> You mean that it's exhausting to be reminded of the negatives of a choice you make?
No, that’s not it all what I meant, and I’m sorry if it came across that way. I meant it is exhausting to see the same fairly shallow criticisms shouted on a regular basis. It’s a different product with a different philosophy and people don’t have to buy their products, and it’s exhausting just to see the same things regurgitated over and over.
From the side of a free software user, it's exhausting to see Apple claim over and over in its marketing that it values privacy and then to see its users on a site for tech-literate people parrot that marketing when it is clearly not true. Any time I see somebody fall for that, I will call them out. Any time after I call them out on that, if they say that reduction in privacy is to prevent the spread of malware, I will also call them out because Apple's malware track record in the mobile space is worse than its peers. I'm absolutely fine with people saying that their mobile processors are great because as far as I can tell, that's a true statement. It is the parroting of known false marketing claims that I will correct every single time.
Xcodeghost alone infected an order of magnitude more users than all the malware combined on Google and Amazon Android devices, despite there being an order of magnitude more users of the latter.
Unlike Google and Amazon, who do both static and dynamic analysis of uploaded apps for malware, Apple relies on very basic code scanning and manual review, leaving infected apps up until they were reported externally.
Even worse, Apple does not let third party security research release apps on the App Store, making it harder for them to find and report malware to Apple.
So we have that iOS is worse than Google and Amazon Android devices as a whole. Users who care about security will not randomly choose from that whole set of devices but instead choose among those that receive rapid security updates. That subset makes the difference in security even more stark meaning that iOS users give up their privacy and get worse security.
I see you have cherry-picked a single malware attack from five years ago that affected a very specific and highly-populated region, and are using that as your single claim that iOS is less secure overall. But search after search I conduct, reading articles on this topic from the likes of Norton and various respected security researchers are tipping the balance in favor of iOS for overall security. It's not perfect but it is rather clear. The lack of fragmentation, and the centralized control and ease over updates, are all cited as key advantages in the iOS space in the war against malware.
Thanks for the info on XcodeGhost, I hadn't heard that before. But to stake your evidence on this one single event from over five years ago is not so convincing.
I appreciate your effort to dig up an example that is an exception, but we're talking about the industry overall here, worldwide, and in recent years.
That single event infected an order of magnitude more users that all the infections of Google and Amazon devices combined. I don't need to find any others. That single event also showed how ineffective Apple's malware scanning was because Apple relied on third parties to find the affected apps even after being given some examples. That process took even longer because Apple does not allow third parties to do this effectively.
> The lack of fragmentation, and the centralized control and ease over updates
As I said, if you're choosing a device to run, you don't select one at random from the set of all Android devices. You select one that receives timely updates. On the subject of ease of updates, Android is even better because system app updates do not require a reboot and instead happen silently in the background while the user continues to use the device. This is especially important for apps with large attack surfaces like web browsers, and this is why malware markets have priced mobile Safari exploits as essentially too cheap to meter.
Well, it’s an interesting perspective you have. Worthy of consideration. It’s an idea that swims against the tide, as all of the objective third-party security researchers and antivirus companies that I’ve been reading seem to disagree with your assessment here. But thanks for sharing.
Please read this entire series of tweets, which starts off looking unrelated but is actually entirely focused on this topic. It was written by me--someone very famous in the security field--and I don't know if anyone in said field who disagreed with the Apple/security sentiments... that Apple was better than Android at malware issues ended 2-3 years ago.
Those tweets make some valid points but it seems like a different topic than what we’ve been discussing. I guess I failed to see the connection to this particular issue.
The culminating moment of all of the security researcher hostility discussion was "The reality is that Apple has been so hostile to independent security research that they've lost their edge: exploits for Android now cost more than exploits for iOS, a reversal experts generally credit to Google correctly allowing researchers open access." https://www.wired.com/story/android-zero-day-more-than-ios-z...
No, that’s not it all what I meant, and I’m sorry if it came across that way. I meant it is exhausting to see the same fairly shallow criticisms shouted on a regular basis. It’s a different product with a different philosophy and people don’t have to buy their products, and it’s exhausting just to see the same things regurgitated over and over.