ericthehalfbee

About

Username
ericthehalfbee
Joined
Visits
210
Last Active
Roles
member
Points
9,787
Badges
2
Posts
4,499

Reactions

7.4KLike6Dislike323Informative

  • Side-loading is a gold rush for cybercriminals, says Craig Federighi

    ericthehalfbeeericthehalfbee
    gatorguy said:
    An app from Apple's AppStore will be just as secure and malware-free as it is now whether 3rd party stores/sideloading is permitted or not. It changes nothing for an iPhone owner who uses only the first-party store. 

    No one is saying Apple needs to make it as easy to sideload as not. FWIW Google makes it fairly difficult to do so now, so even if it can be done they definitely strongly discourage it with change settings in an obscure place most people would never see. Allowing a user choice of what applications to load on their own personal $1000 expenditure puts the onus where it belongs. The only legitimate reason not to is purely profit-based and not because they're "saving us from ourselves". 

    We buy homes and add furniture we choose from whatever source we wish, no payment to the architect or the builder. We buy cars and change out the audio, headlights, et.al sourced from wherever we wish, no permission required from the auto manufacturer or fee to be paid.  We buy computers and laptops and add programs from any developer we wish, no stipend needs to be paid to the computer vendor or manufacturer. But we buy a smartphone and can only add applications that the provider further profits from and/or offers themselves?

    EDIT: As I said, it's not a simple thing to sideload on Android now. It requires more than a bit of familiarity with the system structure and so not something Cesar's grandmas and aunts would accidentally do.

    Pull down from the top and tap Settings. Then nestled among a dozen or so main collections from Security (which is where I would have expected it to be) to Privacy to System, go to Apps. where you're presented with all your recently opened ones and an option to see all of them. Nothing there indicates anything about outside sources or 3rd party stores or anything else. Where they've hidden it is in yet another sub-menu; Special App Access. Even there you won't find it on the first page of options.

    Down near the bottom if you scroll far enough will be "Install unknown apps", a disconcerting title.  Now tapping that makes it even more difficult because you then are offered several different categories of personal devices, products, files and browsers where you will choose to allow it, but which one?? By default they are all disallowed.  Yup, daunting for someone with little knowldege.

    Apple can do the same, make it pretty darn hard, in fact near impossible, for mom, pop and that great aunt to accidentally load an app that comes from an unsafe place. Only the knowledgeable will be able to do so.

    How did such an ignorant post get so many likes? New group of trolls sign up?

    Your first point is a lie. I’ll repeat the previous example I used. I download an App from The App Store. My friend downloads it from a 3rd party store. My App has restrictions applied by Apple but the 3rd party App has no such restrictions. Anything I share with my App that goes to my friend now gets shared with an outside party because THEIR App doesn’t get vetted. Suddenly my personal information is shared WITHOUT my consent, not by my version of the App but by an App on the other end. The idea staying away from side-loading protects you is asinine.

    How do you reconcile this stance with your constant promotion of Google Messages being E2EE and therefore safe? It’s not safe if the other end isn’t. Seems you’ve really backed yourself into a corner here.

    Your second point shows your ignorance of what’s being requested. Epic is suing Google because they claim the warnings you see before side-loading are anti-competitive. They claim these warnings are designed to scare users away from side-loading. What the companies/groups/Senators want is frictionless side-loading. They will accept nothing less. Therefore there will be no warnings. They want 3rd party stores to be as simple as The App Store. One-click installs and no constant nagging/warnings. This is where the danger lies as it will be easy to trick users into allowing and installing 3rd party Apps. The only warning Apple/Google will get away with is most likely a single, one-time notification to enable side-loading. After that it’s the Wild West.


    baconstangwatto_cobra

  • Compared: Google Pixel 6 Pro versus Apple iPhone 13 Pro Max

    ericthehalfbeeericthehalfbee
    Some items to note.

    - The Pixel screens have 500/800 nits brightness (normal/peak) while the iPhone 13 has 800/1200 and the iPhone 13 Pro 1000/1200. iPhone screens are substantially brighter.
    - Pixel uses inferior UFS 3.1 storage vs NVMe storage for iPhone.
    - Pixel uses an optical fingerprint sensor, which is less secure than ultrasonic fingerprint sensors used by competitors.
    - It’s clear Google didn’t surprise at all with some miracle custom processor. It’s just ARM standard cores paired with a Google designed neural processor (which are relatively simple to make). It’s nowhere near where the A15 is. Sorry, GatorGuy, your wishes didn’t come true.
    williamlondonStrangeDayswatto_cobrajony0

  • New MacBook Pro with M1 Max processor will ditch Touch Bar, adopt MagSafe

    ericthehalfbeeericthehalfbee
    Going to be so many angry people tomorrow.

    “ARM can’t do real work.”
    “You can’t compare Geekbench between iOS devices and Intel/AMD.”
    “Just because you make phone processors doesn’t mean you can make desktop class processors.”

    Last year the M1 already proved the idiots wrong, but many still cling to the belief Apple can’t go any further. That they can’t scale up.

    The M1X (or whatever they call it) is going to show how much further Apple Silicon can go. The M1 was the teaser. Now comes the main event. I suspect these new MacBook Pros are going to be the fastest Apple has ever made and will trounce the competition.


    And if that wasn’t enough to piss the naysayers off, on Tuesday the Pixel 6 with Google’s new SoC is going to debut, and still lag waaaaay behind the A15. Despite GG implying they might surprise us. They won’t. Just recycled ARM reference cores with a few trivial add-ons. Google is nowhere near Apple when it comes to designing processors.
    williamlondoncommand_fwatto_cobra

  • Apple explains security & privacy risks of side-loading in detailed new paper

    ericthehalfbeeericthehalfbee
    gatorguy said:
    Anybody who does not understand the security risks of open platforms versus those in a walled garden is not qualified to participate in the discussion.


    These guys understand it:

    From Wired and written by security researchers: “Android security is improving with every new release of the OS thanks to the security teams of Google and Samsung, so it became very hard and time-consuming to develop full chains of exploits for Android and it’s even harder to develop zero-click exploits not requiring any user interaction.” But on the other hand, he writes, “During the last few months, we have observed an increase in the number of iOS exploits, mostly Safari and iMessage chains, being developed and sold by researchers from all around the world. The zero-day market is so flooded by iOS exploits that we’ve recently started refusing some of them.”

    Maor Shwartz, an independent vulnerability researcher who also spoke to Wired, agreed. He says that the majority of the targets are Android users, but the number of vulnerabilities is lower because a lot of those vulnerabilities have been patched. “Every researcher I’ve talked to, I’ve told them, if you want to make money, go focus on Android,” said Shwartz.

    Shwartz also says that the reason Android vulnerabilities are more valued is because it’s harder to find a browser vulnerability in Chrome than Safari. That, combined with the difficulty of finding something called a “local privilege escalation exploit, makes Android a difficult target. Previously, this exploit was only hard to find in iOS, but recent security improvements have made it rare in Android as well.

    Over the years, Google has also been silently strengthening Android by adding new file-based encryptions, modifying what resources an app can access and how, and adding mitigations to make hacking harder even with zero-day exploits. If you’re interested in learning more about this, watch Android’s principal software engineer, Narayan Kamath, go over the privacy features of the upcoming Android 11 in this video. Ironically, Shwartz credits these improvements to Android’s open source approach. For many years, the better security in Apple devices was attributed to its closed nature.


    You have the same MO as a conspiracy theorist (as I’ve pointed out to you before).

    Instead of explaining something yourself you are only capable of telling others to “go read this” or “go watch that”. It’s the hallmark of someone who doesn’t know anything about the topic at hand, but has a strong opinion on it anyway. You lack the ability to formulate your own argument so you let others speak for you. As long as what they say aligns with your beliefs.

    You are the Apple/Google tech equivalent of a fiat-Earther.
    williamlondonGeorgeBMacwatto_cobra

  • Apple Silicon MacBook Pro and AirPods event is on October 18

    ericthehalfbeeericthehalfbee
    Can’t wait for two reasons.

    One, I really want a new 16” MBP with Apple Silicon.

    Two, this will be our first look at just how far Apple has come with their custom processors. How they perform and what they include should give us a glimpse at future Macs (for example, CPU and GPU core counts and RAM support).
    bala1234Fred257caladanianTheObannonFileronnMisterKitvedelppacgWerkswatto_cobra