You're right they didn't misconstrue anything. Because that term's connotation is that any false information is given by accident.
Quarks lied. They stated something they have no reasonable expectation of authority to know what they are talking about and no hard proof of it.
They didn't find a hole that lets them calculate the keys, decode the messages etc. They simply said that Apply is lying and can look up the key for any person they want and decode messages any time they want and lied that they could not.
Quarks can't prove this, knows they can't prove this, but stated it anyway. So no they didn't mistakenly state false information, they flat out lied. Something none of the hit whoring sites and blogs, including this one, bother to ever point out. Because they care more about the page hits than the truth. Which is why when Apple replies they will cast it as the act of a desperate company and so on.
You either didn't read or didn't understand their analysis. But yet you feel passionate about this. LOL!!!
Same stunt stock analysts use all the time because they know that in general folks are stupid and too lazy to really think about what is being said. And sites play party to it because Apple gets page hits.
If you trust Apple (and you should), then you might appreciate that they are not truly refuting the Quarks report. But, if you are like others (such as Charlatan), then by calling Quarks liars you are really not trusting Apple.
Isn't that report kinda like saying that someone could gain unlawful entry into my neighbor's house if he were to leave a spare key under a rock in the garden and a thief were to find that key.
Sure sounds like my neighbor is just asking for someone to break in and is not being at all safe.
Let's ignore the fact that I have no knowledge of whether or not my neighbor does in fact leave a key under a rock in the garden - or whether he has additional locks, bars, other security devices or an alarm system etc that would alert him to a break in or prevent or stop it.
People can snidely suggest what they like but the evidence that iMessage and Facetime are encrypted and sealed off from the NSA is that they have been complaining in Memos about message trails going dark at Apple.
From April 2013: "A recent Justice Department memo revealed by CNET shows law enforcement’s frustration with Apple’s encrypted iMessage software. The internal memo, sent by the Drug Enforcement Administration, calls iMessages “a challenge to DEA intercept” and notes that messages sent between two Apple devices — the ones that turn blue in users’ chat windows — cannot be captured by monitoring devices.”
Do these Quarkslab people think the NSA is playing dumb to make Apple look secure? I think not!
Apple doesn't keep information it doesn't want to know. This protects it from having that information subpoenaed or stolen. If the government passes a law requiring it to keep certain information, then it has no choice. If there are laws on the books that can require Apple to change their mass-market messaging software so that it logs more information, or change its protocols to enable a wiretap, then there's nothing Apple can do about that. But changing a live system that carries billions of messages a day is not easy, and Apple could put up quite a bit of resistance. It's strongly in Apple's economic interest to be on the side of its customer's privacy in this matter.
As far as I can tell from the report, the issue is this:
1. Apple's servers tell each client the other one's public key, so they know how to encrypt the message.
2. The message is encrypted using this key and sent via Apple's servers to the target device.
The issue is in the first step: Apple control the key distribution. It would be entirely possible for them to tweak the key servers so that for a particular list of users an insecure key is sent instead. This would then let them decrypt or do whatever they feel like to the message in transit. And it's not impossible to imagine that the NSA would request (or rather demand) wiretaps like this on "suspicious" individuals.
According to what Apple's said though, their system currently isn't set up in a way that would make this possible (presumably the infrastructure needed to decrypt / alter the target messages doesn't exist), so there isn't anything to worry about right now.
It's still interesting to know about potential issues like this though, even if they're strictly theoretical and you couldn't really do anything about them anyway.
1. Apple's servers tell each client the other one's public key, so they know how to encrypt the message.
2. The message is encrypted using this key and sent via Apple's servers to the target device.
The issue is in the first step: Apple control the key distribution. It would be entirely possible for them to tweak the key servers so that for a particular list of users an insecure key is sent instead. This would then let them decrypt or do whatever they feel like to the message in transit. And it's not impossible to imagine that the NSA would request (or rather demand) wiretaps like this on "suspicious" individuals.
According to what Apple's said though, their system currently isn't set up in a way that would make this possible (presumably the infrastructure needed to decrypt / alter the target messages doesn't exist), so there isn't anything to worry about right now.
It's still interesting to know about potential issues like this though, even if they're strictly theoretical and you couldn't really do anything about them anyway.
Now here's a cogent, informed view.
Kids, this is what happens when you read before commenting.
So let me get this straight. Apple is under attack because it could theoretically re-engineer it's systems to read your iMessages when we know that Google is scanning your every email, instant message, contacts, browser history?!?! Apple needs to stop playing defense on this issue and go on the offensive and make people aware that Google is the real Big Brother of the internet.
Why don't we see articles like this directed at Google? Oh because everyone is afraid to challenge Google and risk watching their web traffic tank as Google retaliates. Google has way too much influence on the media and the market and something must be done about it.
1. Apple's servers tell each client the other one's public key, so they know how to encrypt the message.
2. The message is encrypted using this key and sent via Apple's servers to the target device.
The issue is in the first step: Apple control the key distribution. It would be entirely possible for them to tweak the key servers so that for a particular list of users an insecure key is sent instead. This would then let them decrypt or do whatever they feel like to the message in transit. And it's not impossible to imagine that the NSA would request (or rather demand) wiretaps like this on "suspicious" individuals.
According to what Apple's said though, their system currently isn't set up in a way that would make this possible (presumably the infrastructure needed to decrypt / alter the target messages doesn't exist), so there isn't anything to worry about right now.
It's still interesting to know about potential issues like this though, even if they're strictly theoretical and you couldn't really do anything about them anyway.
I don't know much about how the key are generated - but in theory wouldn't it be simpler to just send an extra copy of each key to a datastore where it could later be retrieved - or only save the extra key AFTER getting a warrant to surveil an individual - and then perhaps only the key used when that person sends - and a separate warrant to decrypt anything sent from the person on the other end?
I do know that in tape encryption with a key manager the recommended best practice is to have redundant key managers - of course that is for cases where you are encrypting the data put onto a tape - and need to be able to decrypt that info at a (perhaps much) later date - while preventing anyone who might wander off with the data cartridge from being able to decrypt the info stored on it. A bit different perhaps than instant messaging - but certainly should indicate that if someone other than you is generating the key then you really have no way to guarantee or verify whether or not that key is stored and for what the retention policy is on that key.
So let me get this straight. Apple is under attack because it could theoretically re-engineer it's systems to read your iMessages when we know that Google is scanning your every email, instant message, contacts, browser history?!?! Apple needs to stop playing defense on this issue and go on the offensive and make people aware that Google is the real Big Brother of the internet.
Why don't we see articles like this directed at Google? Oh because everyone is afraid to challenge Google and risk watching their web traffic tank as Google retaliates. Google has way too much influence on the media and the market and something must be done about it.
Under attack? Exaggerate much?
The notion that Google isn't under constant criticism is absurd and patently dishonest.
1. Thank you for architecting a secure system that so far has not been broken government agencies and security organizations. Many people are trying and will celebrate if it is ever broken.
2. Thank you for attempting to protect the privacy of your customers. There are not many companies actually adhering to the statement they do not want to know what their customers are texting.
3. More than ever many eyes in this world are focused on you to see you falter in your efforts. Every security technology you deploy in your iDevices will be scrutinized for flaws. If no flaws are found in the technology, it will be reported that you are the flaw.
4. Remain focused on surprising, delighting and strengthening customer loyalty with great products that are envied by your competitors.
It has been said, you first have to assume any communication through any electronic method is open to be tapped and record for others to read. It is foolish to think otherwise. Yes we like to believe Apple has no real evil intent and is not interested in anything you have to say unlike Google. It does not mean that if the government wanted Legal access to an individual communications they would not be able to gain access. Apple said they do not store message and they are encrypted so the average Joe could not capture and read the message. This is most likely a true statement.
However, there is nothing to say Apple could not be ordered to capture the encrypted data and store and then hand it over to someone to deencrypted the content later. There are computer and algorithms out that can break most all encryption systems. The Government will tell you if you not doing anything you should not worry whether the government can gain access to your communications. Just remember it not illegal to have access to your information, it just illegal what they do with it. ie. the government can listen and know you doing all kinds of bad things but they can not arrest you because they were listening.
Apple does not need to play man in the middle, they can need to collect the information if asked and the government can do the rest. Keep in mind Apple has released information which they stated they come complied with government legal orders to provide specific user data, so apple could be compelled to do the same for imessages. The DEA is just complaining they can not obtain this information through their normal listening methods.
1. Thank you for architecting a secure system that so far has not been broken government agencies and security organizations. Many people are trying and will celebrate if it is ever broken.
2. Thank you for attempting to protect the privacy of your customers. There are not many companies actually adhering to the statement they do not want to know what their customers are texting.
3. More than ever many eyes in this world are focused on you to see you falter in your efforts. Every security technology you deploy in your iDevices will be scrutinized for flaws. If no flaws are found in the technology, it will be reported that you are the flaw.
4. Remain focused on surprising, delighting and strengthening customer loyalty with great products that are envied by your competitors.
Regards,
leavingthebigG
You forgot to add "xox" at the end. Geez, how old are u?
If you think that Google gets half the criticism and scrutiny that Apple does much less the level it deserves, I'd love to have the meds you are on. Until the tech blogosphere isn't beholden to Google's model of click advertising to make money, Google will continue to skate around these issues of privacy.
Google's access to people data is several orders of magnitude higher than Apple's yet how many places do we see this iMessage story on the net today? Bloggers know where there money comes from and do very little to rock the boat. Until we have a model where people pay for content on the internet and aren't dependent on an advertising based model which is dominated by Google, Google will continue to control the conversation in the tech media. If you don't believe this isn't happening then you clearly aren't paying attention. Absurd you say? Obvious I say!!!
[QUOTE]I don't know much about how the key are generated - but in theory wouldn't it be simpler to just send an extra copy of each key to a datastore where it could later be retrieved - or only save the extra key AFTER getting a warrant to surveil an individual - and then perhaps only the key used when that person sends - and a separate warrant to decrypt anything sent from the person on the other end?
I do know that in tape encryption with a key manager the recommended best practice is to have redundant key managers - of course that is for cases where you are encrypting the data put onto a tape - and need to be able to decrypt that info at a (perhaps much) later date - while preventing anyone who might wander off with the data cartridge from being able to decrypt the info stored on it. A bit different perhaps than instant messaging - but certainly should indicate that if someone other than you is generating the key then you really have no way to guarantee or verify whether or not that key is stored and for what the retention policy is on that key. [/QUOTE]
No. In public key cryptography, the public key is just what it says... Public! The security relies on protecting the private key which is generated on the device itself and stored in the protected key storage on the A* chip.
Apple runs a Certificate Authority that issues certificates to each of your devices, so it's apple verifying you are who you claim to be and keeping a record, just like Verisign or any other CA does for SSL. That entire process is well known and Apple never sees the private key, same as Verisign doesn't have your website's private key and can't setup a website pretending to be you.
When the message goes out, it is encrypted with the public key of the *intended receiver* so you must have that receivers private key to decrypt it... That's why the sending device sends multiple messages, one for every device the receiver owns, each encrypted with a separate public key. The message is further signed by your local private key, for which you need the sender's public key to verify it was not forged. That's why the receiving device asks Apple for your list of certificates.
The vulnerability here is the same one for SSL... If Apple lies and gives out fake certificates (public keys) when asked, then they can pretend to be the intended receiver. However not event he awful Patriot act allows such things, as it requires Apple (or a third party) to pretend to be the receiver. To my knowledge, no court has ever (or could ever) compel a third party like Apple or Verisign to issue a false certificate to law enforcement.
Apple's statement is that their Certificate Authority has no code to perform this man in the middle attack and they won't write any to do so, meaning a court order would have to go further and compel them to write new code and change their systems.
These guys did discover one bug: the local device doesn't require that the certificates are issued with a chain of trust ending at Apple's CA, they'll accept any trusted CA in the list, so if you can inject a certificate onto the device any you can hijack the local DNS server, then you can eavesdrop. The fix is fairly easy and quick.
If you think that Google gets half the criticism and scrutiny that Apple does much less the level it deserves, I'd love to have the meds you are on. Until the tech blogosphere isn't beholden to Google's model of click advertising to make money, Google will continue to skate around these issues of privacy.
Google's access to people data is several orders of magnitude higher than Apple's yet how many places do we see this iMessage story on the net today? Bloggers know where there money comes from and do very little to rock the boat. Until we have a model where people pay for content on the internet and aren't dependent on an advertising based model which is dominated by Google, Google will continue to control the conversation in the tech media. If you don't believe this isn't happening then you clearly aren't paying attention. Absurd you say? Obvious I say!!!
First you say there aren't any articles criticizing Google. Now you say they don't get half as much criticism. Make up your mind.
There are bloggers who are as venomously against Google as you are, and they are pulling down 6-figures doing what they do. So clearly bloggers do get away with bashing Google, just as some sites profit from bashing Apple.
Bottom line - Google and Apple are full of smart people doing smart things. They go about it differently and have different objectives. No one is beholden to either because there are alternative products/solutions to what both offer. Both companies receive their share of criticism, both deserved and undeserved. Anyone who says otherwise is kidding themselves.
No point continuing this debate. You're clearly biased and inform (a strong word in your case) yourself only with what fits your narrative.
Comments
So let me get this straight (imagine Christopher Walken saying this):
"If I channel.... my communications... through... an intermediary... THEY HAVE MY COMMUNICATIONS?!?!"
The shock! The outrage! The stupid people! Rabble rabble rabble!
You're right they didn't misconstrue anything. Because that term's connotation is that any false information is given by accident.
Quarks lied. They stated something they have no reasonable expectation of authority to know what they are talking about and no hard proof of it.
They didn't find a hole that lets them calculate the keys, decode the messages etc. They simply said that Apply is lying and can look up the key for any person they want and decode messages any time they want and lied that they could not.
Quarks can't prove this, knows they can't prove this, but stated it anyway. So no they didn't mistakenly state false information, they flat out lied. Something none of the hit whoring sites and blogs, including this one, bother to ever point out. Because they care more about the page hits than the truth. Which is why when Apple replies they will cast it as the act of a desperate company and so on.
You either didn't read or didn't understand their analysis. But yet you feel passionate about this. LOL!!!
Same stunt stock analysts use all the time because they know that in general folks are stupid and too lazy to really think about what is being said. And sites play party to it because Apple gets page hits.
Well, you are proving your own point.
So let me get this straight (imagine Christopher Walken saying this):
"If I channel.... my communications... through... an intermediary... THEY HAVE MY COMMUNICATIONS?!?!"
The shock! The outrage! The stupid people! Rabble rabble rabble!
Try to understand something before mocking it. Otherwise, you are just making a mockery of yourself.
Please tell me what tech company do you trust?
If you trust Apple (and you should), then you might appreciate that they are not truly refuting the Quarks report. But, if you are like others (such as Charlatan), then by calling Quarks liars you are really not trusting Apple.
Isn't that report kinda like saying that someone could gain unlawful entry into my neighbor's house if he were to leave a spare key under a rock in the garden and a thief were to find that key.
Let's ignore the fact that I have no knowledge of whether or not my neighbor does in fact leave a key under a rock in the garden - or whether he has additional locks, bars, other security devices or an alarm system etc that would alert him to a break in or prevent or stop it.
People can snidely suggest what they like but the evidence that iMessage and Facetime are encrypted and sealed off from the NSA is that they have been complaining in Memos about message trails going dark at Apple.
From April 2013: "A recent Justice Department memo revealed by CNET shows law enforcement’s frustration with Apple’s encrypted iMessage software. The internal memo, sent by the Drug Enforcement Administration, calls iMessages “a challenge to DEA intercept” and notes that messages sent between two Apple devices — the ones that turn blue in users’ chat windows — cannot be captured by monitoring devices.”
Do these Quarkslab people think the NSA is playing dumb to make Apple look secure? I think not!
1. DEA ? NSA
2. Read the damn reports before commenting.
Apple doesn't keep information it doesn't want to know. This protects it from having that information subpoenaed or stolen. If the government passes a law requiring it to keep certain information, then it has no choice. If there are laws on the books that can require Apple to change their mass-market messaging software so that it logs more information, or change its protocols to enable a wiretap, then there's nothing Apple can do about that. But changing a live system that carries billions of messages a day is not easy, and Apple could put up quite a bit of resistance. It's strongly in Apple's economic interest to be on the side of its customer's privacy in this matter.
1. Apple's servers tell each client the other one's public key, so they know how to encrypt the message.
2. The message is encrypted using this key and sent via Apple's servers to the target device.
The issue is in the first step: Apple control the key distribution. It would be entirely possible for them to tweak the key servers so that for a particular list of users an insecure key is sent instead. This would then let them decrypt or do whatever they feel like to the message in transit. And it's not impossible to imagine that the NSA would request (or rather demand) wiretaps like this on "suspicious" individuals.
According to what Apple's said though, their system currently isn't set up in a way that would make this possible (presumably the infrastructure needed to decrypt / alter the target messages doesn't exist), so there isn't anything to worry about right now.
It's still interesting to know about potential issues like this though, even if they're strictly theoretical and you couldn't really do anything about them anyway.
1. Apple's servers tell each client the other one's public key, so they know how to encrypt the message.
2. The message is encrypted using this key and sent via Apple's servers to the target device.
The issue is in the first step: Apple control the key distribution. It would be entirely possible for them to tweak the key servers so that for a particular list of users an insecure key is sent instead. This would then let them decrypt or do whatever they feel like to the message in transit. And it's not impossible to imagine that the NSA would request (or rather demand) wiretaps like this on "suspicious" individuals.
According to what Apple's said though, their system currently isn't set up in a way that would make this possible (presumably the infrastructure needed to decrypt / alter the target messages doesn't exist), so there isn't anything to worry about right now.
It's still interesting to know about potential issues like this though, even if they're strictly theoretical and you couldn't really do anything about them anyway.
Now here's a cogent, informed view.
Kids, this is what happens when you read before commenting.
So let me get this straight. Apple is under attack because it could theoretically re-engineer it's systems to read your iMessages when we know that Google is scanning your every email, instant message, contacts, browser history?!?! Apple needs to stop playing defense on this issue and go on the offensive and make people aware that Google is the real Big Brother of the internet.
Why don't we see articles like this directed at Google? Oh because everyone is afraid to challenge Google and risk watching their web traffic tank as Google retaliates. Google has way too much influence on the media and the market and something must be done about it.
1. Apple's servers tell each client the other one's public key, so they know how to encrypt the message.
2. The message is encrypted using this key and sent via Apple's servers to the target device.
The issue is in the first step: Apple control the key distribution. It would be entirely possible for them to tweak the key servers so that for a particular list of users an insecure key is sent instead. This would then let them decrypt or do whatever they feel like to the message in transit. And it's not impossible to imagine that the NSA would request (or rather demand) wiretaps like this on "suspicious" individuals.
According to what Apple's said though, their system currently isn't set up in a way that would make this possible (presumably the infrastructure needed to decrypt / alter the target messages doesn't exist), so there isn't anything to worry about right now.
It's still interesting to know about potential issues like this though, even if they're strictly theoretical and you couldn't really do anything about them anyway.
I don't know much about how the key are generated - but in theory wouldn't it be simpler to just send an extra copy of each key to a datastore where it could later be retrieved - or only save the extra key AFTER getting a warrant to surveil an individual - and then perhaps only the key used when that person sends - and a separate warrant to decrypt anything sent from the person on the other end?
I do know that in tape encryption with a key manager the recommended best practice is to have redundant key managers - of course that is for cases where you are encrypting the data put onto a tape - and need to be able to decrypt that info at a (perhaps much) later date - while preventing anyone who might wander off with the data cartridge from being able to decrypt the info stored on it. A bit different perhaps than instant messaging - but certainly should indicate that if someone other than you is generating the key then you really have no way to guarantee or verify whether or not that key is stored and for what the retention policy is on that key.
Under attack? Exaggerate much?
The notion that Google isn't under constant criticism is absurd and patently dishonest.
1. Thank you for architecting a secure system that so far has not been broken government agencies and security organizations. Many people are trying and will celebrate if it is ever broken.
2. Thank you for attempting to protect the privacy of your customers. There are not many companies actually adhering to the statement they do not want to know what their customers are texting.
3. More than ever many eyes in this world are focused on you to see you falter in your efforts. Every security technology you deploy in your iDevices will be scrutinized for flaws. If no flaws are found in the technology, it will be reported that you are the flaw.
4. Remain focused on surprising, delighting and strengthening customer loyalty with great products that are envied by your competitors.
Regards,
leavingthebigG
It has been said, you first have to assume any communication through any electronic method is open to be tapped and record for others to read. It is foolish to think otherwise. Yes we like to believe Apple has no real evil intent and is not interested in anything you have to say unlike Google. It does not mean that if the government wanted Legal access to an individual communications they would not be able to gain access. Apple said they do not store message and they are encrypted so the average Joe could not capture and read the message. This is most likely a true statement.
However, there is nothing to say Apple could not be ordered to capture the encrypted data and store and then hand it over to someone to deencrypted the content later. There are computer and algorithms out that can break most all encryption systems. The Government will tell you if you not doing anything you should not worry whether the government can gain access to your communications. Just remember it not illegal to have access to your information, it just illegal what they do with it. ie. the government can listen and know you doing all kinds of bad things but they can not arrest you because they were listening.
Apple does not need to play man in the middle, they can need to collect the information if asked and the government can do the rest. Keep in mind Apple has released information which they stated they come complied with government legal orders to provide specific user data, so apple could be compelled to do the same for imessages. The DEA is just complaining they can not obtain this information through their normal listening methods.
You forgot to add "xox" at the end. Geez, how old are u?
If you think that Google gets half the criticism and scrutiny that Apple does much less the level it deserves, I'd love to have the meds you are on. Until the tech blogosphere isn't beholden to Google's model of click advertising to make money, Google will continue to skate around these issues of privacy.
Google's access to people data is several orders of magnitude higher than Apple's yet how many places do we see this iMessage story on the net today? Bloggers know where there money comes from and do very little to rock the boat. Until we have a model where people pay for content on the internet and aren't dependent on an advertising based model which is dominated by Google, Google will continue to control the conversation in the tech media. If you don't believe this isn't happening then you clearly aren't paying attention. Absurd you say? Obvious I say!!!
I do know that in tape encryption with a key manager the recommended best practice is to have redundant key managers - of course that is for cases where you are encrypting the data put onto a tape - and need to be able to decrypt that info at a (perhaps much) later date - while preventing anyone who might wander off with the data cartridge from being able to decrypt the info stored on it. A bit different perhaps than instant messaging - but certainly should indicate that if someone other than you is generating the key then you really have no way to guarantee or verify whether or not that key is stored and for what the retention policy is on that key. [/QUOTE]
No. In public key cryptography, the public key is just what it says... Public! The security relies on protecting the private key which is generated on the device itself and stored in the protected key storage on the A* chip.
Apple runs a Certificate Authority that issues certificates to each of your devices, so it's apple verifying you are who you claim to be and keeping a record, just like Verisign or any other CA does for SSL. That entire process is well known and Apple never sees the private key, same as Verisign doesn't have your website's private key and can't setup a website pretending to be you.
When the message goes out, it is encrypted with the public key of the *intended receiver* so you must have that receivers private key to decrypt it... That's why the sending device sends multiple messages, one for every device the receiver owns, each encrypted with a separate public key. The message is further signed by your local private key, for which you need the sender's public key to verify it was not forged. That's why the receiving device asks Apple for your list of certificates.
The vulnerability here is the same one for SSL... If Apple lies and gives out fake certificates (public keys) when asked, then they can pretend to be the intended receiver. However not event he awful Patriot act allows such things, as it requires Apple (or a third party) to pretend to be the receiver. To my knowledge, no court has ever (or could ever) compel a third party like Apple or Verisign to issue a false certificate to law enforcement.
Apple's statement is that their Certificate Authority has no code to perform this man in the middle attack and they won't write any to do so, meaning a court order would have to go further and compel them to write new code and change their systems.
These guys did discover one bug: the local device doesn't require that the certificates are issued with a chain of trust ending at Apple's CA, they'll accept any trusted CA in the list, so if you can inject a certificate onto the device any you can hijack the local DNS server, then you can eavesdrop. The fix is fairly easy and quick.
If you think that Google gets half the criticism and scrutiny that Apple does much less the level it deserves, I'd love to have the meds you are on. Until the tech blogosphere isn't beholden to Google's model of click advertising to make money, Google will continue to skate around these issues of privacy.
Google's access to people data is several orders of magnitude higher than Apple's yet how many places do we see this iMessage story on the net today? Bloggers know where there money comes from and do very little to rock the boat. Until we have a model where people pay for content on the internet and aren't dependent on an advertising based model which is dominated by Google, Google will continue to control the conversation in the tech media. If you don't believe this isn't happening then you clearly aren't paying attention. Absurd you say? Obvious I say!!!
First you say there aren't any articles criticizing Google. Now you say they don't get half as much criticism. Make up your mind.
There are bloggers who are as venomously against Google as you are, and they are pulling down 6-figures doing what they do. So clearly bloggers do get away with bashing Google, just as some sites profit from bashing Apple.
Bottom line - Google and Apple are full of smart people doing smart things. They go about it differently and have different objectives. No one is beholden to either because there are alternative products/solutions to what both offer. Both companies receive their share of criticism, both deserved and undeserved. Anyone who says otherwise is kidding themselves.
No point continuing this debate. You're clearly biased and inform (a strong word in your case) yourself only with what fits your narrative.