developers don’t know about them, they can’t issue a patch. That makes the exploits valuable to the intelligence community, and government agencies will sometimes buy those zero days to monitor suspected criminal behavior. 
    Last year, Wired magazine reported that one security firm was offering up to $1.5 million for the most serious iOS exploits and up to $200,000 for an Android one, a sign that iOS vulnerabilities are rarer.

    https://www.barrons.com/articles/android-vs-ios-are-iphones-really-safer-1496254475

    "FIRST, THE GOOD news: Half of all Android devices have gotten fairly recent security updates, patching the hackable flaws that leave users vulnerable to digital crime and espionage. The bad news? The other half hasn't.
    ...
    Those patching statistics are a mixed bag, says Josh Drake, the researcher for security firm Zimperium, who in 2015 found the so-called Stagefright (!!) vulnerability that allowed the takeover of Android phones with only a text message. "If this is really a doubling, that's great," Drake says. "But fifty percent is a terrible number."
    ...
    But he says Google's new data also further illustrates how starkly Android devices have lagged in security updates. The fact that half of devices received an update sometime in 2016 doesn't mean they've received one at all recently, he points out. "When exactly you got the patch can be the difference between being protected from trivial things or really critical things," Smith says.
    ...
    Android's biggest hurdle to better patching remains the byzantine fragmentation of its operating system. Samsung alone offers 13 models, sold by 200 different carriers, each of which customizes its operating system to different degrees. That results in close to 1,500 variations of every version of the software, says Samsung's mobile security director Henry Lee. "It might seem like we just receive a patch from Google and apply it, but it's actually not that simple," he says
    https://www.wired.com/2017/03/good-news-androids-huge-security-problem-getting-less-huge/
    More malware is written for Androids than iPhones. On top of that, almost half of the top 50 Android devices didn't have the most recent security updates by the end of 2016, according to Google.

    Even if your phone is only a year or two out of date, it's vulnerable to some very simple hacks, says Nathan Freitas, a fellow at Harvard's Berkman Center for Internet and Society. "It doesn't take much for your adversary to get into your [Android] device, and that's a big problem."
    http://money.cnn.com/2017/06/07/technology/gadgets/android-iphone-security-poor-digital-divide/index.html

    All of the above refer to some Android handsets and the OEM's that supply them, in general the Android platform. I plainly and clearly stated I was talking about the Android OS. Assuming that a security issue with one handset applies to all equally being a fault of the OS proper is not exactly what I would expect from an engineer. There are secure Android handsets and relatively less-secured ones. Unless some user has purposefully disabled their handsets security settings or modified the Google-supplied OS I can't think of ANY insecure Android handsets, even if they are somewhat older ones.

     Even the scareware stories about billions of handsets being exposed to stuff that was claimed Google could NEVER patch nor save users from haven't panned out in real life. Stagefright? One particular member here dragged that one out for months, predicting doom and gloom befalling millions of Android users any day now. I tried numerous times to explain why if wasn't going to happen but he wasn't hearing it. Pretty sure he played that "Liar" card on me too. Two years later and not one single instance of Stagefright exploiting any Android phone. Huh, I turned out to be correct after-all. 

    Then there was Quadrooter, the next exploit that nearly every clueless Android user was going to be impacted by. Hardly anyone was safe and Google couldn't do anything about it. How do we know? Several members here including the loudest Stagefright promoter insisted it was so, and told us over and over it was gonna happen so it must be true. Here we are going on two years later and hundreds of millions of users have indeed been attacked by... Nothing. In fact there's not been a single instance of Quadrooter seizing control of any Android users handset as far as I know. I think if you go back and look I explained at the time why the scare stories were not true, and again too few of the most vocal AI members wanted to hear or believe anything of the sort.   

    As for your Harvard link to Nathan Freitas he promotes his own hardened security software for smartphones, Copperhead. Do you know what OS it uses? The Google-provided Android AOSP. Sure does not seem as tho he believes the Android OS is insecure.

    And just a general mention to readers: If there's a new scareware story making the rounds then more often than not (and to be fair occasionally not) it comes from a company who just happens to have some solution for it available for purchase, ie Symantec and Norton as noted in your links.  Jus' sayin'. 

    Mention two: Targeting something and hitting it are two distinct events. It doesn't matter if some ne'er-do-well has grandiose plans if his malware of choice can't hit the intended target. Android being targeted by a million pieces of malware doesn't mean much of anything, much less prove that it is insecure. On the contrary that malware intentions miss so often would seem to imply just the opposite wouldn't you agree? No of course you would not...
    nht said:
    gatorguy said:
    macxpress said:
    gatorguy said:
    macxpress said:
    macxpress said:
    wood1208 said:
    There should be older version of IOS available to downgrade to and newer version if someone wants to upgrade to new features version.
    So you can downgrade your phone and re-unlock exploits in the OS. Yeah, thats a great idea! There are reasons why Apple does things the way they do and its not to lock you into a specific OS. The reason I just mentioned alone should be more than enough. Also, if you have an App that requires iOS 11 and you downgrade to iOS 10 well guess what, it no longer works! 

    Your argument is NOT really practical. There are plenty of people (we are talking about few hundred millions of people here) with more than 2 years old iPhones/iPads and they DO face significant performance issues EVERY year after upgrading to the LATEST and supposedly GREATEST version of iOS. Your solution to them is - Learn to live with it because it is secure OR replace it with a newer device (which is what you are more likely doing hence you probably never faced the slow-down issue). And you assume this is good enough for each and everyone owning an old iPhone/iPad. Apparently it is NOT enough of a solution for the people who are struggling with older devices. People who are reasonable about this issue asks for a different solution - Allow the people to downgrade to previous version of iOS which did NOT exhibit significant performance issues AND provide security updates alone to even older versions of iOS for 4 years.


    You may argue it costs additional money for Apple to support older versions of iOS. But that is another short sighted view, purely from a shareholder point of view, with total disregard for end-users. If you are an Apple customer, you should demand the best for you as a customer. In this case, good performance for life time of the device (i.e. 4 years) AND security updates for 4 years. Maximizing Apple's profit SHOULD NOT be your objective as a customer.

    If you want options and fragmentation then go to Android and enjoy your insecure, fragmented OS. Simple as that. Security alone is more than enough reason for Apple NOT to allow backtracking of updates. Security should be one of the top priorities, not worrying about a supposed slow down in a phone because of an update. If its that big of a deal to someone, then don't update your phone to the newer version of iOS. 

    This also creates a mess for developers too so you have to look at that end of it as well. Why do you think Android apps are such a mess?
    I think you're conflating privacy with security. Android is a very secure OS, right up there with iOS. Apple's iOS is better from a privacy standpoint as we all know. 

    And no I'm not going to argue the point. Anyone that disagrees can do their own research into Android security and determine the facts for themselves. Keep in mind system security where both major OS's are comparable is not the same as privacy (some overlaps of course), which Apple markets as a priority of theirs. Google not so much.
    So you want to claim something, but don't want to post the facts to back it up. Thats not how it works... I'm not doing the research for you. 
    I've posted the facts before, I'm already familiar with them, and I'm not asking you to do a single thing for me. If you disagree with what I said do your own research and post your own "facts" to prove me wrong. THAT'S how it works.


    (and that's also how you learn)
    Lying again I see.  You're assuming that everyone is too lazy to post the data showing you are lying (again).

    I'm sure you're going to mealy mouth some excuse how you're only talking about the OS rather than the platform
    (YUP, that's exactly what I said in the post you took enough offence with to break out the "liar" card again)
    but the key metric is that iOS zero days are worth a lot more than Android zero days which means there are fewer of them.
    "On Thursday, exploit broker Zerodium announced that its bug bounty for zero-day (previously undisclosed) exploits now tops out at $1.5 million for Apple's new iOS 10.
    ...
    ...
    Under this year's revised pricing, Android 7 Nougat zero-day exploits will fetch up to $200,000
    ...
    In a way, yes, it's a little alarming that there's so much incentive for someone to crack the iPhone. Then again, this also means it's that much harder to crack."
    https://www.wired.com/2016/09/top-shelf-iphone-hack-now-goes-1-5-million/
    Asked why a string of iOS exploits commanded 7.5 times the price of a comparable one for Android he said: "That means that iOS 10 chain exploits are either 7.5 x harder than Android or the demand for iOS exploits is 7.5 x higher. The reality is a mix of both."
    https://arstechnica.com/information-technology/2016/09/1-5-million-bounty-for-iphone-exploits-is-sure-to-bolster-supply-of-0days/

    Why are iOS exploits rarer?  Because:
    But it's not just about the immediate reward. iOS is such a complex, locked-down, and secure operating system that simply to inspect and do research on it, one needs multiple, unpatched, zero-day bugs, perhaps even a full-fledged jailbreak, according to researchers. In other words, you need unknown bugs just to find bugs in other parts of the operating system that might be otherwise locked.
    https://motherboard.vice.com/en_us/article/gybppx/iphone-bugs-are-too-valuable-to-report-to-apple

    In comparison, Android source code is available and you can easily root a device to do exploit testing.

    So again we find Gatorguy lying about Apple.  iOS exploits, while being more desired is also harder to discover and develop working exploits for...

    So, no, you aren't "wrong" because that implies a good faith mistake.  You are lying because this disinformation is a pattern you deliberately follow.
    Mealy-mouth? I hate to think you have a reading disability and do not believe you do. My original post plainly applied to the Android OS, not all-things-Android.

    Anyway regarding the latter part of your reply quoted above,  because a company is willing to pay more for an exploit applicable to iOS than for one exploiting Android is PROOF the latter one is insecure? Your linked Ars editorial doesn't even claim that. Oh, and by the way I believe I read  it was determined after-the-fact that Zerodium's eye-popping offer for iOS exploits was a publicity stunt as much as anything, intended to encourage hackers from taking Apple up on their up-to-$200K offer for finding iOS exploits and work with Zerodium instead. 

     For what it's worth Adrian Ludwig, head of Android Security for Google, made the claim at a security conference in late 2016 that Pixel phones were equally as secure as iPhones due to their regular monthly security patches delivered directly to owner's phones, hardware and software fixes delivered on an as-needed basis bypassing any intermediaries, and being among the first to receive OS updates at they become available. Two years later his claim has yet to be successfully challenged.

     Since then the largest Android OEM's like Samsung, LG and now Huawei, have also committed to regular security updates delivered to user's smartphones. Samsung in particular is to be commended (even if I personally don't like them as a company) since this applies to many of their budget handsets and not just the flagships,  and like Google they are able to roll-out directly to those owners handsets without carrier involvement.

    So to repeat my original statement, Android is a very secure OS, right up there with iOS just as I said in the first place, a statement you have not proven to be incorrect (or as you prefer to mistakenly(?) use, the loaded word "lie") despite the obvious hard work you put into it.  But I think it was still a good exercise as I believe you learned a thing or two that you were unaware of along the way and perhaps cleared up some misconceptions you had held whether you would admit to it or not. I'd like to think you would but based on our most recent exchanges I'm not as hopeful as I would typically be.

    So a Pixel phone and an iPhone are equally secure, a claim from Google that has withstood any direct challenge from any security professionals, and goes towardsnsupporting my own stated opinion that you taken exception to. In fairness to all the work you put into your reply I completely agree that most or minimally at least half of all active Google Android smartphones are lacking the OS upgrades and/or security patches that would allow the same to be said about them. They simply aren't the equal of a Pixel or iPhone when it comes to security with perhaps a few rare exceptions. Perhaps. Particularly on two or three year old devices the use of iOS is therefore more secure than on older Android handsets, which is really a platform and hardware problem and not a fault of the OS. As an engineer I think you understand that even if you wouldn't say it. But that's not applicable to my opinion as stated that lead to this anyway.

    Even if iOS would be more secure (which I don't personally agree is the case) it does not prove a claim that Android is insecure IMHO. Both can be secure.

    EDIT: I won't avoid responding to any counterpoints you might have, but if you continue to attack my character in the process you will be ignored and will not get a reply. I'm already ignoring anything you have to say in that "other" thread which I won't bother linking on behalf of both of us. I allowed myself to be drawn into a disrespectful discussion there despite my initial efforts to avoid doing so and won't get anywhere near the mud again here. Keep future replies at least moderately courteous please.
    edited January 14 singularity
  • Reply 34 of 35
    nhtnht Posts: 4,005member
    gatorguy said:
    nht said:
    gatorguy said:
    macxpress said:
    gatorguy said:
    macxpress said:
    macxpress said:
    wood1208 said:
    There should be older version of IOS available to downgrade to and newer version if someone wants to upgrade to new features version.
    So you can downgrade your phone and re-unlock exploits in the OS. Yeah, thats a great idea! There are reasons why Apple does things the way they do and its not to lock you into a specific OS. The reason I just mentioned alone should be more than enough. Also, if you have an App that requires iOS 11 and you downgrade to iOS 10 well guess what, it no longer works! 

    Your argument is NOT really practical. There are plenty of people (we are talking about few hundred millions of people here) with more than 2 years old iPhones/iPads and they DO face significant performance issues EVERY year after upgrading to the LATEST and supposedly GREATEST version of iOS. Your solution to them is - Learn to live with it because it is secure OR replace it with a newer device (which is what you are more likely doing hence you probably never faced the slow-down issue). And you assume this is good enough for each and everyone owning an old iPhone/iPad. Apparently it is NOT enough of a solution for the people who are struggling with older devices. People who are reasonable about this issue asks for a different solution - Allow the people to downgrade to previous version of iOS which did NOT exhibit significant performance issues AND provide security updates alone to even older versions of iOS for 4 years.


    You may argue it costs additional money for Apple to support older versions of iOS. But that is another short sighted view, purely from a shareholder point of view, with total disregard for end-users. If you are an Apple customer, you should demand the best for you as a customer. In this case, good performance for life time of the device (i.e. 4 years) AND security updates for 4 years. Maximizing Apple's profit SHOULD NOT be your objective as a customer.

    If you want options and fragmentation then go to Android and enjoy your insecure, fragmented OS. Simple as that. Security alone is more than enough reason for Apple NOT to allow backtracking of updates. Security should be one of the top priorities, not worrying about a supposed slow down in a phone because of an update. If its that big of a deal to someone, then don't update your phone to the newer version of iOS. 

    This also creates a mess for developers too so you have to look at that end of it as well. Why do you think Android apps are such a mess?
    I think you're conflating privacy with security. Android is a very secure OS, right up there with iOS. Apple's iOS is better from a privacy standpoint as we all know. 

    And no I'm not going to argue the point. Anyone that disagrees can do their own research into Android security and determine the facts for themselves. Keep in mind system security where both major OS's are comparable is not the same as privacy (some overlaps of course), which Apple markets as a priority of theirs. Google not so much.
    So you want to claim something, but don't want to post the facts to back it up. Thats not how it works... I'm not doing the research for you. 
    I've posted the facts before, I'm already familiar with them, and I'm not asking you to do a single thing for me. If you disagree with what I said do your own research and post your own "facts" to prove me wrong. THAT'S how it works.


    (and that's also how you learn)
    Lying again I see.  You're assuming that everyone is too lazy to post the data showing you are lying (again).

    I would be charitable and simply call you wrong except that this is a pattern for you.  To make bald, unsupported false equivalences, implications of wrongdoing or general "reasonable" sounding concern trolling.
    "While all mobile devices have inherent security risks, Android has more vulnerabilities because of its inherent open-source nature, the slow pace with which users update the OS and a lack of proper app vetting."
    ...
    "The truth is, when Android gets attacked, it tends to be more vulnerable because there are more devises out there and more people also hear about it," Gold said. "Android also has a problem in that the latest version of Android OS is generally a small portion of the base of devices in the marketplace. So, when upgrades are issued, not everyone gets them. Whereas, when Apple upgrades, everyone gets it."
    ...
    Among new malware attack vectors, Android continues to be the most targeted mobile platform, according to Symantec.
    https://www.computerworld.com/article/3213388/mobile-wireless/android-vs-ios-security-which-is-better.html
    Studies have found that a far higher percentage of mobile malware targets Android than iOS, the software than runs Apple’s devices. That’s down both to Android’s huge global popularity and its open approach. Plus, Apple tightly controls which apps are available on its App Store, vetting all apps to avoid allowing malware through."
    ...
    Many threats to Android could be largely eliminated if all users upgraded their handsets to the latest version of the OS. The fragmentation of Android devices across old versions plays into the hands of malware creators, so it’s vital to keep your own devices up to date.
    https://us.norton.com/internetsecurity-mobile-android-vs-ios-which-is-more-secure.html
    "There are several reasons why iPhones are more secure than the various phones running Android software, according to Mike Johnson, who runs the security technologies graduate program at the University of Minnesota.
    ...
    “Criminals are going to target the thing that provides them the most return,” Johnson says. 
    Plus, he says, the process of “patching” security holes is easier on iOS devices. Apple’s iOS operating system only runs on iPhones, while Alphabet’s Android software runs on phones made by numerous manufacturers. It’s more complicated to deliver patches, or bug fixes, that work across so many device makers and carriers. Android can release a patch, but it won’t necessarily be available on all devices right away.
    “Fragmentation is the enemy of security,” Johnson says.
    There’s a financial way to measure vulnerability, as well. So-called “zero days” are exploits discovered by hackers and security researchers that remain unknown to the software developer. When developers don’t know about them, they can’t issue a patch. That makes the exploits valuable to the intelligence community, and government agencies will sometimes buy those zero days to monitor suspected criminal behavior. 
    Last year, Wired magazine reported that one security firm was offering up to $1.5 million for the most serious iOS exploits and up to $200,000 for an Android one, a sign that iOS vulnerabilities are rarer.

    https://www.barrons.com/articles/android-vs-ios-are-iphones-really-safer-1496254475

    "FIRST, THE GOOD news: Half of all Android devices have gotten fairly recent security updates, patching the hackable flaws that leave users vulnerable to digital crime and espionage. The bad news? The other half hasn't.
    ...
    Those patching statistics are a mixed bag, says Josh Drake, the researcher for security firm Zimperium, who in 2015 found the so-called Stagefright (!!) vulnerability that allowed the takeover of Android phones with only a text message. "If this is really a doubling, that's great," Drake says. "But fifty percent is a terrible number."
    ...
    But he says Google's new data also further illustrates how starkly Android devices have lagged in security updates. The fact that half of devices received an update sometime in 2016 doesn't mean they've received one at all recently, he points out. "When exactly you got the patch can be the difference between being protected from trivial things or really critical things," Smith says.
    ...
    Android's biggest hurdle to better patching remains the byzantine fragmentation of its operating system. Samsung alone offers 13 models, sold by 200 different carriers, each of which customizes its operating system to different degrees. That results in close to 1,500 variations of every version of the software, says Samsung's mobile security director Henry Lee. "It might seem like we just receive a patch from Google and apply it, but it's actually not that simple," he says
    https://www.wired.com/2017/03/good-news-androids-huge-security-problem-getting-less-huge/
    More malware is written for Androids than iPhones. On top of that, almost half of the top 50 Android devices didn't have the most recent security updates by the end of 2016, according to Google.

    Even if your phone is only a year or two out of date, it's vulnerable to some very simple hacks, says Nathan Freitas, a fellow at Harvard's Berkman Center for Internet and Society. "It doesn't take much for your adversary to get into your [Android] device, and that's a big problem."
    http://money.cnn.com/2017/06/07/technology/gadgets/android-iphone-security-poor-digital-divide/index.html

    All of the above refer to some Android handsets and the OEM's that supply them, in general the Android platform. I plainly and clearly stated I was talking about the Android OS. Assuming that a security issue with one handset applies to all equally being a fault of the OS proper is not exactly what I would expect from an engineer. There are secure Android handsets and relatively less-secured ones. Unless some user has purposefully disabled their handsets security settings or modified the Google-supplied OS I can't think of ANY insecure Android handsets, even if they are somewhat older ones.

     Even the scareware stories about billions of handsets being exposed to stuff that was claimed Google could NEVER patch nor save users from haven't panned out in real life. Stagefright? One particular member here dragged that one out for months, predicting doom and gloom befalling millions of Android users any day now. I tried numerous times to explain why if wasn't going to happen but he wasn't hearing it. Pretty sure he played that "Liar" card on me too. Two years later and not one single instance of Stagefright exploiting any Android phone. Huh, I turned out to be correct after-all. 

    Then there was Quadrooter, the next exploit that nearly every clueless Android user was going to be impacted by. Hardly anyone was safe and Google couldn't do anything about it. How do we know? Several members here including the loudest Stagefright promoter insisted it was so, and told us over and over it was gonna happen so it must be true. Here we are going on two years later and hundreds of millions of users have indeed been attacked by... Nothing. In fact there's not been a single instance of Quadrooter seizing control of any Android users handset as far as I know. I think if you go back and look I explained at the time why the scare stories were not true, and again too few of the most vocal AI members wanted to hear or believe anything of the sort.   

    As for your Harvard link to Nathan Freitas he promotes his own hardened security software for smartphones, Copperhead. Do you know what OS it uses? The Google-provided Android AOSP. Sure does not seem as tho he believes the Android OS is insecure.

    And just a general mention to readers: If there's a new scareware story making the rounds then more often than not (and to be fair occasionally not) it comes from a company who just happens to have some solution for it available for purchase, ie Symantec and Norton as noted in your links.  Jus' sayin'. 

    Mention two: Targeting something and hitting it are two distinct events. It doesn't matter if some ne'er-do-well has grandiose plans if his malware of choice can't hit the intended target. Android being targeted by a million pieces of malware doesn't mean much of anything, much less prove that it is insecure. On the contrary that malware intentions miss so often would seem to imply just the opposite wouldn't you agree? No of course you would not...
    nht said:
    gatorguy said:
    macxpress said:
    gatorguy said:
    macxpress said:
    macxpress said:
    wood1208 said:
    There should be older version of IOS available to downgrade to and newer version if someone wants to upgrade to new features version.
    So you can downgrade your phone and re-unlock exploits in the OS. Yeah, thats a great idea! There are reasons why Apple does things the way they do and its not to lock you into a specific OS. The reason I just mentioned alone should be more than enough. Also, if you have an App that requires iOS 11 and you downgrade to iOS 10 well guess what, it no longer works! 

    Your argument is NOT really practical. There are plenty of people (we are talking about few hundred millions of people here) with more than 2 years old iPhones/iPads and they DO face significant performance issues EVERY year after upgrading to the LATEST and supposedly GREATEST version of iOS. Your solution to them is - Learn to live with it because it is secure OR replace it with a newer device (which is what you are more likely doing hence you probably never faced the slow-down issue). And you assume this is good enough for each and everyone owning an old iPhone/iPad. Apparently it is NOT enough of a solution for the people who are struggling with older devices. People who are reasonable about this issue asks for a different solution - Allow the people to downgrade to previous version of iOS which did NOT exhibit significant performance issues AND provide security updates alone to even older versions of iOS for 4 years.


    You may argue it costs additional money for Apple to support older versions of iOS. But that is another short sighted view, purely from a shareholder point of view, with total disregard for end-users. If you are an Apple customer, you should demand the best for you as a customer. In this case, good performance for life time of the device (i.e. 4 years) AND security updates for 4 years. Maximizing Apple's profit SHOULD NOT be your objective as a customer.

    If you want options and fragmentation then go to Android and enjoy your insecure, fragmented OS. Simple as that. Security alone is more than enough reason for Apple NOT to allow backtracking of updates. Security should be one of the top priorities, not worrying about a supposed slow down in a phone because of an update. If its that big of a deal to someone, then don't update your phone to the newer version of iOS. 

    This also creates a mess for developers too so you have to look at that end of it as well. Why do you think Android apps are such a mess?
    I think you're conflating privacy with security. Android is a very secure OS, right up there with iOS. Apple's iOS is better from a privacy standpoint as we all know. 

    And no I'm not going to argue the point. Anyone that disagrees can do their own research into Android security and determine the facts for themselves. Keep in mind system security where both major OS's are comparable is not the same as privacy (some overlaps of course), which Apple markets as a priority of theirs. Google not so much.
    So you want to claim something, but don't want to post the facts to back it up. Thats not how it works... I'm not doing the research for you. 
    I've posted the facts before, I'm already familiar with them, and I'm not asking you to do a single thing for me. If you disagree with what I said do your own research and post your own "facts" to prove me wrong. THAT'S how it works.


    (and that's also how you learn)
    Lying again I see.  You're assuming that everyone is too lazy to post the data showing you are lying (again).

    I'm sure you're going to mealy mouth some excuse how you're only talking about the OS rather than the platform
    (YUP, that's exactly what I said in the post you took enough offence with to break out the "liar" card again)
    but the key metric is that iOS zero days are worth a lot more than Android zero days which means there are fewer of them.
    "On Thursday, exploit broker Zerodium announced that its bug bounty for zero-day (previously undisclosed) exploits now tops out at $1.5 million for Apple's new iOS 10.
    ...
    ...
    Under this year's revised pricing, Android 7 Nougat zero-day exploits will fetch up to $200,000
    ...
    In a way, yes, it's a little alarming that there's so much incentive for someone to crack the iPhone. Then again, this also means it's that much harder to crack."
    https://www.wired.com/2016/09/top-shelf-iphone-hack-now-goes-1-5-million/
    Asked why a string of iOS exploits commanded 7.5 times the price of a comparable one for Android he said: "That means that iOS 10 chain exploits are either 7.5 x harder than Android or the demand for iOS exploits is 7.5 x higher. The reality is a mix of both."
    https://arstechnica.com/information-technology/2016/09/1-5-million-bounty-for-iphone-exploits-is-sure-to-bolster-supply-of-0days/

    Why are iOS exploits rarer?  Because:
    But it's not just about the immediate reward. iOS is such a complex, locked-down, and secure operating system that simply to inspect and do research on it, one needs multiple, unpatched, zero-day bugs, perhaps even a full-fledged jailbreak, according to researchers. In other words, you need unknown bugs just to find bugs in other parts of the operating system that might be otherwise locked.
    https://motherboard.vice.com/en_us/article/gybppx/iphone-bugs-are-too-valuable-to-report-to-apple

    In comparison, Android source code is available and you can easily root a device to do exploit testing.

    So again we find Gatorguy lying about Apple.  iOS exploits, while being more desired is also harder to discover and develop working exploits for...

    So, no, you aren't "wrong" because that implies a good faith mistake.  You are lying because this disinformation is a pattern you deliberately follow.
    Mealy-mouth? I hate to think you have a reading disability and do not believe you do. My original post plainly applied to the Android OS, not all-things-Android.

    Anyway regarding the latter part of your reply quoted above,  because a company is willing to pay more for an exploit applicable to iOS than for one exploiting Android is PROOF the latter one is insecure? Your linked Ars editorial doesn't even claim that. Oh, and by the way I believe I read  it was determined after-the-fact that Zerodium's eye-popping offer for iOS exploits was a publicity stunt as much as anything, intended to encourage hackers from taking Apple up on their up-to-$200K offer for finding iOS exploits and work with Zerodium instead. 

     For what it's worth Adrian Ludwig, head of Android Security for Google, made the claim at a security conference in late 2016 that Pixel phones were equally as secure as iPhones due to their regular monthly security patches delivered directly to owner's phones, hardware and software fixes delivered on an as-needed basis bypassing any intermediaries, and being among the first to receive OS updates at they become available. Two years later his claim has yet to be successfully challenged.

     Since then the largest Android OEM's like Samsung, LG and now Huawei, have also committed to regular security updates delivered to user's smartphones. Samsung in particular is to be commended (even if I personally don't like them as a company) since this applies to many of their budget handsets and not just the flagships,  and like Google they are able to roll-out directly to those owners handsets without carrier involvement.

    So to repeat my original statement, Android is a very secure OS, right up there with iOS just as I said in the first place, a statement you have not proven to be incorrect (or as you prefer to mistakenly(?) use, the loaded word "lie") despite the obvious hard work you put into it.  But I think it was still a good exercise as I believe you learned a thing or two that you were unaware of along the way and perhaps cleared up some misconceptions you had held whether you would admit to it or not. I'd like to think you would but based on our most recent exchanges I'm not as hopeful as I would typically be.

    So a Pixel phone and an iPhone are equally secure, a claim from Google that has withstood any direct challenge from any security professionals, and goes towardsnsupporting my own stated opinion that you taken exception to. In fairness to all the work you put into your reply I completely agree that most or minimally at least half of all active Google Android smartphones are lacking the OS upgrades and/or security patches that would allow the same to be said about them. They simply aren't the equal of a Pixel or iPhone when it comes to security with perhaps a few rare exceptions. Perhaps. Particularly on two or three year old devices the use of iOS is therefore more secure than on older Android handsets, which is really a platform and hardware problem and not a fault of the OS. As an engineer I think you understand that even if you wouldn't say it. But that's not applicable to my opinion as stated that lead to this anyway.

    Even if iOS would be more secure (which I don't personally agree is the case) it does not prove a claim that Android is insecure IMHO. Both can be secure.

    EDIT: I won't avoid responding to any counterpoints you might have, but if you continue to attack my character in the process you will be ignored and will not get a reply. I'm already ignoring anything you have to say in that "other" thread which I won't bother linking on behalf of both of us. I allowed myself to be drawn into a disrespectful discussion there despite my initial efforts to avoid doing so and won't get anywhere near the mud again here. Keep future replies at least moderately courteous please.
    Lol.  Complete utter rubbish and lying again.

    Feel free to ignore me.  I want you to ignore me and leave your lies threadbare to the refutation rather than pollute the thread with long winded and evasive denials.

    Security researchers have said flat out that they won’t join Apple bug bounty because it pays too little vs what the market will buy for and they need their own bugs just to look for more exploits because iOS is so hard to break into.  They don’t have that problem on Android.

    Both the platform and the OS is far more vulnerable than iOS and always has been.  You can’t accept that because you’re here to concern troll not because there’s any technical disagreement.  You aren’t arguing in good faith but lying to push an anti-Apple agenda.
  • Reply 35 of 35
    jcs2305jcs2305 Posts: 253member
    macxpress said:
    wood1208 said:
    There should be older version of IOS available to downgrade to and newer version if someone wants to upgrade to new features version.
    So you can downgrade your phone and re-unlock exploits in the OS. Yeah, thats a great idea! There are reasons why Apple does things the way they do and its not to lock you into a specific OS. The reason I just mentioned alone should be more than enough. Also, if you have an App that requires iOS 11 and you downgrade to iOS 10 well guess what, it no longer works! 

    Your argument is NOT really practical. There are plenty of people (we are talking about few hundred millions of people here) with more than 2 years old iPhones/iPads and they DO face significant performance issues EVERY year after upgrading to the LATEST and supposedly GREATEST version of iOS. Your solution to them is - Learn to live with it because it is secure OR replace it with a newer device (which is what you are more likely doing hence you probably never faced the slow-down issue). And you assume this is good enough for each and everyone owning an old iPhone/iPad. Apparently it is NOT enough of a solution for the people who are struggling with older devices. People who are reasonable about this issue asks for a different solution - Allow the people to downgrade to previous version of iOS which did NOT exhibit significant performance issues AND provide security updates alone to even older versions of iOS for 4 years.


    You may argue it costs additional money for Apple to support older versions of iOS. But that is another short sighted view, purely from a shareholder point of view, with total disregard for end-users. If you are an Apple customer, you should demand the best for you as a customer. In this case, good performance for life time of the device (i.e. 4 years) AND security updates for 4 years. Maximizing Apple's profit SHOULD NOT be your objective as a customer.

    Your BS garbage narrative has been quantifiably debunked...
    https://www.futuremark.com/pressreleases/is-it-true-that-iphones-get-slower-over-time

    But hey- don’t let annoying little things like THE FACTS get in the way of a rant/diatribe!
    Unfortunately, you are the one who is talking BS benchmarks which do NOT have ANY relevance to real-world performance observed by the people who are actually using the device in question. I did NOT mention stupid benchmarks as a proof of slowdown observed by people with newer versions of iOS. Even ignoring the battery related slowdown, I did NOT talk about benchmark scores being noticeably less compared to the previous iOS version. Hardware performance across years remains close to when it was new. But the load placed on that same hardware has significantly increased due to new iOS versions, hence the noticeable slower performance in real world. I am talking from my own real-world experience with iPad Air, which was damn fast with iOS7, now to a crawl with iOS 10. I never bothered to run benchmarks in my iPad, but I would expect the benchmarks with iOS 7 and iOS 10 to be similar. Actual user experience - It is a huge difference that I observe day in day out. Now tell me - who is NOT bothered about FACTS? It is YOU.
    Yet my personal experience with my own iPad Air 2 and iPhone 6s Plus were the opposite of what you state ?  iPad Air 2 16gb is running crisp as ever on iOS 11.2.2 and iPhone 6s Plus was running the same untilI sold it a few weeks ago. I guess at that point it was 11.2 ? 

    Gave the GF my 7 plus restored and is also running as fast as ever. Santa got me a iPad Pro 10.5 so I restored the Air 2 and gave it to her as well. So these are the facts you state are with your device, not hundreds of millions of people. That just sounds foolish. 



Sign In or Register to comment.